[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]
THE HOMELAND SECURITY INFORMATION
NETWORK: AN UPDATE ON DHS INFORMATION--SHARING EFFORTS
=======================================================================
HEARING
before the
SUBCOMMITTEE ON INTELLIGENCE,
INFORMATION SHARING, AND TERRORISM RISK ASSESSMENT
of the
COMMITTEE ON HOMELAND SECURITY
U.S. HOUSE OF REPRESENTATIVES
ONE HUNDRED NINTH CONGRESS
SECOND SESSION
__________
SEPTEMBER 13, 2006
__________
Serial No. 109-101
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.gpoaccess.gov/congress/
index.html
__________
U.S. GOVERNMENT PRINTING OFFICE
35-623 PDF WASHINGTON DC: 2007
---------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866)512-1800
DC area (202)512-1800 Fax: (202) 512-2250 Mail Stop SSOP,
Washington, DC 20402-0001
COMMITTEE ON HOMELAND SECURITY
Peter T. King, New York, Chairman
Don Young, Alaska Bennie G. Thompson, Mississippi
Lamar S. Smith, Texas Loretta Sanchez, California
Curt Weldon, Pennsylvania Edward J. Markey, Massachusetts
Christopher Shays, Connecticut Norman D. Dicks, Washington
John Linder, Georgia Jane Harman, California
Mark E. Souder, Indiana Peter A. DeFazio, Oregon
Tom Davis, Virginia Nita M. Lowey, New York
Daniel E. Lungren, California Eleanor Holmes Norton, District of
Jim Gibbons, Nevada Columbia
Rob Simmons, Connecticut Zoe Lofgren, California
Mike Rogers, Alabama Sheila Jackson-Lee, Texas
Stevan Pearce, New Mexico Bill Pascrell, Jr., New Jersey
Katherine Harris, Florida Donna M. Christensen, U.S. Virgin
Bobby Jindal, Louisiana Islands
Dave G. Reichert, Washington Bob Etheridge, North Carolina
Michael T. McCaul, Texas James R. Langevin, Rhode Island
Charlie Dent, Pennsylvania Kendrick B. Meek, Florida
Ginny Brown-Waite, Florida
______
SUBCOMMITTEE ON INTELLIGENCE, INFORMATION SHARING, AND TERRORISM RISK
ASSESSMENT
Rob Simmons, Connecticut, Chairman
Curt Weldon, Pennsylvania Zoe Lofgren, California
Mark E. Souder, Indiana Loretta Sanchez, California
Daniel E. Lungren, California Jane Harman, California
Jim Gibbons, Nevada Nita M. Lowey, New York
Stevan Pearce, New Mexico Sheila Jackson-Lee, Texas
Bobby Jindal, Louisiana James R. Langevin, Rhode Island
Charlie Dent, Pennsylvania Kendrick B. Meek, Florida
Ginny Brown-Waite, Florida Bennie G. Thompson, Mississippi
Peter T. King, New York (Ex (Ex Officio)
Officio)
(II)
C O N T E N T S
----------
Page
STATEMENTS
The Honorable Rob Simmons, a Representative in Congress For the
State of Connecticut, and Chairman, Subcommittee on
Intelligence, Information Sharing, and Terrorism Risk
Assessment..................................................... 1
The Honorable Zoe Lofgren, a Representative in Congress For the
State of California............................................ 2
The Honorable Jane Harman, a Representative in Congress For the
State of California............................................ 3
The Honorable Mark E. Souder, a Representative in Congress For
the State of Indiana........................................... 49
The Honorable Sheila Jackson-Lee, a Representative in Congress
For the State of Texas......................................... 51
WITNESSES
Panel I
Mr. Frank W. Deffer, Assistant Inspector General, U.S. Department
of Homeland Security:
Oral Statement................................................. 3
Prepared Statement............................................. 5
Mr. Charles E. Allen, Chief Intelligence Officer, U.S. Department
of Homeland Security:
Oral Statement................................................. 9
Prepared Statement............................................. 12
Vice Admiral Roger T. Rufe, Jr. (Retired), Director,Operations
Directorate, U.S. Department of Homeland Security:
Oral Statement................................................. 15
Prepared Statement............................................. 17
Panel II
Captain Charles Rapp, Director, Maryland Coordination and
Analysis Center:
Oral Statement................................................. 25
Prepared Statement............................................. 27
Mr. Ian M. Hay, President, Southeast Emergency Response Network,
(SEERN) Interim Goverance:
Oral Statement................................................. 30
Prepared Statement............................................. 33
Ms. Maureen Baginski, Director, Intelligence Community Sector,
BearingPoint:
Oral Statement................................................. 39
Prepared Statement............................................. 41
THE HOMELAND SECURITY INFORMATION NETWORK: AN UPDATE ON DHS
INFORMATION-SHARING EFFORTS
----------
Wednesday, September 13, 2006
House of Representatives,
Committee on Homeland Security,
Subcommittee on Intelligence, Information Sharing, and
Terrorism Risk Assessment,
Washington, D.C.
The subcommittee met, pursuant to call, at 1:00 p.m., in
Room 2212, Rayburn House Office Building, Hon. Rob Simmons
[chairman of the subcommittee] presiding.
Present: Representatives Simmons, Souder, Gibbons, Lofgren,
Harman, and Jackson Lee.
Mr. Simmons. [Presiding.] A quorum being present, the
Committee on Homeland Security's Subcommittee on Intelligence,
Information Sharing, and Terrorism Risk Assessment will come to
order.
Today the subcommittee meets to hear testimony on the
effectiveness of the Homeland Security Information Network, or
HSIN. On our first panel today, we have three witnesses.
First, Mr. Frank Deffer, assistant inspector general at the
Department of Homeland Security. Welcome.
Mr. Deffer. Thank you.
Mr. Simmons. Mr. Deffer has been the assistant inspector
general for information technology at the Homeland Security
since the inception of the office of inspector general in 2003
and has been involved in what I consider to be a very important
report on the Homeland Security Information Network.
Second, Mr. Roger Rufe, director of Operations Coordination
Directorate at the Department of Homeland Security. The
Operations Coordination Directorate has management
responsibility for HSIN. Admiral Rufe recently joined DHS,
returning to public service after a 34-year career with the
United States Coast Guard.
Semper Paratus, Admiral. Good to have you here.
Third, we have Mr. Charlie Allen, chief intelligence
officer at the Department of Homeland Security. He is the chief
intelligence officer at the department and has become a regular
fixture at this subcommittee.
Thank you, Mr. Allen, for your appearance.
Over the last 2 years, this subcommittee has spoken to and
received testimony from many different state and local
officials, and almost universally when we ask, ``Has
information sharing improved?'', the answer is yes.
But are we where we want to be? And I would say probably
not; we can do better. There have been improvements. We need
more improvements.
The inspector general's report has demonstrated that there
are particular problems with the HSIN network, and that is the
focus of what we are trying to do today.
Information sharing is not culturally what we expect when
we consider our intelligence community and when we consider our
different departments and agencies in government. And yet, this
is absolutely what we have to be able to do.
If we are not successful in our information-sharing
efforts, then we are not going to be successful in connecting
the dots to protect our people and our nation from the
possibility of additional attacks. And so, that is why we
continue, as a subcommittee, to focus on this important aspect
of our nation's security.
I will request that the remainder of my statement be placed
in the record as read, and take this moment to yield to the
distinguished ranking member of the committee.
And if I am speaking quickly, it is because I realize that
we may be having votes sooner than anticipated this afternoon
and I want to make sure we can get started.
And now I recognize the gentlelady from California, the
ranking member, Ms. Lofgren.
Ms. Lofgren. Thank you, Mr. Chairman.
As I reviewed the inspector general's report on the
Homeland Security Information Network, it reminded me of the
old proverb, ``Haste makes waste.'' And I remember my mother
telling me that.
Mr. Simmons. She was right.
Ms. Lofgren. She was right, as well. I think that taxpayers
really should be outraged by what has happened here. The
program is not only a model of haste and waste, but it is a
missed opportunity to do things right.
Now, these comments are true, but they also reflect that we
have two people here who are not blame-worthy, really, on
this?and I want to state that. I mean, Mr. Allen and Vice
Admiral Rufe came in after this was well under way. But it is
still a mess that is in their hands.
Creating a secure information-sharing network was essential
to partnering with our state, local and tribal law enforcement
partners. And given the prominence that this network was played
we had been told over the years, it is just astonishing to me
that your predecessors didn't give some deliberation and
planning into its development.
And so, here we have $50 million, whether it is all down
the drain or just partly down the drain, I would like to hear
from the department.
As the inspector general has said, the network does not
support information sharing effectively, does not meet user
needs, and, as a result, is not relied upon regularly by
anyone. So we have HSIN but apparently not greater security,
and that is a shame.
I want to make it clear that I remain a partner with the
department in our efforts to improve the situation. But to say
that this is a disappointment is to understate the situation.
And as the chairman has indicated, I will make my full
statement a part of the record, understanding that we will have
votes called soon and they should go on for 20 minutes or so. I
would hope that we have the opening statements of the witnesses
that are very helpful. Perhaps they can also be brief and we
will get to questions.
And I yield back to the chairman.
Mr. Simmons. I thank the lady.
We are honored to have the ranking member of the House
Intelligence Committee with us here. Normally, under our rules
of procedure, we extend the courtesy of an opening remark to
the chairs and the ranking, but I would be happy to hear from
the gentlelady from California if she has something she wants
to say.
Ms. Harman. Well, I thank you, Mr. Chairman. I wasn't
expecting this, but I have become a regular at Charlie Allen
briefings. I come here to make sure he stays out of trouble.
[Laughter.]
And so far he has performed admirably.
I just would make a comment that it is important to focus
on how information sharing can work better. It is not just that
DHS needs to be at the table, but it also needs to be an
information source. And I think all the witnesses understand
that, and I think that is the direction that Charlie is
heading.
But, Mr. Chairman, I was in New York on 9/11, and after the
wrenching ceremonies at Ground Zero, I had lunch with some of
my favorite friends at the NYPD, and we were talking about
information sharing. They set up something truly amazing in New
York, but they did talk about the challenges still for the
federal government to be the kind of player it needs to be.
And they are right. The federal government has to do more.
DHS has to do more. Charlie is building something from scratch,
but it needs to be able to do more in real-time real soon.
Let me just close with a comment about my visit recently to
the Joint Regional Intelligence Center in Los Angeles with
Secretary Chertoff and LAPD Chief Bratton and L.A. Sheriff
Baca. That is an impressive facility, and it would not be there
but for DHS and the efforts of Charlie and others, including
the FBI. Forgot to mention them.
But these JRICs are only as good as the material that is in
them. So, again, let me just close with my comment that the
HSIN needs to do better. And I think the gentlemen at the table
are going to make it do better.
Thank you, Mr. Chairman.
Mr. Simmons. Thank you very much.
Why don't we begin with you, Mr. Deffer?
STATEMENT OF MR. FRANK W. DEFFER, ASSISTANT
INSPECTOR GENERAL, U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Deffer. Thank you, Mr. Chairman and members of the
subcommittee. My testimony today will address the evolution,
planning and development, implementation, and effectiveness of
HSIN based on our July 2006 report.
By working together, federal, state and local governments
can maximize the benefits of information gathering and analysis
to prevent an respond to terrorist attacks. However, prior
reports have shown that counterterrorism-related information is
not shared routinely or effectively.
To help improve this situation, DHS has expanded access to
its secure, unclassified HSIN system, which connects the
department's Homeland Security Operations Center, or HSOC, with
private industry and federal, state and local organizations
responsible for or involved in combating terrorism and supports
various community groups, including law enforcement and
emergency management.
HSIN began as an extension of the Joint Regional
Information Exchange System, or JRIES, a law enforcement
intelligence system that proved useful for information sharing
during the Northeast blackouts of 2003. After DIA transferring
management of the system to DHS in September of 2003, the
department expanded the system to meet its crisis planning,
communications, and emergency management requirements.
Renamed HSIN, the system was migrated to a series of Web-
based portals and ultimately redeployed nationwide as well as
to several international partners.
Despite the vital role that HSIN was to play in ensuring
intergovernmental connectivity and communications, DHS did not
follow several steps essential to effective system planning and
development.
Specifically, after assuming ownership of the system in
2003, DHS quickly expanded system access to other user groups.
In the heightened counterterrorism environment, the department
decided to implement HSIN right away and address operational
issues later.
This created an environment that was not conducive to
thorough system planning and implementation. For example, the
rush to implement resulted in inadequate definition of HSIN's
role vis-a-vis related systems; insufficient identification of
requirements of the HSIN user community; inadequate technical
evaluation of system releases prior to deployment; and a lack
of HSIN user guidance, training and reference materials.
Largely due to these planning and implementation issues,
users are not fully committed to the HSIN approach.
Specifically, users generally like the Web portal technology,
but do not fully understand HSIN's role and how the information
shared on the system is used. Further, situational awareness
information is not readily available through the system.
Some users in the law enforcement community, in particular,
told us that they do not trust the system to share sensitive
case information. Because HSIN does not fully meet their needs,
law enforcement users often use other existing systems such as
Law Enforcement Online and the Regional Information Sharing
Systems Network, perpetuating the ad hoc, stovepipe
information-sharing environment that HSIN was intended to
correct.
Similarly, officials at nine of the 11 state and emergency
operations centers that we visited stated that they only log on
to the system occasionally. Some emergency operations centers
have a very limited number of user accounts, while others are
not connected to HSIN at all.
Although the total number of HSIN user accounts has
increased since the system was deployed, use of HSIN's law
enforcement, emergency management and counterterrorism portals
has remained consistently low.
In conclusion, DHS has a critical role to play in ensuring
national awareness, preparedness, and coordinated response to
potential emergency situations, suspicious activities and
terrorist threats. HSIN can assist by supporting timely and
relevant counterterrorism-related data exchange across
governments.
But overcoming system planning and implementation issues,
as well as related challenges, will assist DHS in fulfilling
its central coordination role and providing the collaborative
capabilities needed to help keep our homeland secure. Toward
the end, DHS concurred with our report recommendation and is
taking steps that, once implemented, will improve HSIN
effectiveness.
Mr. Chairman, this concludes my prepared statement. I
appreciate your time and attention and welcome any questions
from you or members of the subcommittee.
[The statement of Mr. Deffer follows:]
Prepared Statement of Mr. Frank Deffer
Thank you for the opportunity to discuss the work of the Office of
Inspector General (OIG) relating to DHS' system and approach for
sharing counterterrorism, emergency management and intelligence-related
information government-wide as well as the recommendations that we made
to enhance departmental operations. My testimony today will address the
evolution of the Homeland Security Information Network (HSIN); ongoing
system planning and development activities; how well the system works
to share information; and, major challenges to effective
implementation. The information and recommendations that I will provide
is contained in our report, Homeland Security Information Network Could
Support Information Sharing More Effectively (OIG-06-38).
The Evolution of HSIN
State and local personnel have capabilities not possessed by
federal agencies to gather information on suspicious activities and
terrorist threats. By working together, government organizations can
maximize the benefits of information gathering and analysis to prevent
and respond to terrorist attacks. But earlier reports from
congressional and industry organizations show that information on the
threats, methods, and techniques of terrorists has not been shared
routinely-and when information is shared it has not been consistently
perceived as timely, accurate, or relevant.
HSIN is a secure, unclassified, web-based communications system
that provides connectivity between DHS' Homeland Security Operations
Center (HSOC)-the national center for real-time threat monitoring,
domestic incident management, and information sharing-and the critical
private industry as well as the federal, state, and local organizations
responsible for or involved in combating terrorism, responding to
critical incidents, and managing special events. HSIN offers both real-
time chat and instant messaging capability as well as a document
library that contains reports from multiple federal, state, and local
sources. The system supplies suspicious incident and pre-incident
information, mapping and imagery tools, 24/7 situational awareness, and
analysis of terrorist threats, tactics, and weapons. HSIN consists of a
group of web portals organized along the lines of several community
groups including law enforcement, emergency management, fire
departments, homeland security, counterterrorism, and the National
Guard. To fulfill its responsibility to coordinate the distribution of
counterterrorism-related information across the various levels of
government, DHS is expanding access to HSIN.
HSIN was created as an extension of the Joint Regional Information
Exchange System (JRIES), begun in December 2002 as a grassroots pilot
system to connect the California Anti-Terrorism Information Center, the
New York Police Department, and the Defense Intelligence Agency (DIA)
to facilitate the exchange of suspicious activity reports, register
events potentially related to terrorist activity, and to foster real-
time intelligence and law enforcement collaboration in a secure
environment across federal, state, and local jurisdictions. JRIES
proved useful during the northeast blackout in 2003 when information
posted on the system allowed users across the country to quickly learn
that the event was not related to terrorism. Although the DIA
originally operated and maintained JRIES, DIA transferred program
management of the system to DHS in September 2003, due to funding
constraints.
After acquiring JRIES, DHS recognized that the system's utility
could be expanded beyond its existing counterterrorism intelligence and
threat awareness mission to support crisis planning, communications,
and emergency management across federal, state, and local agencies. In
2004, the DHS Secretary renamed the system as HSIN in order to reflect
its broader scope. DHS subsequently deployed HSIN to all 50 states, 53
major urban areas, five U.S. territories, the District of Columbia, and
several international partners-extending HSIN access beyond the law
enforcement community to include state homeland security advisors,
governors' offices, emergency managers, first responders, the National
Guard, and an international component. Because the system could not
accommodate a large increase in users, DHS decided to migrate HSIN from
the original software, Groove, to a series of web-based portals. DHS
also launched an initiative to identify and address requirements of
state and local communities of interest, as well as to provide robust
training to promote effective use of the system. As of January 2006,
eight states had adopted state-specific HSIN portals for use throughout
their respective departments and agencies.
HSIN Planning and Development
Despite the vital role that HSIN was to play in ensuring
intergovernmental connectivity and communications in a heightened
counterterrorism environment, DHS did not follow a number of the steps
essential to effective system planning and development. Specifically,
DHS:
� rushed the HSIN schedule;
� did not clearly define relationships to existing systems;
� developed and deployed HSIN in an ad hoc manner;
� provided inadequate user guidance; and,
� did not establish performance metrics.
After assuming ownership of the system from DIA in 2003, DHS
quickly expanded the system access to other user groups. Due to
increased concerns and warnings about potential terrorist threats, the
department's HSIN strategy was to implement a tool for nation-wide
connectivity immediately and address operational problems and details
later.
Such pressures to complete the system, however, created an
environment that was not conducive to thorough system planning or
implementation. For example, the rush to implement resulted in
inadequate definition of HSIN's role with respect to comparable law
enforcement systems such as, Law Enforcement Online (LEO) and the
Regional Information Sharing System Network (RISSNET); and, a failure
to identify potential areas of duplication or opportunities for sharing
information. Also, DHS developed the HSIN portals based solely on law
enforcement requirements but did not sufficiently identify the needs of
other HSIN user communities such as emergency management personnel and
state homeland security advisors. Further, because DHS did not evaluate
adequately the major HSIN releases prior to their implementation,
technical problems that hindered system performance went undetected.
Inadequate user guidance, training, and reference materials on what or
how information should be shared resulted in some states defining
information sharing processes and procedures on their own-activities
that increased the potential for duplication of effort and lack of
standardization. Additionally, DHS did not develop adequate performance
measures. Instead it assessed HSIN performance based on tallies of
active user accounts. Such numbers were neither a good indicator of
system use nor the quantity of information shared using the system.
Some members of the law enforcement intelligence community raised
concerns early on that DHS was expanding HSIN access and capability too
quickly. For example, in an April 2004 issue paper, the executive board
responsible for the predecessor JRIES stated that DHS was proceeding at
a rapid rate in implementing the system and contended that this
approach increased the risk of system misuse, security breaches,
privacy violations, and user confusion as well as dissatisfaction. The
board pointed out that the department's newness and its lack of
established relationships hampered its ability to quickly gain the
trust and commitment of states and major cities to the HSIN approach.
HSIN Information Sharing Effectiveness
We found that, largely due to the planning and implementation
issues discussed, users are not fully committed to the HSIN approach.
Specifically, state and local users we interviewed provided mixed
feedback regarding HSIN. Although they generally like the web portal
technology, they have several suggestions on how to improve the
system's technical capabilities to meet their needs. Users do not fully
understand HSIN's role and how the information shared on the system is
used, either. Last, situational awareness information that could help
states and cities determine how to respond to threats when major
incidents occur is not readily available. The HSIN-Secret portal, meant
to function as a temporary channel to deliver classified information,
does not provide valuable terrorism-related content.
Some users in the law enforcement community told us that they do
not trust the system to share sensitive case information. This erosion
in trust as the system was expanded led to conflicts between the JRIES
executive board, comprised primarily of law enforcement officials, and
HSIN program management. In May 2005, concerned with the direction that
DHS had taken with JRIES/HSIN without soliciting its input, the JRIES
executive board voted to discontinue its relationship with the HSOC.
The consensus of the board was that the HSOC had federalized what it
believed to be a successful, cooperative federal, state, and local
project. After their withdrawal, the JRIES executive board continued to
promote its initial information-sharing concept as JRIES II, a separate
system apart from HSIN, which has confused state law enforcement
personnel.
Because HSIN does not fully meet their needs, users do not rely
upon the system to share counterterrorism information. For example, law
enforcement users said that they often use other existing systems, such
as Law Enforcement Online, the Regional Information Sharing System
Network, and the Federal Protective Services-Secure Portal System.
Private systems, such as the "NC4" managed by the National Center for
Crisis and Continuity Coordination, provide real-time information to
state and local subscribers. The system provides warnings, alerts, and
situational awareness on a fee for service basis. In some instances,
agencies such as the U.S. Secret Service are creating their own portals
for information sharing among a limited user group. Such practices
perpetuate the ad hoc, stove-pipe information-sharing environment that
HSIN was intended to correct.
Further, state and local law enforcement officials said that they
continue to depend upon personal contacts and telephone calls to
related organizations to exchange intelligence on potential threats.
These users recognize, however, that phone calls are not the most
efficient means of obtaining situational awareness information and
coordinating incident response activities. For example, users stated
that during the 2005 London bombings, they needed timely information,
such as whether the attacks were suicide attacks, so that state and
local transportation security would know what to look for in their own
jurisdictions. However, the information provided on HSIN was no more
useful or timely than information available via public news sources.
Users were able to get better information faster by calling personal
contacts at law enforcement agencies with connections to the London
police, than by using the system.
Along with a continued reliance on alternative means to share
information, state and local users are making limited use of HSIN.
Although law enforcement is a principal HSIN customer, officials at
state fusion centers and police counterterrorism units said that they
do not use the system regularly to share intelligence information.
Officials at nine of the 11 state and city emergency operation centers
that we visited stated that they log on to the system only
occasionally. Further, some emergency operation centers have a very
limited number of user accounts, while others are not connected to HSIN
at all.
Data provided by HSIN program management demonstrates that user
logons and postings are limited, and that users do not view the system
as the nation's primary information sharing and collaboration network
as DHS intended. Although the total number of HSIN user accounts has
increased since the system was deployed, use of three of the primary
HSIN portals-the law enforcement, emergency management, and
counterterrorism portals-has remained consistently low.
Major Challenges
In addition to the technical system issues discussed above, DHS
faces multiple challenges, often beyond the control of HSIN program
management to successfully implementing HSIN to support homeland
security information sharing. First, resource limitations have hindered
the ability of organizations at all levels of government to effectively
share information. This will undoubtedly continue to pose challenges in
the future. For example, DHS officials cited a lack of sufficient
personnel as a reason for their inability to provide vital support to
HSIN users, especially during its initial release. Similarly, state
officials expressed concern that they do not have enough personnel to
monitor all of the federal systems available to them. For example, a
state emergency management official said that, at one point, a single
employee had to monitor 19 different systems. State officials added
that a lack of funding limits their ability to sustain operations at
state-run facilities, such as intelligence fusion and analysis centers,
too.
Second, legislative requirements have created challenges to
effective information sharing. Federal legislation over the past
several years has established new goals and authorities for information
sharing beyond those initially assigned to DHS. The Homeland Security
Act of 2002 gave DHS the responsibility to coordinate and share
information related to threats of domestic terrorism with other federal
agencies, state and local governments and private sector entities. In
2004, however, the Intelligence Reform and Terrorism Prevention Act
established the Office of the Director of National Intelligence
external to DHS. The act mandated the establishment of an information-
sharing environment under the direction of a newly designated program
manager to facilitate sharing of terrorism-related data nation-wide.
Establishing this new information-sharing environment will involve
developing policies, procedures, and technologies to link the resources
of federal, state, local, and private sector entities to facilitate
communication and collaboration.
State laws, which differ widely, also may conflict with federal
collaboration initiatives and, in some cases, prevent effective
information sharing. For example, DHS has little authority to require
that state and local governments or other user communities use HSIN for
information sharing. As such, department officials often find
themselves in a consultation mode with the states. Alternatively, state
laws, which may be very restrictive, can limit the ability of state and
local user communities to share information through HSIN. Law
enforcement communities, for example, are governed by laws that
prohibit sharing certain types of sensitive information.
Third, privacy considerations cannot be ignored in the context of
information sharing. Specifically, maintaining the appropriate balance
between the need to share information and the need to respect the
privacy and other legal rights of U.S. citizens can be a difficult and
time-consuming effort. Due to privacy concerns, civil liberties
organizations have challenged information-sharing initiatives in the
past and could pose similar challenges for the HSIN program.
In 2003, the American Civil Liberties Union raised concerns about
the Multistate Anti-Terrorism Information Exchange (MATRIX) system, an
effort to link government and commercial databases to enable federal
and state law enforcement to analyze information as a means of
identifying potential patterns of suspicious activity by individuals.
As a result of the privacy concerns raised, as well as the costs
involved, many state law enforcement communities stopped using the
Multistate Anti-Terrorism Information Exchange system.
Failure to consider privacy concerns could result in similar
abandonment of HSIN before its full potential is realized. As required
by the Homeland Security Act, and in an effort to assuage civil liberty
concerns, DHS performed a privacy impact assessment of HSIN portals
before deploying them. As a result, DHS had to shut down the HSIN
document library which contained reports from nation-wide sources,
significantly hampering system usefulness. In addition, DHS is creating
another database subject to a privacy impact assessment prior to its
implementation. This database will provide intelligence analysis
capability similar to that of the abandoned Multistate Anti-Terrorism
Information Exchange system. Besides the privacy impact assessment,
clear standards and effective controls will be needed to demonstrate to
concerned consumer groups that the information gathered through HSIN
does not violate the rights of American citizens.
Fourth, a culture that is not receptive to knowledge sharing is one
of the foremost hurdles to widespread adoption of the HSIN
collaboration software. HSIN users comprise diverse communities,
including state and local government officials, emergency managers, law
enforcers, intelligence analysts, and other emergency responders. Each
has different missions, needs, processes, and cultures. Because of
these differences, often the various user groups are reluctant to share
information beyond the bounds of their respective communities.
Traditionally, for example, law enforcement has operated in a culture
where protecting information is of paramount concern. Shifting from
this "need to know" culture to a "need to share" culture has proven
difficult. DHS officials anticipated when they first released HSIN that
culture might become an issue, but they did not have the time or
resources to build the trusted relationships necessary to overcome this
issue.
Identifying and understanding such user community goals and
requirements are a first step to understanding cultural differences and
building collaborative relationships. Frequent communication, guidance
on how shared information will be used and protected, effective
feedback, and mechanisms for resolving issues in a timely manner can
also serve to overcome differences and instill trust and understanding.
Conclusions and Recommendations
DHS has a critical role to play in ensuring national awareness,
preparedness, and coordinated response to potential emergency
situations, suspicious activities, and terrorist threats. HSIN can
assist by supporting timely and relevant information exchange among the
federal, state, local, and private organizations that need to share
counterterrorism-related data to carry out their respective missions.
However, the many system planning and implementation issues, as well as
other related challenges, that I have outlined have hindered DHS'
ability to fulfill its central coordination role and to provide the
communications and IT infrastructure needed to keep our homeland
secure.
To ensure the effectiveness of the HSIN system and information
sharing approach, we recommended in our report that the Director,
Office of Operations Coordination, Department of Homeland Security:
1. Clarify and communicate HSIN's mission and vision to users, its
relation to other systems, and its integration with related federal
systems.
2. Define the intelligence data flow model for HSIN and provide
clear guidance to system users on what information is needed, what DHS
does with the information, and what information DHS will provide.
3. Provide detailed, stakeholder-specific standard operating
procedures, user manuals, and training based on the business processes
needed to support homeland security information sharing.
4. Ensure cross-cutting representation and participation among the
various stakeholder communities in determining business and system
requirements; and, encourage community of interest advisory board and
working group participation.
5. Identify baseline and performance metrics for HSIN, and begin to
measure effectiveness of information sharing using the performance data
compiled.
The Acting Director, Office of Operations Coordination, concurred
with our recommendations in their entirety. Further, the Acting
Director noted that the recommendations are solid, and when
implemented, will improve the HSIN system and information sharing
effectiveness.
Mr. Chairman, this concludes my prepared statement. I appreciate
your time and attention and welcome any questions from you or Members
of the Subcommittee.
Mr. Simmons. I thank you very much for that excellent
testimony.
We will go now to Mr. Allen. We will do all three witnesses
and then do questions.
Mr. Allen?
STATEMENT OF MR. CHARLES E. ALLEN, CHIEF
INTELLIGENCE OFFICER, U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Allen. Thank you, Chairman Simmons, Ranking Member
Lofgren. Thank you, Congresswoman Harman, for your kind
comments.
I would like to submit a very brief opening statement but
request that my written statement be entered into the record.
Mr. Simmons. Without objection.
Mr. Allen. It is a pleasure to appear alongside Vice
Admiral Roger Rufe. As indicated, he has just joined the
department a couple of months ago. He is going to bring a lot
of experience to the department.
I also would like to recognize behind me Dr. Carter Morris,
who is a detailee from the Central Intelligence Agency, who is
helping me with information management and information
architecture. And without him, I could not have achieved what
we have done in the time that I have been at Homeland Security.
To prevent and counter potential threats to the homeland,
first responders and front-line law enforcement officers must
be armed with the information needed to recognize and defeat
threats. Similarly, the Department of Homeland Security must
gain the insights of local law enforcement and emergency
personnel as they collect data that are crucial to identifying
threats to the homeland.
To this end, under the state and local fusion center
implementation plan that I have developed and am in the stage
of implementing, my office continues to embed intelligence
officers into fusion centers to facilitate the flow of
intelligence-related information downward and all-hazards
information that is threat-relevant upward to the federal
level. Having officers, for example, in New York City as well
as out in Los Angeles is making a major difference.
We have been working very closely with Ambassador Ted
McNamara, who is the presidentially appointed program manager
for information sharing, as well as the Department of Justice,
to develop a common framework for the sharing of terrorism and
other threat-related information among executive departments
and agencies and state and local authorities.
This framework ultimately will strengthen and codify
relationships and permit effective interface between
intelligence community agencies and the emerging network of
fusion centers. The framework will establish a process that
ensures the federal government speaks with consistency to state
and local partners. I emphasize the term ``consistency.''
Moreover, we are developing, in coordination with the
component agencies and the chief intelligence officer of DHS,
an intelligence information architecture that will transform
the decentralized and uncoordinated as-is state of the
department's intelligence sharing.
Homeland Sharing Information Network, HSIN, is one system
we use to fulfill these information-sharing responsibilities
with state and local governments and the private sector.
Because the DHS Operations Directorate is HSIN's institutional
home, I will let Vice Admiral Rufe speak to the overall efforts
to strengthen this network.
I intend to share with you, however, specific initiatives
to support information sharing using HSIN that I have
undertaken. I have initiated all of these projects since
becoming the department's chief intelligence officer.
Early in my tenure, we conducted a study on how we could
improve the flow of sensitive-but-unclassified intelligence
information to state and local authorities. Based on this study
and a user-requirement study, we developed and implemented a
pilot project to share unclassified intelligence information
among the states using the existing HSIN platform.
This project, known as HSIN-Intel, involves six states:
Arizona, California, Florida, Illinois, New York and Virginia.
We use HSIN-Intel primarily to disseminate current homeland
security intelligence information and integrated intelligence
assessments, derived both from DHS and the intelligence
community's sources.
Let me cite just one example. The day after the 11 July,
2006, attack on the transit system in Bombay, India, my office
transmitted relevant intelligence reporting, held a quick-look
teleconference with all HSIN-Intel members, and provided
valuable information that was not widely available to the
public.
In the first 5 months of the pilot operation, my office has
posted more than 500 documents on HSIN-Intel, and the states
have posted an additional several hundred. Additionally, HSIN-
Intel permits us to receive and properly respond to state and
local requests for assistance and information.
We are taking steps in partnership with the Operations
Directorate to continue to develop this HSIN-Intel pilot
program. The pilot runs through the end of this month, in line
with the approach that the Office of the Inspector General
advocated in the June 2006 report. In fact, launching HSIN-
Intel in its pilot form has given the department to road-test
business processes to strengthen HSIN-Intel for its rollout.
Whereas HSIN-Intel has emerged as a robust capability for
sharing and exchanging valuable and sensitive information, my
office also provides intelligence products up to the collateral
Secret classification level to our state and local partners
through what is known as the HSIN-Secret network.
I assumed management of this program in December 2005. Much
like the unclassified HSIN enterprise, the HSIN-Secret system
was a troubled, dysfunctional system developed within the
department to enhance rapid classified information sharing with
the state emergency operations centers, homeland security
advisers, state and local fusion centers, and major urban-area
police departments.
HSIN-Secret is now available, I am pleased to say, to all
state emergency operations centers and a good number of fusion
centers. We are, moreover, able to post directly both
unclassified and classified threat products, such as Homeland
Security assessments, on this new capability. Since August
2005, my office has posted more than 150 products on HSIN-
Secret.
But that is not enough; we must do more. Secure
connectivity to the states is essential for our collaboration.
But HSIN-Secret's inherent limitations constrain us. As an
independent network that is not directly connected to the
commonly used federal system, the Secret Internet Protocol
Network, or SIPRNET, this prevents us from going where we need
to be.
In recognition of this, we are aggressively moving to
transition from the HSIN-Secret to a truly robust, Secret-
level, classified communications network system, the Homeland
Security Data Network, HSDN, which is analogous to the
Department of Defense's SIPRNET.
With HSDN, government agencies are able to share
information and collaborate in order to detect, deter and
mitigate threats to the homeland at the Secret level. This new
capability will enable our external state and local government
and private-sector partners with a Secret clearance to have
information-sharing collaboration capacity at that level and
allow them to be directly connected with federal users.
We are rolling out HSDN to all state and local fusion
centers. I intend to have HSDN installed everywhere I have
officers assigned to a fusion center by the first quarter of
fiscal year 2007. Yesterday we installed it in the New York
City intelligence division at Chelsea. Today we are installing
another terminal over at the counterterrorism division in
Brooklyn.
In the initial phases of its deployment, only DHS officers
will have access, but we plan to expand this to cleared state
and local personnel.
In closing, DHS intelligence, like our colleagues in
Admiral Rufe's Operations Directorate and the rest of the
department, takes seriously its overarching obligation to
partner with state, local and tribal authorities and the
private sector to share the information needed to protect our
homeland.
I believe that in the brief time that Dr. Morris and I have
had to take on the issue of establishing a vigorous capability
to communicate and share intelligence information with our
state, local, tribal and private sectors, we have enhanced
significantly our ability to get critical information to these
partners. We have put in place an aggressive program that will,
over the next year, provide the systems, the networks and
processes that will integrate my organization into a fully
collaborate environment with the state and local partners.
Thank you, Mr. Chairman.
[The statement of Mr. Allen follows:]
Prepared Statement of Charles E. Allen
Chairman Simmons, Ranking Member Lofgren, Members of the
Subcommittee, I am pleased to appear today alongside Vice Admiral
(Ret.) Roger Rufe, the Department's new Operations Director, whose 34
years of experience with the United States Coast Guard will prove
invaluable in his new mission.
Thank you for inviting me to update you on the progress that the
Department has made in strengthening intelligence and information
sharing with state, local, and tribal authorities and the private
sector through the Homeland Security Information Network (HSIN).
As the DHS Inspector General noted in his June 2006 report on HSIN,
"State and local personnel have opportunities and capabilities not
possessed by federal agencies to gather information on suspicious
activities and terrorist threats. By working together, the various
levels of government can maximize the benefits of information gathering
and analysis to prevent and respond to terrorist attacks." The Homeland
Security Act of 2002 gives the Secretary-broad responsibilities to
access, receive, and integrate intelligence, law enforcement, and other
information from state, local, and tribal government agencies and the
private sector; and to disseminate to them, as appropriate, analysis to
assist in the deterrence, prevention, and preemption of, or response to
terrorist attacks against the United States. The Secretary has
delegated these responsibilities to me as Assistant Secretary for
Intelligence and Analysis and Chief Intelligence Officer.
DHS has a federal responsibility to develop and disseminate threat
alerts, notifications, warnings, and threat-based risk assessments. The
audience includes, but is by no means limited to, state and local
officials, and other public safety entities; emergency fire and rescue
services personnel; public health officials; transportation and coastal
maritime security officials; and local government agencies supporting
federal efforts to interdict illegal narcotics, alien, and other
transnational trafficking activities. This is an important mission that
I and the Department are firmly committed to fulfilling.
As vital as HSIN is to the fulfillment of this critical information
sharing mission, I should remind you that HSIN is just one of the
Department's ongoing efforts to enhance information sharing with our
non-federal partners. The Office of Intelligence and Analysis has
embraced a comprehensive series of initiatives to improve information
sharing with our state, local, tribal, and private sector partners. For
example, I have previously addressed before this Subcommittee one of
this Department's most important initiatives, the State and Local
Fusion Center (SLFC) Implementation Plan. Under this plan, which
Secretary Chertoff approved on 7 June of this year, DHS ultimately will
embed intelligence and operational personnel in SLFCs to facilitate the
flow of timely, actionable, "all-hazard" information between and among
state and local governments and the national intelligence and law
enforcement communities, in support of the President's Guidelines for
the Information Sharing Environment. These deployed professionals will
form the basis of a nationwide homeland security information network
for collaboration and information sharing. My Office is the executive
agent for this Department-wide effort. Already we have placed
intelligence personnel in fusion centers in Los Angeles, New York City,
Maryland, Georgia, and Louisiana; we are pursuing an aggressive
schedule to staff additional fusion centers across the country in
accordance with their needs.
Additionally, in accordance with the December 2005 Presidential
Guidelines and Requirements in Support of the Information Sharing
Environment, we have been working closely both with the Office of the
Program Manager for the Information Sharing Environment and the
Department of Justice to develop a common framework for the sharing of
terrorism and other threat-related information among executive
departments and agencies and state and local entities, including law
enforcement agencies. This framework ultimately will strengthen and
codify relationships and permit the effective interface between the
Intelligence Community and the emerging network of fusion centers. Most
importantly, this framework will establish a process to ensure that the
federal government speaks with "one voice" to state and local partners.
Consistent with its authorities and mandate, the Department will
coordinate with the Department of Justice, NCTC and the FBI to ensure
that all "federally coordinated" terrorism products are created for,
and disseminated to, these partners.
Moreover, under my leadership as the Department's Chief
Intelligence Officer, we are developing, in coordination with the
component agencies and the Chief Information Officer, an intelligence
information architecture. This architecture will transform the
decentralized and uncoordinated "as-is" state of the Department's
intelligence sharing infrastructure by identifying gaps in Department-
wide capabilities and other areas where the management of information
across the Department, and with our external partners, demands
improvement. Through this architecture we will achieve a fully
integrated intelligence information sharing enterprise. To implement
this plan, we have formed a number of working groups to undertake
specific tasks in analyzing requirements, conducting prototyping and
piloting of emerging technologies, and initiating the acquisition of
necessary capabilities. This effort represents a central thrust of our
initiative to improve and optimize information flow both within the DHS
intelligence enterprise and between this enterprise and our state and
local partners.
Leveraging these additional information sharing efforts with a
robust HSIN platform will optimize the ability of the Department to
communicate critical information clearly, efficiently, and effectively
both within DHS and among its many external partners. That said, the
DHS Operations Directorate is HSIN's institutional home, and I will let
Vice Admiral Rufe speak to the overall efforts to strengthen and
perfect HSIN. However, I want to share with you my Office's initiatives
to support information sharing using HSIN and other capabilities.
As I have stated, HSIN plays a major role within my Office's
intelligence information sharing program. My analysts, in coordination
with the Department's Office of State and Local Government
Coordination, each of the Department's operational components, other
Federal agencies with homeland security functions, and the National
Counterterrorism Center (NCTC), routinely post products to HSIN's law
enforcement, emergency management, international, and state and local
intelligence communities.
The Department filled a vital near-term requirement and mandate by
moving rapidly to establish network connectivity to all 50 States, many
major cities, and five U.S. territories by December of 2004. However,
significant time constraints encountered in meeting the ambitious roll-
out plan did not permit DHS to do all that it would have ideally wanted
to do before launching the system. Nevertheless, as the system has and
continues to mature, the Department remains committed to improve its
usefulness and accessibility.
Shortly after becoming Chief Intelligence Officer of DHS, my Office
conducted a study on how we could improve the flow of Sensitive but
Unclassified (SBU) intelligence information to the State and local
environment. In November and December 2005, my staff also conducted a
user requirements study, including a survey of state and local fusion
centers, and used the results to develop a concept of operations and an
interim governance structure for more effectively moving information
between my Office and our state, local and private sector partners.
Based on this we have implemented a pilot project to share unclassified
intelligence information with and among the states using the existing
HSIN platform-this project is known as HSIN-Intel.
The HSIN-Intel pilot project involves six states: Arizona,
California, Florida, Illinois, New York, and Virginia. The participants
include senior representatives from the intelligence offices supporting
the Homeland Security Advisors, leadership and senior analysts of state
and local fusion centers, and senior major urban area law enforcement
executives from each of the respective states. The pilot governance
structure is managed through a steering group of the participants,
ensuring direct input from the participants into the development of the
system. DHS Intelligence uses HSIN-Intel primarily to disseminate
current homeland security intelligence information and integrated
intelligence assessments derived both from DHS and Intelligence
Community sources. DHS Intelligence personnel also are able to access,
receive, and analyze law enforcement and intelligence information
provided by the state and local partners; fuse this information with
national intelligence and other information; and report threat
information back to the State and local participants for action.
Finally, through HSIN-Intel, DHS Intelligence personnel are able to
receive and promptly respond to state and local requests for assistance
and information that are passed via the HSIN-Intel portal.
In addition to the "finished" intelligence products-that is,
products which contain analytic assessments and which have been fully
vetted-DHS Intelligence also provides through HSIN-Intel unevaluated,
or "raw," homeland security-related reporting, such as Homeland
Intelligence Reports. In the first five months of the pilot operation,
my Office has posted more than 500 documents on HSIN-Intel and the
states have posted an additional several hundred.
We are taking steps in partnership with the Operations Directorate
to continue to develop this pilot program in line with the approach
that the Office of the Inspector General advocates in its June 2006
report. In fact, launching HSIN-Intel in its pilot form has given the
Department the opportunity to "road-test" business processes and
functional capabilities that could be used to further strengthen the
larger HSIN enterprise. To that end, we have taken steps to ensure that
any law enforcement or other sensitive homeland security related
information shared throughout the HSIN-Intel portal is appropriately
handled and that all parties understand and apply the rules in order to
achieve the appropriate protections to their data.
Among its more immediate benefits, HSIN-Intel users have greater
situational awareness of worldwide terrorism events. For instance, the
day after the 11 July 2006, attacks on the transit system of Bombay,
India, my Office transmitted relevant intelligence reporting, held a
"quick-look" teleconference with all HSIN-Intel members, and was able
to provide valuable information that was not already widely available
to the public. We are looking forward to transitioning this program to
full operational capability in the near term, and will continue to work
directly in that regard with the customer based steering group and the
Operations Directorate.
Whereas HSIN-Intel will continue to develop a robust capability for
sharing and exchanging valuable and sensitive unclassified information,
my Office also provides intelligence products up to the collateral
SECRET classification level to our State and local partners through
what is known as the HSIN-Secret network, or HSIN-S. Much like the
unclassified HSIN enterprise, HSIN-S also was developed within the
Department to enhance rapid classified information sharing with State
Homeland Security Advisors, emergency operations centers, state and
local fusion centers, and major urban area police departments. Through
HSIN-S, we are able to post directly both unclassified and classified
threat products, such as Homeland Security Assessments, on systems
accessible by many of our state and local partners. Since August 2005,
my Office has posted more than 150 products on HSIN-S.
Secure connectivity to the states is essential for our
collaboration, but HSIN-S's inherent limitations prevent us from going
where we need to be in this regard. In recognition of this, we are
aggressively moving to transition from HSIN-S to a more robust Secret-
level classified communications network system-the Homeland Security
Data Network (HSDN). HSDN is analogous to the Department of Defense's
Secret Internet Protocol Network, or SIPRNET. With HSDN, government
agencies are able to share information and collaborate in order to
detect, deter and mitigate threats to the homeland at the Secret level.
This new capability will enable our external state and local government
and private sector partner with a Secret clearance to have information
sharing collaboration capacity at that level. We have already begun to
roll out HSDN to all state and local fusion centers. I intend to have
HSDN installed everywhere I have officers assigned to a fusion center
by the first quarter of Fiscal Year 2007. In the initial phases of its
deployment, only DHS officers will have access, but we plan to expand
access to appropriately cleared state and local personnel.
In conclusion, DHS Intelligence, like our colleagues in Admiral
Rufe's Operations Directorate and the rest of the Department, takes
seriously its obligation to partner with state, local, and tribal
authorities and the private sector to share the information needed to
protect our homeland. As a member of the Intelligence Community, my
Office also is working closely with the Office of the Director of
National Intelligence, the Office of the Program Manager for the
Information Sharing Environment, the National Counterterrorism Center,
the Department of Justice, the FBI, and others, to create efficiencies
and interoperability among the existing intelligence information
systems to enhance our collaborative efforts.
To prevent and counter potential terrorist attacks, first
responders and front-line law enforcement officers must be armed with
the information to recognize and defeat the threat. Similarly, the
Department of Homeland Security must gain the insights of local law
enforcement and emergency personnel as they identify trends and
patterns involving potential threats to our Homeland. The networks we
implement must serve this flow of information. I look forward to
answering your questions.
Mr. Simmons. Thank you.
Admiral Rufe?
STATEMENT OF VICE ADMIRAL ROGER T. RUFE, JR.
(RETIRED), DIRECTOR, OPERATIONS DIRECTORATE, U.S. DEPARTMENT OF
HOMELAND SECURITY
Admiral Rufe. Good morning, Mr. Chairman, Ranking Member
Lofgren, members of the subcommittee. I am Roger Rufe, director
of the Department of Homeland Security's Operations
Directorate.
I am pleased to appear today alongside the department's
assistant inspector general, Frank Deffer, and the department's
chief intelligence officer, Charlie Allen. Thank you for the
opportunity to update you on the Homeland Security Information
Network.
While I have already had the pleasure of meeting with a few
of you, I welcome the opportunity to meet with each of you
personally and listen to your thoughts as we move forward on
our important work together.
I was appointed director by Secretary Chertoff in July of
this year. I am a 34-year career veteran of the United States
Coast Guard, with experience commanding five Coast Guard
cutters, as well as being commander of both the Atlantic area
and the Pacific area of the Coast Guard. I know first-hand the
importance of effective information sharing in coordinating and
responding to emergency situations.
In my written statement, I describe some recent steps the
Office of Operations Coordination has taken to improve the
effectiveness of the Homeland Security Information Network.
I accept the major findings of the inspector general. Our
customers found HSIN difficult to use, and, rather than
struggle with the system, they quickly resorted to pre-existing
means of acquiring and sharing information through phone calls
and e-mail. These are all valid complaints, and we are focused
on fixing them.
We are going to use the I.G. report as a catalyst for
change. We are moving forward to implement needed program
oversight and management, and we have engaged our federal,
state, local and tribal partners to better understand how we
can design the system to address their requirements and ensure
that HSIN becomes a user-friendly and useful network that will
enhance information sharing with state and local officials.
In my view, the most critical shortfall in the HSIN program
has been its lack of programmatic discipline. I don't think we
can be too harsh on those who saw the need to rush out the
system, however. We need only recall the holiday threat stream
in December 2003/January 2004 to remember the pressure to
develop an information-sharing network.
However, we are now moving forward in a more calculated,
measured way to a program management that will ensure the long-
term viability of the program. Critical to the improvement and
success of HSIN will be hiring a well-qualified program manager
who possessed the skills and experience to guide this effort.
To receive formal input from our various customers, DHS is
moving to establish the Homeland Security Information Network
Advisory Committee. This advisory committee will initially
include 14 representatives from federal, state and local
governments and the private sector, including homeland security
advisers, law enforcement, fire services, public health,
emergency managers, and the private sector.
This group will provide organizationally independent advice
and recommendation to me and other DHS leadership on the
requirements of the various end users. A notice on the
establishment of this advisory committee should be published in
the Federal Register early next month.
Another key point in the I.G. report was that HSIN's
mission and vision and its relationship to other systems were
not adequately defined. The inability to identify what HSIN is
and how it is used is at the root of the disconnect between our
customer base and DHS.
Since April 2006, early this year, we have been hard at
work in developing the common operating picture, or the COP, a
situational awareness tool that displays key information and
data that will enhance decision-making. The COP is still in the
development stage, but it is operational for sharing
information related to hurricane response and recovery. The
Homeland Security Information Network is the means by which the
department's common operating picture is shared with other
partners.
In mid-August, the National Operations Center and the HSIN
team, in conjunction with the department's Preparedness
Directorate, executed a major information-flow exercise. Using
a hurricane exercise, we instituted an information flow that
tested and evaluated the information-flow reporting processes
during a simulated national incident using HSIN and its common
operating picture/common operating database.
This successful exercise included participation from the
National Infrastructure Coordinating Center, the National
Response Coordination Center, and the Baton Rouge, Louisiana,
Joint Field Office.
The chief goal of the exercise was to establish the
effectiveness, efficiency and operational value of this
system's information-sharing processes for all levels of the
government. Our goals included identifying gaps with the
existing information-sharing procedures and protocols for the
National Operations Center and addressing each of the DHS
components' core mission competencies.
Lessons learned from this exercise were documented, and
many changes deemed critical were implemented prior to Tropical
Storm Ernesto's arrival shortly thereafter. The information
flow improvements were evident and were further refined during
the real-world tropical storm?that is Ernesto.
In the course of rolling out the COP to state emergency
operations centers, FEMA operations centers, and other
locations, we have found a renewed interest in HSIN. Some of
our improvements to make the system more user-friendly, such as
single-user sign-on and more useful desktop features, have
garnered some positive comments from the field.
We will continue to make improvements in HSIN technology,
but I recognize that the more difficult improvements will
require the development of policy; articulating a clear vision;
a sound and proven information-sharing processes; and a
business model that supports the Homeland Security Information
Network.
I realize?and the I.G. report bears this out?that all of
these efforts need to be coordinated closely with our federal,
state, local and tribal partners.
Finally, Mr. Chairman, I would like to invite you, other
members of the subcommittee, and your staffs to visit us at the
National Operations Center to see how we use the Homeland
Security Information Network and the common operating pictures.
Thank you for this opportunity to testify. I look forward
to your questions.
[The statement of Vice Admiral Rufe follows:]
Prepared Statement of Vice Admiral Roger T. Rufe, Jr., (Retired)
Good morning, Mr. Chairman, Ranking Member Lofgren, and Members of
the Subcommittee. I am Roger Rufe, Jr., Director of the Office of
Operations Coordination at the U.S. Department of Homeland Security
(DHS). I am pleased to appear today alongside DHS's Chief Intelligence
Office, Charlie Allen. Thank you for inviting me to update you and your
subcommittee on the status of the Department's Homeland Security
Information Network (HSIN).
While I have already had the pleasure of meeting with a few of you,
I welcome the opportunity to meet with each of you personally and
listen to your thoughts as we begin this important work together on a
vision for many successful future endeavors.
I was appointed Director by Secretary Chertoff in July of this
year. I am a 34-year career veteran of the United States Coast Guard
with experience commanding five Coast Guard cutters in the Pacific and
Atlantic regions in addition to being commander for both the Atlantic
and Pacific areas. As a result, I know firsthand the importance of
skilled operations in coordinating and responding to emergency
situations.
Overview
As you are aware, HSIN is the primary, secure nationwide network
through which DHS receives and shares critical information, including
alerts and warnings, with its components and its public- and private-
sector partners, including Federal, State, local, and tribal officials
and the owners and operators of critical infrastructures. HSIN allows
these parties to communicate on suspicious activities, threats, and
infrastructure vulnerabilities; prepare for and mitigate natural or
manmade disasters; and collaborate on restoration and recovery efforts
following a serious incident. This is a system that has the potential
to improve vertical and horizontal homeland security information
sharing.
DHS agrees with the five recommendations in the DHS Inspector
General's June report on the HSIN program. Since this report focuses on
interactions with State and local governments, I will restrict my
comments to those communities of interest.
From the Office of Operations Coordination perspective, HSIN has
not realized its full potential because it lacks many aspects of a
typical Federal government program. As noted in the report, the urgency
to roll out HSIN meant that several critical elements of the program-
such as a requirements definition, program goals, milestones (metrics),
and an evaluation of user needs-were not thoroughly addressed.
Lacking the benefits from a more detailed planning process, HSIN
suffered from inadequate program oversight and management. To address
this, Operations Coordination is creating an HSIN Program Management
Office, headed by an experienced GS-15 to manage all aspects of the
program.
But even before the final IG report, DHS had identified several
shortcomings and had developed initiatives to aggressively address
those shortcomings. As can be seen in our response to the IG's
recommendations, we implemented a series of these initiatives to
support the long-term success of HSIN. Significant, measurable progress
is being made in these areas.
We believe that the IG's report is a catalyst to improve HSIN.
We also believe that input from our Congressional partners, and
especially this Subcommittee, will be invaluable in defining the
systems and processes for our homeland security. Toward that end, let
me reassure you that the Office of Operations Coordination will
continue to work closely with Congressional partners; our DHS partners
such as Assistant Secretary of Intelligence and Analysis Charlie Allen,
Assistant Secretary of Infrastructure Protection Robert Stephan; and
other partners to identify areas for improvement. Together we will work
to ensure HSIN becomes a better homeland security information sharing
tool.
Recent HSIN Accomplishments
In addition to and in conjunction with the IG report
recommendations, there are two areas of recent attention that deserve
highlighting because they are critical to the success of HSIN: efforts
with our users and system enhancements.
Being Responsive to the User Community
It is always important to listen to the needs of the users. To that
end, DHS is moving to establish the Homeland Security Information
Network Advisory Committee. This advisory committee will initially
include 14 representatives from Federal, State and local governments
and the private sector including: homeland security advisors, law
enforcement, fire services, public health, emergency managers and the
private sector. This group will provide organizationally independent
advice and recommendations to me and other DHS leadership on the
requirements of the various end users. A notice on the establishment of
this advisory committee should be published in The Federal Register in
early to mid-October.
Under this year's HSIN State Expansion Initiative, the HSIN Team
has redoubled its efforts to address the specific technological and
training needs of today's and tomorrow's State user communities. During
a typical deployment to a State, the team conducts a series of meetings
with the appropriate officials to explain HSIN's tools and capabilities
and to develop a State site to meet officials' needs. This year, the
team has constructed 24 sites for the States. It is important to note
that the HSIN capability is provided at no cost to the State.
As an example, the HSIN Team fulfilled the Commonwealth of
Massachusetts' requirement for a cost-efficient and secure system to
exchange information. The team worked with the Massachusetts
Commonwealth Fusion Center to integrate the Commonwealth's existing
tools into the HSIN website.
Since October 2005, the team has completed 10 training sessions in
Massachusetts and now HSIN serves over 2,200 users in all counties of
the Commonwealth. Users of the Commonwealth's website include:
Commonwealth, county and municipality police; the Commonwealth Homeland
Security Advisor's Office; Commonwealth emergency management officials;
Commonwealth critical infrastructure personnel; Commonwealth fire
services personnel; Commonwealth emergency operations center personnel;
and others. As we all know, priorities can change and the HSIN Team can
easily modify the State site to reflect those changes upon request.
Offering special support to State governments for hurricane
preparedness efforts in light of the Hurricane Katrina aftermath, DHS
has deployed the HSIN Team to 17 States throughout the Gulf Coast and
East Coast. The team provides HSIN training to State Emergency
Operations Center (EOC) principals and staff members to ensure they are
prepared to utilize the system during emergencies.
More specifically, team members train EOC employees on HSIN's
tools, which include geospatial mapping, a search engine which queries
the HSIN portal, Request For Information (RFI) and FYI options, and
document management functions. In early August 2006, the HSIN Team
provided technical support and HSIN Common Operating Picture (COP)
training at the Principal Federal Official exercise, conducted at the
Emergency Management Institute in Emmitsburg, Maryland.
In mid-August, the National Operations Center (NOC) and the HSIN
Team, in conjunction with the Preparedness Directorate, executed a
major information flow exercise. The Hurricane Ennis Information Flow
Functional Exercise tested and evaluated the information flow reporting
processes during a simulated national incident using HSIN and its COP/
Common Operating Database (COD). This successful exercise included
participation from the National Infrastructure Coordinating Center
(NICC), the National Response Coordination Center (NRCC) and the Baton
Rouge, LA Joint Field Office (JFO). The chief goal of this exercise was
to establish the effectiveness, efficiency and operational value of
this systems information sharing processes from all levels of the
government. Other goals included identifying any gaps with the existing
information sharing procedures and protocols for the NOC and addressing
each of the DHS components' core mission competencies. Lessons learned
from the "Hurricane Ennis" exercise were documented and many changes
deemed critical were implemented prior to Tropical Storm Ernesto's
arrival. The information flow improvements were evident and had
positive effects during this real world Tropical Storm.
A functional exercise like this enabled DHS to apply real-time
emergency communications in a simulated environment. HSIN's
capabilities functioned as they were meant to-and ensure that during
crises, each State EOC has the means to communicate and collaborate
through site posting, threaded discussion, secure chat conference
rooms, or instant messaging with the Joint Field Office (JFO), FEMA's
Regional Response Coordination Center (RRCC) and National Response
Coordination Center (NRCC), and DHS's National Operations Center (NOC).
Also, it is important to note that these capabilities allow for inter
and intra-state collaboration during crises.
Just as important as having functional, efficient communications
during Federal hurricane response efforts, is having staff that can
easily use HSIN. To ensure that, specialized DHS teams have trained
personnel in HSIN use at the NRCC, the RRCCs, JFOs, Federal Departments
and Agencies with Emergency Support Function (ESF) roles, NORTHCOM,
various Federal operations centers including the Department of Energy,
the Department of Health and Human Services, the National Guard Bureau
and the White House Situation Room.
Better Communicating with the User Community
In an effort to better communicate with the State user community,
we have taken a number of steps including holding educational
conferences and updating reference materials. For example, we held a
User's Working Group meeting in February 2006 at the Pennsylvania
Emergency Management Agency facility in Harrisburg. This two-day
meeting was attended by multiple representatives from the initial eight
pilot States.
We are also scheduled to brief and demonstrate HSIN at the Fusing
the Fusion Centers conferences in September and October. The
conferences will be held on a regional basis, ensuring that officials
from the same regions meet, network, and discuss issues impacting their
area. Input and recommendations received at the conferences will be
compiled and shared with fusion center leaders and related Federal
agencies.
To further augment support materials available on the website, the
HSIN Team has updated the HSIN frequently asked questions document, the
fact sheet detailing the most recent changes in the program, and is
publishing monthly bulletins. These bulletins contain up-to-date
information on program activities and articles describing how HSIN is
being used to support day-to-day and special operations. These and
other materials will help ensure that users better understand the HSIN
mission and have the most current materials at their fingertips.
In addition to the conferences, three meetings have been held with
HSIN State and local community representatives and HSIN briefings have
been provided to the Major Cities Chiefs, the International Association
of Police Chiefs, and the National Sheriffs' Association.
Upgrading the System
HSIN is currently introducing a series of infrastructure upgrades
that will improve the system's speed, reliability and capability. These
upgrades will increase user capacity and operational ease as well as
the system's responsiveness. For example, the user interface has been
improved to permit single sign on to all communities of interest on all
national and state websites. All communities of interest sites have
been given a common look and feel, and the nomination and validation of
new users have been simplified and made expedient. Additionally, to
ensure system availability, DHS has implemented a survivable
infrastructure, using two geographically dispersed systems. Hopefully
this configuration change will be fully implemented by first quarter FY
07.
The newest capability on HSIN is the National Operations Center's
Common Operating Picture (COP). Eventually, the COP will provide all
HSIN users nationwide with the capability to view and share critical
information from a common operating database for crises and significant
events. This means that officials in various parts of the Federal
government and across the country can share situational understanding
and make informed decisions on such topics as asset deployment and
evacuation, in addition to just monitoring a situation.
The COP development is an incremental build that was initially
focused on this hurricane season. Thus, current access to the COP has
been prioritized at the Federal level while ongoing training efforts
have reached into FEMA's Regional Response Coordination Centers and the
Joint Field Office in Louisiana. The intent is to provide COP access
and training to all partners at the Federal, State, local, tribal, and
private sector nationwide. HSIN/COP was recently fully accredited--
meaning adequate security controls are in place.
Though these upgrades are vital, the underpinning for system
improvement is the hiring of a HSIN Program Manager. As related in our
response to the IG report and earlier here, the importance of the
programmatic responsibility of HSIN will be elevated. The Program
Manager, working with end users, will ensure that performance metrics
are established and instituted. The Program Manager will engage all
HSIN stakeholder groups to assess deficiencies in training materials
and SOPs and ensure that adequate training materials and support are
available to optimize the effective operation of this system. This
person will ensure that HSIN development becomes a fully collaborative
process among other Federal, State, local and tribal partners and is
consistent with the Information Sharing Environment required by the
Intelligence Reform and Terrorism Prevention Act. The efforts of the
HSIN Program Manager will include:
� Aligning DHS and National Operation Center (NOC) missions
� Coordinating the approach to Federal, State, and local
stakeholders and partners centering on increased engagement
� Providing stakeholder-specific SOPs, CONOPs and educational
information to HSIN users
� Coordinating the HSIN Advisory Committee to obtain increased
stakeholder advice
� Using earned value management (EVM) measurements to determine the
effectiveness and use of HSIN information sharing and collaboration.
� Having daily interaction with other DHS and Federal agencies to
share leads to ensure the unified delivery and exchange of information
among our partners.
Conclusion
Mr. Chairman, be assured that DHS is committed to ensuring that all
viable recommendations on system improvement are elevated and acted
upon and that the needs of the end user are met. We will continue to
work together with all partners to ensure we have the best system
possible.
The IG's report has been helpful in identifying areas of needed
improvement and, as noted earlier, efforts are underway to address the
issues raised.
I would hope that you continue to have a desire to learn more about
HSIN and DHS's other information sharing efforts. If your time allows,
we would enjoy the opportunity to host a visit by this Subcommittee and
staff to the NOC to learn more about HSIN in a "hands on" manner.
Thank you for this opportunity to testify today and I look forward
to answering your questions.
Mr. Simmons. Thank you for that testimony.
And the noise that you have heard is the call for votes. So
I would like to at least get one or two questions in?maybe we
can get several more?before we have to break.
I would like to take the liberty of referring to a
subsequent testimony of the second panel by Mr. Hay.
Is he here today, by any chance? Yes, thank you.
He makes the comment, ``Can the public sector truly engage
all the resources available by the private sector before,
during and after a disaster?'' And then he says, ``The short
answer is an emphatic no. The public sector has approximately
750,000 personnel. The private sector has over 2 million
private security professionals,'' et cetera, et cetera. And
then he says, ``The government?DHS, FBI, DNI?are still not yet
aware of the enormous potential for intelligence and
information sharing via the private sector.''
I make those references in advance to going back to your
testimony, Mr. Allen, where, on page 7, you talk about secure
connectivity being essential and moving aggressively toward a
more robust, Secret-level classified communications network
system. And then you refer also to extending Secret clearances
to those within the system.
And what I am looking at here, and my questions is, that we
have this fundamental problem. We have a Homeland Security
Information Network that needs to be improved. It seems to me,
Mr. Allen, that part and parcel of your improvements go to the
issue of making it more secure and getting more clearances for
people in the system. And we know how difficult that is, since
the clearance process is bogged down by almost a year.
In contrast to that is testimony from one of our other
witnesses saying, ``Hey, there is a whole world of folks out
there, eyes in the field, boots on the ground, ears in the
community, that aren't going to have those Secret clearances,
that are not connected into this system.''
And so, my question to all three of you is, you know, which
model are we following here? And which model is going to work
best over the long term?
You know I am an advocate of open-source intelligence. You
know I am an advocate for that sort of approach to these
issues. But it does seem to me that we have got a fundamental
disconnect here that is worth exploring.
Mr. Allen. Mr. Chairman, I think you asked, as usual, very
tough and candid questions.
First, on the outreach?and we will get to the open source
as a second part?but on the outreach at the classified level to
both state and local governments, we are actually getting a lot
of clearances.
My own office has taken on significant responsibility to
clear people in police departments, fusion centers. We are
doing it on a regular basis. I cleared 50 officers alone for
New York City, which is a phenomenal increase, an exponential
increase. We are doing it around the country: Las Vegas,
California.
We are also working very closely with the infrastructure
protection side of DHS, with George Foresman's side of the
organization. And we find, and not surprisingly given your
experience in intelligence, that many of the people in the
private sector not only have Secret clearances, they have Top-
Secret SCI clearances.
And as a result, many of the people with whom we deal and
interact at the sector level, they not only receive our Secret-
level products and read them, but they are briefed regularly.
We bring the sector leaders in. So we are working very hard to
ensure that the information flows out.
We are also trying to get sensitive communications out to
certain sectors on a very select basis, where we know that
secure communications with leaders in the private sector will
benefit the security of the country. This is something I don't
advertise, but I am doing it. And it is unique; it has not been
done previously. But we are giving some of these secure
communications to key people in the private sector who have
huge responsibilities. And I would prefer not to mention them
in an open session. I would be happy to talk to you offline.
On the second question, getting the information from the
local level?and open source is clearly an area where we must do
better. And I developed and will be presenting to you later
this year our open-source approach to this.
But at the same time, by putting our officers down into
each of the state and local government fusion centers?38 of
them, by the end of fiscal year 2008?there is going to be a lot
of culling and sending of information at that local level and
getting it to the federal level. Because we want to get all
that information that is a suspicious nature. Some of it seems
suspicious and is not, but we need to cull and filter and bring
that information back to the state level.
A lot of information already flows in through the HSIN
network from the state and local government, as well.
Mr. Simmons. Thank you. This is an issue that I think we
will pursue in subsequent questioning.
Ms. Lofgren?
Ms. Lofgren. Mr. Deffer, earlier this summer we learned
that the Secure Flight Program, which we were told cost $120
million, was, due to planning and I would say mismanagement,
grounded or, in the words they said, rebaselined.
And last year we learned that the Homeland Secure Data
Network, a $337 million program, was rushed and ``that the
speeded-up schedule prevented the department from completing
critical system development requirements.''
Now we find that this $50 million computer network
basically is junk.
What is going on over there, in terms of planning and
development of these information systems?
Mr. Deffer. Well, part of it is?and we talk about this in
our report?there was a rush to get something done. So when that
happens?
Ms. Lofgren. But this isn't the first time. I mean?
Mr. Deffer. It is not the first time, and it is, you know?I
have been looking at this for 22 years. I was at GAO, and I
looked at the systems over and over again. And it gets
repeated, and for some reason sometimes in government they just
don't get it, and they try to rush things through and don't
follow the disciplined processes that?you know, laws were
established for you to follow certain ways to get things done:
identify requirements, develop an architecture, and bring it
together into a system that works.
And in some cases they do it well; in some cases they
don't. I think, in this case, they?
Ms. Lofgren. Well, we haven't learned about a case where
they have done it well yet, although we would like to.
Mr. Deffer. I can't think of one off the top of my head.
[Laughter.]
But it is a constant problem in the federal government. And
the answer, it comes from OMB and the Hill to force the
agencies to follow these disciplined processes and to get it
done.
Ms. Lofgren. On the JRIES system, about a year ago we were
told that the JRIES executive board had just broken off
discussions with DHS, and they really terminated the effort to
assimilate JRIES into the Homeland Security Information
Network.
Now, I understand?I would like to know if you know whether
this is true?that the JRIES executive board wanted to limit who
would have access to HSIN because they had concerns about non-
law enforcement access, possible misuse of HSIN, possibility of
security breaches, privacy violations, as well as user
confusion, and that the department really wanted broad use.
And that, in reaction, the JRIES executive board is now, I
guess, marketing, if that is the right word, a JRIES-2 concept
for virtual intelligence analytical unit that only trusted law
enforcement officers would have.
Isn't that kind of a major blow to what DHS has been trying
to do? Where does this put our efforts?
Mr. Deffer. It is. You are right, there is a dustup between
the JRIES executive board and operations coordination. And the
executive board pulled out of it because they were concerned
about expanding it too quickly to law enforcement and not
putting security controls in place.
And I have heard about this JRIES-2. I am not exactly sure
where it is going. But it is troubling, because, again, it
establishes another system out there for someone else to use.
And I think the whole idea of HSIN is to have a one-stop
shopping, one place where people can go to get the information
they need to do their mission in homeland security. So it is
troublesome.
Ms. Lofgren. I wonder if Mr. Allen and Mr. Rufe could
comment on that, if you are able.
Mr. Allen. I would like to comment, but Admiral Rufe should
comment first.
Ms. Lofgren. Okay.
Admiral Rufe. Okay. Thank you. Yes, we were disappointed
that it didn't work out with JRIES, as well, but it was for a
variety of reasons.
We proposed an MOU with JRIES, and there were some
statutory requirements that we were obligated to fulfill,
including the Anti-Deficiency Act, Homeland Security Act, and
they were unwilling to accept those limitations that we had
statutorily.
I should point out, as well, that JRIES is a good system,
but it is a single-use system; it is a law enforcement system.
And it is relatively limited in terms of the users that it can
take on. Now, maybe the second level will allow them to take on
more users.
But we were obligated to put together a system that was
nationwide in nature; was open to a wide variety of users; and
could also accommodate not just law enforcement but emergency
management, carrying of other types of information. It is a
much broader and substantial system than JRIES was able to
accommodate.
Mr. Allen. Yes, Congresswoman, I want to strongly
support?and I think Admiral Rufe has truly answered your
question. It is a much broader capability.
I believe the way this was handled was not at all
effective, the way the JRIES-HSIN dispute grew up. And I think
that has occurred; should have been handled much better.
I do believe that for getting information down and building
a strong system for intelligence sharing at the sensitive-but-
unclassified level, which will meet some of the law enforcement
officials' capabilities, will be this experiment I am running
with HSIN-Intel. This intel portal directly off of HSIN I think
will prove to be a great success.
Ms. Lofgren. If I could just do a quick follow-up, Mr.
Chairman, and I know then we have to go vote, but the concern I
have and what we have been advised is that law enforcement
officials that have been interviewed by the I.G. just don't
trust the system. They don't think that the system is secure
and that their sources will be protected, privacy data will be
secured.
And if that is the case, what I see is not one?I mean, if
you can't give that level of security, you end up with what the
I.G. is reporting now not being used?that will be used and the
inability to actually fuse, as is your vision.
So what is the answer to that, Mr. Deffer?
Mr. Deffer. Well, first of all, the technology is there to
make this work. This is not an issue of, ``Do we have the
system? Do we have the software?'' This is Web-based, and you
can secure that. And so, that has to be pointed out to the
JRIES executive board.
And down the road, I think they need to be brought back
into the fold. It is people and process. You have people
involved; they have didn't views of how to do this. And then
you have processes that are not real clear about how to share
information.
You have got to, sort of, get them all on the same sheet of
music, as to what HSIN is for and explain that it is going to
be more than law enforcement, but that law enforcement case
information will be protected. And that can be done with
current technology.
Mr. Allen. Let me just add to that. Admiral Rufe and I and
Secretary Chertoff recently met with six of the major city
police chiefs. We are rolling out a new agreement with those
police chiefs by the 1st of October, and a great deal of the
emphasis was just on the point you made: the need for a trusted
relationship between Homeland Security and the chiefs of police
and for good, strong, secure, sensitive-but-unclassified
networks that will protect law enforcement information. We are
very sensitive to this.
Mr. Simmons. We are about out of time to go vote.
Ms. Lofgren. Yes.
Mr. Simmons. I would ask the ranking member if she wishes
to address additional questions to the panel on our return.
Ms. Lofgren. I think, in view of the time and the fact that
we want them to be working on this, we should go to the second
panel and submit whatever questions further we have in writing.
Mr. Simmons. That being the case, we release the panel. We
go on about a 20-minute recess. If folks want to get a cup of
coffee or whatever, feel free. And we should be back here by
2:10.
The subcommittee stands in recess.
[Recess.]
Mr. Simmons. The subcommittee will come to order.
We are now pleased to have the second panel.
And we have with us here today Captain Charles Rapp,
director of the Maryland Coordination and Analysis Center, or
MCAC if you like the acronyms. He achieved the rank of captain
in 1998, was assigned to command the Towson precinct, which
houses the county seat and many government buildings. He was
detailed in March of 2006 as the director of the MCAC, where he
now oversees the fusion center and its components.
Good to have you hear, Captain.
We also have Mr. Ian Hay, president of the Southeast
Emergency Response Network Interim Governance. He was elected
by his private-sector constituents to his current position. The
Southeast Emergency Response Network is the southeastern
component of the joint DHS-FBI Homeland Security Information
Network-Critical Infrastructure Program. It is headquartered in
Atlanta, and the network covers one of the largest FEMA
regions, with a population of approximately 51 million people.
Additionally, we have Ms. Maureen Baginski, director,
BearingPoint Intelligence Sector. She has 27 years of service
in the United States intelligence community and served from
2003 to 2005 as the FBI's executive assistant director for
intelligence, where she was responsible for establishing and
managing the FBI's first ever intelligence program, including
technology acquisition and workforce development.
She is the recipient of two Presidential Rank Awards; two
director of CIA national achievement medals; the director of
military intelligence leadership award; the National Security
Agency's exceptional civilian service award; and the first ever
recipient of the National Security Agency's outstanding
leadership award, an award voted on and bestowed by the NSA
workforce. Very impressive.
Why don't we start with you, Captain Rapp?
STATEMENT OF CAPTAIN CHARLES W. RAPP, DIRECTOR, MARYLAND
COORDINATION AND ANALYSIS CENTER
Mr. Rapp. Thank you, Chairman Simmons.
Chairman Simmons, members of the subcommittee?
Mr. Simmons. And I should mention that we will have a
timer, so if?we have your statement; if you want to summarize,
we can get into questions.
Mr. Rapp. I thank you for inviting me here today. I am
Captain Charles Rapp, currently serving as the director of the
Maryland Coordination and Analysis Center, as you referred to
as MCAC.
MCAC is an intelligence fusion center that merges federal,
state and local resources from 16 different agencies. The
center serves a dual function in gathering information through
a 24-hour Watch Section and analyzing that information in our
Strategic Analytic Section to produce actionable intelligence.
The Watch Section takes tips from a toll-free number and
logs those tips in one of several databases depending on the
nature of the information. They might also contact the Joint
Terrorism Task Force directly if they need to have the tip
acted upon immediately.
They also act as Maryland's liaison with the
Counterterrorism Watch and the National Operations Center, as
well as other fusion centers. In addition, they monitor federal
and state databases and public news sources to identify
emerging issues that may affect Maryland.
The Strategic Analytic Section staff is from a variety of
federal, state and local agencies, as well. They are
responsible for analyzing data, interacting with analysts in
other fusion centers, and producing comprehensive and reliable
intelligence bulletins and threat assessments.
Two of the analysts in the section are tasked with
coordinating and analyzing data regarding the national capital
region, which keeps us connected to this Urban Area Security
Initiative.
Maryland has developed the MCAC to be the conduit through
which all critical intelligence information passes to public
safety agencies in the state. To consolidate functions, we have
centralized the location that agencies can contact to gather
information from multiple sources. This allows law-enforcement
officers to receive information from multiple databases with
one call while remaining focused on their safety and
eliminating multiple requests.
It can provide fire services and other agencies information
before arriving on a scene so they are better prepared for an
event, minimizing the intrusion into personal contacts while
safeguarding individual rights.
The Department of Homeland Security has participated in our
center, providing the protective security adviser who has been
invaluable in navigating some of the intricacies of the DHS
system. This position has helped us develop pathways for
information flow for many of our critical infrastructure
segments. The private sector has many key elements that must be
included in any plans to safeguard communities.
Secondarily, assigning a DHS part-time analyst to our
center has added depth to our operation and availed our center
of information and training that has proved beneficial.
Information sharing on the federal level has improved
dramatically over the past several years. There has been a
noticeable surge in the volume and quality of intelligence
exchanged. The joint collaboration of federal, state and local
resources in the fusion center has led to the unprecedented
sharing of information.
Fusion centers have fostered the human factors that play a
crucial function in information sharing. Knowing the
appropriate people to contact and having an established
relationship with that person is still one of the most
effective ways to share information.
This concept has also created some challenges for us.
Federal agencies have also begun to centralize their core
information functions into consolidated points. From a state
fusion center standpoint, this has created problems in
contacting multiple centers and monitoring their databases for
information. In some cases, the information reported is
redundant, appearing multiple times in several databases. Often
it is not accompanied by analysis and frequently is not timely.
Another challenge has been the classification issue. As I
am sure you are aware, classified information is often
difficult to sanitize and still remain useful. Information that
has been sanitized to the point that it can be shared has often
lost its ability to be actionable. In addition, it appears
that, many times, information is unnecessarily classified with
no clear reason.
Another significant challenge is the lack of a universal
handling system. Handling caveats are interpreted differently
by many agencies. This is another value of the fusion process,
which minimizes the number of handlers of information and
allows the fusion centers to interpret caveats and then
distribute information to those who have a need to know.
Fusion centers should become the focal point in each
location for the sharing of information and disseminating it to
their community. Currently the director of the Governor's
Office of Homeland Security receives most of the critical
alerts from DHS. While it is important that they have the
information, the fusion centers should also be notified by DHS
concurrently.
Secondarily, federal agencies need to recognize that fusion
centers have valuable information that could benefit the
overall knowledge base. Information developed at the local
level can be analyzed and vetted best by those who are familiar
with the communities where the information originates.
The Homeland Security Information Network provides good
intelligence products for research. However, it does not seem
to be populated with current information that would be of
benefit to a fusion center.
DHS has recently contacted our center about installing a
new network referred to as HSDN. This could provide better
information and I hope will be a portal to other fusion
centers. One of the most important features of a network would
be to let fusion centers talk to each other in times of crisis
in a secure network.
A final challenge will be to develop training for fusion
centers. For analysts, this training would focus on the
intelligence cycle and the difference between typical crime
analysis and intelligence gathering and analysis. This is
critical to bring the mix of analysts assigned to fusion
centers and intelligence units to a common understanding of
function. This will enhance their abilities to communicate and
develop usable products that translate into actionable
intelligence.
In the future, I would look for other intelligence agencies
to streamline intelligence and share it by using the least
number of networks possible. Ideally one network would channel
all intelligence information from the federal agencies to the
state fusion centers.
We need to develop a universal lexicon for handling
caveats. In addition, we should make every effort to classify
information at the lowest level possible to maximize its value
and share it with a wider community. We also need to increase
the number of state and local leaders that have obtained
clearances. This would provide more informed leaders the
ability to make better decisions.
Finally, the sustainability of fusion centers needs to be
addressed at the federal and state levels. Relying on grant
funds is not a beneficial method of operating these valuable
centers. Long-term planning then becomes problematic.
I would like to conclude by noting that each of the fusion
centers I am familiar with have a unique structure tailored to
meet their state's needs. While they may be structured
differently, they need to be supported by all levels of our
government, because their functionality and value are critical
to our national security.
Thank you for allowing me to address you, and I welcome any
questions you have.
[The statement of Captain Rapp follows:]
Prepared Statement of Captain Charles W. Rapp
The Maryland Coordination and Analysis Center was launched in
November 2003. The Anti-Terrorism Advisory Council Executive Board
(ATAC) acts as the policy oversight body for the center. The center
involves the resources of federal, state and local entities. With the
policy oversight and leadership of the ATAC Executive Board, the center
was designed to have a structured organization that was not controlled
by any one agency. That is why I sit before you as a detailee from a
local police agency, currently serving as the Director of Maryland's
Intelligence fusion center. The center serves a dual function in
gathering information as well as analyzing that information to produce
actionable intelligence.
In Maryland this function is carried out as follows.Our center is
divided into two sections. The Watch Section is a 24 hour, seven -day-
a- week function where tips and other information are tracked. This
section is commanded by a Lieutenant from the Maryland State Police and
consists of 21 personnel from 16 different agencies. The center
operates two toll-free lines designed to solicit reports of any
suspicious activity which may involve a terrorist or criminal threat.
The Watch Section logs the tips, and attempts to determine if they are
valid. Information and tips are entered into databases for follow up by
the Joint Terrorism Task Force (JTTF) or by the appropriate agency.
Information involving possible links to terrorism that require
immediate investigation are sent to the JTTF, by contacting a
supervisor who will then assign a task force member for immediate
response and investigation. MCAC also may communicate directly with the
Terrorist Screening Center and pass information to officers on the
street. This allows the street officers to focus on their safety while
we research the issue they contacted us about.
A second function of the Watch Section is to monitor information
networks and public sources in order to track events that may be
occurring. When the events may possibly have an impact on Maryland or
its infrastructure, the Watch Section personnel notify management of
the center and senior leaders on the ATAC. This allows us to begin
planning for the events impact on Maryland and alerting resources to
mobilize for the event if necessary. Examples of some of the
information networks monitored are Joint Regional Information Exchange
System (JRIES), Homeland Security Information Network (HSIN), Regional
Information Sharing System (RISS), public news sources and other sites
that may be prudent to the nature of the event(s) that are occurring.
The second section of the center is the Strategic Analytic Section
(SAS). This section is commanded by a SSA assigned to the FBI. The SSA
has responsibility for the analysts in this section as well as the
analysts in the Field Intelligence Group (FIG) for the FBI. The SAS
section is staffed by analysts from the FBI, State, Local and National
Guard agencies. In addition, two of the analysts funded by the Urban
Area Security Initiative (UASI) are assigned to coordinate data
regarding the National Capital Region. The analysts review many
products and information sources and interact with analysts in other
fusion centers to provide comprehensive and reliable intelligence
bulletins and threat assessments. These products are then formatted for
the appropriate audience. As one innovation they have developed
products that have been abridged for time-restricted briefings such as
law enforcement roll calls.
Maryland has developed the fusion center to be the conduit through
which all critical intelligence information passes to public safety
agencies in the state. To consolidate functions, we have developed as a
central location that agencies can contact to gather information from
multiple sources with one contact. This allows public safety officers
to develop information from numerous databases while they remain
focused on their safety without having to make multiple requests. It
can provide the fire service and other agencies information before
arriving on a scene so they are better prepared for the event. And it
minimizes the intrusion into personal contacts while safeguarding
rights.
The joint collaboration of federal, state and local resources in
the fusion center has led to the unprecedented sharing of information.
The development of the fusion centers model is an ideal organization
for the collection and dissemination of intelligence. In an effort to
expand this model on a national scale, many agencies have centralized
their core information functions into a consolidated point. This
centralized center collects and distributes this information to its
partners for their use. From a state-wide fusion center standpoint, our
problem is monitoring all of these national centers and their
intelligence dissemination. In some cases the information is redundant,
reported multiple times by different networks. In many cases the
information is not accompanied by analysis. In other instances the
information is not timely and its value is diminished proportionately.
Another problem with the sharing of information has been the
classification issue. As I am sure you are aware, classified
information is often difficult to cleanse and still remain useful and
be disseminated to those who need it. It appears that many times
information is unnecessarily classified with no clear reason. However,
information classified at any level is useless if it cannot be shared
with those who have a need to know and can take action based on it's
contents. Information that has been cleansed to the point that it can
be shared has often lost its ability to be actionable.
Another significant problem is the lack of a universal
classification system for information not classified by statute. When
dealing with agencies at every level it is not uncommon to find that
different classification terms have different meanings to different
agencies. The classification terms need to be standardized for clarity
and efficiency.Clearly, this is one value of a fusion center to
interpret the meaning of these classifications and properly disseminate
the information to those who have a need to know.
Information sharing on the federal level has developed dramatically
over the past several years. There has been a noticeable surge in the
volume and quality of intelligence exchanged. The Department of
Homeland Security's Homeland Security Information Network (HSIN) posts
information that can be used by analysts and provides other links to
obtain more in depth information from sources. It is an information
network that could also service a number of communities when a critical
event is occurring. Currently, the system does not seem to be populated
with information on a timely basis. Most of the information obtained
from HSIN is historical and usually is posted too late to be of benefit
to a fusion center. Homeland Security also uses the HSIN-S system which
my center does not have access too at this time. This system contains
information that may be developed and used at the secret level. My
understanding is that these systems are currently being combined into
one system that will provide a better linkage for information sharing.
We are currently engaged in talks with DHS to have the HSDN system
installed in our fusion center. However, it is my understanding that
only DHS analysts will have access to the system at this time. When the
DHS analysts are not present, this will present a problem. I encourage
DHS to allow access by appropriately cleared fusion center personnel as
soon as possible.
From the standpoint of my fusion center, I would encourage future
databases to be housed under one system. Consolidating information and
having fusion center personnel enter as few systems as possible to
elicit information making sharing of information more efficient. This
also provides the fusion centers a centralized location to report
information. This would allow state fusion centers to be responsible
for the dissemination of information to the proper consumers and make
the dissemination more timely and responsive to community needs.
Fusion centers should become the focal point in each location for
the sharing of information and for disseminating it to their consumers.
Currently, the State Homeland Security Advisor receives most of the
critical alerts from DHS. While it is important that they have the
information, the fusion centers should also be notified by DHS
concurrently. In addition, fusion centers need to have connectivity to
talk freely and share information and resources. This may be a benefit
of a joint information network, possibly a product of HSDN. They also
need to build a solid relationship and sharing protocol so in times of
crisis, a timely free flow of information will occur. In times of
crisis, this information flow from fusion center to fusion center will
be critical.
The flow of information also needs to work in the reverse. As
fusion centers mature information must flow in both directions. Federal
agencies need to recognize that local and state agencies have valuable
information that could benefit the overall knowledge base. Information
developed at the local level can be analyzed and vetted best by those
who are familiar with the communities where the information originates.
The information can then be sent through the state center to the
national center(s). This allows the national center to review the
information in the context of the national and international arenas and
determine if the information ties into any broad threats that may
require action.
Another advantage of fusion centers and the expansion of
information sharing has been the personal relationships between local,
state and federal employees. Knowing the appropriate person to contact
and having an established relationship with that person is still one of
the best ways to facilitate the flow of information. And by developing
the human interaction, many of the problems associated with a system
that lacked credibility are now being bridged. Even in our age of
technology, this is still one of the most reliable methods of building
solid information links that lead to reliable, actionable intelligence.
Two other programs from DHS have been very beneficial to our center
as well. One is the Protective Service Advisor who has been invaluable
in navigating some of the intricacies of the DHS infrastructure. This
position has also helped us develop pathways for information flow from
many of our critical infrastructure segments. The private sector has
many key elements that must be included in any plan to safeguard
communities. Likewise, the information they collect and use can be very
beneficial in designing overall threat plans. The second has been the
assignment of a DHS analyst to our SAS section. While part-time at this
point, this analyst has added depth to our operation and has availed
our center of information and training that has proved beneficial. In
addition to any information sharing systems, these types of linkages
are essential to develop working relationships among agencies. These
important roles also work to bridge the gaps between federal and local
partnerships.
Another critical area for state and local centers is the
development of training for analysts and for managers that run fusion
centers and intelligence units. For analysts the training would focus
on the intelligence cycle and the difference between typical crime
analysis and intelligence gathering and analysis. This is critical to
bring the mix of analysts assigned to fusion centers and intelligence
units to a common understanding of functions. This should also enhance
their abilities to communicate and develop usable products that
translate into actionable intelligence. For managers, training should
allow for an increased understanding of the role of intelligence, the
need to know, and to minimize conflicts in information sharing.
In the future, I would look for DHS and other intelligence agencies
to find a way to coordinate intelligence sharing by combining
information into the least number of networks as possible. Also in
limiting the number of national intelligence centers. Then developing a
national system of classification that allows for the maximum
dissemination of intelligence to the lowest levels possible. This
national system should provide for a universal classification lexicon
for information. In short, not only do we need to be on the same page,
but speaking the same language. We should also increase the number of
state and local leaders that have obtained clearances this will allow
more leaders the ability to share information at the classified levels.
Leaders at all levels need to be comfortable with their decisions when
addressing potential threats, but under the current system, the tear
lines sometimes do not contain sufficient information to make an
informed decision. Often these decisions involve significant
disruptions of community activities and the communities demand reasons
for the decisions. Often these reasons cannot be shared in detail, but
local leaders need to be confident with the information used to make a
decision, because they are frequently asked to defend them.
Additionally, the sustainability of the fusion centers needs to be
addressed at the federal and state levels. Relying on grant funds is
not a beneficial method of operating these valuable centers. Long-term
planning becomes problematic. Turnover of personnel increases training
costs and impacts experience levels. Leadership changes can have an
enduring detrimental impact on centers particularly in the early stages
of development. These issues must be addressed to insure that these
centers will thrive and provide integrated layers of security for our
country.
I would like to conclude by noting that each of the fusion centers
I am familiar with have a unique structure tailored to meet their
state's needs. While they may be structured differently, they need to
be supported by all levels of our government because their
functionality and value are critical to our national security.
Thank you for allowing me to address you and I welcome any
questions you have.
Mr. Simmons. I thank you for that testimony
Mr. Hay?
STATEMENT OF MR. IAN M. HAY, PRESIDENT, SOUTHEAST EMERGENCY
RESPONSE NETWORK (SEERN) INTERIM GOVERNANCE
Mr. Hay. Thank you, Mr. Chairman and Ranking Member
Lofgren. I want to thank you for your invitation today, as it
is both an honor and a privilege, especially given this
subject.
And I would also respectfully request that my written
testimony be submitted into the record.
Mr. Simmons. Without objection. It is long, with a lot of
interesting quotes. I don't know how you are going to summarize
it, but do your best.
[Laughter.]
Mr. Hay. Well, I will endeavor to be brief.
Mr. Simmons. Okay.
Mr. Hay. And so, since you already know about SEERN, let me
begin with my task here this afternoon. And that is that we
simply cannot tolerate a ``have'' and ``have not'' homeland
security world. It can't be fee-based. It can't be some club
that we join that you get better information than if you are a
general member of the private sector.
We need one system. We need one system that the federal
government uses to communicate with the private sector.
And thirdly, we need the leadership, we need the president,
Secretary Chertoff and FBI Director Mueller to stand up at one
podium and say, ``This is the system we are going to use for
communicating between the government and the private sector.''
So we need to engage the private sector, as you mentioned
earlier, Mr. Chairman, because it is almost three times more
likely to see the street-level terrorists. Further, in Atlanta,
we learned that their incident reporting is typically 10 to 15
minutes ahead of first responders'.
How are we going to do this? Well, state and local is the
answer. We have to establish the preeminence of the state and
local relationship, ideally I hope through the state fusion
center.
We need to facilitate that understanding of critical
infrastructure and its potential loss and economic impact, in
that case.
Third, we need to create self-sufficiency. By driving it
through the state and local, we will avoid another Katrina,
because the people who are there are going to be the ones who
have to deal with the situation.
So, moving on to the HSIN-CI background, I think there is
really little I need to say here. The I.G.'s report says it
all. We had very similar experiences.
And on June 30th, we completely changed the rules on our
customers. We took what was largely a push and quiet network
and turned it into a login portal with the new
technology?something our customers were not used to. They were
used to attached documents, not having to log in and get their
information. And that is why only 2,200 members have re-vetted
in that program. That is a disaster.
Second, we were promised early delivery. And, in reality,
we reviewed that product 7 days before its launch. Now, as a
former software salesman?and I hesitate to say this; I am not
trying to place blame?I think it is the entire contracting
system, the way the federal government does this, that caused
this problem. Because, as a software salesman, I never would
have let it happen.
I think, lastly, we were crippled by the volunteer
structure. There wasn't enough paid staff, and they simply
couldn't execute these great plans from the private-sector
leaders.
Specifically with regard to SEERN, you know, we had a
unique background. We were the first pilot established under
DHS Secret Service, as opposed to the FBI. We elected an
interim governance. The remaining programs, I think, were all
appointed. And sadly, we had three program managers in less
than a year. That was a real problem, in terms of continuity.
And also, DHS leadership, who came into town in
August?General Broderick, the entire brass, the national
governance leaders?came a year ago, and they have not returned
since. You know, Katrina is an obvious?I understand that it is
an obvious excuse as to why they couldn't come back. However,
we need them to return.
Finally I will close the SEERN experience with two
excruciating examples. One is Georgia's food and
agriculture?you know, they left their Food and Ag ISAC, their
Intelligence Sharing and Analysis Center, in an attempt to save
Georgia taxpayers some money. And what happened is its HSIN-CI
didn't live up to what they were promised.
And they still, to this day, have no tool in which to
communicate to that vital community. Now, with Georgia having
the number-one poultry-producing state in the nation, can you
imagine the impact of bird flu, avian flu, or even just simple
international trade?
Secondly, the Water and Waste Water organization is
completely fed up. They have recently considered disengaging
from the program and designing their own system.
So what is SEERN's vision? Well, SEERN's vision is that
even despite the program's stilted beginning, we honestly
believe that we have the right players in the room and that we
will be able to repair it.
I think, without fixing it, the nation will never develop
one clear and united common operating picture for the private
sector. Right now we have about 15, with different ISACs, trade
associations, et cetera. We need to have that one common
operating picture that the secretary is looking for.
And so, while I find it surreal to be making a request
before Congress for 10 items, I hope you will bear me out.
The first is, we need to establish a HSIN-CI oversight
committee and have the right people on it.
We need to request private-sector leadership and input. We
need to organize. Perhaps consider the FACA guidelines and,
above all, ensure geographic diversity from across the nation.
We need to select one technology and get the
administration's full support behind it.
I think we should strongly consider rebranding the program
as HSIN-Private Sector.
Fifth, we need a joint DHS-FBI announcement that this is
the one program, and begin to operate on that one sheet of
music.
Sixth, we should re-engage the private sector by securing
three contacts for each Fortune 1,000 company for that
database.
We should also recruit two points of contact from every
state, ideally from the state fusion center, and train them
adequately.
Eight is we need to resolve the issues with the DHS-FBI MOU
and really consider bringing the DNI to the table, as well.
Ninth, we need to let individual regions choose their
unique style of governance, and then let them develop
information products which best serve their constituencies.
Ten, we need to at least double the funding and recruit a
realistically sized staff, both in Washington, D.C., and in
each of the regions.
So, in conclusion, Article I comes first in the
Constitution for a reason, and we desperately need the members
to help us expand our capabilities and ideally reach out to
their constituencies. We need to fully engage the private
sector and remove this ``have'' and ``have not'' world. Let's
make state and local the answer, driving the program through
state fusion centers. And we really need that one system.
To borrow from General Washington, ``While I have not grown
blind in my nation's service, my beard is definitely more gray.
I am tired.''
We need more help. We simply must act quickly.
And in the immortal words of Sir Winston Churchill,
``Please give us the tools, and we will finish the job.''
And, Ranking Member Lofgren, I will say that I am not above
fishing in that sewer for the change that we might have lost.
Because I think we are all at the right table and we are moving
forward.
I sincerely thank you for your service to the nation and
your time and attention today.
[The statement of Mr. Hay follows:]
Prepared Statement of Mr. Ian M. Hay
Chairman Simmons, ranking member Lofgren and distinguished members
of the Subcommittee, I want to thank you for your invitation; as it is
both an honor and a privilege to be here today, especially so, given
the topic and the imminently pressing matter of our Nations' Homeland
Security. Testifying before Congress, has been a dream of mine that
truly solidified during my studies as a Government Major (now political
science) at Beloit College in Wisconsin.
I further appreciate the Subcommittee indulging the miniature State
flags of HSIN-CI SEERN (FEMA Region IV) during my testimony; as it is
paramount to me that we remain sharply focused upon who our
organization seeks to protect. As each of the Members is acutely aware,
heading into the final months of the election season, it is only
through the consent of the governed that we have the pleasure and honor
of serving our constituents.
I appear before you today because Critical Infrastructure (CI) is
life. . .And the clock is ticking.It is ticking against Critical
Infrastructure due to our enemies' determination and because we now
find ourselves fully into the 5 to 7 year operational time horizon in
which our enemy has historically executed their attacks. This is not to
be sensationalist in any form. I say this because it is excruciatingly
clear to me that if we fail to fully engage and integrate the private
sector into our Homeland Security operations; `we may fail to connect
the dots.' We may very well, inadvertently, miss a critical piece of
information which `might' just prevent the next disastrous attack.
For this reason, my goal here today, is to share some critical
insights into private sector information sharing, then shift to SEERN's
experience with the HSIN-CI program and then finally, turn to a ten
point section for some potential solutions; in the form of direct and
specific requests of the Subcommittee and the Federal Government.
As I begin to lay out this case, I realize full well, that if fail
to convince the Honorable Members of the true power of the private
sector, I will have failed to impart how the `eyes' of the private
sector generally see things that would turn the average intelligence
professional green with envy. I will have missed an opportunity to
describe the truly awesome nature and nearly endless resources the
private sector can bring to bear, in any given crisis.
In short, I will have failed to help secure that vital 85% Critical
Infrastructure, solely in the hands of the private sector; upon which
we depend for our daily lives.
No Infrastructure, No Economy. No Economy, No Government
Returning to my initial thesis, the fundamental miscalculation many
people make is not recognizing the role Critical Infrastructure plays
in our daily lives and our complete and total dependency upon it. That
is. . .until it is gone. Without power, we cannot operate the machines
and tools necessary to drive our economy. Without technology our
financial systems and telecommunications fall back to the dark ages.
Without fuel there is no transportation and, thus, no paycheck. And,
without potable water, there is no life.
An attack upon any one of these Critical Infrastructure sectors, is
likely just effective as an attack upon a soft target, such as a mall,
school or nightclub. I would further assert, that the Governors and
Mayors of our great States and Cities, have only had a small taste of
the potential impact on local economy, tourism and families that the
devastation would likely cause, if the infrastructure is disrupted
(perhaps with the exception of New York or those in the Katrina
region).
Aside from the obvious income factors of our constituents, why do
we care?
The `Have' and `Have Not' Worlds of Homeland Security
We care, because right now we have `two Homeland Security worlds'
in our country. One `have' and one `have not'. In the `have,' the
private sector must pay additional money, on top of their taxes, fees
and expenses that they already pay to remain compliant.
In the `have not,' they feel their taxes ought to be enough to
provide for their general security, and so they refuse to pay more
(potentially at their peril). Imagine for a moment, what the average
private sector organization must contemplate when it comes to security?
Should one pay $10,000 - $15,000 in order to become part of a `sector
specific' Information Sharing and Analysis Center or (ISAC)?
Or, perhaps, that same money would be better spent by hiring a
security director, either from, or well connected to, law enforcement,
the military, Homeland Security or the Intelligence Community? Or,
rather still, should they spend that same money, on a top flight
physical or operational security consultant? Tough, tough choices,
especially when the increasing cost of security whittles down
shareholder value.
This section could alternately be entitled, "The Over-Crowded
Marketplace: Private Sector Outreach, Alert Networks, Information
Sharing and Analysis Centers (ISACs) and Consultants."I mention this
because there are far, far too many options the private sector must
choose from, all of which generate more questions than answers.
The options for the average Security Director are truly dizzying
when you consider them. He or she must ask: "should I join an ISAC? Do
I need to become a member of trade organization, such as ASIS
International, Building Owners and Managers Association (BOMA), or
Business Executives for National Security (BENS)? Should they sign up
for a Regional Information Sharing System - Automated Trusted
Information Exchange (RISS-ATIX)?
Or perhaps, simply consider whether this `free' membership under
the HSIN-CI umbrella will cover all the bases and provide for all the
business needs? Before we move toward answering this vital question, I
beg the Members attention for one final point.
Private Sector--Our Greatest Asset
Can the public sector truly engage all the resources available from
the private sector before, during and after a disaster?
The short answer is an emphatic, `no.' It's simple math really, if
we accept that the country has roughly 750,000 law enforcement
personnel; and the private sector has roughly 2,100,000 private
security professionals (let alone, the number of security savvy
employees out there); we can calculate that the private sector is
almost three times (2.8 to be exact) more likely to interface with a
`street-level' terrorist than the average public sector agent or first-
responder is.
This math is further illustrated, by an exercise conducted in
Atlanta, last November called `Target Midtown,' a simulated attack upon
mass-transit. Within minutes of the Business Operations Center (BOC)
being 'stood up,' we quickly discovered that the private sector was
reporting street level movement and terrorist operations about ten to
fifteen minutes ahead of first responders. Further, they were doing so
from multiple vantage points via a variety of different communication
methods (mobile phone, two-way radio, email, text message, phone
camera, and instant messenger).
I specifically mention this because I fear that without fully
engaging the private sector in information sharing and Intelligence we
will categorically fail to find the next perpetrators in time, before
the next `Big Attack.' And this time, five years after 9/11, I fear the
numbers could be staggeringly larger than those already heavy losses
suffered on September 11, 2001.
The Government, DHS, FBI, and the DNI are still not yet aware of
the enormous potential for intelligence and information sharing via the
private sector. Therefore, we must encourage, develop and exercise
these capabilities if we ever hope to secure our Critical
Infrastructure from harm.
To finally bring this point home, I suggest the following example.
Imagine if you will, five city map puzzles with 100 pieces each:
Washington, New York, New Jersey, Philadelphia and Boston, all
scrambled together, 500 pieces. While there obviously exists, the
potential for `too many chefs in the kitchen,' which option would you
choose to solve the puzzle, if it were your loved ones directly
involved in the threat picture?
Would you prefer one or perhaps, two Top Secret cleared
intelligence analysts from inside the Beltway?
Or would you prefer five teams of three generalists from within the
actual local jurisdictions?
Realizing that this example is simplistic; the lesson is both
important and accurate. Because the private sector is able to see the
puzzle from more angles they can potentially solve the puzzle more
quickly. The problem still remains; however, that the private sector
may not know, or understand what the threat is and, thus, the completed
puzzle is almost worthless to them. They have no idea what to look for
within the puzzle.
I burden the Members with this mental exercise because it is simply
not enough just to stand up a piece of technology like (HSIN-CI) and
hope for the best. We have to organize the people within the
jurisdictions and teach our vetted membership what to look for, or we
will never `connect the dots in time.'
WILL HSIN-CI BE THE ANSWER?--THE HOMELAND SECURITY INFORMATION
NETWORK--CRITICAL INFRASTRUCTURE (HSIN-CI)
Local knowledge = Regional Strength = Homeland Security (HSIN-CI Motto)
In The End--State and Local is the Answer
The only way to avoid another disjointed response similar to
Hurricane Katrina; will be to drive this program via State and Local
Governments, primarily through the State Fusion Centers, ideally to
accomplish the following three things:
1. Create the preeminence of the State and Local relationship with
the local and regional Critical Infrastructure and its leaders.
2. Support working groups to facilitate a direct understanding of
Critical Infrastructure and the potential economic impact within the
State and Local jurisdictions.
3. Most important, develop a local self-sufficiency planning model.
In the event of a terrorist attack or natural disaster, each sector
will need to be mentally aware of what action steps and requirements
their respective sectors will have.
It is safe to say that it will be the State, Local, and Critical
Infrastructure players who will experience the brunt of the event. Our
job should be to ensure both parties (public and private) are fully
prepared and integrated within the local jurisdiction, before anything
happens or any kind of response is required.
A shining example of how important this concept of local operations
is; would be the use of the National Emergency Resource Registry (NERR)
during a disaster. If State and Local representatives are fully trained
on the NEER, they will have the power to search the database for
critical resources `within' their affected region by zip-code and find
their requirements, locally; ideally before FEMA needs to become
involved in the acquisition of resources `outside' the region.
Autonomous Local and Regional Governance
If State and Local is the answer, then prior to any technology
delivery, we must let each region chose how to organize their
Governance. Only the locals know the `lay of the land,' the
personalities, and, thus, should choose the Governing body to represent
them with assistance from program management.
SEERN's Unique Background
SEERN's original program manager, Craig Caldwell, took this
approach to heart and identified a group of almost 40 individuals drawn
from each of the 17 Critical Infrastructures local to Atlanta.He and
the original Infrastructure Advisory Panel (IAP), as it was named at
the time, called for nominations and held elections. These elections,
held May 20, 2005, resulted in an Officer corps of nine individuals to
represent the 3,000 plus members of SEERN, in an interim capacity for
two years; or until such time, as a region-wide election could be held.
As far as we are aware, SEERN is the only `active' region to date,
to hold such elections, as the other pilots' regional Officers have
been appointed by HSIN-CI program management.
Furthermore, SEERN is one of largest FEMA regions, with eight
contiguous States, six of which are hurricane prone. This means SEERN
must interface with eight separate State Governments while the average
regions are typically comprised by five or six. We must also keep in
mind that we have an extremely active region and we will likely require
more staff and resources to serve the members properly.
Lastly, despite our repeated requests, SEERN was never able to host
a full regional `All Hands' meeting, in order to bring key leaders from
across the region to help organize a more representative SEERN
Governance. We also were promised an `official launch' with a proper
announcement from the Secretary of DHS that never came to fruition.
That one single event would have boosted our outreach across the region
unlike any other initiative imaginable.
Continuity and Proximity of Program Management
SEERN was also the only pilot launched with a program manager from
DHS - United States Secret Service (USSS), as the other program
managers were drawn from the FBI. To date, SEERN has had a total of
three different program managers in less than one calendar year (One
from the USSS, and two from the FBI).
This is simply unacceptable. The lack of continuity in program
management has seriously stinted SEERN's growth and continues to erode
the support from the founding members who have invested a significant
amount of time developing the program. Regardless of what management
model we choose, we simply must get everyone on the same page and
moving in one direction (like Washington crossing the Delaware).
In late August of 2005 the DHS leadership and National Governance
Officers came to Atlanta and SEERN had one of the best Regional
Governance turnouts in our history. Since that time, DHS has not
returned in a year; and while the devastating impact of Hurricane
Katrina is a fair excuse, it is high time the leadership returned to
region, to get the program back on track. I honestly fear that we will
need to completely `re-sell' the program in order to avoid losing key
people.
Lastly, while there are certainly advantages to locating the HSIN-
CI National Program Office outside of the beltway, not having
representation or key staff close to DHS headquarters in Washington,
D.C. will continue to set the program up for failure. The DHS leaders
from the key areas: Operations Directorate, Private Sector Office,
Intelligence Analysis and the Office of State and Local need to meet
more regularly if we are to have any hope of developing and expanding
the program.
Governance - Are Volunteers The Answer?
A structure of pure volunteerism, unsupported by professional and
paid staff is critically flawed. Relying exclusively upon volunteers
meant only a few key leaders were doing all the heavy lifting, working
into the wee hours and simply could not dedicate the time necessary to
execute all the tasks that needed to be accomplished in a timely
fashion.
This is not to say there is no place in the program for volunteers;
however, any Governance model DHS leadership and program management
contemplates, really ought to be significantly more geographically
representative and should strongly consider using the Federal Advisory
Committee Act (FACA) standards to oversee its operation.
Finally, no matter the form or structure, the program Governance
simply must be adequately supported by program staff, in order to
accomplish the important mission of the program.
SEERN Continues to Lack Adequate Resources
From the beginning SEERN has consistently lacked sufficient
resources to conduct its operations and the vast majority of travel has
been `paid out of pocket,' by volunteers. And, these are but a few
examples. We consistently have to rely upon the generosity of the local
private and public sector for conference call bridges and meeting
space. After two long years, SEERN still has no printed promotional
material, business cards, etc., in which to conduct our vital outreach.
We have long made a joke in SEERN that HSIN-CI is one of the best
kept secrets both inside and outside the beltway. We have been stunned
by how few people are actually aware of the program, whose main source
of PR appears to be generated `virally' across the region and the
nation one person at a time.
Perhaps our greatest challenge is the vetting process for the 900+
`pending' members of SEERN, some of whom have waited in the `pending'
cue for more than a year. We neither had the resources, nor the time to
recruit a sufficient number of gate keepers, to keep up with the ever
increasing applicants. Further, the number of `pending' applicants was
so vast (nearly a one-third of the total SEERN membership), that the
backlog was honestly insurmountable without significant administrative
assistance.
Push Network Vs Login Portal - The New Technology
On June 30th, 2006 we changed the rules on our customers. What once
was a `quiet' and `push' network, overnight became a `login portal.'
This is not to say the portal is devoid of value, it has some
significant advantages such as a master calendar and some great
collaboration tools.
However, it is a question of what our membership base was
accustomed to. At no time did they ever have to `login' to get
information, as the previous technology `pushed' the information out
via email text and attached documents. If we are going to change the
rules, we need the time, resources and staff to help explain the new
approach and train the members on the new technology.
The `re-vetting' of the membership on the new ManTech system was
also a crippling issue as well. While we should always strive to ensure
any `imported' member is confirmed via the `double opt in' standard, we
simply cannot expect a senior executive to spend 25-30 minutes out of
their busy day, re-vetting their HSIN-CI account. We need to find a
faster and more robust solution, to safely vet and yet, still quickly
process our applicants.
Lastly, the Subcommittee needs to be aware that we were promised in
early 2006, that the technology would be ready and delivered early. The
truth was that we reviewed the technology only Seven days before we
were due to launch and go live with the new system. If this had been
the Space Shuttle, wouldn't we have tested it? Do we honestly think we
would have launched that vehicle under similar circumstances? Never.
Will `One Size Fits All' Information And Intelligence Products
Really Work For The Private Sector?
At least in Atlanta, SEERN was never able to get to the stage where
we could fully engage all the informational resources available to us,
particularly the strong intelligence component of the FBI's Field
Intelligence Groups (FIGS) or the local/regional State Fusion Centers
within our region.
Our hope, was to create new information products for our private
sector customers who have literally been forcing down same old `gruel,'
which arrives in the same form and has become even more diluted over
time, than the original IAIP Daily report we started with in 2004.
We must survey our membership and identify their needs. We need to
consider State by State and regional reporting, for those with narrow
requirements; as well as, multi-regional reports for those members who
have more broad responsibilities.
In short, we need to add some much needed substance to our morning
oatmeal. . .
DHS--FBI Memorandum Of Understanding (MOU)
I sincerely look forward to a day when DHS, DNI, and FBI have a
mutually binding MOU(s) to share information, resources, staff and
accountability. Only by getting these and other organizations on the
same sheet of music will we ever approach integrated Homeland Security.
With the exception of a few occasions, at almost at every turn, the
program has been forced to `stand down', while we waited for some
element of DHS or FBI to `buy into' the next stage of the program
before we could move forward.
We need to resolve this quickly, and the sooner the better. . .as
this `stop - start' approach will result failure and continue the lack
of trust felt by the private sector.
The True Cost of Failed Implementation
I'll close this middle section with two excruciating examples:
1. According to the current Food and Agriculture Representative to
Georgia's Homeland Security Task Force, their sector still continues to
wait for one national platform in which to communicate with their
constituency. This Administrator was told that SEERN HSIN-CI's Food and
Agriculture sector was going to come to fruition and provide their
organization with the same information as the Food and Agriculture
ISAC. In their attempt to be responsible and save the Georgia taxpayers
from paying for duplicate information, they ended their participation
in the ISAC. When HSIN-CI didn't live up to its promise, this group
lost critical information and still to this day, does not have one
centralized `tool' to communicate with their vital membership.
In the wake of a potential Avian Flu epidemic, or the impact a Food
or Agriculture event would have on daily international trade, this
situation is simply unacceptable.
This and other groups need one clearly recognized tool, with a
national platform provided by the federal government.
2. Anything short of a unified and well supported network brings us
to the second example. A Water and Waste Water organization, has become
so fed up with the successive delays of HSIN-CI; that they have
recently considered disengaging from the program and designing their
own system because they can no longer afford to wait for the Federal
government to get its act together.
This is a preposterous situation and simply must be resolved, or it
will continue to generate additional `incomplete' choices, in an
already over-crowed marketplace of alert network solutions.
SEERN's VISION--THE ROAD AHEAD--ABOVE ALL ELSE: ACTION!
Vision of SEERN
As the grotesque image of the World Trade Center falling into
Manhattan Island retreats into the rearview mirror of our
consciousness, SEERN has a sharp eye toward the future. Our focus is on
a day where we are more secure than ever because we did hard work
upfront. We strived to establish the best relationships and oversight.
We performed the hard labor of meeting, planning and integrating both
the public and private perspectives in our approach.
We will succeed where others have failed because we will have
exchanged business cards before the event even happens. We will move
stridently forward: Knowing we have access to the full `bench strength'
of the private sector; knowing we can build a robust alert network,
capable of reaching our vetted members by `any means necessary;'
knowing we deliver the best information possible, in a format our
private sector partners actually use and finally; knowing our partners
will in turn share what they observe and become that `x' factor
multiplier that helps the region and the nation develop one clear and
united Common Operating Picture (COP).
The Ten Requests
As we continue to move forward and identify the best solutions, I
respectfully request the Members of the Subcommittee consider the
following potential solutions:
1. Establish a DHS HSIN-CI oversight committee, Co-Chaired by
Director, Admiral Rufe, Homeland Security Operations Directorate, and
Al Martinez Fonts, Undersecretary, Private Sector Office. Further
comprise this committee with Chet Lunner, Office of State and Local,
and Charlie Allen, Undersecretary of Intelligence Analysis (and anyone
else the Subcommittee deems appropriate).
2. Request Private Sector leadership and input. Charge this
committee to create a Private Sector Advisory Board under the Federal
Advisory Committee Act (FACA) Guidelines. Find someone who is well
known and respected by both the public and private sectors alike to
head it. Be sure the committee finds individuals from each of the key
infrastructures and that this group is drawn with geographical
diversity from across the nation.
3. Select a technology. Whether it is the current ManTech software,
the previous vendor YHD, or even a different system, let's be sure it
works for our private sector members and then put our full support and
leadership behind it.
4. Consider a program name change and re-branding as `HSIN-Private
Sector.' It will become clear the private sector members something has
significantly changed and, yet still maintains the HSIN nomenclature
which the public sector has now become accustomed to.
5. Make the statement in the open and in the press that this is the
ONE system the Department of Homeland Security is going to use to
communicate with the private sector, period. Request that President
Bush, Secretary Chertoff and Director Muller jointly announce the
program and its important mission to the country themselves.
6. Secure three contacts from each Fortune 1000 company and enroll
them into a database. Let's commit to testing this databases efficacy
by December 13th, 2006.
7. Recruit at least two points of contact from each State in the
Region (ideally within the State Fusion Center or Homeland Security
Advisor) to be trained on the system and act as the direct local
conduit for the private sector.
8. Request that Secretary Chertoff and Director Muller (and or
their staffs) meet to identify the problems with the DHS - FBI MOU and
resolve them quickly. Perhaps consider bringing the Director of
National Intelligence to the table as well.
9. Let the individual regions choose their unique style of
Governance with some basic guidelines under FACA. Assist them with
developing information products which best serve their constituencies.
10. We need to double the funding and recruit a realistically sized
staff, both in Washington, D.C. and within each region. We'll need the
Members to get behind the program and directly help spread the word in
their respective districts to bring the public and private sectors
together.
Article I comes first in the Constitution for a reason; and we
desperately need the Members to help us expand out capabilities and
ideally, assist us by reaching out to their constituencies.
Conclusion
In conclusion, we need to fully engage the private sector and use
their sharp eyes to help us `connect the dots' and ferret out the
`would be' attackers before it happens.
We need to drive the program via State Fusion Centers ideally with
the help of individual Members from within their districts.
We need more resources, structure, and a heavy dose of commitment &
leadership from the administration. Without it, we are going to lose
significant participation and the whole program will have to be `re-
sold' at a later time, with a significantly greater cost.
While I have not grown blind, my beard has definitely grown grey in
my service to my country. . .In the immortal words of Sir Winston
Churchill: "Give us the tools and we will finish the job."
Chairman Simmons, ranking member Lofgren and distinguished Members
of the Subcommittee, this concludes my prepared remarks.
I sincerely thank you for your service to the nation and your time
and attention today. I will leave the Capitol today knowing each of the
Members will continue this vital and important work of the Subcommittee
and I would be delighted to take your questions.
Mr. Simmons. Thank you. We will look forward to the
questions.
Ms. Baginski?
STATEMENT OF MAUREEN BAGINSKI, DIRECTOR, INTELLIGENCE COMMUNITY
SECTOR, BEARINGPOINT
Ms. Baginski. Thank you. Chairman Simmons, Ranking Member
Lofgren and subcommittee members, thank you very much for
having me here today to talk about this very important issue of
information sharing and enabling technology.
As you said, Mr. Chairman, I do have 27 years of experience
working in the U.S. intelligence community, during that time
most recently at the FBI but also at the National Security
Agency for 25 years, where I ran signals intelligence. And I
both used and managed the development of a lot of information
technology systems, some that worked and some that didn't work.
So what I want to do today is give you some lessons learned
based on that experience that might be of value to all of us as
we move forward on this very important undertaking.
Access to the right information is a challenge that every
organization faces?public, private, every organization in the
world.
And I think it is important to remember that we don't share
information for the sake of sharing information. There is
actually a much more important reason we share it. And that is
to improve collective and individual decision-making and to
actually reduce decision-making cycle time for those who have
to actually act.
So the value of information and the information to be
shared, as my colleague have said, is in the eyes of the user,
not in the eyes of the producer.
And one of the things that we have learned, among the most
painful lessons I think we have all learned, is that
information doesn't come marked, ``Terrorism information,''
``Criminal information,'' ``Critical infrastructure
information.'' So it is incredibly important that the stewards
of that information, whether they be at the state or local
level or at the federal level, invest far more energy and time
in understanding the decision domain of those they want to
serve with information.
The decision-making domains of the people charged with
protecting the homeland are vast and they are different. And
users of information have to be able to tailor that information
to their specific decision-making domain.
And I will give you an example. A highly classified,
detailed, technical report on risin will be of use to certain
members of our community. But perhaps for the patrolmen on the
street, it is the unclassified picture of the castor bean plant
that gives the actionable intelligence that can be used in
their decision domain, in roll call, to enable their decision-
making.
So what we face are global threats. Information sharing is
about allowing us to be a network, so that each of us is
optimized in our ability to respond to the threat. The
information-sharing systems that we are developing are just a
means to achieving that end.
And as they achieve that end, they have three very
important jobs in defending the country. One is to protect the
country with the information they contain. The second is to
ensure that, in producing it and sharing it, they are
protecting the privacy rights of U.S. citizens and other rights
of U.S. citizens. And third, to ensure that taxpayer dollars
are spent responsibly in their development.
Now, what I just described, in terms of an information-
sharing system, where we can each customize the data to our
decision-making domain, is a very complex undertaking. It
actually requires components related to the organization, to
people, to processes, to technology, and to organizations
themselves. And yet, of all the components I just listed,
technology is the one that we always talk about. And technology
is rarely the reason that any information system fails to
deliver the promise that it initially made to the users.
Instead?and in my testimony I have given you examples of
places where this works?instead, really what information
systems and information-sharing success depends on are what I
think are six critical factors.
First, establishing a clear purpose and clear metrics for
measuring mission outcomes. Not volume of data, not number of
things posted, but what have we done to secure the nation as a
result of doing it.
Securing active sponsorship at all levels of leadership of
the organization.
Involving all stakeholders, particularly the user
community, in the development of the system.
Communicating required change in culture. And I know that
sounds like a very touchy-feely thing to say, but the
management of the change that information sharing requires of
all entities must be managed as carefully as the delivery and
development of the system itself.
Defining the business processes the system is supposed to
enable.
And having strong program management.
Those are six things. Information technology systems are
essentially, I say pejoratively, dumb. They do only what
business practices and business rules tell them to do.
So having admired the problem, I would just offer that
there are some very promising solutions that I have seen under
way. Much like for the development of?I don't know if you are
familiar with the capability maturity model for developing
software, but it is fundamentally about diagnosing whether an
organization has repeatable processes that mean their software
will function well.
And I think that there is a way of looking at information
sharing and actually using an information maturity model
approach to force all of us who are developing these systems to
take all six of those dimensions into account when we are
developing the actual systems themselves. You can develop great
technology and, if you have not settled on business practices,
the business rules to which you have to map the data will not
be there to develop the system that people need.
And then, just in closing, I would like to say that I
think, in terms of systems, where you are is actually where you
sit. Now on the outside, very easy to sit here and offer these
wonderful ideas. And I have also been on the inside and I have
lived with a terribly unforgiving operations tempo that does
not allow you to fail in any dimension, and it actually does
make it difficult to focus on these core issues, regardless of
the fact that you know they are the right ones to focus on.
So success for the country is going to require a
partnership among all of us to get this right. I think this
hearing is a measure of your commitment to that partnership,
and I want to thank you for allowing me to participate.
[The statement of Ms. Baginski follows:]
Prepared Statement of Ms. Maureen Baginski
Chairman Simmons, Ms. Lofgren and Subcommittee members, it is my
pleasure to appear before you today to discuss the vital issue of
information sharing and enabling technology. I served in the United
States Intelligence Community for a total of 27 years, most recently as
Director of Signals Intelligence at the National Security Agency and
Executive Assistant Director for Intelligence at the FBI. In those
positions I both used and managed the delivery of many information
technology systems--some of them successful and some of them not. My
purpose today is to share with the Subcommittee lessons learned from
those experiences that may be of use to the Department of Homeland
Security as it moves ahead with the development and deployment of vital
information sharing systems. Those lessons learned have been
considerably enriched by my tenure at BearingPoint, where I have been
exposed to the power of the commercial sector's approach to similar
challenges.
Information is a tool that each of us uses every day to inform
decision making. Our decision making domains are often very different,
and we tailor available information to our specific roles and
responsibilities at any given point in time. The quality of our
decisions is dependent on the quality of information available to us.
We do not necessarily need more information; we need the right
information for our decision domain. This is the core challenge facing
all information sharing systems today. Among the painful lessons
learned in recent years is that information does not come marked
"terrorism information", "war fighting information", "policy
information", "criminal information", or "natural disaster
information". The threats facing our nation today are global in nature
and no single source of information or single organization can defend
against these threats alone. It will take all of us working as a
network to defend against these global threats and the goal of
information sharing programs is to create that network.
For the producers of information-particularly those in the
Intelligence Community--, the new threat environment requires that they
judge their performance not on information output, but on the outcomes
their information enables for the nation. First and foremost that means
that information stewards-whether they are at the federal, state, local
or tribal level-- must invest considerable time and effort in
understanding the domains of those who must act on their information.
Then they must provide information to those users in the form that is
of most utility to them.
At the risk of gross oversimplification, intelligence is vital
information about phenomena that would do our nation harm. The value of
intelligence is judged by the user of that intelligence and not by its
producer. Intelligence protects our nation in three ways: by the
information it provides, by providing it a way that safeguards the
rights of all U.S. citizens, and by spending taxpayer money
responsibly. These are shared imperatives and each must be fulfilled.
In today's world of global threats, the user base of intelligence has
been greatly expanded, extending now from the President, to the
soldier, to the patrolman and beyond. For example, a detailed,
scientific paper about RICIN written at the classified level may be of
enormous value to our scientific and health communities. For our
patrolmen, the most valuable information in that report may be the
unclassified photograph of the castor bean plant that could be used at
"roll call" to inform the officers to be on the alert for it in the
course of normal duties, i.e. in their unique decision domain. With
timely, actionable information tailored to the operating environment of
individual users we are more likely to be successful in getting inside
and ahead of the adversaries' decision making cycle and prevent the
harm they would do.
The creation of an information sharing environment with the
characteristics described above is a complex undertaking and has many
inextricably linked components related to people, processes,
organization and technology. Information systems rarely "fail" because
of technology. Information sharing systems are essentially "dumb"; they
do only what business processes and business rules tell them to do.
They are more likely to fail because:
1. their purpose is unclear
2. they fail to involve all stakeholders, particularly the user
community
3. the changes in organizational culture that they require have not
been communicated or prepared for effectively
4. the business processes that they are to enable have not been
defined.
5. they lack sponsorship at all levels of leadership
6. weak program management
Below are examples of successes and failure in each of the
dimensions listed above.
Clear Purpose
The need for a clear understanding of the purpose of an information
sharing system is critical to its success. Often this purpose is
sketched out at a high level using a Concept of Operations or Conops.
The Department of Justice took the Conops approach to information
sharing and began in 2003 to develop within DOJ (with DHS and state,
local and tribal law enforcement participation) the Law Enforcement
Information Sharing Plan, or LEISP. The guiding principle of LEISP was
that there would be a "one DOJ" information sharing platform for DOJ
partners in law enforcement. The Conops process was not without
considerable pain and difficulty, and completion took well over a year,
largely because of very understandable concerns about the how
information would be used, and what might be fairly characterized as
"turf issues". In addition, In information the CONOPs' completion was
delayed by concerns that it lacked sufficient detail to be implemented.
The effort was very ably led by DOJ CIO Vance Hitch and had the
personal sponsorship of Deputy Attorney General James Comey.
Just as the Conops effort appeared to be foundering, Deputy
Attorney General Comey made an important decision. Essentially he
decided that the details desired by those working on the Conops could
be developed more quickly if the concepts were tested in a real world
environment. In partnership with then Secretary of the Navy Gordon
Englund, DAG Comey ordered all DOJ elements to make specific
information available to a functioning information sharing system in
Seattle called LINX. LINX unified federal and state and local law
enforcement information in a single system to improve information
sharing. DAG Comey personally sponsored the project, set deadlines, and
made hard decisions in the face of some resistance and legitimate
concerns about the resource demands of the program. In the end,
deadlines were met and DOJ was able to implement the LEISP concepts,
now called "one DOJ" in a real world system. This is an excellent
example of both strong leadership and the utility of testing concepts
in small pilot offerings to inform further development of information
sharing processes.
Involve All Stakeholders
In 27 years of Federal service, the best example I have seen of the
power of involvement of all stakeholders in an information sharing has
been in the Law Enforcement Community.
The FBI's Criminal Justice Information Services (CJIS) Division
serves as the focal point and central repository for criminal justice
information services within the FBI and is responsible for day-to-day
management of the following programs administered by the FBI for the
benefit of local, state, tribal, federal, and foreign criminal justice
agencies:
Integrated Automated Fingerprint Identification System (IAFIS)
The National Crime Information Center (NCIC)
Unified Crime Reporting Program
National Instant Criminal Background Check System (NICS)
Law Enforcement National Data Exchange (N-DEx)
Law Enforcement on Line (LEO)
CJIS administers these systems through an Advisory Process that has
existed since the inception of these systems in 1969. The philosophy
underlying the advisory process is one of shared management; that is
the FBI along with local and state data providers and system users
share responsibility for the operation and management of all systems
administered by the FBI for the benefit of the criminal justice
community. The CJIS Advisory Process consists of two components: the
Working Groups and the Advisory Policy Board (APB). The CJIS Working
Groups review operational, policy, and technical issues related to CJIS
programs and policies and make recommendations to the APB or to one of
its subcommittees. All fifty states, as well as U.S. territories and
the Royal Canadian Mounted Police are organized into five working
groups. The APB is responsible for reviewing appropriate policy,
technical, and operational issues related to CJIS programs and for
making appropriate recommendations to the Director of the FBI.
Law Enforcement On-line (LEO) is a system developed under this
process. LEO is very much like HSIN and provides a secure information
sharing capability based on communities of interest. In the early
stages, LEO was not universally well received by the user community.
First, it was not considered user friendly, particularly in its
password regimen. Second, the information on LEO was not of sufficient
value to the law enforcement community to make the pain of the password
regimen worth the effort. Through the APB, CJIS worked to modify the
password regimen and ensure that information placed on LEO was of more
value to the user community. These improvements made LEO of more
utility and usage increased. The process of improving and refining LEO
continues today through the APB process.
Although this process has not been without points of pain, it has
engendered both trust and mission success. The CJIS process has created
a shared governance model in which all users agree on the elements of
information to be shared, understand that the "price of admission" to
system access is to flag and tag that information such that it is
available to all, and defines sanctions for misuse of information that
is shared. This is a powerful model that could be leveraged or emulated
in DHS's continued work on HSIN and related systems.
Change Management
Information sharing on the scale required by the new global threat
environment is new for the vast majority of participants. Change of
this magnitude must be managed every bit as carefully as the technology
implementation itself. For many the change will be threatening or not
understood. Success hinges on communication, training and clarity of
vision.
Virtual Case File (VCF) may seem like an unlikely choice as an
example of good changes management process, but it is instructive. As
the Subcommittee is aware, Director Mueller's transformation of the FBI
from a law enforcement only to a law enforcement and intelligence
entity has two core pillars: intelligence and information technology.
Recognizing the magnitude of the change required in FBI operations, in
2003 Director Mueller required that all senior managers in the FBI
attend a week-long course at North Western's Kellogg School of
Management, entitled "Navigating Strategic Change". In those sessions
managers received presentations on both VCF and Intelligence, and
discussed the imperatives for each. In addition, managers worked
through a series of case studies designed to provide them with the
tools to manage the cultural change that both VCF and the new
intelligence mission would entail. Managers then returned to their
operational duty stations with the mandate to "cascade" the change
throughout all levels of their organization.
This well-planned and executed component of the change management
process, however, was not sufficient to make VCF a success.
Define Business Processes
According to the FBI's own analysis, one of the major contributing
factors to the failure of VCF was the lack of well-defined and agreed
upon business processes to drive and define the requirements for the
system. As the Subcommittee is aware, VCF was the third component of
the FBI's Trilogy Program-a program designed to deliver the core
functionality for an FBI information technology enterprise. Phases I
and II of that program (the backbone and computer hardware) were
delivered on time and within budget. Phase III, VCF, was an FBI
enterprise-wide case management system. That system was not a success
and following an extensive independent review, was terminated. The
independent review cited two primary reasons for the termination
recommendation:
1. it appears that either the FBI was unable to clearly communicate
requirements so that they were completely understood by the Contractor,
and/or
2. that the Contractor deviated from those requirements without
exercising change management and ensuring customer buy-in along the
way.
The Trilogy Program illustrates clearly the criticality of business
process definition in the delivery of information sharing systems. The
information backbone and hardware could be delivered without critical
business process definition and were delivered successfully. VCF was a
collection of software applications that required a clear set of
business rules to which system developers could map data. In the
absence of agreed upon enterprise-wide business processes, those
business rules could not be developed. The FBI learned a hard lesson
from this experience and has launched an enterprise-wide business
process definition initiative to drive the development of the Sentinel
system. The success of that program will depend largely on the success
of that process.
Leadership Sponsorship
Leadership sponsorship and commitment is the key to the success of
any initiative, but may be even more critical for information sharing
initiatives that challenge existing views about data ownership. There
are many examples of strong senior leadership and its positive effect
on information sharing capabilities, such as the DOJ LEISP pilot cited
above led by DAG Comey. Another example is the Intelligence Community's
intranet, called INTELINK. INTELINK was designed to create an
intelligence product sharing capability across the IC and was
personally championed by then D/DCI Admiral William Studeman in the
early 1990's. At the time there was not only considerable resistance to
the concept, but real obstacles to implementation in then extant IC
information sharing policies. D/DCI Studeman carefully steered the
initiative through the policy issues, made hard decisions, and mandated
the implementation across the Intelligence Community. Today the
majority of IC members cannot remember a time when there was not an
INTELINK, but its implementation took time, patience, and most of all
strong leadership support.
Strong Program Management
The FBI considers that lack of strong program management practices
to be a root cause of the VCF failure and cites weaknesses in
acquisition management and requirement/change management as
particularly critical. At the highest level the FBI cites shortcomings
in three areas:
1. The quality and ability of people to motivate and manage multi-
disciplined teams of diverse specialties
2. The lack of effective program management processes and
methodology
3. The lack of sufficient technology to forecast and measure risk,
to manage and monitor earned value, and to perform to requirements.
Given these concerns, the FBI has focused corrective action plans
and initiated a number of programs to guard against a recurrence of
these problems. In acquisition management, the FBI has restructured and
modernized the acquisition management process, including career
development for contracting officers. Most importantly, the FBI has
learned the definition of requirements in acquisition documents is
paramount and has invested experience personnel in managing
requirements definition. Simply stating needs and detecting what is
deemed a responsive offering does not guarantee mutual understanding
between the Government and the Contractor. The FBI is committed to
taking whatever amount of time it takes to come to a meeting of the
mind on requirements, and only then to establish contractual
agreements, penalties, and awards.
For requirements management, the FBI has learned that program
management is a professional discipline requiring specialized talents
and training in which it must invest. Clear requirements definition and
the inevitability of changes in those requirements must be understood
and managed effectively. Integral to that process is a comprehensive
Change Management Plan, according to which requirements changes are
introduced, evaluated for impacts to schedule and budget, and agreed
upon. In addition, the new program management process includes the
creation of a risk management matrix that identifies each risk and the
projected and actual cost of risk mitigation.
A Way Ahead
Information sharing/access is a challenge faced by virtually every
organization in the world. For that reason, many commercial technology
organizations like BearingPoint are devoting considerable effort to
developing solutions for the challenges inherent in information sharing
systems. One promising solution centers on the development of a series
of "maturity models" that both assess the ability of organizations and
communities to implement complex information sharing programs, and
provide specific criteria for moving from the lowest to the highest
maturity level. Because the successful implementation of information
sharing systems depends on people, processes, organizations and
technology, the maturity models measure readiness in all of those
dimensions.
The "maturity model" approach is outlined below:
Enterprise Maturity Model
Organizational Maturity--The degree of maturity related to
leadership, strategic direction, human capital management, and
communication and collaboration
Business Process Maturity--The degree of maturity of business
process management and automation
Information Maturity--The degree of maturity of data and
information quality and availability
Application Maturity--The degree of maturity of applications
supporting the business processes
Technology Maturity--The degree of available shared services and
components use
Security Integration--The degree of security pervasiveness
Provider Maturity--The degree of ownership of information
technology resources
Information Sharing Maturity Model
Policy/Strategy Maturity--The degree to which information sharing
policy, strategy and metrics has been defined and are understood across
all participating organizations
People/Organization Maturity--The degree to which leadership,
strategic direction, human change management, communication, and
training are being effectively implemented across all participating
organizationsProcess Maturity--The degree to which information sharing
processes are defined and implemented in a consistent fashion across
all participating organizationsGovernance Maturity--The degree to which
governance processes are in place for coordinating and controlling
information sharing activities across all participating
organizationsArchitecture Maturity--The degree to which standards, best
practices, guidelines, reference architectures, etc have been defined
ad agreed upon so as to provide guidance to the participation
organizations so that they can efficiently and effectively implement
the information sharing initiativesTechnology Maturity--The degree to
which the participating organizations have the information services,
technical infrastructure, and security in place to efficiently and
effectively support the information sharing initiatives
The above maturity models must be supported by performance
measures.
Information Sharing Metrics Library and Process Library
Outcome Metrics--Measures the extent to which information sharing
initiatives improve mission/government/department/agency outcomes
User Metrics--measures the extent to which users are provided with
or have access to the information they need to get their job done
effectively
Process Metrics--measures the extent to which information sharing
initiatives improve key information sharing processes (many of these
processes take weeks today because they are done manually-these metrics
will measure the effectiveness of automating the processes across
multiple agencies)Information Metrics--measures the extent to which
information is accessible, visible, understandable, and trustworthy
Finally, it is important to note that in the development of
information sharing systems, where you are is very much where you sit.
Now, sitting on the outside, it is easy to articulate issues and offer
solutions. I have also been on the inside and have lived with the
unforgiving operational tempo that often confounds the best intentions
to remain focused on these core issues. Success will require a
partnership of all parties and all branches of government to provide
critical oversight, resources and time necessary to implement these
critical systems. This hearing is a measure of your commitment to that
partnership. Thank you for allowing me to participate.
Mr. Simmons. Thank you very much for those comments. Again,
the written testimony is very detailed and very insightful.
And I will rephrase my prior question and put it to the
panel. In the prior testimony, we heard the DHS chief
intelligence officer talk about some of the improvements to the
system that went to the issue of providing more classified
information and trying to get more people with clearances to
access that classified information. And he commented that he
felt that a lot of the private-sector players would have those
clearances as well.
That is a legitimate point; I don't disagree with that
point.
But then I look at the other side, and I say one of the
major problems that we encounter in information sharing is the
fact that, if you have to rewrite the classified product, are
you really giving your customer anything other than just
garbage? And if the customers in the field are feeding up into
the system, is that going to be valued because it is not
classified?
So it seems to me that we are in a quandary here. Those
with your background, for example, who have lived in the
secrecy system, tend to say, ``Well, if it is secret, it is
good, so we have to share the secrets, but not too much,
because, you know, if you share it too much, then somebody
might disclose it.''
People from another background might say, ``No, we have
really got to open up the system. These fusion centers have to
work better. They are only going to work better if people at a
fusion center are confident that they are really getting some
good stuff and that the process is really working.''
Where are we in all of this? What path do we need to
follow? And I hope you won't say both, because that is
troublesome.
How do you, Mr. Hay, how do you resolve Mr. Allen's
comments, for example, based on what you have testified?
Mr. Hay. And this is certainly not to slight Mr. Allen at
all?
Mr. Simmons. Of course not.
Mr. Hay. ?I think the way I would describe it is, the
public sector almost has a blind spot when it comes to open
sources and how much information is available.
And I will use one quick comment. I can elaborate on it
later in a closed session, just to bring up the identities.
However, when I was operational for the G-8 summit in Sea
Island, Georgia, within 2 hours of running that, being the
director of that private-sector information-sharing group, we
had somebody who captured a guy photographing the U.S.
attorney's office in a powder-blue Bug. He was a skinhead. Two
days later, when he parked that car in front of a bank, we had
14 different law enforcement agencies descend upon this guy.
And it ended up being nothing. However, it could have been
something. So, on the one hand, I think we have to fully engage
those people.
Now, to answer your question, I think you honestly need to
have a translator. You need somebody, you know, such as
myself?I actually hold a Georgia position of trust?it is not a
federal clearance; we are getting there, baby steps?who really
sits in between a massive amount of information that comes from
the private sector and then understands the intelligence world
and secrecy so they are able to only pass those things along
that are important and then pass the things down that are
absolutely critical.
And it is that person in that role that gives the private
sector saying, ``Hey, I am not going to see the sexy
intelligence information. However, I know somebody who is, and
I trust them.''
I hope that answers your question.
Mr. Simmons. Anybody else?
Mr. Rapp. Chairman Simmons, if you don't mind, yes, that is
a good issue because a lot of the classified information I have
seen, you could also obtain a lot of that information from
open-source documents. So I don't quite see why it is
classified.
The other side of that is, we do have classified
information that contains information that people below our
level, at the TS level at the fusion center, don't need to
know.
But what they have to be confident in, particularly
commanders in my department that don't have that ability to
obtain the classified information, what they have to be
confident in is that what I am telling them is correct and that
the information I give them they can take some action based on
that.
Frequently the tear lines off of classified information are
so vague that I wouldn't feel comfortable, as a commander,
making it. But I know, because I have the clearance, I have a
little bit more information.
I think that is what we have to get over, if that addresses
your question a bit better.
Ms. Baginski. I think it is a very important question,
coming from that community.
Generally I think it is imperative that the intelligence
community decide what it is it is trying to protect. And
generally it is not the information; it is the sources and
methods. And it is proven that one can separate the two and
write the information such that it is releasable.
So this is a big cultural change for the I.C. but it
basically says the first document you put out should be
unclassified. And I think that is?John Negroponte and others, I
think, are working very, very hard on that.
To your comments about open source?and I will tell you why
I think that. Otherwise, we will clear every man, woman and
child in America.
[Laughter.]
And I simply don't think you can scale that. While I think
clearances are very important, as you just described it is a
great solution, but you certainly clear everyone who could
possibly take action.
Open source is also, I think, more culturally different for
the intelligence community. It grew up in a time when there was
no CNN. The open-source world and information, by definition,
the targets were denied.
So this is a huge shift that has to occur, with starting
from what is already known and then using the secret methods
and sources to go after what is not known, secrets worth
knowing. And this is a big shift that has to occur and, I
think, speaks to your point about leveraging private industry
and leveraging all your guys that are out there every day.
Mr. Simmons. I agree with everything you said. Thank you.
Ms. Lofgren?
Ms. Lofgren. Thank you, Mr. Chairman.
And I was just kept enrapt. As you spoke, it reminded me of
my former colleague in the city of San Jose, one of the members
of Congress, Tom Campbell. And Tom is now retired?dean of the
business school at Berkeley. We didn't agree on a lot of
things, but he gave me a piece of advice, which was: Never go
to a classified briefing.
[Laughter.]
He said, ``You will only learn what is on CNN, but then you
won't be able to discuss the CNN program.''
[Laughter.]
I want to talk, Ms. Baginski, a little bit, if I can, about
your experience at the FBI and the Trilogy program. It wasn't
your fault, I know that. It was designed to be a high-speed
network with modern work-station software and application,
Virtual Case File, to really improve the organization access
and analysis of information.
And the program was canceled in March of 2005. I believe
the I.G. said it was canceled because of poor management and
oversight. The bottom line is it was $170 million essentially
just crushed.
I would like to know, what?I mean, having been over there
to observe what happened, what lessons could we draw from that
experience as we roll out a system here in the Department of
Homeland Security?
Ms. Baginski. I think there are very good lessons to be
learned from that.
As you described Trilogy backbone, essentially networks and
essentially systems on the desk. So, easy to deploy those
things.
VCF, however, Virtual Case File, was a set of software that
was supposed to instantiate business processes. And it is the
VCF component of Trilogy that failed. And I think there are
three reasons.
First, the business process re-engineering actually was not
done. So, instead of having one way that the FBI managed cases,
one way they open-sourced it, one way the enterprise did
things, there was more like an instantiation of 56-plus-400
number of field offices and resident agencies the FBI had ways
of doing things. And that led, actually, to a system that could
not technically perform in scale. I think that was one
dimension.
The FBI itself learned the lesson from that, and business
practice re-engineering is one of the set pieces of the
Sentinel program, to resolve that issue, so that the system
knows what business rules it is to implement and there is
something to map the data to. So that is very important.
I think the second thing that the FBI would point to is
program management weakness, beginning with an inability to
actually define requirements. They, themselves, will hit
themselves fairly hard for that: Nobody met a requirement they
didn't like, the ever-creeping list of requirements, and no
ability actually to manage changes with the contractors and
keep track of that. And then not a very good review process to
ensure that those changes were being made.
I think the third thing they would say is not sufficiently
engaging the users of the system in the development of the VCF.
So that was also addressed during Sentinel with a huge
corporate process to have the actual users of the system
engaged in its design and requirements development.
I think those are lessons in those six dimensions that I
described.
And VCF is also interesting from another dimension. The
change management of Virtual Case File was handled very well.
Director Mueller said all of us to Kellogg School of Management
for a week of change. We learned about the I.T. systems, and
then we were also given a series of tools to actually cascade
the change down through the organization. And it was
fascinating, because it was the best example of change
management I had seen I think in my entire career. And yet,
even as well-handled as it was, it was not enough to ensure the
success of the system.
So you can't just have one dimension that works well. It
has to be all those dimensions.
Ms. Lofgren. Looking at what is going on now with HSIN,
some of the information we have gotten is that, because there
is a long-term relationship in most departments with the FBI,
rather than deal with that, they will just pick up and call
their contact at the FBI. And it really feeds into whose turf
is it and really doesn't lead us in the direction of changing
the method so that we actually all do better.
You are going to be advising Mr. Allen, I understand, and
you have substantial expertise to do that. Certainly Mr. Allen
has a strong commitment to making this work. What advice would
you give him, given what has happened already and the deficits
that were created and that he has inherited, to overcome these
issues?
Ms. Baginski. I would give him the advice to make the
fusion centers the set piece for HSIN future deployment and
development. And learn the lesson that?I mean, when the
military goes overseas to fight a war, the intelligence
community and those who serve it with information don't
actually say, ``Could a bunch of you stay back and sit in our
fusion center?'' We go with them.
So the idea of this would be to actually deploy the federal
government to those who are fighting the war in the homeland,
learn how they make decisions, and make that information
available to them.
I think that that would give a focus on the business
process issues. That would give us a controlled environment to
try to deal with all six of these dimensions, because none of
these issues are easy. Policy is hard; it is hard with the
states.
But if we focused it on a fusion center where the states
come together and the fed comes together, instead of, go to
this county, that county, this thing, this thing, and this
thing, you would be sitting with the decision-makers. And I
think, as you have already suggested, that you would probably
have less frustration, both on the federal side and the state
and local side.
Ms. Lofgren. Thank you, Mr. Chairman. I see my time has
expired.
Mr. Simmons. Yes. The gentleman from Indiana, Mr. Souder?
Mr. Souder. Thank you. I appreciate your comments on the
importance of having a commonality of how you input information
and just down at the basic levels. Because information systems
can't match up if they aren't starting similar, at least
separating out what is in common and then rebuilding.
But I wanted to go down a slightly different path. My
primary expertise is in product cycling. I have worked with
that since I have been in Congress and chair of the Narcotics
Committee and the Speaker's Drug Task Force.
And we have been through a lot of this in narcotics. In the
HIDTAs, which the best example right now is New York City
because they didn't have a chance to wait around for the
federal government to get organized, they basically converted
the drug HIDTA to a terrorism HIDTA as well, and Connecticut
and New Jersey have since come in too, because we have these
problems that the major metro areas often overlap state lines
and we get state structures, and it is how to do this.
And there, the federal agents are, in fact, on the ground
with the local. Like you have just suggested, the DEA and FBI,
ATF, others, go in with state and local. We set up a system
that forced that interaction. It occasionally gets under
attack, but nevertheless has survived over time.
And I am wondering why, when we have that relatively
successful model, and one that state and locals in the major
metropolitan areas are already used to working with, why this
is so hard to conceive.
Now, there are some working with narcotics, I would
suggest?and I have a particular question for Ms. Baginski
coming from this. I think the state and locals are extra-
sensitive about how information is classified and shared
because of their experience with narcotics.
That there has been a feeling that often they are working a
case, and the information here isn't classified for national
security reasons, it is classified almost as if, ``We don't
want to share the glory in a bust,'' or, ``Your case isn't as
big as my case.'' ``We are not going to take this one down in
Fort Wayne because we are working a bigger one in Indianapolis.
And we are not going to take down Indianapolis because we are
working a bigger one in Kansas City. We are not going to take
Kansas City because we got one in Houston. And Houston is
trying to deal with the Southwest border; therefore we are
going to let your cocaine dealer work, even if it is the
biggest one in the United States.''
This historic skepticism, they are not used to working with
the CIA, and they are not used to working with NSA. On the
other hand, NSA and CIA are used to working in a military
sphere and don't understand the distrust at the state and local
level of what is protected and what is classified and the types
of sources because it is a different ballgame. Similarities
with Colombia and Afghanistan, particularly Afghanistan as we
are getting overwrapped in heroin.
But you had a statement, that you said that different lanes
need different information. And it is really, then, the
assumption with that is, since the federal government has most
of that classified information, that the federal government
decides which lane you are and what you need to know.
The challenge here is that, since in terrorism, unlike
narcotics, we don't know whether the information is, in fact,
information, it is very difficult to figure out what lane you
are in and what information you need to know. So then the
question comes back to, who gets to dispense and decide what
information is important?
And I understand the other variables, but I wanted you to
clarify that a little bit, because the way you sounded is, what
would I think would give some rise to concern out of state and
local that, if we don't really know whether a person is a
terrorist or not, and you are trying to decide and parcel down
the information, how would you do that?
Ms. Baginski. I thank you for giving me the opportunity,
because it is exactly the opposite of what I believe.
I think that there is a legitimate way to do this. And the
model that I would point?I think the law enforcement model is
very powerful.
You asked a number of questions. Let me try to see if I can
get at most of them.
The law enforcement model that you described is very
important. The HIDTA model is very important, has been very
successful. The fusion centers would allow you to move to an
all-crimes, all-hazards approach and out of the strictly law
enforcement component and involve the private sector.
So while I think the HIDTA business process and the model
itself is what becomes the fusion center, the fusion center is
actually going to be dealing with more issues than just law
enforcement.
But I think what you are focused on is the model of working
together and operators and intel driving one another. That is
going to be the model for the fusion centers. So?
Mr. Souder. And one key part of that is they had a vote.
Ms. Baginski. Absolutely. That is the critical part.
Now, what you describe in terms of information, when I went
to the FBI, having been cloistered behind the fence of Fort
Meade, you know, for 25 years and not believing there was a
world out there, I was enormously impressed to find something
that I actually think the law enforcement community has not
gotten enough credit for.
The Criminal Justice Information System's organization, the
operation that is in Clarksburg, Virginia, CJIS, and all of
those systems, here is a model for managing this problem.
Fundamentally you have a federal entity that has agreed to take
responsibility for the operation of the system on behalf of
state and local law enforcement and tribal law enforcement in
this particular case.
But that is done through a shared management model?and I
know you know this?the CJIS advisory policy board. And that has
got a bunch of subcommittees. And they all sit in a room; they
have a shared governance model; FBI operates, and they do the
following things: They make decisions about, what are we going
to do, what do we want it to do?
They proactively decide, ``We will flag and tag and share
the following elements of information. And if you, California,
want them from New York, you got to index them this way and you
got to flag and tag them this way. And then, guess what? If
anybody misuses this,'' to the operational trust issue, ``you
are cut off. You are sanctioned, and you cannot use it again.''
Now, that model, for those of you who have ever been
stopped by a patrolman?I, of course, have never had that
happen?that time that that person is taking behind you, he is
doing essentially what I, as an intel officer, would say is a
first protection mission for himself: Is it safe to approach?
I think there is something in that model. Broaden it our
past law enforcement, make some agreements about flagging and
tagging elements of data. Not giving databases?people, places,
things, weapons, bridges?I don't know, I am making all this up
now, guys. But that separates it from the source, to begin
with?
Mr. Souder. Even at the start with the airports. How about
just in an airport when you buy a ticket, there is a pop-up on
your name.
Ms. Baginski. Exactly. That is?
Mr. Simmons. If the gentleman would yield for a moment, I
know that another committee has use of this room at 3 o'clock.
It is a fascinating discussion. I was hoping we could go
longer. And we have one member who remains. So, in fairness to
Ms. Jackson Lee, I would like to recognize her for some
questions. And then we will have to suspend and clear out of
here because we have other members in other committees wanting
to use the space.
Ms. Jackson Lee. Let me thank both Mr. Simmons and Ranking
Member Lofgren for this hearing.
Let me express the sense of frustration, because, as we
listen to you and listen to the other witnesses?and I offer my
apology; I was delayed in another meeting for the other
panel?we notice that we are about to move to a new concept, the
HSDN system versus the HSIN system. And I guess the mountain of
frustration collapsed the poor HSIN system.
I come to this from a perspective of many members who go
home to their districts and really deal with local and state
officials, particularly law enforcement, who are front-liners
every day. So I am going to pose to Captain Rapp, Mr. Hay, if
you would, to focus yourself on the robustness of what we have
coming.
My understanding is one of the failures of the HSIN is, who
wants to look at unclassified information? You know, who wants
to read the newspaper? And there might have been some
information about weather or some other things that might have
been helpful?and I always view that unclassified means I have
got to read it and then, sort of, read something from it. It is
a newspaper that I didn't get to read.
Tell me how we can jump to make the HSIN robust,
impenetrable, if you will, to a certain extent, and gain the
trust of those who would, as you have said?and I am looking to
make sure I am pronouncing it correctly, because I didn't hear
it?Mrs. Baginski? Or the story about the blue?I think that was
you, Mr. Hay, the blue Beetle. But how are we going to do that?
And I would like to go forward. And I know I can speak
about the failures. And it was a mountainous failure. But let's
see how we can move forward and get this actual new vehicle as
trustworthy as it can possibly be.
Captain Rapp?
Mr. Rapp. Sure, thank you.
The HSIN system, the problem with that has been, to this
day, it does have some good historical information, some good
intelligence products, but current real-time data is very
limited on there.
To give you an example, the London plane threats that we
had a month or so ago, it took over 2 hours before anything at
all was posted on HSIN that would help our fusion center. We
were getting more information off of CNN and some of the other
networks than we could get off of the classified systems.
The second piece?
Ms. Jackson Lee. That is not good.
Mr. Rapp. No, no. The second piece?
Mr. Simmons. That is not necessarily bad, though, either. I
mean?
Mr. Rapp. Well, we did get a lot of information over the
open source.
[Laughter.]
But the second piece is, they are still notifying the
homeland security directors for the state, and they are not
inputting that information into a system. What a network
system, in addition to posting real-time information, would
benefit us?
Ms. Jackson Lee. So real-time is crucial?
Mr. Rapp. That is crucial.
It is also crucial for us to talk fusion center to fusion
center when an incident occurs. Because we clear a lot of
information out that either comes open source or is rumored
through the law enforcement or emergency management community,
by talking directly to the NOC in D.C. or one of the fusion
centers in Texas or Kentucky. We can clear that information out
very quickly and/or get appropriate information to the first
responders more quickly than we see it coming through the
classified federal system.
Ms. Jackson Lee. Thank you.
Mr. Hay?
Mr. Hay. I would probably limit it to three points.
First, I think we need a strategy. Whatever that is, you
have to have a strategy to move forward.
Second, we have to involve the right people in it, the
people who are respected. Sitting right next to me, for one,
needs to be involved.
Thirdly, I think you need to provide value. And if we can
provide value?pretty much if you think about the private sector
and HSIN-CI, we have been eating out of the same tub of gruel
for 2 years. And yet, I learned a lot from reading those open-
source documents, and I was able to put together a common
operating picture.
And that is really what we need. If there was one thing
that we could do within that system, it would be a private-
sector common operating picture that they could just keep
posting information to. And that way my friend in the fusion
center can see it. And if it becomes overwhelming, he can task
somebody to give me the highlights of that.
And I think that, if we can do that, rebrand it under a
different name, you know, whatever it looks like, if it
provides value, everybody is going to come to it.
Ms. Jackson Lee. I think that is a key point.
Ms. Baginski, could you just amplify, then, how we provide
value and how we have this common operating effort? And also,
how do we get local authorities that are engaged in this to
say, you know, ``This is not, if you will, the local cereal
that they are giving me, this is not pablum they are giving me;
this is real and I am going to utilize it''?
Ms. Baginski. I would suggest that, from my perspective,
the responsibility of the state and local is to stand up and
shout very loudly about what they care about and say what they
need to know and take the lead, through the fusion centers,
defining their requirements. And the federal government needs
to deploy this capability to the fusion centers.
Once you bring information to the decision-makers, the rest
generally takes care of itself.
Mr. Simmons. All time having expired, I want to thank my
colleagues for their questions.
I want to thank the panel for their very incisive
testimony.
I remind members that if they have additional questions for
the record, the record will be held open for 10 days.
And, without objection, this hearing is adjourned.
[Whereupon, at 3:11 p.m., the subcommittee was adjourned.]
�