[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]


 
                    BUILDING THE INFORMATION SHARING
        ENVIRONMENT: ADDRESSING THE CHALLENGES OF IMPLEMENTATION

=======================================================================

                                HEARING

                               before the

                     SUBCOMMITTEE ON INTELLIGENCE,
           INFORMATION SHARING AND TERRORISM RISK ASSESSMENT

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED NINTH CONGRESS

                             SECOND SESSION

                               __________

                              MAY 10, 2006

                               __________

                           Serial No. 109-75

                               __________

       Printed for the use of the Committee on Homeland Security
                                     
[GRAPHIC] [TIFF OMITTED] TONGRESS.#13

                                     

  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html

                               __________




                    U.S. GOVERNMENT PRINTING OFFICE
36-987                      WASHINGTON : 2007
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092104 Mail: Stop IDCC, Washington, DC 20402ï¿½0900012007


                     COMMITTEE ON HOMELAND SECURITY



                   Peter T. King, New York, Chairman

Don Young, Alaska                    Bennie G. Thompson, Mississippi
Lamar S. Smith, Texas                Loretta Sanchez, California
Curt Weldon, Pennsylvania            Edward J. Markey, Massachusetts
Christopher Shays, Connecticut       Norman D. Dicks, Washington
John Linder, Georgia                 Jane Harman, California
Mark E. Souder, Indiana              Peter A. DeFazio, Oregon
Tom Davis, Virginia                  Nita M. Lowey, New York
Daniel E. Lungren, California        Eleanor Holmes Norton, District of 
Jim Gibbons, Nevada                  Columbia
Rob Simmons, Connecticut             Zoe Lofgren, California
Mike Rogers, Alabama                 Sheila Jackson-Lee, Texas
Stevan Pearce, New Mexico            Bill Pascrell, Jr., New Jersey
Katherine Harris, Florida            Donna M. Christensen, U.S. Virgin 
Bobby Jindal, Louisiana              Islands
Dave G. Reichert, Washington         Bob Etheridge, North Carolina
Michael McCaul, Texas                James R. Langevin, Rhode Island
Charlie Dent, Pennsylvania           Kendrick B. Meek, Florida
Ginny Brown-Waite, Florida

                                 ______

 SUBCOMMITTEE ON INTELLIGENCE, INFORMATION SHARING, AND TERRORISM RISK 
                               ASSESSMENT



                   Rob Simmons, Connecticut, Chairman

Curt Weldon, Pennsylvania            Zoe Lofgren, California
Mark E. Souder, Indiana              Loretta Sanchez, California
Daniel E. Lungren, California        Jane Harman, California
Jim Gibbons, Nevada                  Nita M. Lowey, New York
Stevan Pearce, New Mexico            Sheila Jackson-Lee, Texas
Bobby Jindal, Louisiana              James R. Langevin, Rhode Island
Charlie Dent, Pennsylvania           Kendrick B. Meek, Florida
Ginny Brown-Waite, Florida           Bennie G. Thompson, Mississippi 
Peter T. King, New York (Ex          (Ex Officio)
Officio)

                                  (II)


                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Rob Simmons, a Representative in Congress From the 
  State of Nevada, and Chairman, Subcommittee on Intelligence, 
  Information Sharing, and Terrorism Risk Assessment.............     1
The Honorable Zoe Lofgren, a Representative in Congress From the 
  State California, and Ranking Member, Subcommittee on 
  Intelligence, Information Sharing, and Terrorism Risk 
  Assessment
  Oral Statement.................................................     2
  Prepared Statement.............................................     3
The Honorable Jim Gibbons, a Representative in Congress From the 
  State Nevada...................................................    17
The Honorable James R. Langevin, a Representative in Congress 
  From the State of Rhode Island.................................    19

                                WITNESS

Ambassador Ted McNamara, Information Sharing Program Manager, 
  Officer of the Director of National Intelligence:
  Oral Statement.................................................     1
  Prepared Statement.............................................     9

                             For the Record

The Honorable Sheila Jackson-Lee, a Representative in Congress 
  From the State of Texas:
  Prepared Statement.............................................    27


                    BUILDING THE INFORMATION SHARING
        ENVIRONMENT: ADDRESSING THE CHALLENGES OF IMPLEMENTATION

                              ----------                              


                        Wednesday, May 10, 2006

             U.S. House of Representatives,
                    Committee on Homeland Security,
                  Subcommittee on Intelligence, Information
                    Sharing, and Terrorism Risk Assessment,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 2:03 p.m., in 
Room 311, Cannon House Office Building, Hon. Rob Simmons 
[chairman of the subcommittee] presiding.
    Present: Representatives Simmons, Gibbons, Thompson, 
Lofgren, and Langevin.
    Mr. Simmons. [Presiding.] The Committee on Homeland 
Security, Subcommittee on Intelligence, Information Sharing and 
Terrorism Risk Assessment will come to order.
    The subcommittee is meeting today to hear testimony on how 
the program manager of the Information Sharing Environment, or 
ISE, is addressing the challenges of implementing a government-
wide information-sharing architecture. The development of the 
Information Sharing Environment, if properly planned and 
integrated, could turn out to be America's most important tool 
for preventing terrorism.
    Terrorist threat information must be shared broadly, both 
within the federal government and with state, local, tribal and 
private sector partners in order to protect our country and the 
American people against attack. However, there are many 
challenges associated with creating that environment: 
incompatible policies, procedures and systems all across the 
homeland security information-sharing landscape.
    The challenge for you, Ambassador McNamara, as the 9/11 
Commission put it, is to ``unify the many participants in the 
counterterrorism effort and their knowledge in a network-based 
information-sharing system that transcends traditional 
government boundaries.''
    In my years of service as a CIA officer and as a military 
intelligence officer doing both collection and analysis, the 
impression I got in those days was that information was 
something to be collected and held and not shared widely or 
broadly, to be stovepiped to the national command authority and 
to others in order to protect sensitive methods and sources, 
point one, and point two, in order to get credit for the 
information collected.
    So the culture of intelligence as I knew it many years ago 
was a culture that mitigated against information sharing. In a 
post-9/11 environment, I think America has learned and I think 
our government understands that we have to share information to 
be safe, but it is an awesome challenge that you face.
    Although your tenure has just begun, the program manager 
was only given a brief 2-year mandate, time is running out. I 
would be interested in what you think you can accomplish and 
whether you believe the position needs to be extended or made 
permanent. As you well know, your job is vital to the security 
of our country, and I hope you will look to this committee and 
this subcommittee for any support you need to accomplish the 
task.
    Now I would like to recognize the ranking member of the 
subcommittee, the gentlelady from California, Ms. Lofgren, for 
her opening statement.
    Ms. Lofgren. Thank you, Mr. Chairman.
    I would ask unanimous consent to put my full statement in 
the record.

            Prepared Opening Statement for Hon. Zoe Lofgren

    Good afternoon. I am pleased that we are turning our attention 
again to the Information Sharing Environment (ISE) and the obstacles 
that remain in the way of creating truly effective government-wide 
information sharing policies, procedures and practices.
    We need the Program Manager to get this done as quickly and 
effectively as possible in order to help the Intelligence Community and 
State, local and tribal law enforcement share information that could 
thwart the next terrorist attack.
    Accordingly, I'd like to welcome the new Program Manger, Ambassador 
McNamara, who has taken over these critical responsibilities from his 
predecessor, John Russack, who testified before this Subcommittee last 
November.
    Mr. Russack's rather abrupt departure this past January came on the 
heels of his Information Sharing Environment Interim Implementation 
Plan--a plan that set new deadlines given the Program Manager's, and 
the Administration's, failure to complete the work within the time 
frames prescribed by Congress in the Intelligence Reform and Terrorism 
Prevention Act.
    Much of the delay, it seems to me, came from three main factors: 
(1) a lack of personnel and other resources within the Program 
Manager's shop; (2) a lack of buy-in and cooperation from the wider 
Intelligence Community; and (3) a lack of urgency by the 
Administration.
    The Markle Foundation in fact bemoaned this lack of urgency in 
correspondence it sent to the President on September 7, 2005, noting, 
``Sweeping change is needed to remove any pre-9/11 confusion about 
information sharing that, regrettably, still exists in some departments 
and agencies. . .A single set of policies across the government, while 
recognizing the need for some additional rules depending on agency-
specific missions, should end confusion and interagency battles about 
whose rules apply in particular situations.''
    Accordingly, I look forward to hearing from you, Ambassador, about 
what you have learned from your predecessor's experience as Program 
Manager--particularly (1) your assessment of the historical 
difficulties in getting the policies written and agreed to and to what 
extent you are facing those same difficulties (and with whom); (2) what 
lessons you will apply going forward as you take up the reins; and (3) 
what assurances you can give us that you will be able to meet the new 
deadlines set out in the Interim Information Sharing Plan we received 
in January.
    I am also very interested in hearing about your reaction to the 
Government Accountability Office's recent report on information 
sharing, the progress made to date with the ISE, and the challenges 
that remain in developing appropriate policies for sharing terrorism-
related and sensitive but unclassified information.
    Because you are a direct report to the Director of National 
Intelligence, Ambassador, GAO invited the DNI to comment on its report 
before publication. Mr. Thompson and I were both disappointed by Mr. 
Negroponte's refusal to do so--apparently on the ground that GAO's 
``review of intelligence activities is beyond GAO's purview.''
    That is nonsense, Ambassador. GAO's review of your work did not 
involve evaluation of the conduct of actual intelligence activities. On 
the contrary, it focused narrowly ``on the procedures in place to 
facilitate the sharing of a broad range of information across all 
levels of government.''
    Indeed, Guideline 1 of the President's own December 16, 2005 
Memorandum for the Heads of Executive Departments and Agencies directs 
you and other agency heads to ``develop and issue . . .common standards 
for preparing terrorism information for maximum distribution and 
access.''
    Those standards--which are now two months overdue--have nothing to 
do with ``intelligence activities.'' They instead have everything to do 
with how to ``sanitize'' intelligence information into a format that 
can be shared with State, local, and tribal law enforcement.
    The DNI's comments frankly would have been a valuable contribution 
to this Subcommittee's ability to conduct the oversight with which it 
has been tasked. Indeed, we rely on GAO, the Congressional Research 
Service, and our respective staffs to help us get the facts so we can 
make informed policy judgments.
    The DNI's decision not to cooperate with GAO--and in other cases 
with CRS--leaves us with one hand tied behind our back.
    Our staffs do good work, Ambassador, but we will be able to do our 
work even better by having the DNI's and your cooperation with GAO and 
CRS when they are tasked with reviewing and reporting on your progress. 
It is their detailed reporting, Ambassador that has informed our 
process since this Committee's inception and of other Members of 
Congress for decades.
    I therefore look forward to hearing not only your views about the 
state of progress with the ISE but also your reaction to the GAO 
report, your thoughts on its recommendations, and how you might 
implement them as you move forward.
    Thank you.

    Mr. Simmons. Without objection, so ordered.
    Ms. Lofgren. I would just note that we are way behind on 
where we should be in this area. The last program manager 
rather abruptly departed, and we have not completed the task in 
the timeframes prescribed in the Intelligence Reform and 
Terrorism Prevention Act, as you know.
    I think there were a number of issues, and perhaps more 
that I don't know of, but I am concerned that a lack of 
personnel and other resources contributed to the shortfalls, as 
well as the lack of buy-in and cooperation from the 
intelligence community.
    I also think there has been a lack of urgency at the top on 
this task. As I am sure you know, the Marco Foundation weighed 
in on this last fall, bemoaning the lack of progress.
    While we don't hold you accountable after 9 weeks for that 
lack of progress, I am looking forward to hearing from you 
about what you have learned from your predecessor's experience 
as a program manager, particularly your assessment of the 
difficulties in getting policies written and agreed to, and to 
what extend you are facing those same difficulties and with 
whom, what lessons you will apply going forward as you take up 
the reins, and what assurances you can give us that you will be 
able to meet the new deadlines set out in the interim 
information sharing plan we received in January, or if there 
are challenges that we can assist you in, that you let us know 
how we can help.
    I am also very interested in the Government Accountability 
Office's recent report, which I am sure you have looked at. I 
am very disappointed--and I think ranking member, Mr. Thompson, 
has just arrived. We were both disappointed by Mr. Negroponte's 
refusal to comment on the report and felt that his objection 
was misplaced. We asked for comments not on the collection of 
intelligence, but on a far different issue, the common 
standards for preparing information for distribution and 
access, not anything that should compromise his mission.
    So we do think that it would be helpful to get that 
comment. We know that you report directly to him. Perhaps you 
can assist us with that as well. Our staffs do good work, but 
we will do even better work if we have the DNI's cooperation, 
and I expect yours, with the GAO and CRS when they are tasked 
with reviewing and reporting on progress in your office.
    So I look forward to hearing not only your views about the 
state of progress with the IC, but also your reaction to the 
GAO report and your thoughts on its recommendations, and how 
you might implement them as they move forward.
    Mr. Chairman, I will leave the remainder of my statement 
for the record, and I yield back.
    Mr. Simmons. I thank the lady for her comment.
    I join her in a shared interest in getting some sort of 
comment on the GAO report. I think that, again, information 
sharing is something that traditionally was not focused upon by 
the intelligence community, but it certainly falls squarely 
within your domain.
    I think that the DNI, as a newly created position, is 
designed to achieve coordination across traditional 
bureaucratic lines. So once again, the idea of comments on this 
report I think is important to us as we do our business.
    That being said, we are pleased to have Ambassador McNamara 
with us here today. I welcome you. We had a chance to talk a 
week or so ago. You have an extensive background in national 
security and counterterrorism and have served eight 
presidents--my gosh, you don't look that old, but anyway--for 
the last 4 decades, including at the Department of State and 
the National Security Council.
    Following 9/11, Ambassador McNamara was asked to return to 
government service as a senior adviser for counterterrorism and 
homeland security at the Department of State and was named 
program manager of the Information Sharing Environment in March 
of 2006.
    Thank you, Mr. Ambassador, for being here. Your entire 
written statement will be inserted into the record. We would 
ask that you try to limit your oral testimony to about 5 
minutes so that we can have an opportunity for questions.
    Welcome. And you are recognized, sir.

   STATEMENT OF AMBASSADOR TED McNAMARA, INFORMATION SHARING 
      PROGRAM MANAGER, OFFICE OF THE DIRECTOR OF NATIONAL 
                          INTELLIGENCE

    Ambassador McNamara. Thank you, Mr. Chairman, and thank 
you, Ranking Member Lofgren. It is a great pleasure to testify 
before this subcommittee.
    I recognize the committee's and the subcommittee's 
interest, attention, knowledge and background in this area. So 
I am particularly grateful for that attention and the 
commitment that the committee has shown and the subcommittee 
has shown on this important issue.
    I see that my written statement is being entered into the 
record, so I will refrain from requesting that a second time.
    I think that there is no more urgent issue, no more 
critical issue to our ongoing efforts to fight terrorism than 
improving our information sharing.
    It has been 9 weeks to the day since President Bush 
designated me to serve as program manager for information 
sharing. I came back into government service this time, as I 
did the last time I came back in, because I believed that I was 
working on an issue of great national importance.
    As the senior adviser at the State Department, I worked 
assiduously to make up for some of the problems that we saw in 
the immediate aftermath of 9/11. It happens that I am now 
coming back into government to try and work on a problem that 
came to the fore as a result of 9/11 that is still with us. I 
came back into government service to try and make a difference.
    But after 9 weeks, I think you will understand that I have 
not quite tapped all of the different areas of this issue. It 
is an enormously complex one. But I do have some initial 
observations that I would like to make here before the 
subcommittee.
    First of all, to clarify a bit what the program manager's 
office is and what it is not. We are a small office. We were 
established, as you know, under the IRTPA law, and placed under 
the office of the director of national intelligence. We are in 
the office of national intelligence, of the director of 
national intelligence, but we are not focused only on 
intelligence.
    This office is responsible, as you noted, Ms. Lofgren, we 
are responsible for all terrorism information government-wide. 
I have broken this up into what I refer to as five communities 
of major importance in this effort.
    First is law enforcement. And I don't mean ``first'' in the 
sense of more important than the others, just to list the five 
of them: law enforcement, defense, foreign affairs, homeland 
security, and intelligence. So we serve all five of those 
communities.
    The next thing that we are doing is we are consulting 
government-wide and we will be advising and recommending to the 
president how to improve the information-sharing environment. 
The office is charged with managing and coordinating federal, 
state, local, tribal and private sector participation in that 
information-sharing environment for terrorism information.
    What we do not do, and what we are not doing, is we are not 
replacing the operational agencies that implement the 
Information Sharing Environment. Maybe because of my 
background, I look at this more or less as an office that has 
some parallels with the National Security Council.
    One of my very wise leaders in those years in the White 
House told me, we don't do the job here; we make sure the job 
gets done. We do what we have to do to make sure others do what 
they must do in order for the job to get done.
    I kind of look at that as part of the approach that I take 
in this program management job, that with a very small staff--
we are not quite at our 20, but we are very close to it, and 
expect to have a full staff, well, we have had larger numbers, 
and then some people have left and now some are coming in 
again. We will be at full strength I hope very shortly.
    But even at full strength, there is no way without relying 
on the agencies to carry out their responsibilities, without 
relying on the state, local, tribal and private sector to do 
their share. There is no way that 20 people can get this job 
done alone.
    We also will be relying on the Congress, as well as the 
executive branch, to help us to get the Information Sharing 
Environment up and running in a manner that is satisfactory to 
all.
    The last point on this is that the office as I see it has 
not been told to start from scratch to build this. We are at 
war. There is a struggle going on, a protracted struggle 
against terrorism. What we need to do is to build on current 
capabilities, take the best that we do have, use it, and make 
it better, build on what we have, not tear it down and start 
from scratch.
    The second point and observation, after this very brief 
period in the job, is that, since 9/11, a great deal of the 
sharing of national terrorism information at the federal level 
takes place within the environments of those five communities 
of interest that I mentioned, that is law enforcement, homeland 
security, defense, intelligence, and foreign affairs.
    It is related to the very important missions and objectives 
of those communities. Those missions and objectives are 
important and need to be fulfilled. Increasingly, however, in 
order to accomplish those missions and those objectives, shared 
information across those communities is going to be required. 
That, I think, on the federal level is where most of the 
difficulty lives, in the sharing of information 
intercommunally, so to speak.
    Within the communities, I think there is fairly good 
sharing of information, within each of those five communities. 
But inter-community, across the communities, I see where there 
is great need for and great possibilities for improvement.
    A third observation: Given that the terrorist threat and 
other post-war challenges are as strong as they are, it is 
clear to me, and I think it is clear to senior officials in the 
executive branch, that the old ways of doing business are 
inadequate and have to be changed. We have to integrate. We 
have to share more. Not doing so was a failure that I think was 
correctly cited as a major defect by the 9/11 Commission.
    So let me very briefly share with you some of my initial 
high priority items that I want to pay attention to in these 
first few weeks.
    First is standardizing government-wide SBU procedures and 
practices around the entire federal government.
    Secondly, I think we need to establish a network of state 
and urban area fusion centers. We have to create a national 
system that is effective and efficient in sharing information 
and empowering all levels of government to greater efforts and 
greater success in this protracted struggle.
    Thirdly, we need to develop an information-sharing 
environment budget investment strategy.
    Fourthly, we need to deploy the initial capabilities for an 
electronic directory of services, an EDS.
    And fifthly, we need to develop guidelines to protect 
privacy and other legal rights for American citizens.
    I don't want by saying to this to suggest that we have been 
inactive up to now. In fact, as I look at it, and I saw it 
immediately after 9/11, within 3 weeks I was on duty at the 
State Department following the 9/11 events, I think we are much 
improved over what we were doing back then in terms of 
information sharing.
    We have a National Counterterrorism Center, for example. We 
didn't have that back then. The National Counterterrorism 
Center is now being accepted by agencies and by the leadership 
of the executive branch as the focal point of our sharing of 
national intelligence and other information with respect to 
terrorism.
    We have a Terrorist Screening Center that unites numerous 
databases that was quite clearly a problem during the period 
immediately before 9/11. Those databases existed, but were not 
united. They were not integrated and there was no one place to 
go to find out information about terrorists. The Terrorist 
Screening Center provides that capability now.
    I think the fusion centers that have been set up by the 
states and urban regional authorities are important elements in 
solving the problem of sharing of terrorist information. I will 
have more to say about the fusion centers in just a moment.
    I think the Department of Homeland Security is now up and 
running. It has Web-based portals and other tools that are 
great improvements over what we had in 2001. The Department of 
Justice law enforcement information-sharing program enhances 
sharing across law enforcement jurisdictional boundaries. We 
didn't have that before.
    The director of national intelligence is transforming the 
data-sharing of the intelligence community in a way that is 
very, very helpful for the information-sharing environment. And 
the Department of Defense, in a step that I think could be an 
example for other large agencies, the DOD now has an 
information-sharing executive, something that would have been 
unheard of before 2001.
    Let me take a moment or two to address one aspect taken 
from my written statement, which both of you have referred to, 
and which I think is central to our being able to resolve some 
of the major problems of information sharing. I think more must 
be done by all entities at all levels to create an information-
sharing environment that is a truly national system, one that 
links state and urban fusion centers with each other, as well 
as with the federal government.
    To do this, resources are going to be needed at all levels 
of government. It won't happen automatically and it will take 
an enormous amount of cooperation. I sense that there is a 
feeling both at the federal, state, and local levels that such 
cooperation is necessary and will be forthcoming.
    I think what we are looking for is an integrated, federated 
approach that delineates responsibilities of the federal, 
state, local and tribal entities, as well as the private 
sector. The fusion centers are being created in order to truly 
share information that is useful and beneficial to all of the 
government entities involved. That federated approach, that 
system that is a national system, is my vision of what the 
future ISE ought to look like, in very broad terms.
    State, local and tribal entities are critical partners in 
our nation's efforts in counterterrorism. They are consumers 
and producers of terrorist information. As consumers, they need 
the information to be brought to them in a more timely, more 
actionable, more concise and usually unclassified form. It 
needs to be delivered efficiently. We are moving in that 
direction on all of those fronts, but I think we need to move 
faster and I intend to see that we do move faster.
    As producers, assistance is needed so that they can bring 
together information at the state and the federal level that is 
useful to state and federal authorities and that effectively 
and efficiently moves the information through the system. That 
is another objective, I think, that we can aim for in this 
national system that I referred to.
    Many state and urban governments have begun gathering, 
analyzing and sharing information, using the fusion centers 
that now exist. I think this is a very beneficial approach and 
I think it is one that we can usefully look at here at the 
federal government as benefiting us as well.
    I strongly support fusion centers. I expect them to become 
central components of our national capability to gather, to 
analyze and to disseminate actionable information. As chair of 
the ISC, the Information Sharing Council, I intend to keep in 
close contact with state, local, tribal and private sector 
partners through regular meetings with them, and by inviting 
them to work closely with the Information Sharing Council in 
the coming months.
    Let me wrap up with a few closing comments.
    A critical question for implementing the Information 
Sharing Environment is how best to deliver capabilities today, 
while we continue with this protracted struggle, while at the 
same time addressing the myriad of policies, processes and 
technology differences among multiple organizations that must 
be done if we are to perform the disparate missions that those 
organizations perform.
    These differences pose challenges to implementing an ISE. 
Those challenges, among others, are incompatible policies and 
procedures; classification problems; access by individuals that 
need access; vetting to grant clearances; security and privacy 
problems that have arisen. These and many more are going to 
have to be addressed.
    To realize the ISE vision, these impediments are going to 
have to be dealt with, I think through adopting common 
policies, common processes, common data and technology 
standards and guidelines that will be set for all of the ISE 
participants.
    A comprehensive and complex problem such as this needs a 
transformational effort. It is going to require time to fully 
implement. However, the information sharing is such an urgent 
national imperative that I believe it can and will be moved 
forward rapidly. That certainly will be my goal and that will 
be what I will do in this job. Much has been done, but much 
more needs to be done. We owe it to the American public to fix 
this problem.
    Let me make two comments based on what you have both said 
in your opening comments.
    First of all, I fully agree, Mr. Chairman, that the biggest 
problem is not technology. It is culture. You pointed out much 
more clearly than I could have that the culture has built up 
over many, many years, in fact decades. It was a culture that 
worked well for the Cold War. It is a culture that does not 
work well for the post-Cold War. It is time to change it.
    To change the culture, it means changing people and 
institutions. That is the major problem I think I face. If we 
were pushing the bounds of technology, I would have listed 
technology. I think the technology is the least of the problems 
of those three that I have listed.
    With that, I will close and be delighted to answer and 
respond to any of your questions or comments.
    [The statement of Ambassador McNamara follows:]

                             For the Record

          Prepared Statement of Ambassador Thomas E. McNamara

Introduction
    I'm here this afternoon to provide you my plans for a terrorism 
information-sharing environment (ISE) in which terrorism information 
can be shared broadly, effectively and seamlessly to protect our 
nation. Our ability to share terrorism information across all levels of 
governments and the private sector is fundamental to the success of our 
efforts to defeat terrorism. Congress has provided us a legislative 
basis, the President has provided more specific guidance, and my 
predecessor has provided an interim implementation plan, the final that 
will be delivered to Congress in July 2006. Now it is time to begin 
building capabilities that make the ISE operational to the men and 
women who support the national effort to detect, prevent, respond to 
and recover from acts of terrorism, and to convey the sense of urgency 
with which the Information Sharing Environment (ISE) must be developed.
    I want to say, up front, that I assumed the position of Program 
Manager for the ISE on March 15, 2006, approximately two months ago. I 
thank you for this opportunity to share with you my initial thoughts 
and reflections. In time, I look forward to sharing with you more 
developed and detailed thoughts and opinions. As you may know, the 
Program Manager has a responsibility to report this summer to the 
President and to the Congress on the implementation plan and 
guidelines. This is a short timeframe, but I take my responsibility 
seriously. I also owe it to the President, and to my other superiors 
and colleagues to listen to and work with them before coming before you 
and speaking on behalf of myself and them.
    However, I know that I have a responsibility to the Congress. In 
the past, on the several occasions when I have held senior positions in 
government, I have had a policy of consulting and working closely with 
the Congress to keep you appropriately informed of my work. I intend to 
continue that policy in this position. I have already told my staff 
that we will offer regular briefings to Members and staff of the 
committees that exercise oversight responsibilities for the ISE and I 
am happy to report that we have already started that process.

Role of the Program Manager
    As the Committee is aware, the Intelligence Reform and Terrorism 
Prevention Act of 2004 (IRTPA) established the office of the Program 
Manager and designated by Presidential Directive to assist, in 
consultation the Information Sharing Council (ISC), in the development 
of polices, procedures, guidelines, rules and standards for the ISE at 
the Federal level, and to coordinate closely, in collaboration with the 
ISC, with State, local, and tribal governments and the private sector 
and relevant foreign partners, in the development and operation of the 
ISE. The Program Manager must also manage the development and 
implementation of that same environment by monitoring and assessing the 
implementation of the ISE by Federal departments and agencies to ensure 
adequate progress, technological consistency, and policy compliance.
    To do all this, the Office of the Program Manager is currently made 
up of about 15 Federal employees, plus contract support, and is 
situated within the Office of the Director of National Intelligence, 
although we are not an intelligence office. My authorities are 
government-wide with respect to overseeing development of the ISE. To 
be successful, the ISE must satisfy the needs of Federal, State, local, 
and tribal governments, and the private sector. Given the size of the 
office, you will appreciate that we do not operate as another 
bureaucratic layer that could impede progress and we do not substitute 
for responsibilities that each agency has to implement the ISE. We have 
limited time (two years) and a specific mandate. Each Federal agency, 
and State and local agencies, must take the responsibility for 
implementing the ISE. Our office will, however, do our best to oversee, 
manage, facilitate, and coordinate agency implementation of the ISE and 
information sharing mechanisms.
    To advise me in this effort the IRTPA also established the ISC, 
which I chair, and which is composed of senior officials from 17 
agencies and departments of the Federal government. To facilitate 
coordination with state, local, and tribal officials in development of 
the ISE, we have established a State, Local and Tribal Subcommittee. It 
is my intention as chair of the ISC to keep in close contact with 
State, local, tribal, and private sector partners through regular 
meetings with them, and by inviting them to work closely with the ISC 
in the coming months.
    To understand the complexity of the ISE one needs to realize that 
it affects the operations of a very large number of agencies of the 
Federal government. I divide those agencies into what I call five 
``communities.'' Those communities are: the intelligence community, the 
law enforcement community, the defense community, the homeland security 
community, and the foreign affairs community. Each community is a 
collection of departments and agencies with a specific focus on 
terrorism and terrorism related information. The development of the ISE 
will impact a large number of similar governmental entities at State, 
local, and tribal levels of government, and many entities in the 
private sector.

WHAT THE ISE MUST DO TO SUCCEED
    The ISE must accomplish four key things. First, it must facilitate 
the establishment of a trusted partnership between all levels of 
government, the private sector and our foreign partners to mitigate the 
effects of terrorism against the territory, people and interests of the 
United States of America. The ISE, as we envision it, will enable the 
trusted, secure, and appropriate exchange of terrorism information, in 
the first instance, among those five communities, and also to and from 
State, local, and tribal governments, foreign allies, and the private 
sector, at all levels of security classifications.
    Second, the ISE must promote an information sharing culture that 
eliminates information gaps between partners and facilitates the 
creation and sharing of validated, actionable information. We want to 
get the right information, to the right people, at the right time to 
ensure success within a system of rules established to protect the 
information privacy and other legal rights of Americans as well as 
sensitive sources and methods. I believe that right now the main 
problem is not too little information flow from the five federal 
community members to State and local ISE elements, but too much flow of 
uncoordinated information to the State and local levels. There is, 
also, too little flow of the right kinds of information in actionable 
form. Part of the cultural change we need is for all participants at 
all levels of government and the private sector to understand that the 
purpose of the ISE is to serve and satisfy consumers of information, 
who are at the same time all members of the ISE. In contrast, there is 
little information flow from the local and tribal levels to the State 
and Federal levels. This means that valuable information potentially is 
being wasted because it is not reaching the proper consumers.
    Third, the ISE must function in a decentralized, distributed, and 
coordinated manner. In effect, we need to implement a federated ISE 
that incorporates the full cooperation and coordination of the Federal, 
State, local, tribal, and private sectors entities. This way ISE 
participants can be governed by an agreed set of common standards and 
practices that conform to mandated guidelines. Where these cannot be 
common, they must, at least, be compatible. Where necessary and 
consistent with proper information flow, these standards and guidelines 
must take into account the needs and desires of the constituent 
elements, including the security, where required, of the information in 
the ISE. The ISE should provide direct, continuous, online access to 
information that is readily available for analysis, investigations and 
operations without sacrificing privacy and security.
    Finally, the ISE must be developed and deployed incrementally by 
leveraging existing information sharing capabilities and deploying 
centralized core functions and services to provide new capabilities and 
value-added business benefits to all ISE members. Only by building from 
what we now have functioning can we continue to share information 
effectively and uninterrupted.

ISE Implementation Approach
    A critical question for implementing the ISE is how best to get it 
up and running while addressing the myriad policy, process and 
technology differences among multiple organizations tasked to perform 
disparate missions. These differences pose challenges and impediments 
which include: conflicting or incompatible policies, processes, and 
procedures for information classification, access vetting, security and 
privacy; incompatible or non-interoperable legacy systems and data 
formats; conflicting approaches to information sharing; and conflicting 
management structures for overseeing information sharing partners.
    In many cases these differences have evolved over decades. It is 
not realistic to think that we can overcome them in a short period of 
time. But, we must proceed with intelligent, focused, and determined 
energy and dispatch. I believe this means that we must prioritize the 
many tasks before us. I am in the process of deciding those priorities. 
In the past few weeks I have set several priorities--not all of those 
that need to be set, but several of the highest ones. Let me turn to 
those areas now.
    To realize the ISE, the challenges mentioned above, must be 
addressed. Common policy, process, data and technology standards for 
terrorism information sharing must be implemented across all ISE 
agencies. The President's December 16, 2005, Memorandum entitled, 
Guidelines and Requirements in Support of the Information Sharing 
Environment (The President's Memorandum) established the ISE 
requirement to ``implement common standards across all agencies 
regarding the acquisition, access, retention, production, use, 
management, and sharing of information.'' The comprehensive and complex 
nature of such a transformational effort will require significant time 
to fully implement. However, the ISE is an urgent national imperative 
that cannot wait for such an effort to be completed before enhanced 
information sharing is achieved. The key is to achieve initial 
operating capability for the ISE in the short term, and continue to 
build on existing capabilities, while the comprehensive, 
transformational effort proceeds in the longer term.
    We have begun the work to assist in more clearly defining roles and 
responsibilities among departments and agencies by developing policies, 
business processes, and technologies to implement the ISE. There are 
already capabilities and initiatives underway to improve the Nation's 
ability to share terrorism information.
         The DNI has enabled the National Counterterrorism 
        Center (NCTC) to step up to the Federal leadership role that 
        the President and Congress have laid out. Admiral Scott Redd 
        and his staff hold video teleconferences three times a day with 
        analysts across the homeland security, law enforcement, 
        intelligence, foreign policy, and defense communities. NCTC 
        collects intelligence information and analysis from 28 
        different government networks which come into NCTC and post it 
        on a single website where it is then accessible by individual 
        agencies.
         The Terrorist Screening Center (TSC) used to receive 
        terrorism information from NCTC via a computer disk. Today, the 
        TSC receives this information directly from NCTC in controlled 
        unclassified format and electronically. This has greatly 
        enhanced the ability for TSC to efficiently produce the 
        Terrorist Watch List and distribute it to local law enforcement 
        partners.
         Fusion Centers have been established--or are in the 
        process of being established in 42 states. Additionally, a 
        growing number of localities--particularly major urban areas--
        are also establishing similar centers. State and local fusion 
        centers are a critical component of the ISE because they can 
        dramatically enhance efforts to gather, process and share 
        locally generated information regarding potential terrorist 
        threats and to integrate that information into the Federal 
        efforts for counterterrorism. Federal law enforcement is 
        working closely with these Fusion Centers.
         The Department of Homeland Security (DHS) offers a 
        series of web-based portals and other tools that support 
        information exchange, file sharing and chat services among 
        State & local law enforcement, emergency operations centers, 53 
        major urban areas, local, state or regional intelligence fusion 
        centers, and the private sector.
         Department of Justice's (DOJ) Law Enforcement 
        Information Sharing Program (LEISP) implements a unified 
        Department-wide technology architecture to enable DOJ 
        partnerships with State, local, tribal and Federal law 
        enforcement agencies, and identifies which IT investments to 
        support. LEISP enhances DOJ's ability to share information 
        across jurisdictional boundaries.
    The Department of Defense (DOD) has recently designated a full time 
Information Sharing Executive; an initiative I intend to encourage 
other large agencies to follow. DOD has also continued to invest in the 
development of Global Information Grid (GIG). The GIG is being 
developed in concert with ODNI IC Enterprise Architecture (ICEA) to 
support all DOD, National Security, and related IC mission and 
functions in war and peace.
    But, I freely admit that there are many areas where we need to do 
better. I intend to determine the highest priority areas and to devote 
the time, resources, and commitment to make near term and long-term 
improvements in these areas. Among the highest priority matters that 
need attention are the following: defining government-wide standards 
for Sensitive but Unclassified (SBU) information handling; assisting in 
the development of a national strategy that defines federal 
collaboration with State and local fusion centers; developing an ISE 
budget investment strategy; deploying of initial capabilities for 
Electronic Directory Services (EDS); and developing guidelines to 
protect the privacy and other legal rights of Americans.
    Sensitive But Unclassified Information Efforts
    The President's Memorandum contained specific direction related to 
the standardization of Sensitive But Unclassified (SBU) information. 
Specifically, Guideline 3 required each department and agency to 
inventory existing SBU procedures and their underlying authorities 
across the Federal government, and to assess the effectiveness of these 
procedures and provide this inventory and assessment to the Director of 
National Intelligence (DNI) for transmission to the Secretary of 
Homeland Security and the Attorney General. Guideline 3 further charged 
the Secretary of Homeland Security and the Attorney General, in 
coordination with the Secretaries of State, Defense, and Energy, and 
the DNI, with submitting recommendations for the standardization of 
such procedures for terrorism, law enforcement, and homeland security 
information. In response, an interagency working group led DHS and DOJ, 
working with my office, initiated a significant multi-agency effort to 
address these issues that I believe will lead to tangible improvements 
in the way SBU is marked and handled.
    This working group completed the initial inventory task in March 
2006, and is in the process of evaluating the results. The data 
collection also includes responses by agencies to the Government 
Accountability Office's (GAO) similar request, supplemental material 
volunteered by agencies, and publicly available data. The working group 
will use the analysis of the SBU inventory as well as review of related 
literature, including SBU reform proposals of concerned communities of 
interest, recommendations of the GAO, the Congressional Research 
Service (CRS), and a wide range of other legal, academic and policy 
sources to develop recommendations for submission to the President 
regarding the standardization of SBU procedures by June 2006.
    Preliminary assessments indicate that there are no government-wide 
definitions, procedures, or training for designating information that 
may be SBU. Additionally, more than 60 different marking types are used 
across the Federal Government to identify SBU, including various 
designations within a single department. (It is important to note, 
seventeen of these markings are statutory.) Also, while different 
agencies may use the same marking to denote information that is to be 
handled as SBU, a chosen category of information is often defined 
differently from agency to agency, and agencies may impose different 
handling requirements. Some of these marking and handling procedures 
are not only inconsistent, but are contradictory.
    Initial evaluation of the inventory data also suggests that 
different agencies rely on different authorities as a basis for 
developing marking and handling procedures. For example, some agencies 
rely on Freedom of Information Act (FOIA) exemptions to mark SBU 
information, while other agencies may apply markings to SBU data not 
necessarily subject to a FOIA exemption. Information characterized as 
SBU also can range in levels of sensitivity.
    In coordination with my office, the Secretary of Homeland Security 
and the Attorney General will submit recommendations to the President 
in June on standardization of SBU procedures for terrorism, homeland 
security, and law enforcement information. The Guidelines also require 
that the DNI, in coordination with the Secretaries of State, the 
Treasury, Defense, Commerce, Energy, Homeland Security, Health and 
Human Services, and the Attorney General, and in consultation with all 
other heads of relevant executive departments and agencies, submit 
recommendations and standards applicable to all Federal controlled 
unclassified information by December 16, 2006. While many improvements 
can be achieved by Executive Branch actions alone, these 
recommendations may also involve recommendations for legislative 
changes.
    The PM, in managing the development and implementation of the ISE, 
will closely coordinate all efforts under the President's guidelines to 
ensure progress, consistency, and effectiveness, and to ensure that all 
partners in the ISE benefit from the implementation.

State and Local Fusion Centers
    State, local and tribal governments will continue to ensure that 
personnel responsible for protecting local communities from terrorist 
attacks have access to timely, credible, and actionable terrorism 
information. A number of State and local governments have sought to 
address this need for actionable information by establishing 
``information fusion centers.'' These centers coordinate the gathering, 
analysis and dissemination of law enforcement, public-safety and 
terrorism information. As I mentioned, Statewide fusion centers have 
been established, or are being established, in 42 states.
    There is, however, no national strategy that defines federal 
collaboration with these centers. Each State and local fusion center 
has developed it own way of interfacing with the various Federal 
entities involved in terrorism prevention and response efforts. 
Additionally, fusion centers rely on multiple channels to exchange 
terrorism information with the various Federal entities involved in 
investigatory, prevention, response, and recovery activities. It is one 
of my highest priorities to greatly improve this situation.
    I strongly support the concept of fusion centers and I expect these 
centers to become critical components of our national capability to 
gather, analyze, and disseminate actionable information. State and 
local fusion centers across the nation should achieve a baseline level 
of capability. The Department of Justice Global Justice Information 
Sharing Initiative/Department of Homeland Security Advisory Council 
``Fusion Center Guidelines'' were developed with Federal funds and 
through a collaborative process involving Federal, State, and local 
officials and may provide this useful baseline. I intend to help the 
collaborative process move forward by working with DHS, DOJ, DoD and 
others to develop an integrated Federal approach that describes how the 
various Federal entities (law enforcement, homeland security, defense) 
can interface with state and local Fusion Centers.
    Guideline 2 of the President's Memorandum requires the Secretary of 
Homeland Security and the Attorney General, in consultation with the 
Secretaries of State, Defense, and Health and Human Services, and the 
DNI (which includes the Program Manager), to perform a comprehensive 
review of the authorities and responsibilities of executive departments 
and agencies regarding information sharing and to submit to the 
President a recommended framework for sharing information between and 
among executive departments and agencies and State, local, and tribal 
governments, law enforcement agencies and the private sector. This 
framework is to be submitted to the President through the Assistant to 
the President for Homeland Security-Counter Terrorism and the Assistant 
to the President for National Security in June 2006.

ISE Budget
    In March of this year, OMB issued a budget data request (BDR) in 
support of the Information Sharing Environment. This request provided 
to my office information on the inventory of systems, programs and 
architectures that support terrorism information sharing. The BDR 
requested corresponding FY06 and FY07 budget information for those 
systems, programs, and architectures.
    My office will use this data to develop an investment strategy for 
the ISE to shape future budget decisions through the identification of 
gaps and opportunities to better enable terrorism information sharing. 
Such mechanisms could include system modification and/or enhancement, 
as appropriate; new investments and acquisitions; and strategic 
leveraging of existing programmatic resources.

    Electronic Directory Services (EDS)
    On March 31, 2006, we released the initial capability for the ISE 
electronic directory services (EDS) within a classified environment--
something that has not existed before. The approach to EDS is 
incremental, starting first at the federal level to provide directory 
services information within a classified environment; and then 
eventually creating the capability at the SBU level. This first 
delivery of the EDS provides contact information for Counterterrorism 
related watch centers, and is similar to a telephone book?s ``Blue 
Pages'' listing. These Blue Pages are available to anyone who has 
access to the Sensitive Compartmented Information (SCI) and SECRET 
security domains. The Blue Pages reflect agreements and cooperation 
among the Information Sharing Council members; in particular, the 
Office of the Director of National Intelligence (ODNI), who is hosting 
the Blue Pages in the SCI security domain, and the Department of 
Homeland Security (DHS), who is hosting the SECRET security domain Blue 
Pages.

    My staff has a strong sense of urgency to deliver full EDS-People 
and Organization (EDS-PO) capabilities defined as a set of registries 
that share a common, trusted, and up-to-date view of people and 
organization information, which includes identification of necessary 
attributes and standardized metadata on people and organizations, to 
assist in locating people and resources with relevant knowledge about 
intelligence and terrorism information. Current efforts are focused on 
White and Yellow Pages and are defined below:
    White Pages Concept--Name, personal attributes and at least one 
method of contact for named personnel. Additional contact information 
may include phone numbers, email addresses and postal addresses. For 
urgent needs, an alternate 24/7 method of contact may be included. 
Attributes may include such information as skill set, clearance level 
and areas of expertise. For certain users, some attributes may not be 
viewable or searchable.
    Yellow Pages Concept--Organization and contact information, which 
may include description of roles and responsibilities and organization 
charts. For urgent needs, an alternate 24/7 method of contact will be 
included. These may include a pointer to the organization directory. 
For certain users, some organization attributes may not be viewable or 
searchable. The EDS-PO Implementation Plan developed in February 2006 
calls for implementing the Blue Pages on the Sensitive But Unclassified 
(SBU) domain by end of July 2006. Due to lack of cohesive and 
centralized governance structure of the SBU domain, the solution for 
SBU Blue Pages is more complex than the SCI or SECRET domains. As a 
result, the SBU Blue Pages data will be a subset of that available on 
the SCI and SECRET Blue Pages.
    By the end of October 2006 we plan to increase existing ODNI White 
Page capability at the SCI and SECRET domains to include non-IC 
information. Also planned for October 2006 is the initial iteration of 
Yellow Pages at the SCI and SECRET domains. Currently, the 
implementation team is working with the Departments and Agencies to 
identify the cost of making appropriate content available to the right 
users.

Guiding Principles
    Creating a culture of information sharing within the various 
departments and agencies of government will require us to assign 
dedicated personnel and resources; reduce disincentives to sharing; and 
to hold our senior managers and officials accountable for improved and 
increased sharing of information. And it will require a great deal 
more. I have established the following principles to guide the efforts 
of each of the entities engaged in developing the ISE.
         We will deploy a decentralized, distributed and 
        coordinated model so that the handling of terrorism information 
        in the ISE will take place directly among users, using a web-
        enabled, network model accessible to each of the stakeholders 
        in information sharing.
         We are working to develop and use common standards and 
        best practices to promote maximum distribution and access to 
        terrorism information, including the appropriate method for 
        government-wide adoption and implementation of these standards.
         We will deploy the ISE on the premise of information 
        ``access'' by using the concept of ``shared information 
        space''. In this model, information is a community asset--not 
        the property of a particular agency. We will ensure security 
        and privacy safeguards are in place to protect sources and 
        methods while ensuring the privacy and other legal rights of 
        Americans are protected.
         We will operate on the basis of ``risk management'' 
        not ``risk avoidance'' to balance the risk of inappropriate 
        disclosure of information against the risks associated with 
        inadequate information sharing. This is the approach used now 
        within most departments and agencies, and it should be used 
        within the ISE.
         I want to build trust through auditing, performance 
        evaluation, accountability and transparency. Achieving that end 
        will require significant training and education as well as 
        strict enforcement of policies and processes relating to the 
        handling of information that is shared.
         Finally, we are striving to facilitate easier user 
        access to terrorism information for users faced with a wide 
        variety of systems and tools and by different policies, 
        procedures and access controls. I want to simplify ISE access 
        for users regardless of their point of entry into the 
        environment through the deployment of open standards and 
        technologies and appropriate policies related to user access.
    I want to thank the Members of this committee for your continued 
support and dedication to this important issue and look forward to 
working with you on building an enduring capability for information 
sharing for this Nation. I welcome and look forward to your questions.

    Mr. Simmons. I thank you, Ambassador.
    I have some questions, and then we will go back and forth 
to the members.
    My question is a follow-on to what you just mentioned, and 
what I mentioned in my opening statement, the issue of culture. 
When we talk about the five communities, we could just as 
easily talk about the five bureaucracies, if you will: 
intelligence, law enforcement, defense, homeland security and 
foreign affairs.
    Many country teams overseas have four of those five 
communities at the country team table. As somebody who served 
on country teams, as I am sure you have, you know that 
everybody gathers, and you know that everybody listens to the 
ambassador and they all smile at each other, and they all plan 
to be at the cocktail parties, but not necessarily a lot of 
sharing unless there is really strong leadership at the table.
    To those four, we add the fifth, which is homeland 
security, and we have a new dimension here, which is the non-
federal dimension. The homeland security dimension goes to 
state, local and tribal. So you are not just dealing at a 
federal level. You have other levels of government. One could 
argue that law enforcement goes to state and local, 
potentially, through state police and municipal police, for 
example.
    One could argue the defense community also has a state 
component through guard and reserve, principally through the 
guard. So there are multiple dimensions here, multiple 
bureaucracies, and multiple tasks at a vertical and a 
horizontal level.
    With your 20 people, what tools do you have? What carrots 
and sticks do you have to ensure that this complicated, I think 
of it like a lion tamer, almost in a circus, you know. What 
kind of a whip can you crack? What kind of incentive can you 
provide to ensure that these people are sharing, and in a 
productive fashion?
    Do you have the tools necessary to get the job done? Can 
you enforce the rules, if you will, or provide incentives for 
those who cooperate and punishments for those who don't?
    Ambassador McNamara. Well, let me start by saying I 
understand the country teams concept. I think what I am talking 
about here when I talk about that national system that needs to 
be set up for information sharing is a kind of country team. It 
just happens that it is our country here back home, rather than 
our country as projected overseas.
    Indeed, all five communities are present in that country 
team, if I may note. The country team that is now part of, or 
the element of the country team that is now part of homeland 
security includes the Coast Guard, the Bureau of Customs, and 
other elements that are present overseas in many of our 
embassies, Transportation Security, et cetera.
    Do I have the tools? I do have the tools. I do not have 
tools to enforce the rules. I have tools to recommend the 
rules, and the president will make the rules, and I will be 
enforcing his rules. But when he makes the rules, that also 
means that every member of the Cabinet and sub-Cabinet level 
and on down is to obey those rules also.
    What tools I have are calling attention to those who don't 
follow whatever the rules are, as the rules are established. 
Number two, I have the ability to recommend budgetary changes. 
I have the ability to go to the OMB and to the president with a 
budget strategy for information sharing. That means that I do 
not have to pass my recommendations through any particular 
agency in order to get them heard at the highest levels.
    If I might address in a little bit more detail the 
relationship with the DNI, I do report to the DNI on matters 
that directly relate to the intelligence community. But the 
legislative mandate that I operate government-wide means that I 
must also operate in those communities which are not under the 
direct authority of the director of national intelligence. He 
and I have discussed this and we understand perfectly well that 
I go through him sometimes, and other times go in another path.
    As for support, thus far in a very short time that I have 
been here, I have spoken with almost all of the Cabinet-and 
sub-Cabinet-level officials in the major agencies that I am 
working with. By that, I mean Homeland Security, DNI, Defense, 
Justice, FBI and others. In fact, in some cases I have seen 
them several times since I started.
    I expect to work at that level and to continue to dialogue 
at that level in order to get what I believe to be my job done. 
That, I think, will be a significant factor in how well and 
also how fast we move forward.
    Mr. Simmons. Thanks very much.
    The chair recognizes the ranking member, Ms. Lofgren.
    Ms. Lofgren. Thank you, Mr. Chairman.
    And thank you, Ambassador, for being here with us today.
    As you probably know, the National Governors Association 
last month surveyed state homeland security directors and found 
that 60 percent of them were either somewhat or completely 
dissatisfied with the specificity of intel information they 
were receiving from the federal government. So I have specific 
questions.
    We have heard now for several years, obviously not from 
you, about the culture and dialoguing and the like. But I am 
one for setting protocols and rules, and then you can get some 
enforcement.
    So first, the president directed in December of last year 
that the DNI, and I think through your office, would come up 
with standards to convert classified terrorism information into 
a sanitized format that could then be shared with state, local 
and tribal enforcement. I think the deadline was mid-March. We 
didn't make it. We have a new deadline of June 14.
    Are we going to make that deadline? Where are you on it? If 
not, what can we do to help you make that deadline?
    Ambassador McNamara. I expect to make the deadline. I would 
be less than candid with you if I said I was absolutely certain 
at this point, after only 9 weeks on the job, that I have in 
effect gathered in all of the information I need in order to 
make that report. But by June, I intend to make that report.
    That report will include recommendations with respect to 
classified information, and I think even more importantly, what 
to do about the unclassified, but controlled information.
    Ms. Lofgren. That is my second question, because, as you 
know, the GAO identified 56 different sensitive but 
unclassified designations across the government, and identified 
that there are no government-wide policies and procedures for 
making those designations. I think your office is to develop 
those procedures. In the absence of that, each agency is kind 
of ad-hoc'ing it.
    We learned from the GAO that there is no review process, 
and further that there is apparently no legal standard that has 
been developed for this either, which means that ultimately the 
sensitive information is going to end up being published unless 
we have some legal hook for keeping that from happening.
    So I am wondering, I am sure you have read the GAO report, 
the deadline for that is December of this year, but I am 
hopeful that we can get something done prior to that time. What 
are your thoughts on that? Where are you? Do you have the 
resources necessary to do that? And how can we help?
    Ambassador McNamara. I think we can meet that deadline, and 
I hope we can come in early. I intend to make some 
recommendations in June. That, as I listed in my top 
priorities, that was one of them.
    A couple of comments. Here is another example of how we are 
working against the culture. It is a culture that was quite an 
effective and useful culture when it was working during the 
Cold War.
    Ms. Lofgren. If I may, I don't think we are disagreeing on 
the culture issues, but if we don't have any policies, then it 
is very hard to insist that they be adhered to.
    Ambassador McNamara. That is right.
    Ms. Lofgren. There is no argument on the culture, but you 
have to have some rules that you ask people to obey.
    Ambassador McNamara. And that is what I intend to make 
recommendations on in June, and then again in December. 
Specifically, I think what has happened is indeed we have since 
the GAO report was written continued to get information with 
respect to the SBU problem, and 56 is a low number. We are well 
above that now, and I expect the number will go up in the 
coming weeks as more information becomes available to us.
    I think what we have to do, and for this I was referring 
back to the Cold War, we thought the classified information 
during the Cold War, national security information needed to be 
classified, and we created a rational system which we then 
propagated throughout the federal government, and we insisted 
that everybody observe that system.
    In the post-Cold War period, it seems to me, that during 
the Cold War we said, with respect to nonclassified matter, do 
whatever you want with it. We are not interested; that is not a 
danger; that is not a problem; do what you will. So for 50 
years those 56 or 60 or 70 systems got built up.
    Now comes the time, I think, to set up a system which in 
some respects would mimic what we have been doing in classified 
information, and that we will restrict the use of the SBU to 
certain categories that need to be controlled, and there are 
some legislatively mandated, and in some cases via regulation, 
truly do need to be controlled.
    But the great majority of the information which is now 
controlled can be put in a simple unclassified, uncontrolled 
category, it seems to me. And that is the system that we are 
trying to put together, a rational limited set of categories 
that, like the system that we have for classified national 
security information, can be applied to controllable 
information, but leave most of it as fully unclassified.
    Ms. Lofgren. My time has expired. I appreciate the 
chairman's indulgence. We will do a second round, and I will 
ask some further questions.
    Mr. Simmons. The distinguished gentleman from Nevada, a 
member of our Intelligence Committee.
    Mr. Gibbons. Thank you, Mr. Chairman.
    Ambassador McNamara, welcome. Thank you for your service, 
and I especially thank you for voluntarily coming back into 
government and trying to put your arms around a very difficult 
issue.
    As I look out there, and I look at all of the agencies, and 
certainly can understand the inability of some agencies to work 
well with others, I am aware that there is a degree of mistrust 
between various organizational agencies within the federal 
government.
    You are telling us that already we have intra-agency 
cooperation that is fairly good. I still see this mistrust out 
there, though, on information sharing, either because it is 
going to jeopardize the source or method by which we receive 
that information, or it will jeopardize the utilization of that 
information in, for example, the prosecution of a case.
    What can we do to bridge that mistrust so that we can get 
this information out there without giving the sense that we are 
forcing somebody to sacrifice either the prosecution of a 
terrorist or result in the loss of a source or a method by 
which the information is generated? What needs to take place to 
build that bridge?
    Ambassador McNamara. Again, after 9 weeks, I hesitate to 
give you a full answer to that, but I think I see, based on 
prior experience, a way out of this conundrum. And that is that 
we now practice a system of information sharing within agencies 
that is called ``risk management.'' That is to say, you 
understand what the nature of the information is, how sensitive 
it is, and then you manage that information according to 
certain risk criteria. Within agencies, that has been done now 
for many years, a decade or more, depending upon the agency.
    What is interesting is that the risk management approach is 
not practiced between agencies very much. Occasionally it is, 
and on a limited basis. Instead, what is practiced interagency 
is risk avoidance. That is to say, if there is any risk, no 
sharing. It seems to me to be irrational and illogical to 
practice risk management within an agency of many tens of 
thousands of employees, and not risk management with respect to 
other agencies where the clearances and the process of vetting 
the employees is very similar, and in some cases identical.
    So I think the way to get from where we are now in sharing 
information among the various federal agencies, and indeed by 
extension down to the state level, is to change the culture of 
risk avoidance, a zero-risk approach, and consider what we are 
doing within agencies, within the CIA, within the Department of 
Defense, within the Department of Homeland Security, within the 
Federal Bureau of Investigation, and practice risk management.
    Mr. Gibbons. Now, in your position, are you comfortable 
that that can take place? Because it reminds me of what my 
mother told me when I was a young boy about changing the way I 
did things. She said, ``Jim, change is not a difficult thing if 
you are willing to let go of the old way you do things.'' I am 
sure that there are some institutional problems within those 
various agencies that will make this a challenge, and I am sure 
we see that even today.
    My time is about to run out. I wanted to ask you one final 
question here. We talked about state fusion centers. I think, 
along with you, they are very, very important to the future of 
our intelligence network nationwide.
    What gives you the comfort of knowing that when we have 50 
state fusion centers up and running, that we are going to be 
able to have the same bridged sharing of that information among 
those 50 states and in many territories that would also be 
sharing in those as well?
    Are we doing things today to set the proper stage so that 
these states when they begin to set that up--and I know my 
state is looking at doing one, modeled after what California 
has done. I want to make sure that the federal government is 
playing an active role in making sure that we are all 
interoperable, so to speak, for that information sharing.
    Ambassador McNamara. I think the answer, Congressman, is 
that yes we have started down that path. Indeed, the Department 
of Justice and the Department of Homeland Security jointly have 
put out guidelines for those fusion centers.
    Those guidelines are quite extensive, and they are 
guidelines; they are not rules. They are no ``you must do,'' 
because cookie-cutter approaches are not going to work with 50 
states, and indeed more than 50 states because you have cities 
such as New York, Los Angeles, Chicago and others that wish to 
see urban regions and urban areas united in a fusion center.
    Those guidelines, and I have read them, and experts that 
put them together, both from the federal, state and local 
governments around the country, believe those guidelines are 
adequate to set up a system, a national system, indeed, of such 
fusion centers that would integrate the fusion centers 
effectively.
    The 42 that are now up, most of them, particularly the 
larger ones, are following the guidelines. We believe that most 
of those that are in the planning stages are using the 
guidelines as their planning tool for setting up those centers. 
Once again, the federal government can't dictate to the states 
and there are local conditions and variations that need to be 
addressed at the state level and below.
    But that, I think, is a very important tool and, again, 
that did not exist a year ago. It exists now, and in fact we 
hope very, very shortly to have that published. I am pushing 
very hard to get that published as soon as possible. It has 
been informally distributed, so the publication will simply 
sort of put a final mark of approval on the document itself.
    There are other ways also I think that we have been able to 
help through grant programs with the various states that are 
setting them up. I would point out that in some cases states 
are making decisions as to whether they want just a single 
state fusion center, or whether they should join with some 
neighboring states to set up a fusion center for that group of 
states. In other instances, we are going to find fusion centers 
will be multiple within a state, California being a prime 
example, as is New York.
    Mr. Gibbons. Mr. Ambassador, my time has expired. I want to 
thank you again for your presence here today.
    Mr. Chairman, thank you.
    Mr. Simmons. I thank the gentleman.
    The chair recognizes the distinguished gentleman from Rhode 
Island, Mr. Langevin, a member of the Armed Services Committee.
    Mr. Langevin. Thank you, Mr. Chairman.
    Ambassador, I want to thank you for being here today and 
for your testimony. I know you have a tough job on your hands. 
We look forward to working with you.
    With respect to information and intelligence, the most 
important thing, I am sure you would agree, is to make sure 
that those who need the information have the information that 
they need to do their jobs. That often means people on the 
frontlines, law enforcement most especially.
    So far, I can tell you that most state and local law 
enforcement entities have not been impressed with the level of 
communication they have had with the federal government, the 
Department of Homeland Security in particular.
    So I guess I would like to start with the question of, has 
there been a general agreement reached in terms of your 
understanding of the type of infrastructure that will be used 
to share information?
    Law enforcement, to be honest with you, doesn't want to 
reinvent the wheel. By way of example, the regional information 
sharing network, RISSNET, is something that law enforcement is 
very comfortable with. They use it all the time for sharing 
basically law enforcement intelligence.
    Many in the law enforcement community feel that there 
should just be a component added for sharing terrorism-related 
information within RISSNET. Obviously, Homeland Security may 
feel differently. I have raised this with Charlie Allen, by the 
way, and to his credit he dispatched his deputy up to RISSNET 
to actually see this in operation and how it is in terms of 
what law enforcement is familiar with, and how they work now.
    But could you answer the question of, is there general 
agreement on how we are going to share this information, 
particularly with those on the frontlines who need it most, 
particularly law enforcement?
    Ambassador McNamara. I think there is an understanding of 
what is necessary in order to create that national system that 
I was talking about. The complexity of the systems, 
particularly at the local level, are a major obstacle to 
getting a single, if you will, pipeline in place.
    I think in the end, we are probably going to do something 
of what you suggested. Rather than creating new lines, use 
those that we now have, but expand their use so that we don't 
have to create something new.
    What we can do is build on the ones that are out there. And 
there are things like RISSNET and there are networks within the 
Department of Defense, within the Department of Justice itself, 
as opposed to the FBI, and also in Homeland Security that can 
be usefully expanded so that they can handle more and better 
information.
    I think a major problem is in packaging the information. I 
was surprised, one of the many surprises when I came to this 
position was my impression that the information flow from the 
federal government to the state and local governments was 
insufficient. That is, it was inadequate. I found out that it 
was not inadequate in volume. It was inadequate and 
insufficient in quality and in the manner in which it was 
packaged.
    What we need to bring to this issue is an understanding of, 
and I think it is understood within the intelligence community 
better than it is in some other communities, of managing it so 
that the consumers of the information can benefit from it, so 
that sending out information, as we have done in the past, in 
which we didn't take into account that the local police chief 
needs that packaged in a way that he can use. It has to be 
actionable. It has to be something that is relevant to his 
situation.
    I heard the story of a police chief from a major city, 
after the London bombings, who said that he got no useful 
information about the London bombings from the federal 
government. He had about 3 or 4 hours at most to decide what he 
was going to do about the commuters who were going to be using 
buses and subway systems in his city for the morning rush hour.
    What he was looking for was information that would tell him 
what can he put out to the public and how should he react to 
the London bombings in a way that would make the community feel 
more comfortable about going to work in the morning. He got 
that by getting on a telephone and phoning four other chiefs of 
police in four other major cities, and the five of them came up 
with an effective recommended way of handling the morning rush 
hour problem.
    I think if we had a national system such as I am talking 
about, if wouldn't have to be ad-hocced at 5 o'clock or 4 
o'clock in the morning. It would be a system that would come 
online and it wouldn't be necessarily the chiefs of police that 
would be the first ones to communicate with each other.
    There would be a communications system that would go into 
emergency mode among the fusion centers, and the information 
would be gotten out not just to five police chiefs, although 
that was certainly a benefit, but maybe to 55 or 155 or 255, 
because the system would work for the benefit of all.
    I think that is what we are talking about. We are talking 
about setting up a limited number of pipelines with information 
that will be packaged in a way that is useful to the consumer, 
which means we have to go to those police chiefs. We have to go 
to those state homeland security officers and get them to tell 
us what is useful to them.
    And then I think we need to use the NCTC, the National 
Counterterrorism Center, as a major focus of our effort to 
package the information so that it is useful to those at the 
state and local level. That, it seems to me, means bringing 
state and local people up here to Washington to work with us so 
that we will get out of the product that we have here in 
Washington something that can be used either in an emergency 
situation such as after the London bombing, or that can be used 
for, let's say, investigations, protection of infrastructure, 
managing public fears, managing the difficulties of a 
particular sector in the private sector.
    All of that needs to be packaged in a way that is useful 
for the consumer, and the consumer is the person at the other 
end of the line. It is not the analysts sitting in Washington 
writing out what is a perfectly good piece of paper, useful to 
people here in Washington, but of no use to that police chief 
who has to make a decision about what to do before the 
commuters go to work at 6 in the morning.
    It is a very long answer to a short question, but that is 
my understanding of where we need to go and how we need to do 
it.
    Mr. Langevin. It is obviously an important subject. I like 
what I am hearing, and obviously you are identifying the 
problem. I hope you will follow through with working very 
closely with law enforcement people on the frontlines who are 
going to ultimately be the end-users of this information they 
need. It is so important to involve them from the get-go, and 
listen to them to hear what is going to be most helpful.
    So I know my time is expired. If we do a second round, I 
had additional questions.
    Thank you, Mr. Chairman.
    Mr. Simmons. I thank the gentleman. We will do a second 
round.
    I appreciate the comments on the fusion centers. I agree 
completely that that is a tremendously useful tool to 
facilitate information sharing. But I would like to go back for 
a few minutes to the sensitive but unclassified issue.
    You are absolutely correct. During the Cold War, a security 
system was established of confidential, secret and top secret, 
and then various compartments, based on sensitive methods of 
collection that were pretty much at the top secret level, but 
simply a top secret clearance didn't give you access to those 
compartments. You had to be signed in and signed out.
    So I have traditionally looked at the classification system 
as three parts: confidential, secret and top secret. We have 
this unofficial use only; we have law enforcement sensitive; we 
have various other caveats that really aren't classifications. 
They are controls.
    Ambassador McNamara. Controls, right.
    Mr. Simmons. I suspect that you could spend the rest of 
your life trying to figure out a system to get everybody happy 
to accommodate all of these different controls.
    Somewhat hypothetically, but I will ask the question 
anyway, why don't we clear the deck? Let's take all of those 
SBUs and just wipe them out. Start with a clean slate, and then 
ask ourselves, which ones absolutely have to be added back and 
in what fashion?
    Now, law enforcement is sensitive. It has been around for a 
long time. As Mr. Langevin said, people don't like to reinvent 
the wheel, et cetera, et cetera. Okay, so that should be added 
back. Perhaps that should be added back as something that is 
classified confidential. I don't know.
    But it seems to me that, again, you could spend the rest of 
your life working this problem and never reach a completely 
satisfactory conclusion, and in the meantime other critically 
important initiatives such as, you know, we have to share, 
folks; we have to figure out how to share; we have to make sure 
the guys in the fusion center and the police officers in the 
municipalities have actionable intelligence. We have to make 
sure that pipeline is working.
    So if we were to take the SBUs and just clean the slate, 
how many would we count as being really critical to add back in 
some form or another? Has anybody on your staff taken a look at 
this? Has anybody tried to address this problem from that 
standpoint, of erasing and adding back, as opposed to trying to 
accommodate what we have?
    Ambassador McNamara. Let me make one comment about the 
``wipe it out and start over again.'' If we assume that we were 
to wipe it out, and let's say it took 6 months to start it up 
and get it working again, or even if it only took 6 weeks, the 
question arises as to whether or not all that information that 
rightly was controlled?
    Mr. Simmons. If I could interrupt for just a second. I 
understand. It is like an academic exercise. We have all this 
stuff on the chalkboard, and we erase it all, and then we ask 
the class, okay, who is upset at what we just did? Who 
absolutely cannot deal with the fact that we have erased 
everything of the chalkboard? Who absolutely insists that we 
have to add their SBU back to the slate?
    Ambassador McNamara. That is part of the process that we 
are going through right now, is determining what is essential 
to control, and if so, if it is essential to be controlled, 
under what rational set of categories, what legislative 
mandate, or government-wide regulation should it be controlled 
under?
    It varies. We are not at that point of actually setting up 
the final list of categories, but my initial observations would 
be that certainly no more than a half-dozen or so categories 
would probably do the job. And then you would determine, 
depending upon the level of sensitivity, whether or not 
something that is now personal health information, for example, 
which under various privacy laws must be controlled, or whether 
it is proprietary information, again under other laws must be 
controlled.
    It has nothing to do with national security. In fact, the 
federal government doesn't really have an interest in itself of 
doing the controlling. It is that proprietary information needs 
to be controlled because of other interests.
    So setting up those categories and then, you might way, 
wipe it out, but then inserting those categories that 
definitely require under legislation or government-wide 
regulation, require controls, that they be put in the proper 
category of control. And that the rest of it I would think 
would just become unclassified, with no control mechanism.
    Mr. Simmons. I think that would be a very useful exercise 
for you to pursue between now and June.
    Ambassador McNamara. I am pursuing it. I will pursue it 
beyond June if necessary until I get it done. I have until the 
end of the year, according to the rule. I would be delighted to 
get it done by June. July, I would be less delighted, but more 
delighted than September or October.
    Mr. Simmons. Before the August vacation.
    The ranking member?
    Ambassador McNamara. I will do my best.
    Ms. Lofgren. On that same point, and perhaps we are honing 
in on this because we had such a useful workshop with the GAO 
on this very subject. As you are describing the process, you 
are using, you are getting a reading, you are getting the 
temperature from various agencies. I am wondering what, other 
than just their druthers, what kind of objective criteria that 
you are proposing to them?
    I assume that in this process, you will get buy-in from 
across the federal agencies. But have we reached out? I mean, 
one of the things that I thought was interesting in the GAO 
exchange was that it is not all clear that we have any legal 
basis, in some cases, for actually keeping this information 
private. So if we don't set up objective standards that will 
withstand scrutiny, it doesn't matter how we define these 
things, we will not succeed in protecting them from an assault.
    Can you shed any light on those questions?
    Ambassador McNamara. Again, a tentative observation at the 
start. I don't pretend to be an expert in this. I have begun in 
the last 2 weeks to get more and more involved in this, so 
therefore that means in the first 6 or 7 weeks, I was busy with 
other things.
    There are instances where it is very clear. There are 17, 
in fact, that are required by law, by a legal mandate. There 
appear to be others that are equally meritorious, but there was 
never a problem, and so no law was passed. In other words, in 
17 cases, something happened and the Congress said, that should 
not have happened; we will fix it with a law.
    But there were other cases where agencies did things on 
their own in order to control something that should have been 
controlled, and therefore no problems ever arose. If we were to 
wipe that out, we would find problems arising. That is one of 
the reasons why I am a little bit cautious.
    Ms. Lofgren. If I can clarify. I am not suggesting, because 
I don't know in fact--I don't think either one of us knows all 
of the things that are being kept confidential. I am not 
necessarily assuming those judgments are wrong, because I don't 
even know what those judgments are.
    All I am suggesting is there needs to be a framework for 
that decision making, and there needs to be a legal basis for 
enforcing that decision, or else ultimately this scheme will 
fail.
    Ambassador McNamara. Or come back to the Congress to create 
the legal basis, and that is one of the options that is open to 
us; that is, to set up the framework, apply what law is 
currently available, see where it falls short, and possibly 
come back up. There is much, quite frankly, that has no legal 
basis and doesn't deserve any legal basis. We should be getting 
that stuff out.
    Ms. Lofgren. In some cases, when in doubt, stamp it 
confidential.
    Ambassador McNamara. That is right, or otherwise control. 
That gets back to this thing about risk management versus risk 
aversion. This is another area where the process has been risk 
aversion. Does that look like it might cause a problem? On goes 
the control stamp.
    Ms. Lofgren. A final question. In a free society, we have 
more actors than just the government. We have a free press. We 
have the citizenry at large. Have you built into your work-plan 
outreach into advocates for the press or for civil liberties? 
Not that they should see the information, but that they should 
evaluate the standards and get their input up front?
    Ambassador McNamara. Honestly, I don't know what the answer 
to that is. I hope the answer is yes, but I haven't asked it. I 
will go back and ask it. And if it is not yes, I will try and 
make it yes.
    Ms. Lofgren. Thank you.
    Mr. Simmons. The gentleman from Rhode Island?
    Mr. Langevin. Thank you, Mr. Chairman.
    Ambassador, are you familiar with the term ``electronic 
discovery''?
    Ambassador McNamara. Electronic discovery?
    Mr. Langevin. Electronic discovery. Basically, it is a 
relatively new technology or concept, you might say, and 
basically it allows us to take massive amounts of data and 
organize it into a understandable and usable format. They are 
using it, for example, on some of the highest profile criminal 
cases right now in the corporate world that you have read about 
in the newspaper.
    I would think that this would be something that would be 
very useful in organizing this intelligence information and 
then being able to disseminate it into usable type where you 
have a format. And so maybe at some point we can talk a little 
bit more about that if you are not familiar with the concept.
    Ambassador McNamara. I have heard of it, and I have heard 
it in these last few weeks mentioned. It is also data-mining, 
is another--
    Mr. Langevin. It is data-mining, but it is also organizing 
one you have mined it--
    Ambassador McNamara. Once you mined it, right.
    Mr. Langevin. --to organize into a useful form.
    Ambassador McNamara. I am not that familiar with all the 
details, but I understand that there are both privacy concerns, 
as well as security concerns that are involved in how one goes 
about managing, if you will, the data-mining and the electronic 
discovery.
    Mr. Langevin. Sure. I welcome the opportunity to talk more 
about that.
    Ambassador McNamara. I would like to. I will try and get 
myself more informed on it also.
    Mr. Langevin. The other thing is, I would like to ask you, 
the Department of Homeland Security right now has a clear 
mandate to be the point of contact between federal government, 
state, local and tribal law enforcement agencies in terms of 
information sharing. Accordingly, I would think that the 
department would have a lot of say about the policies that you 
are developing for this vertical type of information sharing.
    What is the precise role of the Department of Homeland 
Security in the work that you are doing to advance the 
information sharing environment? And what support is Charlie 
Allen, the chief intelligence officer, providing to you 
specifically?
    Ambassador McNamara. The answer is that I recognize that 
the Department of Homeland Security is basically the lead 
agency in many of these areas, and that it has a primary 
responsibility under the law to move information to the state, 
local, tribal and private sector.
    I have worked very, very closely with them. I have met with 
Secretary Chertoff, Deputy Secretary Jackson, with Assistant 
Secretary Allen, whom I have known and worked with before over 
a period of 20 to 25 years. He is a good friend of mine, as 
well as being a colleague that I have now come to work with one 
more time after being out of government. I have also worked 
with and met with Assistant Secretary Stew Baker and others in 
the Homeland Security Department.
    I think their role is going to be central in this national 
system that I am talking about. My initial observation is that 
the three chief, if you will, largest players in this are going 
to be the Department of Homeland Security, the Department of 
Justice, including the FBI, and the Department of Defense. 
Those are the three majors. Then there are other departments, 
but to focus in on Homeland Security, I think they will play a 
central role, and they should and will expect to fulfill their 
legislative mandate in that regard.
    When I make my recommendations with respect to what I think 
ought to be done, I will be taking that into account.
    Mr. Langevin. Thank you, Ambassador. I look forward to 
working with you further.
    Ambassador McNamara. Likewise.
    Mr. Langevin. Thank you, Mr. Chairman.
    Mr. Simmons. I thank the gentleman.
    Are there any other questions from the members of the 
committee present?
    Ms. Lofgren. I said I didn't have a question. This really 
isn't one, but I am hopeful that we can get, at least in 
writing, periodic progress reports on where we are on these two 
pressing questions on classified-to-distributable information 
and the SBU issue.
    Ambassador McNamara. If I may add a comment. As I said in 
my written statement, and probably should have in my oral, but 
I was trying to keep it very compressed, it has been my policy 
over many years to work carefully and closely with the Congress 
and to keep them informed, whether I was working in political-
military affairs or terrorism, to keep the Congress informed.
    I think that is doubly the case on this particular issue. I 
have already told my staff that I want regular contact with 
members and staff. We have already been meeting periodically 
with House members on the House side and on the Senate side. I 
intend to do that. And anytime we are not doing enough, please 
give me a call and let me know and we will do enough.
    Ms. Lofgren. Okay.
    Mr. Simmons. Mr. Ambassador, thank you for your testimony.
    And thanks to the members for their questions.
    Members of the committee may have some additional questions 
for you, and will ask you to respond to these questions in 
writing. The hearing record will be held open for 10 days.
    I think it is fair to say, Mr. Ambassador, we want you to 
succeed in what we understand to be a complex and difficult, 
perhaps even overwhelming task. I would suggest to you that the 
GAO report should be considered a useful tool. It is a tool for 
us, of course, and it could be a useful tool for you as well, 
if properly utilized. I think you know what I mean by that.
    We look forward to keeping in touch with you. Thank you for 
your past service and for coming back to the government once 
again to rise to the challenge that we face.
    Homeland security is something that is incredibly important 
to all of us, and all you have to do is look at some of the 
pictures on the wall to see the consequences of our failure. We 
never want that to happen to our country and our loved ones 
again.
    I thank the members.
    Without objection, the committee stands adjourned.
    [Whereupon, at 3:15 p.m., the subcommittee was adjourned.]

                             For the Record

                Prepared Statement of Sheila Jackson-Lee

    Thank you Mr. Chairman and members of the Subcommittee. I thank the 
witness for testifying today. I speak to today on the challenges of 
implementation on building the Information Sharing Environment (ISE). 
According to the Intelligence Reform and Terrorism Prevention Act, 
Congress intended the ISE as a method to ``provide and facilitate the 
means for sharing terrorism information among all appropriate Federal, 
State, local, and tribal entities, and the private sector through the 
use of policy guidelines and technologies in a manner consistent with 
national security and with applicable legal standards relating to 
privacy and civil liberties.'' However, the advance of ISE has been 
very slow due to lack of resources and a lack of commitment from the 
Intelligence Community.
    The Government Accountability Office (GAO) released a very critical 
report detailing slow progress of ISE. The report goes on to describe 
that the Department of Homeland Security and other agencies presently 
use 56 different sensitive but unclassified designations to protect 
information that they deem critical to their mission.
    The GAO's report goes on to note that the Director of National 
Intelligence (DNI) refused to comment on the report deeming it a 
``review of intelligence activities'' that was ``beyond the GAO's 
purview.'' In fact, GAO's report was solely a study of the development 
of government wide information sharing policies and procedures which 
did not involve evaluation of the conduct of actual intelligence 
activities. Instead of there being government wide policies and 
procedures governing information sharing, each agency determines for 
itself what designations and associated policies should apply to their 
sensitive information. Even with agencies, more than half of the 
agencies the GAO examined reported challenges in sharing such 
information because they do not have a formal policies and procedures 
on the matter. It is clear that there seems to be a disconnect and lack 
of communication between intelligence agencies internally and 
externally. Today, I look forward to learning how Ambassador McNamara 
will go about setting realistic policies and procedure that 
intelligences will be able to disseminate and follow.
    I look forward to hearing the witness and learning how we can 
better protect this nation. Thank you Mr. Chairman.

                                 
