[House Hearing, 111 Congress]
[From the U.S. Government Publishing Office]


 
 BEYOND ISE IMPLEMENTATION: EXPLORING THE WAY FORWARD FOR INFORMATION 
                                SHARING 

=======================================================================

                                HEARING

                               before the

               SUBCOMMITTEE ON INTELLIGENCE, INFORMATION
                 SHARING, AND TERRORISM RISK ASSESSMENT

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED ELEVENTH CONGRESS

                             FIRST SESSION

                               __________

                             JULY 30, 2009

                               __________

                           Serial No. 111-33

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

                [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
                                     

  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html

                               __________

                         U.S. GOVERNMENT PRINTING OFFICE 

53-649 PDF                       WASHINGTON : 2010 

For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
Washington, DC 20402-0001 
















                     COMMITTEE ON HOMELAND SECURITY

               Bennie G. Thompson, Mississippi, Chairman
Loretta Sanchez, California          Peter T. King, New York
Jane Harman, California              Lamar Smith, Texas
Peter A. DeFazio, Oregon             Mark E. Souder, Indiana
Eleanor Holmes Norton, District of   Daniel E. Lungren, California
    Columbia                         Mike Rogers, Alabama
Zoe Lofgren, California              Michael T. McCaul, Texas
Sheila Jackson Lee, Texas            Charles W. Dent, Pennsylvania
Henry Cuellar, Texas                 Gus M. Bilirakis, Florida
Christopher P. Carney, Pennsylvania  Paul C. Broun, Georgia
Yvette D. Clarke, New York           Candice S. Miller, Michigan
Laura Richardson, California         Pete Olson, Texas
Ann Kirkpatrick, Arizona             Anh ``Joseph'' Cao, Louisiana
Ben Ray Lujan, New Mexico            Steve Austria, Ohio
Bill Pascrell, Jr., New Jersey
Emanuel Cleaver, Missouri
Al Green, Texas
James A. Himes, Connecticut
Mary Jo Kilroy, Ohio
Eric J.J. Massa, New York
Dina Titus, Nevada
Vacancy
                    I. Lanier Avant, Staff Director
                     Rosaline Cohen, Chief Counsel
                     Michael Twinchek, Chief Clerk
                Robert O'Connor, Minority Staff Director

                                 ------                                

 SUBCOMMITTEE ON INTELLIGENCE, INFORMATION SHARING, AND TERRORISM RISK 
                               ASSESSMENT

                     Jane Harman, California, Chair
Christopher P. Carney, Pennsylvania  Michael T. McCaul, Texas
Yvette D. Clarke, New York           Charles W. Dent, Pennsylvania
Ann Kirkpatrick, Arizona             Paul C. Broun, Georgia
Al Green, Texas                      Mark E. Souder, Indiana
James A. Himes, Connecticut          Peter T. King, New York (Ex 
Vacancy                                  Officio)
Bennie G. Thompson, Mississippi (Ex 
    Officio)

                     Michael Blinde, Staff Director
                   Natalie Nixon, Deputy Chief Clerk

















                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Christopher P. Carney, a Representative in Congress 
  From the State of Pennsylvania, and Presiding Chairman, 
  Subcommittee on Intelligence, Information Sharing, and 
  Terrorism Risk Assessment......................................     1
The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Ranking Member, Subcommittee on 
  Intelligence, Information Sharing, and Terrorism Risk 
  Assessment.....................................................     3
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security:
  Prepared Statement.............................................     3

                               Witnesses

Ambassador Thomas E. McNamara, Program Manager, Information 
  Sharing Environment, Office of the Director of National 
  Intelligence:
  Oral Statement.................................................     5
  Prepared Statement.............................................     8
Colonel Joseph R. Fuentes, Superintendent, New Jersey State 
  Police:
  Oral Statement.................................................    14
  Prepared Statement.............................................    16
Mr. Jeffrey H. Smith, Steering Committee, Markle Foundation:
  Oral Statement.................................................    19
  Prepared Statement.............................................    20


 BEYOND ISE IMPLEMENTATION: EXPLORING THE WAY FORWARD FOR INFORMATION 
                                SHARING

                              ----------                              


                        Thursday, July 30, 2009

             U.S. House of Representatives,
                    Committee on Homeland Security,
    Subcommittee on Intelligence, Information Sharing, and 
                                 Terrorism Risk Assessment,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:05 a.m., in 
Room 311, Cannon House Office Building, Hon. Christopher P. 
Carney presiding.
    Present: Representatives Carney, Clarke, Kirkpatrick, 
Green, Himes, McCaul, Dent, and Souder.
    Also Present: Representative Pascrell.
    Mr. Carney [presiding]. The subcommittee will come to 
order.
    The subcommittee is meeting today to receive testimony on 
the current status of information sharing and to explore the 
future outlook for information sharing at today's hearing 
entitled ``Beyond ISE Implementation: Exploring the Way Forward 
for Information Sharing.''
    In the early hours of the morning on September 9, 2001, a 
Maryland State trooper pulled over a red sports car headed 
north on 
I-95 at 90 miles an hour. It was a routine traffic stop. The 
officer asked the driver for a license and registration and 
asked him a few questions. Eventually, a ticket was issued to 
him and he sent him on his way. The driver was Zaid Jarrah. Two 
days later he was at the controls of hijacked United Flight 93 
when it crashed in western Pennsylvania.
    Jarrah was on the CIA watch list, but that information was 
not available to Maryland State Police. If it had been, who 
knows what might have happened?
    Information sharing at the Federal, State, and local level 
has come a long way since that night in 2001. This 
administration's Homeland Security agenda supports that trend 
and endorses many promising efforts, including the ITACG, the 
Nation-wide SAR initiative and fusion centers.
    Today, if a police officer were to pull over a suspected 
terrorist like Jarrah, there is a reasonable chance that the 
officer would have the necessary real-time information to do 
something about it, but there is a reasonable chance that he 
might not. In June of this year, the Program Manager for the 
Information Sharing Environment reported that, ``The challenges 
to appropriate information sharing remain formidable,'' 
although in many hearings of this subcommittee we have learned 
that the greatest challenge is cultural, transitioning the 
relevant agencies from the old, ``need-to-know,'' mentality to 
one that embraces the need to share. That is no small task 
indeed. The ISE report makes it clear that the old mind-set 
remains entrenched, citing turf conflicts and agency tunnel 
vision.
    These problems are not new, and for the past few years this 
subcommittee has focused on identifying and removing the 
obstacles that hinder information sharing. I believe it is 
vital to national security. The next terrorist attack isn't 
going to be stopped by a bureaucrat in Washington; it will be a 
cop on the beat familiar with the rhythms of his or her 
neighborhood and armed with timely, actionable information.
    In an effort to get that information into the hands of the 
people who need it most, this subcommittee drafted a bill to 
reduce the problem of intelligence overclassification, H.R. 
553, which is currently being negotiated in the Senate. The 
bill calls for a framework that would, as the ISE report puts 
it, minimize the effect of excessive originator controls. In 
short, it seeks to ramp up the way training for those who 
classify documents is done and create incentives for 
classifying intelligence the right way only to protect sources 
and methods, not to protect turf. It also clarifies the need 
for portion marking, separating out paragraphs in a classified 
document that are unclassified and that can be shared with law 
enforcement.
    Some agency officials have already begun to embrace the 
need to share. Last month this subcommittee had heard 
encouraging testimony from DHS Acting I&A Under Secretary Bart 
Johnson. He outlined an impressive vision for a new era of 
State and local cooperation within the Office of Intelligence 
and Analysis that is consistent with our efforts.
    The questions before us today are, how can we further break 
down the barriers to information sharing and what can we do to 
make sure the right people are getting the right information at 
the right time. To answer those questions, I would like to 
welcome someone who was, for a long time, a lone voice in the 
wilderness, Ambassador Ted McNamara.
    Mr. Ambassador, today you are on friendly territory. Thank 
you for your long service and, particularly, for responding to 
the call to work on this issue of vital importance. I hope that 
in the summary of your testimony you will talk about the 
unfinished business you leave to your successor. You are the 
foremost expert on this issue, its founding father, but as we 
have discussed, much more needs to be done.
    I also welcome and thank Colonel Rick Fuentes and Jeff 
Smith for joining us this morning. Thank you.
    Colonel Fuentes understands the need to share. He is a 
forward-thinking officer who has led the charge to support 
ITACG by leading some of the first manpower to this critical 
mission. Jeff Smith is a trusted friend and adviser. His work 
as CIA general counsel, expert on FISA and board member at the 
Markle Foundation make him superbly qualified to testify on 
this subject. Markle recently released a report about 
information sharing that is, in fact, required reading.
    So welcome to the witnesses, and I look forward to hearing 
a summary of your testimony.
    I now recognize the Ranking Member of the subcommittee, the 
gentleman from Texas, Mr. McCaul, for his opening statement.
    Mr. McCaul. I thank the Chairman. I welcome the witnesses 
here today, in particular, Ambassador McNamara for your 
tremendous service that you have given to our Nation.
    At today's hearing we will examine, as the Chairman said, 
the current status of the Information Sharing Environment and 
the challenges that still exist for information sharing across 
all levels of government. As we all know, ensuring that 
critical information is shared with all key stakeholders is 
absolutely essential to the security of our Nation.
    The National Commission on Terrorist Attacks upon the 
United States, also known as the 9/11 Commission, identified 10 
lost operational opportunities to prevent the 9/11 attacks, the 
majority of which were the result of the failure of Government 
agencies to properly share information with one another, one 
example pointed out by the Chairman in his opening statement.
    Additionally, one of the Commission's key recommendations 
was for agencies to have a more unified effort in information 
sharing.
    It was under this impetus that the ISE was first 
established in 2005. Almost 8 years have passed since the 
attacks of 9/11, and the urgency of this key mission seems to 
have died down. This complacency is worrisome because it 
prevents the transformation in the information-sharing culture 
and processes that were so critically needed. However, the 
threats facing our Nation are still very real, and the need for 
the ISE framework is still as crucial now as it was after 9/11.
    Much has been accomplished since the ISE was first 
implemented, including the establishment of a network of State 
and major urban area fusion centers and the implementation of 
the Nation-wide Suspicious Activity Reporting Initiative, SAR. 
These initiatives are key elements in how information sharing 
is extended to State and local partners.
    Nonetheless, we still face many challenges in achieving the 
ISE framework as it was envisioned, and we must not forget the 
urgency of this critical mission.
    I look forward to hearing the testimony from the witnesses, 
and I yield back.
    Mr. Carney. I thank the gentleman.
    Other Members of the subcommittee are reminded that under 
committee rules opening statements may be submitted for the 
record.
    [The statement of Chairman Thompson follows:]

           Prepared Statement of Chairman Bennie G. Thompson

                             July 30, 2009

    Thank you, Madame Chair. I agree that the topic of the 
hearing today--information sharing--is absolutely critical to 
our Nation's security.
    No matter how we say it--``knowing what we know,'' 
``connecting the dots,'' ``getting the right information to the 
right people at the right time''--we're talking about the same 
thing.
    An environment in which information is shared is an 
environment in which better decisions can be made and, 
ultimately, in which people are safer.
    However, without such an environment, our first 
preventers--those who are most likely to detect and stop a 
terrorist plot in its tracks--may not be able to connect those 
dots; they may not be prepared to stop the next attack.
    This is not a new message.
    Fortunately, our persistence is starting to pay off. We 
have seen some progress in information sharing.
    The Program Manager for the Information Sharing 
Environment's most recent report to Congress describes some 
admirable work that has been accomplished, including the 
efforts to create a network of fusion centers and developing a 
respected ISE Enterprise Architecture Framework.
    Nonetheless, and this also is not a new message, we must do 
more.
    Although I am pleased to acknowledge progress the ISE has 
made under Ambassador McNamara's watchful eye, I am concerned 
that many of the challenges noted in the ISE report are not new 
challenges.
    For example, formulating a means to protect the privacy and 
civil rights of American citizens in the design and operation 
of the ISE was required under the legislation that mandated the 
original ISE Implementation Plan.
    However, while the ISE has issued Privacy Guidelines, the 
2009 ISE report says nine Departments or Agencies under the ISE 
are still developing their privacy protection policy required 
by those guidelines, and three do not even have a policy in 
development.
    It is challenges such as these that we are here to explore 
today. I hope each of our witnesses will be forthcoming in your 
assessments of these and other challenges that lie ahead for 
the information-sharing environment.
    Only by helping us fully understand the challenges ahead 
can we hope to work together to craft solutions to these 
problems.
    I welcome you all, and I look forward to your testimony.

    Mr. Carney. Without objection, the gentleman from New 
Jersey, Mr. Pascrell, is authorized to sit for the purpose of 
questioning witnesses during the hearing today.
    Hearing no objection, so ordered. I believe Mr. Pascrell, 
at the proper time, will want to introduce Colonel Fuentes, as 
well.
    Mr. Pascrell. Thank you.
    Mr. Carney. I now welcome the witnesses this morning. 
Ambassador Thomas McNamara has been the Program Manager for the 
Information Sharing Environment since March 2006. After more 
than 3 years of overseeing the ISE, he sits before the 
subcommittee today to deliver his last testimony in this 
capacity--certainly not his last testimony before us, I hope.
    Mr. Ambassador was a career diplomat, having held several 
senior positions at the Department of State and the National 
Security Council. He retired from Government service in 1998 
and spent 3 years as the President and CEO of the Americas 
Society and the Council of the Americas. However, after the 
attacks of September 11, 2001, he was asked to return to 
Government service.
    Mr. Jeffrey Smith forms part of the Markle Foundation Task 
Force on National Security in the Information Age steering 
committee. He took a leading role in preparing the report 
``Nation at Risk: Policymakers Need Better Information to 
Protect the Country'', which was released in March 2009. He is 
also currently a partner at Arnold & Porter, LLP. Prior to 
this, he held Government positions such as General Counsel for 
the CIA and General Counsel for the Senate Armed Services 
Committee.
    Without objection, their full statements will be inserted 
into the record.
    I now ask Mr. Pascrell to introduce Colonel Fuentes.
    Mr. Pascrell. Thank you, Mr. Chairman.
    Mr. Chairman, Chairman Carney, Ranking Member McCaul, I 
want to thank you for allowing me to be part of this particular 
subcommittee. I think it is very critical, this subcommittee.
    It is my privilege to be able to introduce my fellow New 
Jersey native, Colonel Rick Fuentes, who serves as the 
Superintendent of our State police. He became the 14th 
superintendent of New Jersey State Police in 2003 and is 
currently one of the highest ranking law enforcement officers 
in Governor Corzine's administration. I must say, he has 
brought the State police in our State to an entirely new level: 
Total respect, integrity of his department, the finest men and 
women I know in the State of New Jersey are State troopers, 
period.
    Colonel Fuentes enlisted in the State police in January 
1978, rose through the ranks, and prior to being named Acting 
Superintendent he was assigned as the Chief of the Intelligence 
Bureau. We can learn much from him. He oversaw nine units, I 
believe, in the intelligence section.
    He is the recipient of numerous awards, as has been 
recognized by the U.S. Justice Department, the Drug Enforcement 
Administration, and in 1993 was a corecipient of the New Jersey 
Police Trooper of the Year award.
    Superintendent Fuentes earned a Bachelor of Science degree 
from Kean College in New Jersey in 1977; a Master of Arts, 
Criminal Justice, from John Jay College of Criminal Justice in 
New York in 1992; and a Doctorate of Philosophy in Criminal 
Justice from City University of New York in 1998.
    I want to note that he is here, testifying at this hearing, 
in his role as Chairman of the Homeland Security Committee for 
the International Association of Chiefs of Police. So he joins 
two others.
    What a great panel of people who know what they are talking 
about. Isn't that something new?
    Colonel Fuentes has the experience necessary--on many 
levels necessary to speak on this critical subject. I look 
forward to hearing his testimony.
    Mr. Chairman, so many times we have heard since 9/11 that 
one of the major problems confronting all of us--and we tried 
to tackle it in a bipartisan way--is the lack of cooperation 
and sharing of information between those intelligence 
communities that are out there doing their job.
    I think we have moved the ball a little bit, and I know 
your commitment to this goal. I am glad you put this particular 
panel together, and I am honored to have introduced Colonel 
Fuentes.
    Mr. Carney. Thank you, Mr. Pascrell.
    I now ask Ambassador McNamara to summarize his statement 
for 5 minutes.

 STATEMENT OF AMBASSADOR THOMAS E. MC NAMARA, PROGRAM MANAGER, 
  INFORMATION SHARING ENVIRONMENT, OFFICE OF THE DIRECTOR OF 
                     NATIONAL INTELLIGENCE

    Mr. McNamara. Thank you very much, Chairman Carney and 
Ranking Member McCaul, and Members of the subcommittee. I find, 
as I wrap up my career in my term here as Program Manager, the 
great pleasure to appear before this subcommittee.
    I want to begin by thanking the subcommittee and the 
committee for their sustained support in building the 
Information Sharing Environment over the past 3\1/2\ years that 
I have spent in this job. I can say, quite frankly and 
correctly, that were it not for your support and that of your 
Senate colleagues on the Homeland Security Committee in the 
Senate, the attentiveness and oversight that you showed, the 
support you have given me and others throughout the country who 
are trying to build the ISE, we could not have reported the 
progress that we have reported in our annual report to the 
Congress.
    The ISE is groundbreaking, not just for the information 
sharing it is effecting, but because it is a catalyst for 
change. Indeed, it is a radical change in Government 
information management.
    I am pleased to report that the information culture of the 
bureaucracy is changing, but slowly. Having no template to 
pattern our efforts we in the Program Manager's Office have 
invented and designed a foundation by a methodology of 
rationalizing, simplifying, and standardizing--and harmonizing, 
excuse me--harmonizing existing policies and practices and 
technologies at all levels of government. That was your 
legislative mandate to us, and we are implementing it.
    The business processes we have defined, for example--as the 
Chair mentioned--SAR; the policies we have changed, for 
example, privacy policies; and the technology platforms we have 
established, such as new architectures and new standards in the 
Federal Government's IT arsenal; these are, in fact, the new 
Information Sharing Environment. These are the elements that 
will make it up.
    We are already seeing its contribution. It has helped with 
the FAA's modernization effort, it has helped with the health 
IT initiative that is under way, and it has helped with the 
creation of the maritime and air domain environments.
    The ISE is fundamentally changing information management 
throughout the Federal Government. This is relevant to you 
because Congress never envisaged the ISE to be another 
bureaucracy, but rather a change agent; and in that respect, it 
is already a success. You have done your part, as have many 
others, including my two colleagues who represent our strong 
partnership with nongovernmental and the State, local, Tribal, 
and territorial partners.
    I am going to step down as Program Manager tomorrow, so I 
appreciate this final opportunity to update the subcommittee on 
the highlights of the challenges that remain 8 years after the 
horrific events of 9/11. As I look back, I see that we have 
made substantial progress, but as I look forward, I see that 
even more remains to be done. So let me list some of the 
priorities and also some of the obstacles that we faced. I will 
start with the obstacles.
    Accomplishing anything in the Federal bureaucracy requires 
a formidable effort. The complexity of the challenges for the 
ISE are indeed formidable. This is because cultural change is 
by far the most difficult problem for any bureaucracy; and the 
bigger the bureaucracy, the harder the cultural changes. By 
``cultural change,'' I mean the way we do business every day.
    What I have encountered are differing agency missions, 
conflicts over turf, resource shortfalls, bureaucratic inertia 
and agency tunnel vision. These remain the major impediments to 
a functional ISE, not the technology. The technology is there 
to be used. It is the cultural problems that hold us back. But 
we have made, as I said, some accomplishments, and let me list 
a few of them.
    First of all, we have been able with our State and local 
partners to ensure that fusion centers are, in fact, up and 
running. The priority for the future is to be sure that they 
are well-staffed, mission-oriented and, above all, sustainable. 
They need access to classified and controlled unclassified 
information in the same way as Federal officials. They, in 
turn, must analyze and produce high-quality products to share 
with localities and other fusion centers and the private 
sector, while at the same time being aware of and observing 
privacy and civil liberties requirements.
    The second priority for the future, I think, is to adopt a 
Nation-wide, common, security clearance set of standards, and 
also common-identity management and common, role-based access. 
These are essential in the IT world if we are to share 
information--somewhat arcane, but nonetheless it must be done, 
and it can be done.
    Third, what we need to do is to fully implement the CUI, 
controlled unclassified information, framework. This is 
especially critical for the Federal Government working with the 
State, local, Tribal, and territorial authorities, because they 
work primarily in that domain.
    Fourth, a priority must be given so that there are more 
resources for privacy officers in the agencies of the Federal 
Government so that they can draft, review, and publish their 
ISE privacy policies. Right now, they are woefully understaffed 
across the Federal Government. Secondly in this priority, we 
need to stand up to the Privacy and Civil Liberties Board which 
was mandated by the Congress.
    The fifth priority area is to reduce overclassification, to 
replace ``need to know'' with ``need to share,'' as you have 
mentioned, Mr. Chairman. To take ``need to share'' and 
``authorized use,'' those terms, and define them carefully so 
that they can assist us in moving information in the 
Information Sharing Environment. We need also to limit 
originator controls that needlessly impede discovery and 
sharing of information.
    The sixth priority is to institutionalize a Nation-wide 
capability to gather and share SAR information. This is a very 
practical and achievable objective within the next 6 months to 
a year. We are well on the way to achieving that objective, 
even now.
    The seventh priority, to coordinate agency budgets, reduce 
funding overlaps and gaps, and monitor investments to drive the 
agencies towards compatible technologies and business processes 
and to maximize resource use. In section 1016 of the 
Intelligence Reform and Terrorism Prevention Act, the IRTPA of 
2004, I was asked to recommend, ``a future management structure 
for the ISE,'' including whether the position of the Program 
Manager should continue. I have been in this position since 
2006; and so as I depart, I would like to leave some personal 
observations in response to that request in 1016.
    Mr. Carney. Mr. Ambassador, we will get to those in a 
moment. We need to move on to the next witness, if you don't 
mind.
    Mr. McNamara. Okay, fine.
    Mr. Carney. Thank you so much.
    [The statement of Mr. McNamara follows:]
                Prepared Statement of Thomas E. McNamara
                             July 30, 2009
    Madame Chair, Ranking Member McCaul, and Members of the 
subcommittee.
    Let me begin by thanking this subcommittee and the entire committee 
for your continued support of our efforts to build the Information 
Sharing Environment (ISE) over the last 4 years. This subcommittee has 
been a real champion of information sharing, and the ISE in particular. 
I especially want to thank you, Madame Chair, for your tireless 
advocacy of our efforts. Such initiatives as the Interagency Threat 
Assessment and Coordination Group and the Controlled Unclassified 
Information framework would not be where they are today without your 
personal leadership. As you know, I will be stepping down as Program 
Manager at the end of this month, and I appreciate this last 
opportunity to update the subcommittee on progress made in implementing 
the ISE and the challenges that still remain almost 8 years after the 
terrible events of September 11, 2001.
                              introduction
    Since I assumed the position of PM-ISE in March 2006, I have worked 
to ensure that ISE implementation is consistent with our vision of the 
ISE as ``a trusted partnership between all levels of government in the 
United States, the private sector, and our foreign partners.'' Time and 
again, we have demonstrated that when the Executive Branch and the 
Congress work collaboratively to share information with State or local 
agencies and vice versa, the results exceed all expectations. As the 
Chair has so eloquently stated,

``While we want police and sheriffs' officers Nation-wide to keep their 
communities safe from the traditional `bad guys,' don't we also want 
them to know about potential terrorists in their midst who mean us 
harm? That's what `homeland security intelligence' is all about: 
Getting accurate, actionable, and timely information to the officers in 
our hometowns so they know who and what to look for in order to prevent 
the next 9/11.''

The context for my testimony is the third Annual Report on the ISE 
which was forwarded to the Congress on June 30. Although devoting 
considerable attention to a description of progress made since June 
2008 and plans for the next year, the report goes beyond what the 
Congress directed to be covered in the ISE Annual Reports in two 
important ways:

   First of all, the report includes a 3-year retrospective on 
        the ISE summarizing what was originally intended, what has 
        already been accomplished, and what remains to be done; and
   Second, it introduces a management construct called the ISE 
        Framework, which, while building on the work already done, 
        represents a new approach for managing ISE implementation 
        activities. The Framework--comprising a set of goals, sub-
        goals, outcomes, objectives, and activities--is the follow-on 
        to the 3-year ISE Implementation Plan for the next phase of ISE 
        implementation.

    Copies of the full report, containing much more detail on these and 
other important ISE initiatives, have been provided to the 
subcommittee. In the interest of keeping my formal statement brief I 
have intentionally kept my remarks at the summary level. For a more 
detailed description, I direct the subcommittee's attention to the full 
report and respectfully request that it be made part of the record of 
this hearing.
    In the past 3 years we have created a functioning--but still 
evolving--ISE that has strengthened our national security by ensuring 
that much more of the right information gets to the right people at the 
right time to counter threats to our people and institutions. Despite 
these accomplishments, the task is far from finished. Formidable 
cultural and policy hurdles still remain as we conclude the 
foundational phase and begin a new implementation phase, under the new 
administration.
    Our goal remains an ISE that shares all information securely and 
properly among all ISE participants. This requires developing mostly 
common policies, business processes, and technologies, something that 
is neither easily nor quickly achieved. Our persistent, cooperative 
efforts have, however, established a solid foundation of compatible 
policies and practices, which must continue to evolve for several years 
to create a fully functional ISE.
    Having no template to pattern our efforts on, we invented and 
designed this foundation--using a general methodology that is apparent 
throughout the report--to rationalize, simplify, and harmonize existing 
policies, practices, and technologies drawn from all of our 
participating agencies and organizations. Indeed, this is our 
legislative mandate.
    The Controlled Unclassified Information (CUI) framework; the 
Suspicious Activity Reporting (SAR) initiative; expanded access to 
classified information by State and urban area fusion centers; an 
enterprise architecture framework for the ISE; a common information 
sharing standards program; and comprehensive privacy and civil 
liberties guidelines are examples of the foundations we have built and 
the methodology we have developed to allow for secure and proper 
information sharing among our participating agencies at all levels of 
government.
    Before I move on to the detailed portion of my statement, I would 
like to make one important point. The 9/11 Commission reported its 
findings at a time when the American people were acutely aware of the 
urgency of finding out what went wrong and eager to know that their 
leaders were taking steps to ensure that our Nation would not fall 
victim to attack for the same reasons. It was in this context that the 
Congress called for an ISE.
    While we have been fortunate to have not suffered another major 
attack since 2001, the sense of urgency that brought the ISE into being 
should be no less now than it was then. I hope that this report will 
help ensure that the work of the PM-ISE and of our partners at all 
levels of government and in the private sector will continue to move 
forward with speed and diligence so that we can continue to use our 
collective resources wisely to keep our Nation safe from attack, while 
continuing to protect and defend our privacy and civil liberties.
              continued importance of information sharing
    This administration is firmly committed to developing the ISE as 
envisioned in IRTPA. In a memorandum to Federal agencies, President 
Obama emphasized that ``The global nature of the threats facing the 
United States requires that our Nation's entire network of defenders be 
able rapidly to share . . . information so that those who must act have 
the information they need.'' Moreover, the administration's Homeland 
Security agenda depends heavily on increasing our capacity to share 
information across all levels of government.\1\ This strategy was 
reaffirmed by Secretary Napolitano at the National Fusion Center 
Conference in March 2009:
---------------------------------------------------------------------------
    \1\ See http://www.whitehouse.gov/agenda/homeland_security.

``At the Department of Homeland Security, information and intelligence 
sharing is a top priority and fusion centers play an important role in 
helping to make that happen, . . . In the world we live in today, it's 
critical for Federal, State, local, and Tribal entities to know what 
the others are doing so each can operate effectively and efficiently. 
Protecting our country requires a partnership of Federal, State, and 
local resources that are fully integrated to not only gather and 
analyze information, but then to swiftly share that information with 
appropriate agencies.''\2\
---------------------------------------------------------------------------
    \2\ Remarks by Homeland Security Secretary Janet Napolitano to the 
National Fusion Center Conference, Kansas City, MO (March 11, 2009), 
available at http://www.dhs.gov/ynews/speeches/sp_1236975404263.shtm.

    This Annual Report, therefore, should be seen as both an update to 
the Congress on progress made in designing and implementing the ISE, 
and as a part of this administration's broader effort to improve the 
way the Government manages information. In the words of the President, 
we need to ``make sure our government is running in the most secure, 
open, and efficient way possible.''\3\
---------------------------------------------------------------------------
    \3\ White House Press release, ``President Obama Names Vivek Kundra 
Chief Information Officer'', (March 5, 2009).
---------------------------------------------------------------------------
    On July 2, 2009, Mr. John Brennan, Assistant to the President for 
Homeland Security and Counterterrorism issued the memorandum 
``Strengthening Information Sharing and Access'' to heads of Cabinet 
Agencies and notified Congress of the continued effort to review 
information sharing issues and prioritize the ISE at a senior level at 
the White House. This memorandum also included streamlining the 
interagency policy process by merging the Information Sharing Council 
called for in IRTPA Sec 1016 with the Information Sharing and Access 
Interagency Policy Committee at the White House.
                           the ise framework
    The ISE Implementation Plan was designed to guide the ISE through 
June 2009. Many of the Plan's 89 actions have been completed--albeit 
some of them in modified form; others have been changed by the NSIS or 
subsequent policy direction. It is time, therefore, to close the book 
on the ISE Implementation Plan actions and adopt a modified approach 
that will help guide and manage the next phase of ISE implementation. 
The ISE Framework, while building on the work already done, is a new 
approach that will drive all future ISE implementation activities. The 
Framework creates critical linkages between four primary and enduring 
ISE goals, 14 subgoals, and a resulting set of outcomes, objectives, 
products, activities, and associated performance measures. It provides 
a common understanding of the problems to be solved, the essential 
capabilities that constitute the ISE, and the actions needed to ensure 
that these capabilities are developed and deployed in a manner 
``consistent with national security and with applicable legal standards 
relating to privacy and civil liberties.''\4\
---------------------------------------------------------------------------
    \4\ IRTPA (as amended),  1016(b)(1)(A).
---------------------------------------------------------------------------
    In June 2008, the Government Accountability Office (GAO) issued a 
report on ``actions taken to guide the design and implementation of the 
ISE'' and ``efforts that have been made to report on progress in 
implementing the ISE.''\5\ While acknowledging the progress made since 
2005, the report concluded that ``specific desired outcomes or results 
should be conceptualized and defined in the planning process . . . 
along with the appropriate projects needed to achieve those results, 
supporting resources, stakeholder responsibilities, and milestones.'' 
In addition to serving as the successor to the ISE Implementation Plan, 
the ISE Framework responds directly to the recommendations by the GAO. 
It represents an evolutionary approach that builds on previous ISE 
implementation management efforts and ties individual ISE products and 
activities directly to specific objectives, outcomes, sub-goals, and 
goals, as called for in the GAO report.
---------------------------------------------------------------------------
    \5\ Information Sharing Environment: Definition of the Results to 
Be Achieved in Improving Terrorism-Related Information Sharing Is 
Needed to Guide Implementation and Assess Progress, GAO-08-492, (June 
2008).
---------------------------------------------------------------------------
                     summary of 2008-2009 progress
    The Third Annual Report to the Congress on the Information Sharing 
Environment responds to the requirement in the Intelligence Reform and 
Terrorism Prevention Act of 2004 (IRTPA), as amended, for ``a progress 
report on the extent to which the ISE has been implemented.'' It 
reflects the collective accomplishments and challenges of an 
information sharing partnership between the PM-ISE and a range of 
Federal and non-Federal partners committed to the continuous 
improvement of information sharing practices with the overriding goal 
of increasing our national security while protecting privacy and civil 
liberties.
    The report organizes its discussion of progress and plans around 
the four goals--Create a Culture of Sharing; Reduce Barriers to 
Sharing; Improve Sharing Practice with Federal, State, Local, and 
Tribal Partners; and Institutionalize Sharing--that form the top level 
of the ISE Framework. These four goals, in turn, drive the creation of 
more specific sub-goals, outcomes, objectives, and performance measures 
that will shape the plans and activities of the ISE over the coming 
years.
                  goal 1.--create a culture of sharing
Appraisals, Training, and Incentives
    Fostering a culture of sharing is a mandate of both IRTPA and the 
2005 Presidential Information Sharing Guidelines and Requirements. It 
is a long-term effort to change Government business practices in the 
interest of more effective and efficient information sharing among 
agencies. To accomplish this goal, in 2008-09:

   The Office of Personnel Management (OPM) and the PMI-ISE 
        partnered to produce policy guidance that directed agencies to 
        make information sharing a factor in Federal employees' 
        performance appraisals. This issuance guides agencies in how to 
        develop competency elements regarding the proper sharing of 
        information for use in employee appraisals.
   The PM-ISE released an ISE Core Awareness Training Module to 
        help move Federal agencies from the traditional ``need to 
        know'' culture to one based on a ``responsibility to 
        provide.''\6\ The Module provides Federal agencies with a 
        common tool for developing an understanding of the ISE as well 
        as an overview of the Federal Government's counterterrorism and 
        homeland security organizations, systems, and challenges.
---------------------------------------------------------------------------
    \6\ See http://www.ise.gov/docs/
Fact_Sheet_ISE_Core_Awareness_Training_FINAL_
(07Aug08).pdf.
---------------------------------------------------------------------------
   Three-quarters of Federal ISE agencies have now incorporated 
        information sharing into their awards programs. For example, 
        the Department of Defense Chief Information Officer established 
        annual awards that include ``information sharing and data 
        management'' among criteria for consideration.
                  goal 2.--reduce barriers to sharing
Integrated Security Framework
    The PM-ISE--working with the Department of Homeland Security (DHS), 
the Information Security Oversight Office of the National Archives and 
Records Administration (NARA), the National Security Council, and other 
key stakeholders has begun improving access and management of 
classified information shared with State, local, and Tribal (SLT) and 
private sector partners by replacing inconsistent policies and 
processes with a common set of security rules and procedures for 
handling and safeguarding of classified information. In addition, a 
number of agencies have taken steps to improve security reciprocity 
practices. To cite two examples,
   The Director of National Intelligence issued an Intelligence 
        Community Directive that mandates reciprocal acceptance of 
        information technology (IT) systems certification and 
        accreditation by all intelligence community elements; and
   DHS and the Federal Bureau of Investigation (FBI) published 
        a joint secure space standard that provides a common solution 
        for the installation and certification of facilities that house 
        classified networks at fusion centers.
Uniform Marking and Handling of Controlled Unclassified Information
    In May 2008, President Bush established a framework for 
designating, marking, safeguarding, and disseminating Controlled 
Unclassified Information (CUI), and named NARA as Executive Agent. A 
CUI Office at NARA, along with an interagency Council, manages and 
oversees implementation. The Office and Council, in an effort to be 
completed in 2009, are developing draft CUI policy guidance on: 
Safeguarding, Dissemination, Dispute Resolution, Marking, Designation, 
and Information Life Cycle. In May 2009, President Obama established an 
interagency Task Force led by DHS and DOJ to review work completed, and 
make recommendations on the way ahead.
Implementing Comprehensive Privacy Guidelines
    ISE Privacy Guidelines Committee (PGC) met with privacy and civil 
liberties groups to listen to and incorporate new ideas into revised 
ISE policies and processes. The PGC also provided the guidance and 
tools needed to support the development of privacy and civil liberties 
policies to be used by Federal and SLT agencies. Specifically, the PGC:
   Published a ``Privacy and Civil Liberties Implementation 
        Workbook'' to assist Federal agencies with the process of ISE 
        privacy policy development and implementation;
   Completed an ISE Policy Development Tool, ISE Privacy Policy 
        Outline, and a list of Publicly Available Federal Privacy 
        Policies;
   Incorporated ISE Privacy requirements into the Baseline 
        Capabilities for State and Major Urban Area Fusion Centers; and
   Provided fusion centers with a privacy policy development 
        template and training on its proper use. The PCC also provided 
        on-going technical assistance and performed reviews of policy 
        documents. To date, 30 centers have developed and submitted 
        privacy policies.
goal 3.--improve sharing practices with federal, state, local, tribal, 
                          and foreign partners
    Recognition of the essential role of SLT and private sector 
partners is fundamental to the ISE and is a critical driver of 
information sharing in the homeland security and law enforcement 
communities. This was highlighted in the Executive Order governing U.S. 
intelligence activities, which was amended in the summer of 2008 to 
state that:

``State, local, and Tribal governments are critical partners in 
securing and defending the United States from terrorism and other 
threats to the United States and its interests. Our national 
intelligence effort should take into account the responsibilities and 
requirements of State, local, and Tribal governments and, as 
appropriate, private sector entities, when undertaking the collection 
and dissemination of information and intelligence to protect the United 
States.''\7\
---------------------------------------------------------------------------
    \7\ Executive Order 13470--further amendments to Executive Order 
12333, United States Intelligence Activities (August 1, 2008).
---------------------------------------------------------------------------
Establishing a Nationwide Suspicious Activity Reporting Initiative
    The Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) 
is an outgrowth of separate but related activities that respond 
directly to the mandate in the National Strategy for Information 
Sharing (NSIS) to establish a ``unified process for reporting, 
tracking, and accessing [SARs]'' related to terrorism. The long-term 
goal is for Federal, State, local, Tribal, and law enforcement 
organizations to participate in a standardized, integrated approach to 
gathering, documenting, processing, analyzing, and sharing SARs while 
ensuring that privacy and civil liberties are protected.
    In 2008-09, the PM-ISE and its Federal and SLT partners:
   Published an NSI Concept of Operations (CONOPS) that 
        describes the NSI process; the requirements that drive it; and 
        the roles, missions, and responsibilities of participating 
        agencies;
   Under the leadership of the Department of Justice's (DOJ) 
        Bureau of Justice Assistance (BJA), expanded the ISE-SAR 
        Evaluation Environment (EE) to 12 sites, forming a solid 
        foundation for Nation-wide implementation;
   Fully integrated the FBI's eGuardian system into the ISE-SAR 
        EE;
   Worked with the PGC to integrate privacy concerns into all 
        levels of the NSI;
   Trained more than 10,000 officers and analysts in the NSI 
        process with emphasis on protecting privacy and civil 
        liberties; and
   Established governance to oversee and recommend how to 
        institutionalize the NSI.
    Of particular note, an ISE-SAR EE site was established at the 
Washington, DC Metropolitan Police Department (MPD) to support security 
before and during the Presidential Inauguration. From late December 
through Inauguration Day, MPD processed 88 SARs, 16 of which were 
forwarded to eGuardian as potentially terrorist-related.
Establish a National Network of Fusion Centers to Facilitate Sharing 
        Among State, Local, and Tribal Governments and the Private 
        Sector
    The Senior Level Interagency Advisory Group and the National Fusion 
Center Coordination Group provided leadership, coordination, and 
guidance to establish a national network of fusion centers with a 
baseline level capability. Highlights include:
   Publication of the Baseline Capabilities for State and Major 
        Urban Area Fusion Centers. This collaborative effort, led by 
        DHS and DOJ, included Federal and SLT agencies and provides 
        benchmarks for assessing fusion center performance;
   Completion of a first-level assessment of 72 centers to 
        evaluate progress against the baseline capabilities and to 
        gather data on current fusion center funding; and
   Deployment of Federal personnel to support fusion center 
        operations. State and local personnel have also been fully 
        integrated into Federal operations such as the FBI's Joint 
        Terrorism Task Forces, the DHS National Operations Center and 
        the Interagency Threat Assessment and Coordination Group 
        (ITACG) at the National Counterterrorism Center (NCTC).
    Deployments of classified networks increased in the last year, and 
access is now available at more than 40 fusion centers. Also, the NCTC 
and its ITACG improved its Secret level on-line portal by increasing 
the number of products posted, expanding SLT awareness of the potential 
value to their missions, and introducing a new product line--Terrorism 
Information Sharing Products (TIPS)--specifically tailored to SLT 
needs.
                   goal 4.--institutionalize sharing
Creating a Common Information Sharing Architecture
    The ISE Architecture program helps align and create bridges between 
the diverse systems used by ISE participants to create a more uniform 
network of interconnected systems. Specifically,
   Version 2 of the ISE Enterprise Architecture Framework (EAF) 
        provides technology and systems-wide architecture guidance 
        across the entire ISE community;
   Version 2 of the ISE Profile and Architecture Implementation 
        Strategy (PAIS) includes additional implementation guidance for 
        ISE participants on implementing more standard processes, 
        approaches, and techniques; and
   DOJ and DHS have incorporated the ISE EAF into their 
        information sharing segment architectures.
    Furthermore, the impact of the ISE EAF extends beyond the ISE. The 
Office of Management and Budget (OMB) identified the concepts developed 
in the ISE EAF best practice, and has incorporated them into their 
Federal Segment Architecture Methodology. In addition, other 
Government-wide information sharing initiatives--e.g., the Federal 
Health Information Sharing Environment and the Maritime Domain 
Awareness program--have adopted many of the concepts, principles, 
services, and standards originally developed for the ISE EAF into their 
architectural developments.
Issuing Common Information Sharing Standards
    During 2008-09, the PM-ISE issued a number of new or revised 
information sharing standards as part of the Common Terrorism 
Information Sharing Standards Program (CTISS). These issuances 
included:
   Technical Standards for Information Assurance, Core 
        Transport, and Identity and Access Management for the ISE; and
   An updated ISE-SAR Functional Standard that clarifies 
        implementation guidance on the NSI business process and 
        incorporates stronger privacy protections into ISE-SAR data 
        exchanges. Privacy and civil liberties advocacy groups provided 
        direct input into this standard, helping to strengthen privacy 
        controls and refine terrorism identification criteria to better 
        safeguard First Amendment rights.
Improving the Management of the ISE
    The adoption of the ISE framework and its associated maturity model 
provides a solid foundation for managing ISE implementation and 
assessing progress. The Integrated ISE Investment and Performance 
Process supplements the Framework with a methodology that uses 
performance results to drive investments and to allocate resources to 
the most effective programs and initiatives. In addition to 
strengthening internal management of the ISE, the Framework provides 
Executive Branch and Congressional oversight bodies with a clearer 
picture of ISE plans and progress allowing them to address issues in a 
timely manner.
                   on-going challenges and priorities
    These accomplishments notwithstanding, the breadth and complexity 
of the challenges to effective and efficient information-sharing remain 
formidable. Differing missions, overlapping ``turf'' conflicts, 
resource constraints, bureaucratic inertia, and agency ``tunnel 
vision'' still exist and impede information sharing among ISE 
participants.
    Cultural change remains the most difficult hurdle of all. To bring 
the ISE to maturity, a number of priorities need to be addressed in 
collaboration with State, local, and Tribal governments and our private 
sector partners. The following list highlights some of these 
priorities:
   Institutionalize the Nationwide Suspicious Activity 
        Reporting Initiative (NSI).--We need to institutionalize a 
        Nation-wide capability to gather and share SAR information in a 
        manner that facilitates the maintenance of National security 
        while continuing to protect privacy rights and civil liberties.
   Improve Support to Federal, State, Local, and Tribal 
        Partners.--This includes: ensuring that fusion centers and 
        other State and local agencies have access to the classified 
        and unclassified Federal information they need; increasing the 
        flow of fusion center information and analyses to other SLT 
        agencies and the Federal Government; and examining long-term 
        sustainability issues regarding State and major urban area 
        Fusion Centers so that they operate at a baseline level of 
        capabilities.
   Implement the CUI Framework.--Fully implement policies and 
        processes in accordance with the CUI Registry (to include 
        technology and training initiatives) to support agencies' 
        transition to the CUI Framework.
   Protect Privacy and Civil Liberties.--Institutionalize 
        Federal privacy policies, incorporate ISE privacy requirements 
        in agency training, and encourage States to implement mostly 
        common privacy policies equivalent to those of the Federal 
        Government.
   Reduce Improper Classification to Enhance Information 
        Sharing.--Eliminate ``need to know'' requirements and 
        protocols, and eliminate overuse of originator controls that 
        can impede the ability to discover and share information.
   Improve ISE Security.--Adopt common standards and processes 
        for security clearances, identity management, and role-based 
        access to improve controlled sharing among all ISE 
        participants.
   Implement Reciprocity Policies and Practices for Clearances, 
        Systems, and Facilities.--Align Federal security policy 
        regarding facilities, personnel, and information technology 
        (IT) systems, and adopt the principle of security reciprocity 
        in all Federal agencies and with SLT and private sector 
        partners.
   Coordinate Investments for Terrorism-Related Initiatives.--
        Track agency budgets, reduce overlaps and gaps in funding, and 
        monitor investments in order to drive agencies to use 
        compatible technologies and business processes and to maximize 
        the use of scarce resources.
                             the way ahead
    The progress achieved in implementing the ISE since its inception 
has continued to move us toward the vision set forth in the ISE 
Implementation Plan in 2005 of ``a trusted partnership among all levels 
of government in the United States, the private sector, and our foreign 
partners.'' But the work is not yet done. With the adoption of the ISE 
Framework we now have a management structure in place that will help us 
not only realize the goals of the ISE as conceived in IRTPA, but will 
also contribute to the goal of intra- and inter-government 
collaboration that is integral to the administration's Open Government 
Initiative.

    Mr. Carney. Colonel Fuentes for 5 minutes, please.

  STATEMENT OF COLONEL JOSEPH R. FUENTES, SUPERINTENDENT, NEW 
                      JERSEY STATE POLICE

    Mr. Fuentes. Good morning, Mr. Carney and Ranking Member 
Mr. McCaul. I find myself sitting in the room once again with 
my distinguished congressional Representative from New Jersey 
and trying to live up to his expectations.
    Thank you, Congressman.
    When it comes to information sharing and intelligence, I am 
also sort of the thorn here between two roses. These are the 
experts, my colleagues, Mr. Smith authoring the Markle Report, 
a much dog-eared and referenced document on many committees 
that I serve on, and it is a very preeminent document.
    As to Ambassador McNamara, I want to thank him certainly 
from the bottom of my heart and on behalf of all the 
initiatives that are going on in State and local right now. 
Much of what I am about to say here relates to a robust 
Information Sharing Environment, and that is largely an 
attribute of the Ambassador's talent and strong sense of 
collaboration as Program Manager of the ISE.
    He has effectively and successfully navigated the PM-ISE to 
a watershed of national information-sharing initiatives that 
will continue to have a profound impact on improving our 
Nation's homeland and hometown security. Make no mistake about 
it those two things are connected very strongly.
    In many ways he established within the PM-ISE Office the 
integrity and reputation of a neutral third party, certainly 
not easy to do, creating and refereeing a mutually beneficial 
information-sharing environment across the spectrum of 
intelligence and first responder agencies.
    I know I join everybody that I work with and on the many 
committees that I am on in wishing him well in the future and 
thank him very much for what he has done.
    I would like to just frame the remainder of my remarks 
around the issue of fusion centers and their critical link to 
the effect of Federal, State, Tribal, and local information 
sharing in this country.
    First off, the success of information sharing will hinge on 
the adherence to privacy interest and civil liberties. I have 
attended numerous information-sharing summits and stakeholder 
meetings sponsored by the IACP, DOJ, and DHS, and the issues of 
policy and privacy are always and foremost closely linked to 
those discussions.
    Each fusion center is required to submit a privacy policy 
that is guided by a Federal matrix which must be approved by 
DOJ and DHS. Since 2007, the Bureau of Justice Assistance has 
developed privacy policy templates and provided training and 
technical assistance to the fusion centers. In conjunction with 
the national Suspicious Activity Reporting Initiative that the 
Ambassador mentioned, there has been numerous training that was 
provided by the Bureau of Justice Assistance that has been a 
tremendous aid to those of us who must manage fusion centers.
    As a matter of fact, the first time that the SAR initiative 
was used was on Inauguration Day in January. More than 4,000 
police officers were trained in recognizing suspicious 
behaviors, and it was one of the first times that the SAR was 
used. Obviously the success and the safety of that event is 
testament to the success of that initiative.
    Presently, there are 72 fusion centers in this country, 50 
of which are State-designated fusion centers, 22 are urban area 
security initiative fusion centers that are either located in 
the major cities or in densely populated regions. They are at 
varying levels of maturity, which raises some concerns for 
purposes of this discussion, but they are guided in their 
evolution by a set of baseline capabilities that have been put 
out by the Global Committee, Bureau of Justice Assistance, PM-
ISE, and DHS.
    I am impressed by this administration's commitment to 
fusion centers, as is evident in both the words and the actions 
of Secretary Napolitano.
    Besides DHS and DOJ support for the fusion centers, I would 
like to once again highlight the work of BJA that has been a 
leading partner in providing training and technical assistance 
in helping all the fusion centers to achieve baseline 
capabilities.
    Fusion centers bring all the relevant partners together to 
maximize the ability to prevent and respond to terrorism and 
criminal acts, using an all-hazards, all-crimes approach. By 
embracing this concept, these entities will be able to 
effectively and efficiently safeguard our homeland and maximize 
anticrime efforts.
    So often terrorism is found to have linked itself--and, 
sir, Mr. Carney, you mentioned it was Zaid Jarrah. He was 
stopped for a traffic offense, and had we had that information 
just a very few days before 9/11, there may have been more 
action that could have been taken.
    So there is constantly a nexus between terrorism, crime, 
and traffic, that we are sort of on the front lines with that, 
all the police in this country; and aggressive traffic and 
criminal enforcement is a way to resolve some of the issues of 
terrorism.
    The national strategy for information sharing calls for the 
fusion centers to be the backbone of information sharing 
involving State and local governments. The fusion centers help 
to organize and channel the information flow from the numerous 
Federal partners so that it is usable and actionable to the 
States and to the locals.
    The fusion centers have a very difficult job, and that is 
to harness the 18,000 State, local, and Tribal law enforcement 
agencies into an effective collection process so that the eyes 
and ears in the community of 1 million police officers in this 
country can collect the dots of information that arise in the 
routine course of their duties, where those leads are going to 
generate good investigations, and then be assured through the 
fusion center that there will be a place to connect those dots, 
if warranted, and produce lead value information so that 
terrorist plots or criminal plots or conspiracies can be 
interdicted.
    In 2006, our Homeland Security Adviser, Dick Canas, came 
before this subcommittee and announced the soon-to-be-opening 
Regional Operations and Intelligence Center in the State of New 
Jersey. That center has been open now for 3 years. It contains 
the New Jersey Office of Emergency Management, the State EOC, 
Emergency Operation Center, Mobile 911 Call Center, a Watch 
Operation Center and an analysis element.
    If I can just quickly talk about two of those components, 
sir?
    Mr. Carney. In the question phase, please.
    Mr. Fuentes. Absolutely.
    Mr. Carney. Thank you.
    [The statement of Mr. Fuentes follows:]
                Prepared Statement of Joseph R. Fuentes
                             July 30, 2009
    Good morning Madame Chair Harman, Ranking Member McCaul and 
distinguished Members of this subcommittee. My name is Rick Fuentes and 
I serve as the Colonel and Superintendent of the New Jersey State 
Police (NJSP). I also serve as the Chair of the International 
Association of Chiefs of Police (IACP) Homeland Security Committee and 
am a member of the Global Intelligence Working Group and Global's 
Criminal Intelligence Coordinating Council. Global includes over 30 law 
enforcement and criminal justice professional associations that have 
developed data standards, privacy policy, identity management, and the 
National Information Exchange Model (NIEM) which has allowed the 
Program Manager for the Information Sharing Environment (PM-ISE) and 
the U.S. Department of Homeland Security (DHS) to move faster in the 
State local and Federal information-sharing effort focused on terrorism 
and all crimes.
    I am grateful to this subcommittee for their strong advocacy for 
and pursuit of more effective and efficient means of information 
sharing between all levels of law enforcement in the interest of public 
safety. I want to thank you, Madame Chair, for including a 
representative of State and local law enforcement in your hearing 
today. That sends a very positive message to the more than 18,000 
agencies represented by IACP as this Nation's largest constituency of 
law enforcement and of this subcommittee's willingness and eagerness to 
solicit that viewpoint and perspective.
    First, I would like to thank and congratulate my distinguished 
fellow panelist, Ambassador McNamara. Much of what I am about to say 
relates to a robust information-sharing environment that is largely an 
attribute to the Ambassador's talent and strong sense of collaboration 
as Program Manager of the ISE. He has effectively and successfully 
navigated the PM-ISE through a watershed of national information 
sharing initiatives that will continue to have a profound impact on 
improving our Nation's homeland and hometown security. In many ways, he 
established within the PS-ISE office the integrity and reputation of a 
neutral third party, creating and refereeing a mutually-beneficial 
information sharing environment across the spectrum of intelligence and 
first responder agencies. I wish him well.
    I would like to frame the remainder of my testimony around the 
issue of fusion centers and their critical link to effective Federal, 
State, Tribal, and local information sharing in this country. First 
off, the success of information sharing will hinge on the adherence to 
privacy interests and civil liberties. I have attended numerous 
information sharing summits and stakeholder meetings sponsored by IACP, 
U.S. Department of Justice (DOJ) and DHS and the issues of policy and 
privacy are closely linked in those discussions. Each fusion center is 
required to submit a privacy policy guided by a Federal matrix to DOJ/
DHS for approval.
    Since 2007, the Bureau of Justice Assistance (BJA) and DHS have 
developed privacy policy templates and provided training and technical 
assistance to the fusion centers. In conjunction with the National 
Suspicious Activity Report Initiative (referred to as SAR), BJA and 
other partners have opened up the training and data formats to the 
privacy community and privacy advocacy groups. BJA, in conjunction with 
the PM-ISE, the Washington, DC, Metropolitan Police Department and 
others introduced the SAR effort to support the security of the 
Inaugural Day activities in January 2009. More than 4,000 police 
officers from the National Capital Region were trained on behaviors and 
privacy issues. This training was also shared with the American Civil 
Liberties Union (ACLU) and recommendations on their part were 
incorporated into the training.
    Presently, there are 72 recognized fusion centers in this country, 
50 of which are State-designated fusion centers and 22 are Urban Area 
Security Initiative (UASI) fusion centers either located in the major 
cities or densely populated regions. They are at varying levels of 
maturity, but are guided in their evolution by a set of baseline 
capabilities formulated in collaboration with their Federal partners.
    I am impressed by this administration's commitment to fusion 
centers, as evident in both the words and actions of Secretary 
Napolitano. Besides DHS and DOJ support for the fusion centers, I'd 
like to highlight the work of BJA. BJA has been a leading partner in 
providing training and technical assistance to the fusion centers in 
helping them to achieve baseline capabilities. Each year, BJA manages 
the National Fusion Center conference attended by more than a thousand 
law enforcement executives, Federal authorities, fusion center 
directors, and analysts. BJA has been able to harness the great work of 
Global to support and jump-start many initiatives needed to support the 
fusion centers, such as governance, intelligence commander training, 
and the use of fusion center liaison officers. It is important to note 
that this assistance is provided free of charge to the States and 
cities. To date, more than 160 individual technical assistance services 
have been delivered.
    Fusion centers bring all the relevant partners together to maximize 
the ability to prevent and respond to terrorism and criminal acts using 
an all-hazards, all-crimes approach. By embracing this concept, these 
entities will be able to effectively and efficiently safeguard our 
homeland and maximize anticrime efforts.
    The National Strategy for Information Sharing calls for the fusion 
centers to be the backbone of information sharing involving State and 
local governments. The fusion centers help to organize and channel the 
information flow from the numerous Federal partners so that it is 
useable and actionable to the States and locals. The fusion centers 
also aim to harness the 18,000 State, local, and Tribal law enforcement 
agencies into an effective collection process so that the eyes and ears 
in the community of 1 million police officers can collect the dots of 
information that arise in the routine course of their duties and be 
assured that there is a place that will connect the dots, if warranted, 
and produce lead value information that will reduce the threat of crime 
and terrorism.
    Although guided by a Federal blueprint to achieve a baseline 
operational competency, the fusion centers are functions of State and 
local governments. In order to achieve sustainability, fusion centers 
will need to go beyond the baseline in responding to the needs and 
priorities in their respective States. Those needs will vary and may 
include criminal street gangs, drugs, guns, or cross-border illegal 
immigration.
    In 2006, New Jersey's Homeland Security Adviser, Richard Canas, 
came before this subcommittee and spoke of the upcoming opening of the 
Regional Operations and Intelligence Center (ROIC), pronounced 
``Rock,'' New Jersey's State-designated fusion center. The New Jersey 
State Police has executive agency responsibility in the ROIC. The ROIC 
houses New Jersey's Office of Emergency Management, the State Emergency 
Operations Center (EOC), the mobile 9-1-1 Call Center, an Analysis 
Element and a Watch Operations Center.
    Watch Operations is where the State-wide deployment of State Police 
hazardous material and emergency management specialists, tactical entry 
personnel, canine, aviation, marine, bomb, and arson assets are 
coordinated and where there is constant situational awareness of State-
wide traffic and road conditions, weather events, toxic spills, school 
evacuations, bomb threats, National and international terrorist events, 
and general law enforcement operations. Information on these events are 
packaged in concise summaries and disseminated to pertinent customers 
through more than 70 email notification groups. The New Jersey State 
Police, New Jersey Office of Homeland Security and Preparedness, New 
Jersey Transit Police and the Port Authority of New York and New Jersey 
Police Department all occupy seats in Watch Operations. The Office of 
Homeland Security also manages and staffs the State's terrorism tip 
line.
    The anecdote to the siloing of information takes place in the 
ROIC's Analysis Element, a vibrant and collaborative information-
sharing environment comprised of representatives and analysts from 
State Police, DHS, FBI, ATF, Federal Air Marshals, Immigration and 
Customs Enforcement, Coast Guard, N.J. Division of Fire Safety, 
Philadelphia Police Department, and Newark Police Department. There are 
no shoulder patches or egos there. At 10:00 a.m. every weekday morning, 
these agencies gather in what we call ``the huddle'' to brief each 
other on the current threat environment and to set priorities, 
particularly those that require imminent analysis and dissemination.
    Operating with an ``all-hazards, all-crimes'' approach and a 
customer philosophy of ``give us a quarter's worth of information and 
we'll provide you with a dollar's worth of analysis and lead value 
intelligence information,'' the Analysis Element is the tip of the 
spear in Governor Corzine's State-wide Anti-Crime Plan to reduce 
violence and promote safe neighborhoods. Information-sharing 
initiatives that carry acronyms such as NJ Crime Track, NJ POP 
Collective, NJ TAG, NJDEx and NJ-Trace are connecting police records 
management systems around the State through federated search inquiries, 
targeting criminal street gangs, providing hotspot analysis, trending 
on State-wide violent crime and tracking the illegal spread of 
firearms. Addressing the latter, I'd like to provide you with 
information on NJ-Trace, an effective Federal and State anti-crime 
initiative.
    In order to maximize the lead value of a firearm recovered in a 
crime, the ATF has a program called e-Trace that tracks the history of 
a firearm back to its source purchase. This program allows ATF to 
discern patterns in firearms sales that have a short ``time to crime;'' 
in other words, the span of time from original purchase to its use and 
recovery in a crime. This statistic can effectively identify firearms 
traffickers and gun dealers engaged in illicit sales practices.
    Unfortunately, to submit a firearm to e-Trace required a voluntary 
effort on the part of a busy police officer to navigate several 
computer screens beyond the routine stolen weapons inquiry or put 
together a handwritten sheet to be faxed to ATF. Until recently, only 
one-quarter of all firearms recovered in a crime in New Jersey were 
submitted to ATF for e-Trace.
    Working with ATF, we interposed the ROIC Analysis Element in the 
exchange of information between the police officer and ATF, so that e-
Trace requests to ATF and responses back to the police officer were 
captured and analyzed by the ROIC crime analysts. In this manner, we 
could share information on the spread of illicit firearms across local, 
county, and State boundaries. We named this fusion center initiative 
NJ-Trace and established a Gun Crime Center within the ROIC Analysis 
Element.
    New Jersey State Attorney General Anne Milgram issued a directive 
to all county prosecutors and law enforcement agencies in New Jersey 
mandating the reporting of all crime-recovered firearms through NJ-
Trace. Every time a police officer runs an NCIC computer inquiry to see 
if a recovered firearm is stolen, a message pops up in the center of 
the screen reminding the officer that they will not receive a response 
without first conducting a gun trace through ATF. That trace entry is 
transmitted to the ROIC's Gun Crime Center and entered into the ATF e-
Trace program by a ROIC analyst. ATF responses are sent back to the 
requesting officer's agency and to the Gun Crime Center in the ROIC.
    Less than a year after the implementation of NJ-Trace, police 
submissions to trace crime-recovered firearms have increased from 25 
percent to almost 90 percent. The Gun Crime Center analyzes results and 
looks for State-wide patterns and trends for recovered firearms used in 
violent crimes and to seek out those individuals who traffic in those 
firearms. Last week, as a result of NJ-Trace, State Attorney General 
Milgram announced 11 separate State indictments against 12 individuals 
for trafficking firearms.
    What I have just described in the ROIC is an all-hazards, all-
crimes approach to information sharing and intelligence-led policing. 
All information is first filtered for a nexus to terrorism, as 
terrorism is a crime often facilitated by more overt criminal 
behaviors. The purchase or theft of firearms, the purchase or 
manufacture of fraudulent identity documents, funding streams through 
narcotics sales or transporting contraband such as explosives all 
provide police with many more opportunities to preempt or interdict 
actions that may be precursors to or actual terrorist activities. Those 
opportunities might be lost if police departments did not pursue 
aggressive criminal and traffic enforcement policies. And that 
enforcement could not achieve a greater law enforcement and public 
safety objective if the means and processes to collect, connect, and 
analyze disparate events did not reside in a State-wide, regional or 
local fusion center.
    With much accomplished, and the need to continue the progress of 
the PM-ISE, the path ahead in information sharing is not clear of 
obstacles. Challenges to information sharing include the following:
    1. A commonly recognized and accepted security clearance across 
        Federal agencies.
    2. Fusion centers are confronted with the need to query dozens of 
        information systems. The solution is the adoption of a 
        migration to a common data standard, such as NIEM, that would 
        standardize search terms to enhance data interoperability 
        between fusion centers and those systems at all levels.
    3. Use of fusion centers as broadcast outlets for elevations in the 
        DHS Homeland Security Advisory System and other alerts, 
        warnings, and notifications.
    4. Funding the continued deployment of Federal analysts to the 
        fusion centers.
    5. Funding the training and accreditation of analysts to promote 
        uniform best practices in the fusion centers.
    6. Going beyond the baseline to help fusion centers achieve 
        customer satisfaction at all levels of law enforcement.
    7. Nation-wide rollout of the SAR initiative.
    8. The establishment of a research and development function within 
        DOJ or DHS to explore social networking and communication 
        technologies that could, with appropriate security safeguards, 
        enhance analytical capabilities, and facilitate information 
        sharing.
    There are many success stories that demonstrate the progress we are 
making in the area of information sharing. There are still many issues 
to solve but the good work that has been demonstrated in the use of 
NIEM, the development of fusion centers, the roll out of the SAR 
initiative and the move to establish State-wide or regional 
intelligence academies bodes well for the future and our ability to 
sustain sound levels of homeland and hometown security.
    I thank you for your attention and would be happy to answer any 
questions you may have.

    Mr. Carney. Mr. Smith, please summarize for 5 minutes.

   STATEMENT OF JEFFREY H. SMITH, STEERING COMMITTEE, MARKLE 
                           FOUNDATION

    Mr. Smith. I will try to do this in less than 5 minutes, 
Mr. Chairman.
    Mr. Chairman, Mr. McCaul, it is an honor to appear here 
this morning on behalf of the Markle task force, and I am 
grateful that you put my full statement in the record.
    I also want to join my colleagues and this committee in 
thanking Ambassador Ted McNamara. The Nation owes him our 
thanks for a job well done; however, as the Ambassador's report 
acknowledges, much work remains.
    In March of this year, the Markle task force released a 
report that found nearly 8 years after the September 11 attacks 
the United States is still at risk. Policymakers from the 
President to local police chiefs still need better information 
to defend our homeland.
    The good news is that new laws have been passed and, in our 
judgment, no further legislation is required at this point. 
Unfortunately, however, the sense of urgency has diminished. 
Congress and the President must provide robust oversight and 
leadership to help ensure that officials charged with 
implementing these laws do so vigorously. This hearing this 
morning is a step in the right direction, and again I commend 
the subcommittee for its leadership.
    Our task force's report makes concrete recommendations for 
addressing the cultural, institutional, and perceived 
technological obstacles that are slowing progress on 
information sharing. Let me use the remainder of my time to 
discuss three areas where we think future work is needed.
    First, strong, sustained leadership from the President and 
Congressional oversight are needed. Although the Program 
Manager--ISE has made great contributions, the position is 
widely but incorrectly seen as an adjunct of the intelligence 
community. The White House is currently taking action to 
improve the existing structure, but we think additional 
strength needs to be added to the position of the Information 
Sharing Council, and the White House--the good news is, the 
White House has taken increased ownership of this issue. We 
take heart from these early actions, but it is critical that 
the official charged with leading the Government-wide 
coordination of information-sharing policy have adequate 
horsepower to drive interagency coordination; otherwise, 
wasteful, duplicative efforts by individual agencies working 
independently are inevitable.
    Many believe that this official should be appointed by the 
President and confirmed by the Senate. This will ensure 
accountability to Congress and will increase the position's 
clout, providing the necessary horsepower to overcome the 
bureaucratic resistance and turf wars that stymie progress. 
Giving the official some budgetary authority should also be 
considered.
    The second point, all Government information relevant to 
National security should be discoverable and accessible to 
authorized users while audited to ensure accountability. 
Authorized users must have the capacity to discover and locate 
relevant information, a capability we call discoverability. The 
Director of National Intelligence issued a directive last year, 
ICD-501, that is a step in the right direction, but the 
implementation of this will be critical.
    Third, enhanced Government-wide privacy and civil liberties 
policies must be developed. The PM-ISE has taken good first 
steps, but much remains to be done. The guidance, in our 
judgment, that has been provided by the PM-ISE is still too 
vague. We suggest a series of very specific measures in the 
privacy field that we think should be taken. Among those are, 
of course, the early creation and populating of the Privacy 
Oversight Board, which sadly has languished.
    With that, Mr. Chairman, I will end a little bit early and 
look forward to your questions.
    [The statement of Mr. Smith follows:]
               Prepared Statement of Jeffrey H. Smith \1\
---------------------------------------------------------------------------
    \1\ Member of the Markle Foundation Task Force on National Security 
in the Information Age and Senior Partner at Arnold & Porter LLP. I am 
grateful for the assistance of Nicholas Townsend, an associate at 
Arnold & Porter, and Daniel Friedman, a summer associate from Harvard 
Law School.
---------------------------------------------------------------------------
                             July 30, 2009
    Chair Harman, Ranking Member McCaul, I appear today as a member of 
the Markle Foundation Task Force on National Security in the 
Information Age and would like to thank you for holding this hearing 
and taking the initiative to improve information sharing by dedicating 
your time and energy to this critical issue. Making information sharing 
a top priority is essential to safeguard our National and homeland 
security.
    The Markle Task Force's most recent report found that, although we 
have made much progress, we are still vulnerable to attack because--as 
on 9/11--we are not able to connect the dots. At the same time, our 
civil liberties are at risk because we don't have the Government-wide 
policies in place to protect them as more powerful tools for 
intelligence collection and sharing information emerge.
    Our Government cannot identify, understand, and respond to 21st 
century threats, such as cyber attacks, terrorism, and energy security, 
without the collaboration and sharing of information across the 
Federal, State, and local levels and with the private sector so 
fragments of information can be brought together to create knowledge. 
The Information Sharing Environment (ISE) was created by Congress to 
improve our ability to know what we know about terrorist threats. The 
ISE was intended to effect a ``virtual reorganization of government,'' 
allowing communities of interest to work on common problems across 
agency boundaries and between Federal, State, and local governments, 
and the private sector--wherever important information could be found.
    Ambassador McNamara recently released the Third Annual Report to 
Congress on the ISE. I am pleased to testify with him this morning and 
believe the Nation owes him our thanks for a job well done. But much 
work remains. Under his leadership as the Program Manager for the 
Information Sharing Environment (PM-ISE), progress has been made toward 
reducing the barriers to information sharing that persist throughout 
Government. The ISE has made substantial strides in developing the ISE 
framework and policies, training, and guidelines for sharing 
information. However, as the PM-ISE's report acknowledges, there is 
still a great deal of work to be done.
    The Markle Foundation Task Force on National Security in the 
Information Age, on which I have had the privilege of serving since its 
inception, recently released a report \2\ that found that our Nation 
remains at risk. Unfortunately, the sense of urgency on information 
sharing has diminished in the nearly 8 years since the 
9/11 attacks. Old habits die hard. The ``need-to-know'' principle and 
stovepiping of information within agencies persist. The Markle Task 
Force's 2009 report makes concrete recommendations to address the 
cultural, institutional, and perceived technological obstacles that are 
slowing the implementation of laws intended to facilitate the flow of 
information and create new ways of collaborating.
---------------------------------------------------------------------------
    \2\ Nation at Risk: Policy Makers Need Better Information to 
Protect the Country (2009). All of the Markle Task Force's reports are 
available at http://www.markle.org/.
---------------------------------------------------------------------------
    I would like to take the remainder of my time to briefly outline 
the Task Force's core recommendations and to discuss three specific 
areas in detail where future work is needed--
    (1) Strong sustained leadership from within the Executive Office of 
        the President (EOP) and Congressional oversight are needed to 
        drive information sharing;
    (2) All Government information relevant to National security should 
        be discoverable and accessible to authorized users while 
        audited to ensure accountability; and
    (3) Enhanced Government-wide privacy and civil liberties policies 
        must be developed.
    I hope my comments will give this subcommittee a better sense of 
how far the Government has come toward a trusted information-sharing 
environment and what steps we believe still need to be taken to provide 
policy makers at all levels of Federal, State, and local government 
better information so they can make the best decisions to protect our 
country.
            i. the markle task force's core recommendations
    Before turning to a detailed discussion of the three areas where we 
believe more work is needed, let me provide a brief overview of the 
Markle Task Force and the four core recommendations in our most recent 
report. The Markle Foundation Task Force on National Security in the 
Information Age is a diverse and bipartisan group of experienced former 
policy makers and National security experts from the Carter, Reagan, 
Bush, Clinton, and Bush administrations, senior executives from the 
information technology industry, and privacy advocates. Under the 
leadership of Zoe Baird and former Netscape CEO Jim Barksdale, the 
Markle Task Force has released four reports \3\ recommending ways to 
improve National and homeland security decision making by transforming 
business processes and the way information is shared while at the same 
time protecting civil liberties.
---------------------------------------------------------------------------
    \3\ See Markle Found. Task Force, Nation At Risk: Policy Makers 
Need Better Information To Protect The Country (2009); Mobilizing 
Information To Prevent Terrorism (2006); Creating A Trusted Information 
Network For Homeland Security (2003); and Protecting America's Freedom 
In The Information Age (2002), available at http://www.markle.org/
markle_programs/policy_for_a_networked_society/national_security/
projects/taskforce_national_security.-
php.
---------------------------------------------------------------------------
    The Task Force has worked closely with Government officials, and I 
am pleased to report that the Government has taken many of our 
recommendations to heart in both legislation and Executive Orders. 
Chair Harman and this subcommittee deserve special recognition for 
their hard work on improving information sharing.
    In March, the Task Force published its most recent report in the 
hope that it would help the Obama administration, which now includes 
several former Task Force members, develop information-sharing 
priorities. The report's four core recommendations, which are 
summarized below, emerged from common themes that arose during the Task 
Force's interviews with officials in the Executive Branch and Congress 
on the current state of information sharing.
    First, Congress and the administration must provide strong, 
sustained leadership to reaffirm information sharing as a top priority. 
There is unfinished business in implementing an information-sharing 
environment across all Government agencies that have information 
important to National security, including State and local 
organizations. We are at a critical moment where top-down leadership 
and immediate action at the start of the new administration are 
required. If there is another terrorist attack on the United States, 
the American people will neither understand nor forgive a failure to 
have taken this opportunity to get the right policies and structures in 
place.
    Second, authorized users must have the capacity to discover and 
locate relevant information quickly and efficiently--a capability 
called ``discoverability.'' Data should be tagged with standardized 
information that can be indexed and searched. Using a decentralized 
system of discoverability, rather than large centralized databases, 
simultaneously improves our security and minimizes privacy risks by 
avoiding bulk transfers of data. When combined with an authorized use 
standard, discoverability ensures that users obtain what they need, but 
only what they need. This authorized use standard would permit an 
agency or its employees to obtain information based on their role, 
mission, and a predicated purpose. We also recommend strong auditing 
throughout the system, which would allow for improved enforcement of 
the authorized use standard and would contribute to enhanced 
information security.
    Third, the Obama administration should develop Government-wide 
privacy and civil liberties policies for information sharing to match 
increased technological capabilities to collect, store, and analyze 
information. These policies should be clear, detailed, transparent, and 
consistent, and must provide direction on hard issues while allowing 
agencies the flexibility that their different missions and authorities 
may require. Such policies are necessary both for the American people 
to have confidence in their Government and for the users of the 
information-sharing framework to have confidence that their work is 
lawful and appropriate.
    Fourth, the President and Congress need to overcome bureaucratic 
resistance to change by transforming the culture with metrics and 
incentives. Mission-oriented metrics are necessary to move away from 
the ``need-to-know'' culture and stovepiping of information that 
persists in many agencies and towards adoption of a ``need-to-share'' 
principle. Accountability and transparency should be joined with 
performance incentives and training to expose failure and reward 
success. Additionally, users should be empowered to drive information 
sharing by forming communities of interest. When individual users 
insist on better information, more effective practices are likely to be 
put in place to align information flows with user needs.
    Although the Task Force's recent work has largely focused on the 
Federal Government, our recommendations are applicable at the State and 
local level as well. State and local law enforcement have an essential 
role to play in protecting our homeland security. A cop on the beat may 
have information that can stop the next attack, but he needs to know 
what to look for and how to report it. To keep our country safe, 
information must be shared effectively, not only within the 
intelligence community (IC) and among Federal agencies, but also among 
Federal, State, and local governments and with key private sector 
partners. As outlined in the PM-ISE's annual report, the Nationwide 
Suspicious Activity Reporting (SAR) Initiative (NSI) has been a major 
focus of the ISE over the last year. The program has enjoyed 
enthusiastic support from the LAPD and other State and local 
participants. But more work needs to be done, including a careful 
examination of the role of fusion centers.
 ii. strong sustained leadership from within the eop and congressional 
           oversight are needed to drive information sharing
    The PM-ISE has made great contributions to enhancing information 
sharing. Ambassador McNamara's recent report says that a comprehensive 
information sharing policy requires coordination between five 
communities--Intelligence, Foreign Affairs, Homeland Security, Law 
Enforcement, and Defense--that cut across all levels of government. 
However, the PM-ISE's report does not discuss the significant 
challenges the PM-ISE faces coordinating those five communities from 
within the Office of the Director of National Intelligence (ODNI). 
Today, the PM-ISE is widely, but incorrectly, seen by those in the 
other four communities as part of the intelligence community; as the 
subcommittee knows, his mandate is much broader.
    The White House is currently taking steps to improve the existing 
structure by carrying out key information-sharing work under the 
auspices of the EOP. In a July 2, 2009 memorandum, Assistant to the 
President for Homeland Security and Counterterrorism John Brennan took 
important steps in three key areas. First, Mr. Brennan's memo 
identifies effective information sharing and access as a ``top 
priority'' of the Obama administration and says ``senior-level 
attention'' to this issue is crucial. To advance this priority, the 
Information Sharing Council (ISC) is being integrated into the 
Information Sharing and Access Policy Interagency Policy Committee 
(IPC), so that the ``important work of the ISC will move forward under 
the auspices of the Executive Office of the President.'' The position 
of Senior Director for Information Sharing Policy has been established 
within the EOP. The Senior Director will be the Chair of the IPC and 
will lead the interagency policy process and identify information 
sharing and access priorities going forward. Second, the White House 
has initiated a comprehensive review of information sharing and the 
ISE, which the Markle Task Force recommended as a key step to ensure 
Government-wide focus and coordination. Third, Mr. Brennan notes that 
the importance of effective information sharing extends beyond 
exclusively terrorism-related issues.
    The Markle Task Force takes heart from these early actions by the 
White House, which are largely in line with the Task Force's 
recommendations. Although the Task Force supports these efforts, we 
believe that it is imperative that the IPC and its Chair have adequate 
horsepower to drive interagency coordination at a senior level. As a 
general principle, the White House must assert strong sustained 
leadership across all agencies with a National or homeland security 
mission to assure that there is effective information sharing. Senior 
leadership from within the EOP will ensure Government-wide authority to 
coordinate the policies and procedures necessary for effective 
information sharing, and provide the policy clout necessary to overcome 
the bureaucratic resistance and turf wars that stymie progress. 
Otherwise, wasteful duplicate efforts are inevitable as individual 
agencies try to address information sharing independently. 
Congressional oversight will be critical to ensure that Government-wide 
efforts are being coordinated effectively.
    It is our understanding that the administration is considering 
several possible structures for information sharing to leverage the 
accomplishments of the PM-ISE and recognize the role of the Chief 
Information Officer in the ODNI and other agencies. There are a variety 
of possible models, including: (1) An approach similar to the Director 
of the Office of National Drug Control Policy, (2) expanding the PM-
ISE's mandate and making him the Co-Chair of the IPC, or (3) giving the 
Chair of the IPC greater authority.
    It is critical that the official charged with leading Government-
wide coordination of information sharing policy: (1) Have the 
President's clout behind him, and (2) be responsive to Congress. Many 
believe this official should be appointed by the President and 
confirmed by the Senate. This will ensure accountability to Congress, 
like other Senate confirmed officials in the EOP, such as the Director 
of the Office of Management and Budget or the Associate Director and 
Chief Technology Officer in the Office of Science and Technology 
Policy. Congressional oversight is essential to the success of 
information sharing because the oversight process can help ensure that 
the individual charged with making information sharing a reality is 
held accountable for producing measurable progress toward a safer 
country. In addition to improving oversight, a Presidentially-appointed 
and Senate-confirmed position will have increased policy clout, 
providing the necessary horsepower to drive interagency coordination.
    Moreover, serious consideration should be given to providing some 
budget authority to the official charged with leading the Government-
wide coordination of information sharing. Budgetary certification 
authority would greatly increase the official's ability to ensure that 
agencies are adhering to the administration's information sharing 
policies. Similar authority has been granted in other contexts to 
officials such as the Director of the Office of National Drug Control 
Policy.
    Broadening the Scope of Information Sharing.--In light of the 
current financial crisis and growing budget pressures, we need to do 
more with less. An effective information-sharing framework is not only 
important to protect against terrorism; it can make the Government more 
effective in areas like energy security and preventing a full blown 
H1N1 pandemic this fall. Mr. Brennan's memorandum acknowledges the need 
to expand the scope of information sharing beyond just terrorism 
information. The lessons learned from National and homeland security 
information sharing should be applied--under White House leadership--to 
other Federal responsibilities, such as air traffic control and health 
care. Congress should carefully examine the potential for broader 
implementation of ISE best practices in order to improve information 
sharing in other areas beyond terrorism. Broader implementation will 
create an on-going need for a senior official at the White House to 
drive effective information sharing from the top by continuing to 
maintain pressure on agencies to effectively share information.
iii. all government information relevant to national security should be 
discoverable and accessible to authorized users while audited to ensure 
                             accountability
    The PM-ISE's annual report focuses on developing infrastructure and 
technology that can help make accessing and sharing information easier. 
However, we believe greater attention should have been given in the 
report to data users and how they can find and access information. 
Intelligence Community Directive 501 (ICD 501), which was signed on 
January 21, 2009, mandates wide-ranging actions to promote information 
sharing throughout the IC. ICD 501 is not discussed in the PM-ISE's 
report. Connecting the PM's work with ODNI's efforts on ICD 501 more 
effectively could yield best practices with broad applications 
throughout the Government. Specifically, the Obama administration needs 
to take two steps--(1) Greater emphasis must be placed on 
discoverability, and (2) the PM-ISE's determination regarding the 
feasibility of an authorized use standard should be reassessed in light 
of ICD 501.
    Greater Emphasis on Discoverability.--As discussed in detail below, 
the Obama administration and Congress should consider adopting a policy 
that requires all agencies with a National or homeland security mission 
to make their data discoverable. Discoverability is a critical 
precursor to effective information sharing; making information more 
accessible will help only if users are able to discover what 
information is out there and who has that information.
    The traditional information-sharing model requires either the 
sender to know what information to send to whom (``push'') or requires 
the end-user to know who to ask for what (``pull''). Whether push or 
pull, there are too many doors on which to knock. The chances of the 
right data holder and the right end-user locating each other and 
sharing the right information are slim at best.
    Discoverability through the use of ``data indices'' is thus a 
critical precursor to an effective system of information sharing. These 
indices serve as a locator service, returning pointers to data holders 
and documents based on the search criteria used. Information not 
registered in data indices is essentially undiscoverable. Think of data 
indices as a card catalog at a library, where every aisle of the 
library is the equivalent of an isolated information silo. Without a 
card catalog to provide users with pointers to the location of books, 
users would be left to roam the isles in the hopes of finding a 
relevant book.
    The technology to give users the ability to discover data that 
exists elsewhere is readily available. However, in order to make data 
discoverable, each agency needs to tag its data at the point of 
collection with standardized information that can be indexed and 
searched. Many agencies do not adequately tag and index their data, so 
it is not readily discoverable, which undermines not only an agency's 
ability to share the data with others, but also the agency's ability to 
share within its organization. The DNI recently took an important step 
towards implementing such a system by signing ICD 501, which requires 
all IC agencies to make all information collected and all analysis 
produced available for discovery by automated means.
    ICD 501 only applies to the IC. An effective information sharing 
framework will require increased discoverability across the Government, 
so that data users will be able to find and have access to information 
across agency lines. Therefore, the Obama administration and Congress 
should place a high priority on broader discoverability as the first 
step toward effective information access. The technology is readily 
available--all that is needed is Government-wide policy guidance and 
implementation. The administration should establish a policy that 
requires all departments and agencies with a national or homeland 
security mission to: (1) Tag their data at the point of collection; (2) 
contribute key categories of data (e.g., names, addresses, passport 
numbers, etc.) to data indices; and (3) follow through on implementing 
widely available means to search data indices.
    We are pleased that the PM-ISE's annual report discusses creation 
of output-related goals and metrics, such as the ISE Maturity Score 
Card. The administration should build on these metrics by adopting more 
concrete outcome-oriented metrics. One of the first metrics should 
focus on discoverability because data indices are an essential 
precursor for effective information sharing. This metric should measure 
what percentage of an agency's data holdings have been registered in 
the data indices directory. Additionally, just as the private sector 
uses Quality Assurance scenarios to test the performance of critical 
system requirements, the administration should conduct on-going tests 
across Federal, State, and local organizations to determine how the ISE 
scores according to certain critical system requirements.
    The Feasibility of an Authorized Use Standard Should be 
Reassessed.--Improved discoverability must go hand-in-hand with a 
trusted system that will facilitate access to the data indices and the 
information to which these indices point (in the library analogy, 
access both to the card catalog and the book itself). An authorized use 
standard provides a model for such a system. Under such a standard, a 
Federal, State, or local agency or its employees obtain mission-based 
or threat-based permission to discover, access, or share information, 
as opposed to the current system which relies on originator control 
limitations, U.S. persons status, and place-of-collection rules.
    Congress asked President Bush to consider adoption of an authorized 
use standard in the 2007 9/11 Commission Recommendations Implementation 
Act. The PM-ISE discussed what he viewed as potential obstacles to 
implementation of an authorized use standard in his 2008 Feasibility 
Report. The report concluded that an authorized use standard was not 
feasible. Yet none of the objections in the report were technical in 
nature; commercial off-the-shelf technology enables the use of such a 
standard and can address perceived obstacles such as identity 
management. Moreover, an authorized use standard would not require 
amendment of statutes, such as the Privacy Act, and it would be in full 
compliance with the vital principles underpinning the constitutional, 
statutory, and regulatory requirements currently in place.
    We believe the PM-ISE's determination that an authorized use 
standard is not feasible should be revisited in light of ICD 501 and 
pilot projects that are testing these concepts in the field. The IC has 
started down the path toward phased implementation of an authorized use 
standard with ICD 501. ICD 501 incorporates many principles from the 
Markle Task Force's previous work on authorized use. For example, ICD 
501 requires that information collected or analysis produced must be 
available to authorized IC personnel who have a mission need for 
information and an appropriate security clearance. As part of ICD 501, 
the National Security Agency has designed a new collaborative system 
that will link disparate intelligence databases to support field 
operations in Iraq and Afghanistan. This system, which is currently in 
testing, is designed to address the challenge of providing data 
gathered from multiple agencies to authorized users based on different 
privileges. It represents a good first step that indicates that 
implementation of an authorized use standard is feasible.
    Other organizations are also undertaking pilot projects that will 
test the Markle Task Force's recommendations. As the subcommittee 
knows, the Project on National Security Reform (PNSR), led by Jim 
Locher, is working on the issue of improving national security 
decisionmaking. I am privileged to serve on the ``Guiding Coalition'' 
for PNSR and am pleased to advise the subcommittee that PNSR has 
adopted not only the spirit of the Markle Task Force's approach to 
information sharing, but also many of our specific recommendations. 
PNSR has been exploring with several Government agencies the 
possibility of a pilot project that would incorporate the basic 
elements of a fully integrated information sharing system. I hope that 
the administration will conduct such a pilot project, and I encourage 
this subcommittee to support this pilot project and to monitor its 
progress. Such real-world tests can help reassess the feasibility of an 
authorized use standard.
                    iv. increase privacy protections
    As detailed in the PM-ISE's annual report, the PM-ISE has issued 
ISE privacy guidelines and the ISE Privacy Guidelines Committee has 
published a ``Privacy and Civil Liberties Implementation Workbook'' and 
several associated documents, such as Policy Development Tools and 
Privacy Policy Outlines, to help agencies implement their own privacy 
policies. These are a good first step, but much more remains to be done 
to develop policies to assure both the public and Government officials 
that privacy and civil liberties are protected while information is 
shared. Clear, detailed, and consistent policies are necessary to 
protect privacy and civil liberties.
    Few agencies have produced privacy policies to date because there 
is little incentive for them to do so. Of the 17 agencies that were 
supposed to develop their own privacy policies, only three have 
produced such policies, a paltry 18 percent. By way of comparison, 
State fusion centers are required to submit privacy policies by a 
certain deadline in order to receive Federal grant money. Of 70 fusion 
centers, 80 percent have submitted policies. ISE agencies should be 
given a 30-day deadline to submit privacy policies to the PM-ISE for 
approval, and failure to meet deadlines should result in concrete 
penalties--including loss of funding.
    Moreover, merely having a privacy policy is not enough. To date, 
the PM-ISE guidelines and associated documents are more advisory than 
directive--they tell the agencies to address various privacy and 
security principles, but do not tell them how to do so. A comprehensive 
privacy policy must provide direction and consistency on hard issues. 
Yet the PM-ISE guidelines do not address many of the most challenging 
issues. For example, the guidelines state that all agencies must comply 
with the Privacy Act, but they do not address many of the difficult 
questions about who gets what information for what purpose under what 
standard of justification.
    The Obama administration should promulgate Government-wide policies 
on privacy and civil liberties that provide consistency and direction 
on hard issues while allowing agencies the flexibility that their 
different missions and authorities require. Such a policy should 
address: (1) Auditing of both data quality and data flows; (2) enhanced 
fidelity of watchlists; (3) deployment of access and permissioning 
systems based on carefully defined missions and authorities; (4) clear 
predication for collection and retention of data; and (5) redress 
systems that offer a meaningful opportunity to challenge adverse action 
and that ensure that corrections or qualifications catch up with 
disseminated data.
    The President and Congress should also act within the next 60 days 
to nominate and confirm members to the Privacy and Civil Liberties 
Oversight Board. Congress re-chartered the Board to strengthen its 
independence and authority, but the new Board has never come into 
existence. The statutory charter for the new Board gives it a role both 
in providing advice on policy development and implementation and in 
reviewing specific programs.
    Finally, the ISE should take advantage of technological tools to 
minimize the risk of unintended disclosure of personally identifiable 
information. In his March 2008 Feasibility Report, the PM-ISE found 
that although data anonymization has the capacity to improve privacy 
protections, it was technologically infeasible. This determination 
should be revisited in light of technological advances. There are now a 
number of commercially available technologies, including anonymization, 
strong encryption, and digital rights management, that can help protect 
privacy and civil liberties as well as information security. Moreover, 
both privacy and security protections can be enhanced through the 
decentralized approach to discoverability outlined above because this 
approach avoids bulk data transfers minimizing both privacy and 
security risks. When locator and topic information are transferred to 
the index, the underlying information isn't transferred until the user 
requesting it is authorized and authenticated, reducing the risk of 
unintended disclosure.
    Building the information-sharing environment should entail the 
development of new and more powerful privacy protections. But existing 
guidelines do not require agencies to provide any more protection than 
they already offered. Much work is needed in this area.
    In conclusion, Madame Chair, it has been a privilege for me to 
appear before the subcommittee today. I commend this subcommittee for 
its leadership on these issues. Sustained leadership is vital because a 
waning sense of urgency in the nearly 8 years since the 9/11 attacks 
means that old habits of withholding information are returning. The 
United States must not become complacent about improving information 
sharing in the face of the current financial crisis and in the absence 
of a new attack. This subcommittee has a critical oversight role to 
play in order to ensure that measurable progress is made on information 
sharing.
    Much more needs to be done. Now, at the start of the Obama 
administration, is the moment for breakthrough progress on information 
sharing. The Markle Task Force will continue to work with Congress and 
the Obama administration to find practical solutions to the critical 
homeland security issue of information sharing. The Task Force has 
concrete recommendations for steps that can be taken today to ensure 
that decision makers at all levels get better information so they can 
protect the Nation. Our recommendations are neither complicated nor 
technically difficult. They require attention to implementation and 
strong, sustained leadership.
    It is important to have a public dialogue about this vital issue. I 
would like to thank the subcommittee for having this hearing to 
facilitate that essential dialogue. I look forward to working with you 
and am happy to answer any questions you may have.

    Mr. Carney. Thank you Mr. Smith.
    I want to thank all of you for your testimony. Its length 
is only an indication of its importance, so we really wanted to 
drill down into the issues you raised.
    I will remind each Member that he or she will have 5 
minutes to question the witnesses, per round. I will now 
recognize myself for 5 minutes.
    Mr. Ambassador, you offered in your testimony to share your 
personal observations. Please, that is my question to you; 
please share those observations.
    Mr. McNamara. Thank you, Mr. Chairman. I can be very brief. 
There are five points I would like to make.
    One, I believe the PM should be a Presidential appointee 
who reports to the White House and the Congress, independent of 
any agency, as an honest broker. I think this is critical, and 
it is the one role that we have been able to perform which has, 
in fact, loosened up some of those cultural rigidities and 
enabled us to act in the successful, I believe, manner that we 
have.
    Second, the Program Manager needs to be a senior official 
with extensive interagency experience and a recognized ability 
and stature to manage major bureaucratic issues. This is 
important because, in fact, the Program Manager works 90 
percent of the time with the interagency. In fact, it is an 
interagency job. Every aspect of information sharing crosscuts 
different agencies so that there is no one agency that I go to 
and expect to get full implementation of these crosscutting 
issues. They are all multiagency issues.
    Third, we need to strengthen, I think, the effectiveness so 
that the Program Manager, in addition to being the Program 
Manager should, I believe, be the Chair of the White House 
Interagency Policy Committee on Information Sharing that 
reports to the deputy committee.
    Fourth, I think the PM Office should continue until the ISE 
is fully mature. Although it exists and is functioning it is 
not fully mature yet. Also it should remain until the ISE is 
well-anchored in State and local government practice and do all 
of this in as brief a period as possible.
    Fifth and finally, at full maturity, I want to point out 
that the ISE functions will not end. What will come to an end, 
I expect, at full maturity is that the office will go out of 
existence, but the functions will be institutionalized in 
agencies throughout the Federal Government, and those agencies 
will be acting as Executive agents carrying out the functions 
that are now being performed by the PM-ISE Office.
    That has, I think, already begun. If you take a look, we 
have turned over to NARA, that is the Archivist of the United 
States, the CUI function. That function is being performed 
primarily as an executive agent by NARA.
    Suspicious activity reporting, we expect, as I mentioned, 
to bring that to maturity in the next 6 months to a year. I 
expect that the Department of Homeland Security and the 
Department of Justice will be able to take on that function.
    The other functions--fusion centers, privacy, and civil 
liberties--remain to be institutionalized. As they are 
institutionalized, as I see it, the agencies will act as agents 
for the Federal Government working with the State and locals. 
Those, I think, are the answer to what is the future of the 
Program Manager's Office.
    Mr. Carney. I appreciate those observations. One question 
that kind of popped in mind immediately was, in your opinion 
and based on your experience, how long for maturity? What sort 
of time frame are we looking at?
    Mr. McNamara. I have been asked that several times in 
recent weeks especially.
    It is difficult for me to put a specific time frame on it. 
What I can say is that I believe we have gone just beyond the 
tipping point recently; that is to say we are not going back to 
the old way of doing things. That is not an option.
    The option is to move forward. The tipping point having 
been reached, there are several paths to go forward, and there 
is not just one solution. I think we are about roughly halfway 
toward that maturity level.
    Now, since it has taken us 3, 3\1/2\ years, and we are 
halfway there, one might imagine another 3, 3\1/2\ to do it. 
But I think, as has been mentioned here and certainly has been 
mentioned to me, the train left the station rather slowly. I 
would say that of that half that we have now accomplished of 
getting towards full maturity, fully half of that was done in 
the last year. So we are picking up momentum, we are moving 
faster. Therefore I would hope it would not be a full 3, 3\1/2\ 
before it comes to full maturity.
    I welcome the incoming administration, the current 
administration's immediate and vocal support for this as a 
priority. I also, by the way, want to say how much I 
appreciated the support I got from the former administration 
throughout my 3\1/2\ years as they built with me and with the 
State and local and private sector people the foundation phase 
of the ISE. We have completed the foundation phase; now comes 
the final push to maturity.
    Mr. Carney. I appreciate that so much.
    I now recognize the Ranking Member from the subcommittee, 
the gentleman from Texas, Mr. McCaul, for questions.
    Mr. McCaul. I thank the Chairman. I would like to ask some 
questions about the program managers--some of the current 
authorities.
    But before I do that, I would like to ask Colonel Fuentes: 
The example of the hijacker, a 9/11 hijacker, was mentioned in 
the opening statements. He was on a CIA watch list, was pulled 
over by a State trooper, obviously was not forwarded.
    Would that be--how would that be different in today's 
scenario under this new program?
    Mr. Fuentes. Well, there is a database that is routinely 
checked when you do an NCIC, National Criminal Information 
Center inquiry, which is pretty routine on a motor vehicle 
stop. It is called a VGTOF. It is a database that has violent 
criminals, gang members in it, including the terrorist watch 
list.
    So notification would be near instantaneous if that was 
run. Then there would be guidance that would be provided to the 
police officer or to the trooper to hold that person possibly 
for additional inquiry, perhaps by a member of the Terrorism 
Task Force, or simply to note a location, a license plate, a 
name, other occupants that are in the vehicle.
    But that police officer would now be guided in ways that 
were probably unimaginable prior to 9/11.
    Mr. McCaul. So you feel very confident if that type of 
person was pulled over today they would be detained?
    Mr. Fuentes. My confidence is building every day, sir.
    Mr. McCaul. The suspicious activity reporting, how is that 
working?
    Mr. Fuentes. Well, the suspicious activity reporting is a 
very good initiative that really looks at what are the routine 
activities that a police officer does every single day.
    Responding to a report of somebody taking photographs of 
planes taking off at an airport: There could be a completely 
normal reason for doing that and there may be a nefarious 
reason for doing that. That information is captured when a 
police officer responds, it goes into a records management 
system; and then, prior to the initiation of the SAR, it would 
have languished, it would have simply been part of that records 
management system. Now, with the SAR process, that information 
is captured in that records management system by the fusion 
center and it is compared to other records management systems.
    So that car that might have been sitting, for instance, 
taking pictures of a refinery on the side of the New Jersey 
Turnpike 2 days later also comes up in the record, perhaps 
another record in another county or another municipality of 
being next to another refinery. So when you put those two 
things together, interest in that individual heightens 
considerably. Maybe they are writing a book or maybe they have, 
you know, another motive that the police need to take a look 
at.
    That is the purpose of the SAR, to use the information that 
is routinely developed over the course of a police officer's 
shift and then collate and compare that within the records 
management system to see if there is any behavior that you 
should be taking a look at.
    Mr. McCaul. Thank you. My time is limited. I don't know if 
we will have another round of questions, but I do want to talk 
about the Program Manager authority.
    Ambassador and Mr. Smith, if you would like to weigh in on 
this, your authorities are set forth in section 216 of the 
Intelligence Reform and Terrorist Prevention Act, yet section 
218--1018 seems to take away a lot of that authority, abrogate 
a lot of that authority.
    I wonder if you could comment on that, in the future the 
Program Manager having more authority; and also, how is that 
going to--how is this position going to work in conjunction 
with now the new position of senior director for information 
sharing policy within the Executive Office of the President?
    Mr. McNamara. Well, let me quickly answer the second 
question because my answer is that I really don't know how it 
is going to mesh, because the White House is the one that is 
going to make the decisions and the calls on that and not I.
    However, the senior director for information sharing and 
information issues is not entirely new since there was one in 
the outgoing administration also. But this one has taken on--
appears to be taking on a higher role and a more pronounced 
role. But I really don't have the answer to that because no 
announcements have been made as to what the structure is, and I 
am not involved in that aspect of it.
    Quickly, on 1016 and 1018, indeed, as you note, the 
authority on 1016 seems to be quite strong, but there is 1018 
which says that this shall not interfere with existing 
authorities, and then it lists a whole bunch of agencies and 
agency heads. The result is that the Program Manager is less 
the manager of the ISE than the negotiator and conciliator and 
kind of compromiser to produce the ISE.
    One area that I think--as I mentioned in my list of things 
that needs to be done, I think the Program Manager needs to 
have a much stronger role in the budget process. Right now, as 
a result of our cooperative approach with OMB, we do get an 
insight into the budget process on information sharing issues 
and how the budget is being used by several of the agencies to 
implement information sharing initiatives, but it is a partial 
look at a partial number of agencies. We are not--we don't have 
a regular seat at the table when it comes to budget issues. I 
think that is something that needs to be done.
    Mr. McCaul. I see my time has run out, but let me just make 
a final comment.
    I think and recommend to the Chairman that we look into 
both these statutory provisions to see if there are changes we 
can make to strengthen the role of the Program Manager. 
Ambassador and Mr. Smith, I look forward to your 
recommendations as to how we can achieve that.
    With that, I yield back.
    Mr. Carney. I would like to assure the gentleman we will 
have at least one more round of questioning and continue with 
this. It is something that we can do from the Oversight 
Investigations Management Subcommittee as well.
    I will now recognize other Members for questions that they 
may wish to ask the witnesses. In accordance with committee 
rules, I will recognize Members who were present at the start 
of the hearing based on seniority on the subcommittee, 
alternating between Majority and Minority. Those Members coming 
in later will be recognized in the order of their arrival.
    I now recognize for 5 minutes the gentleman from Texas, Mr. 
Green.
    Mr. Green. Mr. Chairman, I would yield to Mr. Pascrell and 
assume a later position.
    Mr. Carney. Without objection, so ordered.
    Mr. Pascrell for 5 minutes, please.
    Mr. Pascrell. I thank the gentleman from Texas, and thank 
you, Mr. Chairman.
    Ambassador McNamara, I want to thank you for your service. 
You have really moved us down the field to what we want as a 
truly integrated system in this country. We still are part of 
the problem, this side of the table and throughout the 
Congress, in that the Secretary, your very boss over the last 
3\1/2\ years, can still be brought before 108 different 
oversight committees in the House of Representatives. We are 
not moving off that dime, and that is why we are stuck.
    This committee I know wants to move forward, but again it 
is only one of the committees. We created the Department of 
Homeland Security. When we did that, it was done with the idea 
that we could house all our critical domestic security agencies 
under one roof; and in that environment, we would have the kind 
of information sharing between the agencies that we feel could 
have prevented the 9/11 attacks.
    Unfortunately, the lack of information sharing, not only 
between different agencies but within agencies, continues to be 
one of the biggest problems we face in the Congress.
    Colonel Fuentes, you know that I am really proud of what 
you have cited today, because New Jersey is really a role model 
in terms of State agencies throughout the country on the 
forefront of providing bottom-up intelligence and operations. 
You have made that a core of the operation, yourself and 
Homeland Security Director Richard Canas. It makes the State of 
New Jersey's Homeland Security infrastructure so effective.
    There are some things, Mr. Chairman, we do well in New 
Jersey, and there are some things we are trying to improve 
upon.
    Colonel Fuentes, can you talk more about how information is 
shared within the State of New Jersey and how this is an 
integral part of Governor Corzine's State-wide crime plan? I 
would appreciate if you could especially hit upon two effective 
programs--I think they are effective--in our State: the New 
Jersey Data Exchange, New Jersey DEx; and the suspicious 
activity reporting, NJ-SARS; and finally how do you think we 
can best apply these practices on the Federal level.
    Mr. Fuentes. Well, we are a small State with a lot of 
police departments, so we are shoulder to shoulder. Everybody 
knows everybody; that makes the environment a little bit 
easier.
    Although the State is not a large State, there are 479 
full-time police departments and 21 county prosecutors' offices 
and 21 county sheriffs' offices. That is a lot of information 
that needs to be collected. Our fusion center has operated as a 
junction box, so to speak, for pulling that information in.
    But mostly the purpose of every fusion center, 
incidentally, not just ours, is to produce tactical and early 
warning products on issues that are of imminent concern. That 
is always going to be first and foremost: Terrorism.
    New Jersey is a 9/11 State. New Jersey State Police have 
lost three troopers in the last 30 years in shoot-outs with 
domestic terrorist groups. The case that almost never gets 
mentioned is the 1988 arrest of Yu Kikumura, a member of the 
Japanese Red Army, on the New Jersey Turnpike, arguably the 
first attempt of attack on this country by an international 
terrorist group.
    In addition to that, on 9/11, we lost communications to our 
force in the entire north part of the State.
    So the experience of terrorism is not one that is certainly 
lost on us. So the idea of putting a fusion center together 
actually occurred right after 9/11, and it evolved to where we 
are right now with a great deal of Federal help and partnership 
and a lot of advice by the two gentlemen that are to my left 
and to my right.
    I mention homeland and hometown security because, if you 
are aggressive on crime and criminal enforcement, you are going 
to develop the information that could get you to the terrorist 
plot.
    You mentioned NJ-DEx, Congressman. That is in line with the 
National Data Exchange program at the Federal level, which is 
pulling together information from the States, you know, to the 
Federal agency. What we did in New Jersey is--and we are in the 
process; this is evolving--is to have a Google-type search with 
appropriate security clearance to police agencies, police 
officers, troopers who can run a name both for deconfliction 
purposes and to see if anybody else in the State may be working 
an investigation, a criminal investigation, that would aid 
their own.
    We went up on this program literally months ago and just 
recently dumped 300,000 investigation reports, complete with 
narratives, into that database; and now two counties in New 
Jersey have done the same, and we are looking to build that 
through 21 counties. So that program is a very, very robust 
program and is one that I think is going to produce a lot of 
results in terms of reducing crime in the State of New Jersey.
    You mentioned the SAR program. The SAR program--and the 
Ambassador can certainly tell you a great, you know, more about 
that program--has been used in a number of other cities, I 
think perhaps as many as 40 or 50 up to this point. New Jersey 
is just beginning to come on line with that program.
    One of the places we are taking a look at employing that is 
actually Atlantic City. In the aftermath of both the Mumbai and 
the Jakarta attacks, we are very sensitive to the fact that we 
have 14 casinos in Atlantic City, and making sure that there is 
proper communication between those casinos. That information of 
suspicious activity in each one comes into the fusion center 
and that is compared to the others to see if we can produce 
lead value information.
    So we are excited about both the programs that you 
mentioned, and they are evolving, and I think are going to hold 
great promise for the future for us and the State.
    Mr. Pascrell. Thank you, Colonel.
    Thank you, Mr. Green.
    Thank you, Mr. Chairman, for your courtesies.
    Mr. Carney. Of course.
    The Chair now recognizes for 5 minutes my good friend from 
Pennsylvania, Mr. Dent.
    Mr. Dent. Thank you, Mr. Chairman. For the record, I want 
it to be known, I do love New Jersey. My mother-in-law is from 
Phillipsburg. When New Jersey does things well, we consider New 
Jersey part of greater Pennsylvania, I just want you to know 
that. Seriously. I had to get that off my chest.
    Ambassador McNamara, what do you see as the next steps for 
this whole Information Sharing Environment, this ISE? What do 
you think the Obama administration plans are for ISE?
    Mr. McNamara. Well, once again, on the second question, I 
would like to leave that to the Obama administration officials 
who have just come in, who are now getting themselves settled, 
warming the chairs and taking action. I will leave it to them 
to talk about that.
    I listed my priority areas that I think need to be looked 
at. Interestingly enough, in my conversations with the incoming 
administration, they seemed to have roughly the same priorities 
as I just listed. I think it is important that we look at 
this--and let me very briefly refer back to Congressman 
Pascrell's remarks about the problems with crosscutting issues, 
as I refer to them.
    Both--I think both the Executive Branch and the Congress 
need to restructure the manner and the way they handle 
crosscutting issues. You have--in the administration, agencies 
get the authority, agencies get the funding. When someone like 
me comes along, or the individual who runs--is supposed to run 
and is running the cybersecurity program or a whole range of 
other crosscutting, interagency issues, we are appealing to 
agencies to do what is in the common good.
    But the agency has its own missions, its own perspectives. 
Each agency--I am dealing with 17 of them every day of the year 
for the last 3\1/2\ years, 17 different agencies who have 
agency missions that they have to accomplish. Their budgets are 
limited, and for them to move their budgets the way I want them 
to move it is not easily done. Crosscutting issues, it seems to 
me, have got to be dealt with by the Executive in a different 
way.
    I think also the committee system in the Congress leads to 
agency focus and agency attention. It doesn't address 
crosscutting issues in the way that it needs to be done. Now, I 
don't know exactly how one would restructure the crosscutting 
issues that the Executive Branch has to deal with, nor would I 
suggest--I am not expert enough to suggest--how the Congress 
should adjust its structures.
    But it seems to me that in this 21st century these 
crosscutting issues are becoming more and more numerous. I cite 
as an example of that, in a demonstration of the truth of that, 
look at all the so-called ``czars'' that keep popping up 
downtown. They are not really czars; they are like me. I have 
been referred to as the ``information sharing czar,'' and 
believe me, I am not a czar; I am almost a petitioner at times.
    Because the agencies are the czars, just as the committees 
are the czars up here.
    Mr. Dent. Can I just follow up on that line of thought?
    So then, what kind of incentives or, in some cases, 
penalties are in place for organizations or individuals to 
encourage or reprimand actions, you know, to bring about a 
greater sharing of security-related information?
    Mr. McNamara. Well----
    Mr. Dent. If there aren't any incentives or penalties, 
should there be?
    Mr. McNamara. There are some, but they are relatively weak 
incentives as compared with the incentives to fulfill the 
agency's main mission, which may not be information sharing, 
although information sharing underlies much and many of the 
agency missions.
    What I think needs to be done is that a shift in the manner 
in which resources are allocated needs to be done.
    If you are going to have a crosscutting issue such as 
information sharing, such as cybersecurity, such as--well, you 
name it, they are out there. There are dozens of them, drugs, 
et cetera. Then the way the resources are allocated have to 
take into account, starting with the legislation, in my 
opinion, and going on through the administrative allocations in 
the Executive Branch, have to take into account crosscutting 
issues; otherwise, the noncrosscutting issues will get 
priority.
    Mr. Carney. Thank you.
    The Chair now recognizes the gentleman from Texas for 5 
minutes, Mr. Green.
    Mr. Green. Thank you, Mr. Chairman.
    I thank the witnesses for appearing.
    I would like to, because he is retiring again, thank 
Ambassador McNamara for your services.
    Sir, you may not and you probably would not want to be 
referred to as a kingpin, but you clearly are a linchpin in 
this process. You have become sort of the glue that has bonded 
a lot of our intelligence services together, and I thank you 
very much for your service to your country.
    My suspicion is that this is not the last time we will see 
you. My suspicion is you have a lot of productive years ahead, 
and we will find you back in Government services at some point. 
Although I don't want to speak for you; that is just my 
suspicion.
    Now, let me speak, if I may, quickly to Mr. Smith. Mr. 
Smith, I have information on you but very little on the 
foundation. Can you tell us just briefly a little bit about the 
foundation?
    Mr. Smith. Of course. The Markle Foundation is 
headquartered in New York. It is chaired by Zoe Baird, and has 
been--it is a foundation that has been in existence since the 
mid-1930s. The task--among it is other achievements are, it has 
done a lot of funding for Children's Television Workshop. In 
fact, Big Bird is one of their creations.
    The Task Force on National Security in the Information Age 
emerged after 9/11 when Ms. Baird and Jim Barksdale of Netscape 
got together and decided that something needed to be done, and 
the task force was created. Most of us have volunteered our 
time. We have issued now four reports over the years and, 
frankly, are pleased at the reaction that our reports have 
gotten.
    Mr. Green. Thank you.
    To the Ambassador and to you, Mr. Smith, the Privacy and 
Civil Liberties Oversight Board, the first question is, has 
that board come into being in the sense that we now have it 
staffed and we have appointees to it?
    Ambassador, I will start with you.
    Mr. McNamara. The board came into existence. It did have 
members and a staff, but it, for reasons not completely clear 
to me, sort of became inactive within 6 months to a year of its 
standing up. I believe now there are no members actively 
engaged and the board is moribund.
    Mr. Green. Can you briefly tell us what the function of the 
board was or should be?
    Mr. McNamara. Yes. It was briefly to be an independent 
reviewer of the policies relating to privacy and civil 
liberties throughout the Government, and it was to act as--I 
have referred to it several times as kind of the Good 
Housekeeping Seal on privacy and civil liberties policies as 
practiced by the Federal Government.
    Mr. Green. Do you see worth in this board?
    Mr. McNamara. I see enormous worth in that board.
    One of the problems that I have had in dealing with privacy 
and civil liberties issues is when I have put forward policies 
and issued them, it would have been easier and I think more 
credible if I could have submitted those policies to this board 
and had them comment on it. We could have made changes, 
adjustments, et cetera, and then had them endorse it in effect; 
tell us that, okay, that is fine, go ahead and issue it.
    Mr. Green. I am running short of time, and I apologize.
    Mr. Smith, do you have comments that you would like to make 
about the privacy and oversight board?
    Mr. Smith. Yes, Mr. Green. I think it is critical that the 
President promptly name people and that the Senate confirm 
them. The problem is, in the last administration, some of the 
people that had been named got tangled up in confirmation 
issues on the Senate side.
    I think it is critical that this board be named and that it 
be very active. So I encourage this committee to keep the heat 
up.
    Mr. Green. Thank you.
    I have many other things, but I want to go to you, Colonel, 
to be fair to everybody, make sure everybody has a chance to 
say something. You had two observations that you wanted to 
make. Did you have an opportunity to make the observations?
    Mr. Fuentes. Basically, everybody has a copy of those 
opening remarks, which basically just describe some of the 
function of the two most important components in the fusion 
center, and I would--I certainly don't have to take up the time 
here.
    Mr. Green. This is your opportunity, tersely and concisely.
    Mr. Fuentes. I have already sort of inferred to what the 
analysis element does. That is really where the fusion takes 
place in the fusion center. That is a very collaborative 
environment involving a lot of Federal partners, DHS, FBI, 
Coast Guard, DEA, ICE. There are no shoulder patches, and there 
are no egos in that group.
    Every morning they get together at 10:00 a.m. They have a 
huddle. They talk about what everybody knows from their 
respective agencies. They figure out what the priorities should 
be for the day, and especially if any information that is being 
generated in that meeting should be disseminated very, very 
quickly out to the law enforcement partners, to fire 
departments, wherever, in the State of New Jersey.
    Most of the initiatives that I mentioned that Congressman 
Pascrell brought up, New Jersey SAR, NJ-DEx, NJ Trace, which 
looks at weapons that are recovered in crime, the gang work 
analysis that gets done up there, plus products that may relate 
to international or domestic terrorist investigations, Mumbai.
    One case in point, without being asked, the fusion center 
in a couple of days put together a product, ``What Does the 
Mumbai Attacks Mean to the State of New Jersey and the 
Infrastructure That is in the State of New Jersey?'' Certainly 
instructions to tactical teams, police teams who may have to 
respond to these events. As you certainly all know from Mumbai, 
there was a secondary ambush that was set up on those 
responding teams.
    In every single one of these events, there is a lesson to 
be learned. The fact that we are sitting in little old New 
Jersey and not in some other place of the world that 
experiences this more, the lessons of what goes on around the 
world are very, very important to us, and that is really the 
essence I think of information sharing and the best thing that 
we can get out of it.
    Mr. Green. Thank you, Mr. Chairman.
    I yield back.
    Mr. Carney. Thank you.
    The Chair now recognizes the gentleman from Indiana, Mr. 
Souder, for 5 minutes.
    Mr. Souder. Thank you.
    Part of the reason I am on this committee is I was working 
to coordinate narcotics efforts before 9/11, and this, Homeland 
Security, has become a lot like narcotics in stovepiping and 
laying another over in effect.
    A friend of mine sent me a joke about Congress seeing a 
scrap yard in the middle of the desert. We hire a watchman. 
Then we decide the watchman needs training, and so we hire 
people to train him. Then he needs pay, and so we hire people 
to pay him. Then we need people to write the reports on all 
that. Then we need to have supervision over that and how he is 
going to interrelate. Then we decide to cut the budget and lay 
off the watchman, but the bureaucracy is there.
    Sometimes in homeland security and in narcotics, it seems 
to me we keep layering. Part of the goal here is how to enforce 
it. There are some fundamental things in here, some that we 
have touched on. We have tried in Congress in the Drug Czar to 
give him the ability to decertify the budget, but no Drug Czar 
had the courage to do it because they have to get along with 
each agency. Afterwards, he doesn't have as much line because 
it is a staff like a czar. We have tried red-flagging.
    That would be one way to give each kind of czar person the 
ability to put some kind of red flag that they are not meeting 
their criteria, which would be less than complaining about the 
budget. We have tried oversight in the Government Reform and 
Oversight grade cards. But that is hard to do if you don't have 
inside people leaking information to you, and then they tend to 
get destroyed in whistle-blowing even with the protection 
because you want to move up and not do that.
    But, clearly, we have to find a way to do this, because it 
is true in Education. It is true in National Parks. It is true 
in every category of government, this crosscutting of different 
agencies. But it is really severe here, because Homeland 
Security has a big share of narcotics and immigration, which is 
really--and traditional Customs, which is really the bulk of 
what they do.
    The No. 1 priority is prevention, which is a whole lot 
riskier and harder than trying to catch criminals, because you 
are dealing with more gossip, basically high-level gossip, 
trying to speculate and put pieces together that haven't 
occurred yet. The New York HIDTA is probably the best, where 
New Jersey and Connecticut and New York pulled together and 
basically have a terrorism and narcotics working together 
there. But now, when we lay these fusion centers over, and the 
fundamental question, because I am wondering how they are 
interrelating with OCDEF and HIDTAs and so on, all of which 
have two-thirds overlapping missions.
    When we come here and say, let's change the need-to-know to 
share, and we move into terrorism--and we already have been 
having these problems for financial reasons--in other words, 
agencies know if they don't claim the credit in narcotics 
busts, they may not get funded by whoever is funding them. You 
have ego questions.
    But when we get into terrorism, it is even harder, because 
here we are getting, the more you proliferate, the more you 
potentially risk and burn your source, who may in fact get 
killed, much like being in narcotics in the Mexican border. For 
example, it may expose, even just saying--describing somebody, 
when you put it on a notice, it may suggest to--if it leaks 
out, what phone you have to have, what information you have. 
Plus, a lot of it is gossip. It is kind of like a background 
check on people when they had that stuff leaked.
    I would like to have each of you briefly describe how you 
ever think we can move from the practical need-to-know and 
sharing, particularly as something as risky as terrorism.
    Mr. Fuentes. Yes, sir. As far as OCDEF, the terrorism task 
force, the HIDTA groups, that relationship is very good in the 
State of New Jersey. I have personnel that are assigned in 
large numbers, actually, to all of those entities. Their 
representatives in the fusion center basically hook into the 
databases that are proprietary to them.
    You said something about information and the sharing of 
information. When there is terrorism information, incidentally, 
that should be the first filter that every single bit of 
information should go through first, whether it appears to be 
criminal or not.
    My first concern is always going to be, when information 
comes in, what does it mean to the State of New Jersey? How do 
I have to redeploy my personnel to somehow counter that threat?
    I will be honest with you; I don't need to know techniques. 
I don't need to know tactics. I don't need to know 
methodologies, how you got that information and where it might 
have come from. I just sort of need to know the bottom line, 
not what is below the tear line, for lack of a better term. 
That may be the accepted term. I want the information quick, 
and we want to be able to push it out quick.
    I think, recognizing that, in a number of fusion centers 
and especially in the discussions that have occurred, whether 
it is in the global committee, IACP committees, the PM-ISE, is 
that there is a sensitivity to that.
    You know, classification of information has been a concern 
of fusion centers and how you can get your hands on things that 
you need. We are not quite there yet. I think Ambassador 
McNamara referred to that. But I think we have come a long way. 
That information gets to us pretty quickly. I know that it is 
juggled elsewhere, and thankfully, I don't have to deal with 
that.
    Mr. McNamara. If I could just say a word or two on that. 
No. 1, the information that is most generally used and shared 
is not information that reflects on or leads to dangers for 
methods and sources. That is a very small percentage of the 
information that gets moved through the information-sharing 
system. In fact, it is a very small percentage of the 
information that generally is used by law enforcement, by the 
intelligence community, and by Federal Government at large.
    So it is a problem, but it has been my observation, and 
that of experts much more knowledgeable than I, that in an 
information-sharing environment, with the technology geared to 
provide that protection, we are much better off than we are 
today, without having an information environment and its 
accompanying technology functioning for us.
    I think the best example of that is the case of Hanssen, 
who functioned as a spy getting access to information for 15 
years, I believe over 15 years, before he was caught.
    In an information-sharing environment, I think most experts 
would agree that Hanssen wouldn't have lasted more than a 
couple of years because the system would have, through various 
algorithms and methods used to track the use of the information 
by Hanssen and his access to that information, it would have 
registered within the system and been sent to somebody saying, 
this is out of the ordinary, check it out.
    So I am not one who thinks that information-sharing 
environments mean more information is loosely moved. I think it 
is more accurate to describe an information environment, the 
ones that we are trying to build and are building, as more 
information is more tightly controlled so that it gets to the 
individuals who need it to get their job done. Technology 
offers tremendous advantages for moving information. Since we 
can't go back to the pre-1990 way of handling information, we 
really do have to move into the 21st century of information 
management, as I refer to it.
    The best example of that is your credit card. It is an 
information-sharing environment, works world-wide. You only get 
the information you need to work within the credit card system. 
The bank gets what it needs. The store where you use the credit 
card gets what it needs. But they don't get information that 
doesn't apply to their jobs. There is double- and triple-
checking by the system to make sure that the information is not 
misused. If somebody starts misusing it, the system, the 
computers tell the humans that there is an anomaly here that 
needs to be checked.
    That is what I see as the information--something parallel. 
It is not exactly like that, but it is something parallel to 
that that we need to build in to the Federal Government 
information management. It goes beyond information sharing. It 
goes to information security. It goes to privacy and civil 
liberties rules. It is very broad. It is a complex set of new 
methodologies for managing information.
    Mr. Carney. The Chair now recognizes for 5 minutes the 
gentlelady from New York, Ms. Clarke.
    Ms. Clarke. I want to thank both you, Mr. Chairman and 
Ranking Member McCaul, for holding this very important hearing, 
which explores the current status of and future outlook for 
information sharing, the information-sharing environment.
    I want to thank you, the witness panel, for appearing this 
morning.
    This issue is of particular importance to me, because 
effective information sharing is a critical component of cyber 
intelligence and cybersecurity, as has been indicated and 
asserted by Ambassador McNamara in responding to Mr. Dent's 
question.
    As the Chairwoman of the subcommittee to this committee on 
cybersecurity, the findings, it is important to highlight the 
findings of both the ISE annual report and the Markle 
Foundation's report, which only buttresses the results of the 
President's 60-day cyber review report, which lists information 
sharing as a key component.
    The administration has stated that effective information 
sharing and access throughout the Government is top priority, 
and established the new position of the senior director for 
information-sharing policy within the Executive Office of the 
President to review current status of information sharing and 
make recommendations to the President. Certainly, the new 
senior director will work closely with the new White House 
cyber coordinator.
    So my question is to both Mr. Smith and Ambassador McNamara 
and regarding the White House priority. One of the 
recommendations in the Markle Report is to move the ISE into 
the Executive Office of the President, and the report notes 
that this change will give the PM-ISE Presidential backing and 
therefore greater authority.
    What additional positive effects would such a move have?
    Mr. Smith. Well, first of all, Congresswoman, I am pleased 
you raise cyber, because that really is a major threat we are 
facing, and it is very difficult to get on top of this. So I 
encourage you to keep focused on that.
    We are also pleased that Mr. Brennan's announcement here of 
about a month or so ago moved this--increased the level of 
attention that the National Security Council would pay 
attention to this and the creation of the senior director.
    Ambassador McNamara has testified that he believes his 
position should be Presidential appointment subject to the 
advice and confirmation of the Senate, and that his successor 
should also chair the Information Policy Counsel. I think that 
is a very good idea and worthy of consideration.
    I don't think we have a fixed view on what the right answer 
here is, but the point is that the person should be in the 
White House, should have a lot of horsepower, should be able to 
speak for the President. One of the reasons behind the Senate 
confirmation, on the other hand, was to make sure that the 
individual was accountable to Congress. When we briefed our 
report earlier to this subcommittee and to the Senate 
committee, they were concerned that if this individual were 
moved into the White House, he or she may no longer be 
reachable by Congress. We don't think that is a good idea, and 
I think this is yet to be developed. But these are 
considerations that we believe ought to be taken into account.
    Ms. Clarke. Ambassador McNamara.
    Mr. McNamara. Thank you.
    As I have said, I believe that the link between the White 
House and the Program Manager's office and the functions of the 
Program Manager is critical. It is a necessary link. It needs 
to be strengthened, and I understand that the intention of the 
current administration is to strengthen it.
    I think there are two areas where that strengthening needs 
to be done. One is in the policy role of the Program Manager 
establishing the policies that will govern and implement the 
information-sharing environment. Strengthening that is 
important.
    The second area where the strengthening needs to be done 
is, as I have said before, with respect to the resource 
allocation process. Those are the two areas where I believe 
that the Program Manager needs additional support from the 
White House. But also to be part of the White House process 
would strengthen the Program Manager's position.
    Ms. Clarke. Do you see any drawbacks to relocating the PM-
ISE?
    Mr. McNamara. To relocating?
    Ms. Clarke. To the White House authority.
    Mr. McNamara. Well, with respect to the authorities to 
function, I think the White House has a substantial role. If 
you mean relocating, moving it out from the Director of 
National Intelligence where it is now located, that is a 
question for the White House to decide. It is primarily an 
administrative connection.
    I want to take this opportunity, since you asked the 
question, to say that the three Directors of National 
Intelligence have been among my strongest supporters over the 
3\1/2\ years I have been in this job. One of the things we have 
never had to worry about was the administrative issues and the 
administrative processes for our office. We have been able to 
focus on building the ISE because we knew that we were going to 
get the resources for the functioning of the office, that is, 
keep the lights lit, pay the employees, make sure the paper 
clips are all coming in, and make sure the computer systems 
work. We have gotten that without any trouble, and I think the 
three Directors of National Intelligence have been 
extraordinarily supportive of us.
    Ms. Clarke. Well, thank you.
    I yield back, Mr. Chairman.
    Mr. Carney. Thank you.
    The Chair now recognizes the gentlelady from Arizona, Ms. 
Kilpatrick, for 5 minutes.
    Ms. Kilpatrick. Thank you, Mr. Chairman.
    I wanted to expand a little bit on the Ranking Member's 
question regarding the NCIC. We are both former prosecutors, 
and I know we have relied on that database. I represent a huge 
rural district in Arizona. In fact, my congressional district 
is bigger than the State of Pennsylvania. I have been working 
with law enforcement in terms of interoperability problems, and 
we have got a situation where we know that the drug cartels now 
are using the back roads. They are taking advantage of the wide 
open space, and they are moving faster than technology.
    So my question to you is, what efforts are being made to 
provide rural law enforcement officers in the field access to 
NCIC databases, and then also the technology to allow them to 
report suspicious activity?
    We will start with you, Colonel Fuentes.
    Mr. Fuentes. Thank you, ma'am.
    To the best of my information, they should have access to 
NCIC as a matter of the routine course of their patrol duties. 
Would you be referring to access to the VGTOF database that I 
described a little earlier?
    Ms. Kilpatrick. Yes.
    Mr. Fuentes. That, if I am not mistaken, also ties in with 
the NCIC, that those databases have a link where one will ping 
the other. If there is information in one, that will come back 
in an NCIC response. That should be available to everybody in 
this country to the best, again, to the best of my knowledge.
    Where the fusion centers come in is, and this is very 
crucial, because you are kind of bringing up a point that I was 
going to make a little earlier on; if you have seen one fusion 
center, you have seen one fusion center, which means that 
beyond the baseline, there are individual customer needs in 
every single State. It may be distinctly different in Arizona 
than it is in New Jersey or than it would be in Iowa about what 
those police chiefs or county sheriffs are going to need from 
that fusion center. Obviously, cross-border illegal 
immigration, drug cartel violence is going to be an enormous 
issue in Arizona.
    Quite frankly, Congresswoman, that is the responsibility of 
that fusion center to recognize that those law enforcement 
agencies in your State need that information. That is 
compelling to them to do their job, if only from an officer's 
safety standpoint.
    Ms. Kilpatrick. Thank you.
    Ambassador McNamara.
    Mr. McNamara. Yes. A couple of points. Generally, when one 
talks about fusion centers, we tend to look at the fusion 
center as being a State or a major urban area institution. But 
what your question brings up is the importance that the fusion 
centers play for the smaller organizations and the rural areas 
where the numbers and the sophistication of the agencies in 
those rural areas is not the same as the major police chief, 
major city police organizations, or the State police 
organizations.
    As Colonel Fuentes said, it is very important that the 
fusion centers provide the services out to those rural areas, 
the fusion centers can make the connections with NCIC when a 
very small town police force doesn't have the capacity but does 
have the capacity to get to the fusion center and ask the 
fusion center's assistance to process data that it may not have 
sufficient resources to process.
    I think that as the fusion center network increases and as 
fusion centers begin to look at their real role in their States 
and in their regions, that they will see the tremendous value 
that they can provide in services to rural police, rural 
homeland security officials, rural mayors, et cetera. One of 
the evolutionary elements in the fusion center network has got 
to be the ability to move beyond the major urban areas and get 
out to the rural areas of this country. In States like Arizona 
and Texas border areas, that is critically important.
    Ms. Kilpatrick. One follow-up question. Are you aware of 
any efforts through your Department to expand that information 
sharing in rural areas, aside from the fusion centers?
    Mr. McNamara. That was going to be my second point. The 
second point is, in addition to the fusion centers, if any law 
enforcement agency that has the basic capability of linking its 
computers into the fusion center network and/or the FBI's JTTF 
networks, they can get the information directly if they want it 
directly. In other words, if they want the raw information that 
is in the NCIC, for example, but if they want it in a processed 
form and they don't have the capacity to do it, then they can 
plug into the fusion center.
    So the two ways of getting it is either directly by simply 
joining and actually getting the network capability that allows 
you to join and connect with the NCIC or to go through the 
fusion center to do the same thing.
    Ms. Kilpatrick. Thank you.
    I will tell you that my district has the least amount of 
broadband coverage and cell phone coverage, telecommunications. 
So the basic infrastructure just is not there at this time. But 
we will keep working on it. Thank you very much.
    Mr. Carney. I think we just have a couple more questions. I 
have a question I would like to direct to Mr. Smith and to the 
Ambassador.
    Given the Markle Report and its recommendations, could you 
please tell the panel where you think Congressional efforts 
ought to focus on this issue?
    Mr. Smith. One is always reluctant to give advice to the 
Congress.
    Mr. Carney. But we are asking this time.
    Mr. Smith. It is an honor, Mr. Chairman.
    I think the overall point we want to make is that this 
needs to remain a high priority. Holding hearings like this is 
very important, asking detailed questions. These have been very 
good questions from the panel this morning. I really commend 
you for doing your homework and asking hard questions.
    There are a few things I might call your attention to. One 
thing I had intended to mention in my opening remarks was there 
are a lot of exciting things going on. One of them, for 
example, is there is another group in Washington called The 
Project on National Security Reform, which is a private 
organization that has brought together people like Brent 
Scowcroft and people of that level to focus on how to 
reorganize national security to make and to improve 
decisionmaking. One of the things that they have been talking 
about doing is a pilot project working with some selected 
agencies and the National Security Council to try to implement 
some of Ambassador McNamara's recommendations on a very small 
scale on information sharing.
    I think one of the things this subcommittee ought to do is, 
assuming that the administration does do this pilot program, 
keep an eye on it, see how it is done. Encourage that kind of 
thing. Because it is very hard to break through all of this.
    I think another thing, Mr. McCaul mentioned section 1018. I 
think you ought to take a hard look at that. That raises 
questions more broadly than just Ambassador McNamara's position 
because it gets into the relationship between the Director of 
National Intelligence and the other agencies. That has caused 
some problems that you may have noticed, unfortunately, 
surfaced in the press, and these issues are now in the White 
House for resolution.
    So there are some things that can be done. Again, I think 
certainly the Markle Task Force will remain in place. We are 
honored to work with this committee, and anything we can do to 
help move this process along we are happy to do.
    Mr. Carney. Thank you.
    Mr. Ambassador.
    Mr. McNamara. I would say one of the most important things 
that needs to be done in the coming months, in fact, I asked--I 
called back in the fall of last year, that the year 2009 be the 
year of sustainment for fusion centers. That is to say, the 
year when we all focus on, how do we take the fusion center 
networks that have developed and make them sustainable for the 
long run?
    My fear is that, as the Colonel mentioned, there are 72 of 
them. No one has sat back and taken a look to see whether 72 is 
the right number. They have grown up. They represent huge 
differences in capabilities and focus of attention depending 
upon the State and area and the region in which they are in, 
all of which is quite proper. But I think it is time now, the 
fusion centers have developed, and they are a cost and expense 
for State and local authorities and for the Federal Government. 
We ought to look very carefully at what constitutes a 
sustainable fusion center network for this country for the next 
15 or 20 years.
    We have built something. We have built a capability that it 
has grown so fast because the need was so high, but it has gone 
far enough that I think we can now sit back and say, what do we 
have to do to make sure that, A, it is sustainable? B, that the 
fusion centers are doing what they ought to be doing and not 
getting involved in things they might not be as properly 
involved in?
    So I would say, I would put that at the top of the list as 
something the Congress can do. You can shed a lot of light on 
what is the best fusion center network for this country over 
the long run.
    Mr. Carney. Colonel Fuentes, you probably have some insight 
on that.
    Mr. Fuentes. I couldn't agree more with the Ambassador. The 
issue of sustainability has something to do with the discussion 
with the Congresswoman about, is that fusion center in the 
State making itself accessible to all of its law enforcement 
partners and first responders?
    Different fusion centers around the country have in the 
course of their own evolution developed some best practices. 
There needs to be, beyond the baseline, an export of those best 
practices to other fusion centers that may be having difficulty 
in their States. One of the things that was discussed a couple 
weeks ago in the IACP intelligence summit was the formation, 
perhaps within DHS, of the National Fusion Center Coordination 
Group within DHS, of an auditing team, composed not necessarily 
of members of the Federal Government but perhaps directors or 
analysts from State and local or tribal fusion centers who can 
go around the country on behalf of DHS and see that those 
practices are established or encouraged, and even to do a bit 
of a survey with the customers to see if that fusion center is 
up to the standards that are expected of them since a lot of 
them are funded in one way or another by Federal money. So it 
should be the expectation of the taxpayers that they are doing 
their job correctly.
    Mr. Carney. Thank you.
    My time has expired.
    I now recognize the Ranking Member again for another 5 
minutes.
    Mr. McCaul. Thank you, Mr. Chairman.
    Thank you, Ambassador, for that recommendation, certainly 
one of the strongest ones coming from the panel, sustainment of 
the fusion centers for the next decade.
    Colonel, I am glad to hear that they are sharing best 
practices. I think it is important that fusion centers have 
independence to tailor their needs to local jurisdictions, but 
at the same time, I think it is good that there is an 
organization out there where you can share best practices and 
make sure they are up to the standards they should be.
    Mr. Smith, I wanted to follow up because you didn't have a 
chance to answer my question last time about the program 
manager looking forward. You did reference to 1018, the 
language in section 1018; and also the role that, in going 
forward, the role that the program manager is going to have 
with the White House given this new senior director for 
information-sharing policy. I just want to give you the 
opportunity to respond to that.
    Mr. Smith. Well, I appreciate that, Mr. McCaul. I wish to 
associate myself with what Ambassador McNamara said.
    Ideally, this is a job that should go away. I think one of 
the things that happens in Washington is that doesn't happen 
very often. So I think encouraging whoever the new program 
manager is, for he or she to understand that one of their jobs 
is to make their job go away by institutionalizing this across 
the Government as much as possible. That may wind up shifting 
the responsibility for the policy and the implementation into 
the White House in some senior person who should be, in my 
judgment, subject to Senate confirmation. I would give that 
person, again, as Ambassador McNamara has suggested, some 
budgetary authority. The drug czar is a pretty good model for 
that. We have, in my judgment, too many czars at the moment. 
But there does need to be some ability to work across all of 
the Government.
    So I think that the object should be to find some way of 
creating a position that has the responsibility to ensure 
policy, to develop policy, to ensure it is being carried out by 
the agencies that, at the end of the day, have to execute it. 
It is going to be hard to do that. But, again, this committee, 
there are some ideas out there that are some pretty good ones, 
and I encourage you to look hard at them and keep the pressure 
up.
    Mr. McCaul. Thank you for that response.
    Ambassador, do you agree with that assessment?
    Mr. McNamara. I do indeed. I agree completely.
    I would say the second area where the Congress can really 
make a contribution is to examine what I referred to as these 
crosscutting issues. How are they managed by the Congress and 
by the Executive? I think the system is broken with respect to 
crosscutting issues. I spent 3\1/2\ years with a high-priority 
crosscutting issue. The Congress can do a lot if it can sit 
down, examine itself and examine the Executive Branch, and come 
up with some new solutions to, how do you manage issues that 
cut across 5, 10, and, in my case, 17, all of them major 
agencies of the U.S. Government?
    Mr. McCaul. Thank you for that. We look forward to working 
with you in the future on your recommendations.
    I yield back.
    Mr. Carney. Thank you.
    We now recognize the gentleman from Texas, Mr. Green.
    Mr. Green. Thank you, Mr. Chairman.
    I would like to address, if I may, Mr. Smith.
    Mr. Smith, what I would like for you to do is, on a scale 
of 1 to 10, I would like for you to--let's make it 1 to 5--I 
would like for you to give me the grade that you would give 
with reference to each of the recommendations that you have 
made, I have five recommendations from your Nation At Risk 
report released March 2009. So let's start with the No. 1 
recommendation, which is to reaffirm information sharing as a 
top priority.
    I understand that ISE has been moved into the Executive 
Office. I understand the recommendation that Congress hold 
hearings, well, we are doing that. So on a scale of 1 to 5, how 
do you rate recommendation No. 1?
    Mr. Smith. I would give it a three-plus.
    Mr. Green. Because time is of the essence, I probably won't 
be able to accept a commentary. So if you would let me just 
make a note that it gets a three-plus.
    Let's move quickly to No. 2. We may come back if we have 
time. No. 2, this has to do with discoverable and accessible 
information. My understanding is that you would like to use 
off-the-shelf technology. One to five, how do you rate it?
    Mr. Smith. Three.
    Mr. Green. Moving to No. 3, which deals with security and 
privacy and protection, as we talked about the board, how do 
you rate it? Within that you have three recommendations. I 
won't go through all three of them, but you want a consistent 
privacy policy. You want the President to nominate and confirm 
people to the oversight board. You wanted Congress to conduct 
the oversight. How do you rate this one?
    Mr. Smith. One-and-a-half, one-plus.
    Mr. Green. One-plus. All right.
    Let's move to No. 4, which deals with the culture. You 
would like to transform this culture from a need-to-know 
culture to one that is more productive in information sharing, 
still with only the appropriate persons having the appropriate 
knowledge. You suggested that there be metrics and incentives 
to do this. I appreciate many of the recommendations made, by 
the way. I am going to try some of this in my office. Good 
points. How do you score this one?
    Mr. Smith. Three.
    Mr. Green. No. 5, which deals with empowering the users and 
what we call communities of interest. How do you rank this one?
    Mr. Smith. Two.
    Mr. Green. All right. Now, given that I know you want to 
make comments, let me make one additional comment, and then I 
will let you comment on whichever one you would like to give me 
additional information on.
    I would like to complement, if I may, Mr. Chairman, the 
staff. I was remiss in not doing this earlier, and my fear is 
that if I don't do it now, I may not, because they provided us 
with a great deal of intelligence. It was very beneficial to 
me. I don't come from the intelligence community, but they help 
us to appear to be intelligent. So I thank the staff.
    Now, with this said, we will hear from you, Mr. Smith. Give 
us your comments, please.
    Mr. Smith. Well, as a former Senate staffer, Mr. Green, I 
greatly appreciate your appreciation of your staff.
    I think there has been a great deal of progress. I may have 
been a little too harsh in some of my grades, but I think it is 
important to realize that we have a long way to go. The 
building blocks are there, the basic outline is there.
    Ambassador McNamara and his people have put together some 
suggestions on architecture, on getting the technology in 
place. Overall, within the intelligence community, the world 
that I know best, there has been a great deal of progress, but 
it is still really hard.
    What I am also encouraged today to hear from Colonel 
Fuentes is how the fusion centers are working, and I think that 
that is an area where the rubber is going to meet the road.
    Mr. Green. With 38 seconds left, one final question. On a 
scale of one to five, how important is the oversight board?
    Mr. Smith. The privacy oversight board, I would give that a 
four.
    Mr. Green. In terms of importance?
    Mr. Smith. Yes.
    Mr. Green. Mr. McNamara, one to five?
    Mr. McNamara. I would agree, at least four.
    Mr. Green. Colonel, if you would like to weigh in, of 
course, you may.
    Mr. Fuentes. A lot of discussion on privacy, so I would 
also rate that pretty high. Everywhere I go, it is top of the 
list.
    Mr. Green. Thank you, Mr. Chairman.
    I yield back.
    Mr. Carney. Thank you.
    Ms. Kilpatrick.
    Ms. Kilpatrick. Thank you, Mr. Chairman. I want to give my 
5 minutes to the panelists to make any further comments they 
wish to go to the grading system that Mr. Green just presented.
    So, Mr. Smith, any further comments? You have got 5 
minutes.
    Mr. Smith. Well, I certainly don't want to grade myself. I 
would probably give myself a minus grade.
    One thing that does occur to me as I listen to this 
committee, particularly with some of the broader issues you 
have raised, it might be worth to have a conversation with the 
group I mentioned earlier, the Project on National Security 
Reform. They have made a great deal of progress. They have 
issued a big report. This is led by a man named Jim Locher, who 
was the key Senate staffer for the Goldwater-Nichols Act, which 
reorganized the Department of Defense, which generally is 
recognized as quite a good achievement.
    There are some things in there that relate very directly to 
information sharing and to improving decision-making on the 
National security issues. It doesn't deal with local law 
enforcement. But there are some lessons in here that I think 
the subcommittee might want to take a look at.
    Ms. Kilpatrick. Colonel Fuentes.
    Mr. Fuentes. Between these two gentlemen, I was glad to be 
an audience member most of the time today, and I learned a lot. 
So I thank you for the invitation to come here.
    The one thing that I did want to bring up is that we depend 
a great deal on our crime analysts in the fusion center. Every 
day, depending upon their skill and ability, they have to 
navigate dozens of databases, many of those databases are 
Federal, in order to draw out the information that they need to 
put together the assessments that they are working on.
    Thanks to the PM-ISE and BJA and DHS, they have come up 
with a National Information Exchange Model that between the 
States and the locals have developed a series of common terms 
so that a car in one database is also a car in another database 
and not an automobile and not a vehicle in a third database, 
because obviously, when you are looking to get information, you 
may not get access to information that you want.
    I would ask that this subcommittee think about doing the 
same thing, certainly at the Federal level among those 
databases, is to come up with a common data standard that I 
think will make information sharing an awful lot easier within 
the fusion centers and even among the agencies that manage 
those proprietary databases.
    Thank you again for the invite.
    Ms. Kilpatrick. Mr. Ambassador.
    Mr. McNamara. Thank you, Congresswoman.
    I would endorse Jeff Smith's recommendation about taking a 
look at the PNSR project and Jim Locher's recommendations or 
the recommendations of the project, not just of Jim.
    It was a very credible and serious look at many, many 
aspects of Government functioning, and it does get--it does 
touch on information sharing and the need for revising the way 
we manage information in the Federal Government. I participated 
in it myself, so I know fairly well the recommendations that 
they made in these areas.
    I would like to take, since Jeff doesn't want to do it 
himself, the opportunity to say that I found the Markle reports 
to be an enormous aid to me in my job over the last 3\1/2\ 
years. It is always good inside Government to have somebody 
outside Government looking critically at what you are doing. It 
is a burden at times, but in the end, it leads to better 
Government. The Markle Foundation is to be congratulated, in my 
opinion, for making a signal contribution to national security 
in its efforts.
    Ms. Kilpatrick. Gentlemen, thank you so much.
    Mr. Smith. I would just like to add one, you didn't ask Mr. 
Green to rate Ambassador McNamara. But I would give him a five-
plus.
    Ms. Kilpatrick. Thank you.
    Mr. Carney. Well, seeing that there are no further 
questions, I truly want to thank the witnesses for their 
testimony.
    Occasionally we have edifying hearings in Congress, and 
this certainly is one of them. I think we all learned a lot.
    I certainly want to thank the subcommittee Members for 
their questions as well.
    I would like to remind the panel and the witnesses that we 
may have other questions that we didn't get a chance to ask 
today. As we discussed, things may come up. Please respond in 
writing expeditiously. Once again, thank you very much.
    This subcommittee stands adjourned.
    [Whereupon, at 11:56 a.m., the subcommittee was adjourned.]

                                 
