[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]





IS DHS EFFECTIVELY IMPLEMENTING A STRATEGY TO COUNTER EMERGING THREATS?

=======================================================================

                                HEARING

                               before the

                       SUBCOMMITTEE ON OVERSIGHT,
                     INVESTIGATIONS, AND MANAGEMENT

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED TWELFTH CONGRESS

                             SECOND SESSION

                               __________

                            FEBRUARY 3, 2012

                               __________

                           Serial No. 112-64

                               __________

       Printed for the use of the Committee on Homeland Security


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________

                                _____

                  U.S. GOVERNMENT PRINTING OFFICE

76-510 PDF                WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2250  Mail: Stop SSOP, Washington, DC 
20402-0001








                     COMMITTEE ON HOMELAND SECURITY

                   Peter T. King, New York, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Daniel E. Lungren, California        Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Michael T. McCaul, Texas             Henry Cuellar, Texas
Gus M. Bilirakis, Florida            Yvette D. Clarke, New York
Paul C. Broun, Georgia               Laura Richardson, California
Candice S. Miller, Michigan          Danny K. Davis, Illinois
Tim Walberg, Michigan                Brian Higgins, New York
Chip Cravaack, Minnesota             Jackie Speier, California
Joe Walsh, Illinois                  Cedric L. Richmond, Louisiana
Patrick Meehan, Pennsylvania         Hansen Clarke, Michigan
Ben Quayle, Arizona                  William R. Keating, Massachusetts
Scott Rigell, Virginia               Kathleen C. Hochul, New York
Billy Long, Missouri                 Janice Hahn, California
Jeff Duncan, South Carolina
Tom Marino, Pennsylvania
Blake Farenthold, Texas
Robert L. Turner, New York
            Michael J. Russell, Staff Director/Chief Counsel
               Kerry Ann Watkins, Senior Policy Director
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

       SUBCOMMITTEE ON OVERSIGHT, INVESTIGATIONS, AND MANAGEMENT

                   Michael T. McCaul, Texas, Chairman
Gus M. Bilirakis, Florida            William R. Keating, Massachusetts
Billy Long, Missouri, Vice Chair     Yvette D. Clarke, New York
Jeff Duncan, South Carolina          Danny K. Davis, Illinois
Tom Marino, Pennsylvania             Bennie G. Thompson, Mississippi 
Peter T. King, New York (Ex              (Ex Officio)
    Officio)
                  Dr. R. Nick Palarino, Staff Director
                   Diana Bergwin, Subcommittee Clerk
              Tamla Scott, Minority Subcommittee Director












                            C O N T E N T S

                              ----------                              
                                                                   Page

                               STATEMENTS

The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Subcommittee on 
  Oversight, Investigations, and Management:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable William R. Keating, a Representative in Congress 
  From the State of Massachusetts, and Ranking Member, 
  Subcommittee on Oversight, Investigations, and Management......     4

                               WITNESSES
                                Panel I

Mr. Paul A. Schneider, Principal, The Chertoff Group:
  Oral Statement.................................................     5
  Prepared Statement.............................................     7
Ms. Sharon L. Caudle, PhD, The Bush School of Government and 
  Public Service, Texas A&M University:
  Oral Statement.................................................    12
  Prepared Statement.............................................    13

                                Panel II

Mr. Shawn Reese, Analyst, Emergency Management and Homeland 
  Security Policy, Congressional Research Service:
  Oral Statement.................................................    41
  Prepared Statement.............................................    42
Mr. David C. Maurer, Director, Homeland Security and Justice 
  Team, Government Accountability Office:
  Oral Statement.................................................    48
  Prepared Statement.............................................    49
Mr. Alan Cohn, Deputy Assistant Secretary, Office of Policy, 
  Department of Homeland Security:
  Oral Statement.................................................    58
  Prepared Statement.............................................    60

                             FOR THE RECORD

The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Subcommittee on 
  Oversight, Investigations, and Management:
  Statement of the Texas Border Coalition........................    32

 
IS DHS EFFECTIVELY IMPLEMENTING A STRATEGY TO COUNTER EMERGING THREATS?

                              ----------                              


                        Friday, February 3, 2012

             U.S. House of Representatives,
    Subcommittee on Oversight, Investigations, and 
                                        Management,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:04 a.m., in 
Room 311, Cannon House Office Building, Hon. Michael T. McCaul 
[Chairman of the subcommittee] presiding.
    Present: Representatives McCaul, Long, Duncan, Keating, 
Clarke of New York, and Davis.
    Mr. McCaul. The committee will come to order. Good morning.
    The purpose of this hearing is to examine the strategy 
documents produced by the Department of Homeland Security 
pertaining to emergency--emerging threats and the 
implementation of those strategies. I now recognize myself for 
an opening statement.
    In December 2009 Homeland Security Secretary Janet 
Napolitano gave a speech to her Department. She said, ``I see 
one DHS as a strong, efficient, and focused department--one 
where all the talents and skills that we possess as individuals 
and as components come together and come together in new and 
exciting ways to serve our missions.''
    The Department of Homeland Security is the third-largest 
department in the Federal Government, with more than 200,000 
employees and an annual budget of more than $40 billion. Its 
transformation, according to the GAO, is critical to achieving 
its homeland security mission. However, the agency has been 
criticized for excessive bureaucracy, waste, ineffectiveness, 
and lack of transparency that have hindered its operations and 
wasted taxpayer dollars.
    For example, the DHS inspector general, in a November 2011 
report, concluded the Department has major challenges, mainly 
in the area of management, including acquisition, information 
technology, grants, and finances. These challenges hinder the 
Department's efforts to become a cohesive, effective, and 
efficient organization.
    The GAO concludes many DHS management functions are high-
risk, including acquisitions, information technology, finances, 
human capital and integration, all resulting in performance 
problems and mission delays. Unless we fix these types of 
problems we will continue to see failures in DHS programs such 
as the Secure Border Initiative virtual fence, where in the end 
taxpayers received little if any return on a $1 billion 
investment. Secretary Napolitano will certainly not attain her 
goal of One DHS until financial and management systems are 
integrated.
    Our subcommittee begins a series of hearings examining the 
challenges DHS faces. We will begin focusing the hearings on 
three basic questions: One, what challenges does DHS face? Two, 
why is it taking so long to become One DHS? Three, do DHS 
shortcomings hinder it from carrying out its core mission of 
securing the homeland?
    Today we begin with the basics by examining the DHS 
strategy and its implementation to counter emerging threats. 
What is the DHS strategy? The Congressional Research Service 
concludes there are several homeland security strategic 
documents with differing goals, priorities, and definitions. 
These examples incorporate both White House and DHS strategy 
documents including the National Strategy for Homeland 
Security; the National Security Strategy; the National Strategy 
for Counterterrorism; the Strategic Plan--One Team, One 
Mission, Securing Our Homeland; the Quadrennial Homeland 
Security Review; and the Bottom-Up Review.
    In the 9/11 Recommendations Act of 2007 Congress mandated 
DHS to develop a Quadrennial Homeland Security Review to 
upgrade strategies related to homeland security and align the 
strategy with the Department's programs and activities. The 
Department developed a QHSR and supplemented it with a Bottom-
Up Review.
    The GAO analyzed both of these documents and determined DHS 
only fully addressed three of the nine 9/11 Commission Act 
reporting requirements. DHS only partially addressed the other 
six through the QHSR and other reports.
    But most notably, DHS did not identify how these reports 
are consistent with other National and DHS strategies. All 
these different strategies are confusing to both Congress and, 
more importantly, the components which have to implement these 
strategies.
    Just as important as identifying what the strategy is, is 
understanding how DHS will implement it. How does DHS translate 
words into reality?
    The Wharton Business School has a model of best practices 
for successful strategy implementation. Specifically, is there 
an action plan? Is the headquarters' organizational structure 
the correct size? Is there monitoring and control from 
headquarters for implementing the strategy? Are core missions 
and initiatives linked together to prevent duplication?
    The bottom line is that DHS needs a single strategic 
document which subordinate agencies can follow and make sure 
the strategy is effectively and efficiently implemented. This 
single document should conform to the National Security 
Strategy in the United States, and if the agencies do not have 
a clearly-established list of priorities it will be difficult 
to complete assigned missions.
    We understand DHS has a wide diversity of missions 
including controlling our borders, securing transportation, 
protecting the President, conducting sea search and rescue, and 
researching radiation technology, to name just a few. Because 
of this diversity it is important to have a single 
comprehensive strategy.
    Additionally, we must ensure each agency, whether it is 
Customs and Border Protection, Secret Service, TSA, or Coast 
Guard, is effectively implementing the strategy by making sure 
headquarters has the proper monitoring and controls in place. 
We ask these questions today to assist the Department and 
determine what Congress can do to move the Department toward 
the goal, as the Secretary said, of becoming One DHS.
    So with that, I recognize the Ranking Minority Member who 
appeared at this hearing in just the nick of time.
    Bill, welcome.
    [The statement of Chairman McCaul follows:]
                Statement of Chairman Michael T. McCaul
                            January 25, 2012
    In December 2009, Homeland Security Secretary Janet Napolitano gave 
a speech to her Department. She said, ``I see One DHS as a strong, 
efficient, and focused Department--one where all the talents and skills 
that we possess as individuals and as components come together and come 
together in new and exciting ways to serve our missions.''
    The Department of Homeland Security (DHS) is the third-largest 
Department in the Federal Government with more than 200,000 employees 
and an annual budget of more than $40 billion. Its transformation, 
according to the Government Accountability Office (GAO), is critical to 
achieving its homeland security mission. However, the agency has been 
criticized for excessive bureaucracy, waste, ineffectiveness, and lack 
of transparency that have hindered its operations and wasted taxpayer 
dollars.
    For example:
   The DHS Inspector General, in a November 2011 report, 
        concludes the Department has major challenges mainly in the 
        area of management, including acquisition, information 
        technology, grants, and finances. These challenges hinder the 
        Department's efforts to become a cohesive, effective, and 
        efficient organization.
   The Government Accountability Office (GAO) concludes many 
        DHS management functions are high-risk, including acquisitions, 
        information technology, finances, human capital, and 
        integration, all resulting in performance problems and mission 
        delays.
    Unless we fix these types of problems we will continue to see 
failures in DHS programs such as the Secure Border Initiative virtual 
fence, where in the end taxpayers received little if any return on a $1 
billion dollar investment. And Secretary Napolitano will certainly not 
attain her goal of ``One DHS'' until financial and management systems 
are integrated.
    Our subcommittee begins a series of hearings examining the 
challenges DHS faces. We will be focusing the hearings on three basic 
questions:
   What challenges does DHS face?
   Why is it taking so long to become ``One DHS?'' and
   Do DHS shortcomings hinder it from carrying out its core 
        mission of securing the homeland?
    Today we begin with the basics by examining the DHS strategy and 
its implementation to counter emerging threats. What is the DHS 
strategy?
    The Congressional Research Service concludes there are several 
homeland security strategic documents with differing goals, priorities, 
and definitions. These examples incorporate both White House and DHS 
strategy documents including:
   2007 National Strategy for Homeland Security,
   2010 National Security Strategy,
   National Strategy for Counterterrorism,
   Strategic Plan--One Team, One Mission, Securing Our 
        Homeland,
   Quadrennial Homeland Security Review, and
   Bottom-Up Review.
    In the 9/11 Recommendations Act of 2007, Congress mandated DHS 
develop a Quadrennial Homeland Security Review, a QHSR, to update 
strategies related to homeland security and align the strategy with the 
Department's programs and activities. The Department developed a QHSR 
and supplemented it with a Bottom-Up Review (BUR).
    The GAO analyzed both of these documents and determined DHS only 
fully addressed three of the nine 9/11 Commission Act reporting 
requirements in the QSHR. DHS only partially addressed the other six 
through the QHSR and BUR reports. Most notably DHS did not identify how 
these reports are consistent with other National and DHS strategies.
    All these different strategies are confusing to both Congress and 
more importantly the components which have to implement the strategies.
    Just as important as identifying what the strategy is, is 
understanding how DHS will implement it.
    The Wharton School of Business has a model of best practices for 
successful strategy implementation. Specifically, is there an action 
plan, is the headquarters' organizational structure the correct size, 
is there monitoring and control from headquarters for implementing the 
strategy and are core missions and initiatives linked together to 
prevent duplication?
    The bottom line is that DHS needs a single strategic document which 
subordinate agencies can follow and make sure the strategy is 
effectively and efficiently implemented. This single document should 
conform to the National Security Strategy of the United States of 
America. If the agencies do not have a clearly established list of 
priorities it will be difficult to complete assigned missions.
    We understand DHS has a wide diversity of missions including 
controlling our borders, security transportation, protecting the 
President, conducting sea search and rescue and researching radiation 
technology, to name just a few. Because of this diversity, it is 
important to have a single comprehensive strategy. Additionally we must 
insure each agency--whether it is the Customs and Border Protection, 
Secret Service, Transportation Security Administration, or the Coast 
Guard--is effectively implementing the strategy by making sure 
headquarters has the proper monitoring and controls in place.
    We ask these questions today to assist the Department and determine 
what Congress can do to move the Department toward the goal of becoming 
``One DHS.''

    Mr. Keating. Thank you, Mr. Chairman. I want to thank you 
for convening this hearing.
    I would also like to thank our witnesses for their 
participation and giving their time with us this morning.
    Eleven years ago the heinous attacks of September 11 served 
as the impetus for changing the way we approach homeland 
security in the United States. Following the tragic day, 22 
separate agencies, many with challenges all their own, were 
combined to form the Department of Homeland Security. The 
Department was tasked with carrying out the strategy that 
defined the Nation's homeland security agenda.
    Since that time, numerous National strategies were released 
and further refined through time. Last year the Department of 
Homeland Security released its first-ever Quadrennial Homeland 
Security Review, which we will refer through acronyms, which I 
hate afterwards, so try and remember all that that was. The 
framework of this document, along with the President's National 
Security Strategy, which, for the first time, included homeland 
security as an integral component of our National security, has 
set the Nation on a course to address not only counterterrorism 
but emerging threats, such as National disasters Nationally, 
climate change, and cybersecurity, as well.
    Now that a more comprehensive National strategy approach is 
defined, what are we doing now to really ensure that this is 
going to be carried out? That is the question we are asking 
today, but before we do that we have to determine whether the 
requirements, roles, and responsibilities at the Federal, 
State, and local levels are properly aligned, and above all, 
the proper resources are allocated.
    This past Congress the Department of Homeland Security has 
suffered significant cuts, especially at the management level. 
Furthermore, the Office of Policy, which is responsible for the 
preparation of the QHSR and for developing and assessing the 
implementation of the Department's long-term strategy, was one 
of the hardest-hit office in the last rounds of cuts. Adding 
insult to injury, the Department is still without a financial 
management system that is integrated, functional, and up-to-
date, resulting in Department-wide struggles with fund 
balances, improper payments, and Anti-deficiency Act 
violations.
    Although improvements have been made, the workforce 
responsible for acquisition oversight is understaffed and its 
procurement, information technology, and human capital 
functions remain high on GAO's risk list. Furthermore, we are 
still many years and many more dollars away from finishing what 
was started in terms of consolidating the Department's 
headquarters at St. Elizabeths.
    These challenges may seem unrelated to strategy, but unless 
these management challenges are fixed-mission execution will 
suffer. That all being said, I look forward to today's hearing 
and testimony, and, Mr. Chairman, I yield back my time.
    Mr. McCaul. I thank the Ranking Member.
    Other Members of the subcommittee are reminded that opening 
statements may be submitted for the record. We have two very 
distinguished witnesses on the first panel, and I would like to 
go ahead and introduce them before their testimony.
    The first is the Honorable Paul Schneider. He is a 
principal at the Chertoff Group, which focuses on the defense 
and aerospace industries, cybersecurity, systems engineering, 
and major acquisition procurement and financial management.
    Prior to joining the Chertoff Group, Mr. Schneider was the 
deputy secretary for the Department of Homeland Security, where 
he managed the day-to-day operations of a Department with over 
200,000 employees and an annual budget of over $52 billion. 
While at DHS he was also under secretary for management.
    Thank you, and welcome to our committee.
    Next we have Dr. Sharon Caudle, who is the faculty member 
at a school that is near and dear to my heart, the Bush School 
of Government and Public Service at Texas A&M University, where 
she teaches in the master of public service and administration 
program and the certificate in homeland security program. 
Before joining the Bush School she was with the U.S. GAO where 
she focused on homeland security and National preparedness 
strategic policies and programs.
    So welcome, both of our witnesses.
    With that, the Chair now recognizes Mr. Schneider for his 
testimony.

 STATEMENT OF PAUL A. SCHNEIDER, PRINCIPAL, THE CHERTOFF GROUP

    Mr. Schneider. Thank you, Mr. Chairman, Congressman 
Keating, and Members of the subcommittee. It is a pleasure to 
appear before you today.
    Based on my observations, former position, and years of 
experience, I am here to provide my views about DHS's current 
strategy and what direction they should be--they should 
consider taking in the future. I believe the most serious 
dangers facing our Nation today involve biological, cyber, and 
nuclear threats. I know DHS takes these threats very seriously 
and has instituted several programs to address these dangers, 
but I am concerned that in some cases fiscal reality will limit 
the resources that are available to counter these threats.
    Biological is at the top of the list in terms of risk 
because of the relative ease of accessibility to materials and 
know-how, the potential consequences, and relatively low level 
of National preparedness. Cyber, because of its pervasiveness 
and difficulty in pinpointing attribution, has rapidly emerged 
as a threat to all critical infrastructure areas.
    Both nuclear and biological threats--for these what we need 
is a very strong National preparedness posture comprised of a 
very highly integrated group of stakeholders supported by 
realistic plans and frequent exercises that provide confidence 
in our preparedness and ability to respond.
    I have several recommendations. First, emphasize 
cybersecurity in the private sector with practical help. While 
DHS continues to focus its funding on defending the Federal 
Government networks there is an additional need for investment 
support to identify, prevent, and mitigate threats to our 
mostly privately-owned critical infrastructure and key resource 
systems as well as the State and local governments and 
infrastructure providers.
    I recommend establishing public-private partnerships in 
order to perform the following: Create and institute IT portals 
that easily convey Government requirements to large and small 
businesses that will enable them to easily explain what they 
have to offer. That is the seat of innovation in this country.
    Set up programs with and for small and mid-size businesses 
as well as State and local governments to educate them about 
what they can do to protect their networks. Help in the 
creation of private sector-run security operation centers to 
provide cybersecurity services for small and mid-sized 
businesses and for certain public sector utilities and entities 
that will allow them to protect their network.
    Establish a robust modeling and simulation effort. Focus on 
resilience. Examine the need for more agile contracting 
strategies to work inside of the stimulus-response cycle that 
is needed for cyber issues.
    No. 2: Restructure the focus of science and technology. 
Significant budget cuts imposed on the Department's S&T effort 
has led me to conclude that the whole nature of this function 
has to change dramatically. After accounting for the existing 
manpower levels, major laboratories, university research 
centers, there are very little discretionary funds left to use.
    So what I recommend doing in that particular case is to do 
a restock and prioritization of the efforts that they focus on. 
I know it is hard to make some adjustments, especially in 
manpower, but in this budget scenario it certainly dictates 
that.
    We need to have a more focused and deliberate test and 
evaluation effort in order to inform users of whether or not 
the stuff they are buying works. It is not clear to me what 
State and local and private organizations do in terms of buying 
equipment that there is any competent technical authority has 
said that the stuff is okay. That means shifting to threat-
based T&E as opposed to standards-based T&E, which is driven by 
the industry.
    I think you have to--they have to recognize that the 
Department of Defense has a tremendous amount of talent, and so 
what I think we need to be doing is harvesting that talent. I 
would put together a team of people made up of the laboratories 
at DOD, FFRDCs, DHS operational people, DHS FFRDCs, and look at 
each of these operational areas and see what technology could 
be immediately harvested.
    No. 3: Consolidate the information technology effort under 
the CIO. No matter what system you are talking about, DHS--the 
underpinnings are a massive IT system. Frankly, they all are 
interdependent, multiple databases, but yet individual 
programs.
    This needs to be consolidated. Put the funding under the 
CIO. Then not just let programs individually decide what 
modernization has to take place, but rather, let the CIO move 
the Department in an integrative phase approach to maximize the 
use of resources.
    Fourth, consolidate the operations. When I was the dep sec 
I was asked about basically: Should the Department have a 
Goldwater Nichols? I always said at the time that at some point 
it should, but it was too premature. At this point in time I 
think it is important to start seriously considering how to go 
do that.
    Department of Defense did that in 1986 followed by the DMR 
in 1989, and the fact of the matter is it now works. So from an 
operational warfare--from an operational law enforcement 
standpoint and from a headquarters integration standpoint that 
is the thing to do. I realize that that is very hard to do, and 
it would enable some operating components to lose some 
individuality, but the fact of the matter is it needs to be 
done.
    I think the Department has come a long way since its origin 
and will continue to improve over its years. I think as we look 
to the future we need to make some of these improvements.
    I want to conclude by thanking you for the opportunity to 
be here today, your significant support of the Department and 
its thousands of people, and I would be happy to answer any 
questions that you might have.
    [The statement of Mr. Schneider follows:]
                Prepared Statement of Paul A. Schneider
                            February 3, 2012
    Thank you Mr. Chairman, Congressman Keating, and Members of the 
subcommittee. It's a pleasure to appear before you today.
    It has been approximately 3 years since I have left office as the 
Deputy Secretary of the U.S. Department of Homeland Security (DHS). 
Since that time, I been consulting for the U.S. Government (except for 
DHS); am a Principal in The Chertoff Group which is a company that 
provides consulting, security, and merger and acquisition (M&A) 
advisory services for clients in the security, defense, and Government 
services industries around the world; and, I also currently serve on 
several boards and advisory groups, including as Chairman of the Board 
of Directors of the Applied Science Foundation for Homeland Security. 
My role with the Foundation and other small companies is done on a pro 
bono basis.
    Since leaving my position at DHS, I have had the opportunity to 
observe the changing and challenging budget environment and assess its 
impact on DHS operations and those of the homeland security enterprise. 
Based on my observations, former position, and years of experience, I 
am here today to provide my views about DHS' current strategy and what 
direction they should consider taking in the future.
                                threats
    I believe the most serious dangers facing our Nation today involve 
biological, cyber, and nuclear threats. As you know it is very 
difficult to convince the general public of the importance of these 
threats. I know DHS takes these threats very seriously and has 
instituted several programs to address these dangers, but I am 
concerned that in some cases, fiscal reality will limit the financial 
resources that are available to counter these threats.
    Biological is at the top of the list in terms of risk because of 
the relative ease of accessibility to the materials and know-how; the 
potential consequences; and relatively low level of National 
preparedness. Cyber because of its pervasiveness and difficulty in 
pinpointing attribution has rapidly emerged as a threat to all critical 
infrastructure areas.
    For both nuclear and biological threats (and the wider range of 
catastrophic threats) what we need is a very strong National 
preparedness posture comprised of a highly integrated group of 
stakeholders supported by realistic plans and frequent exercises that 
provide confidence in our preparedness and ability to respond.
    I think it is appropriate for DHS to accelerate ``fixing'' critical 
infrastructure issues. The tiered approach to identifying the critical 
facilities can serve as a map to developing and implementing a 
mitigation plan.
     emphasize cyber security in private sector with practical help
    I am pleased that cyber security continues to receive the political 
and financial support it does from the Congress. However, the extent of 
this problem is huge. While the Department of Homeland Security 
continues to focus its funding on defending the Federal Government 
networks (the .gov domain), there is an additional need for investment 
and support to identify, prevent, and mitigate threats to our mostly 
privately-owned critical infrastructure and key resource systems, as 
well as State and local governments and infrastructure providers.
    I find it amazing that within a 50-mile radius of this building 
there is a nexus of expertise in this area that is without peer: The 
Ft. Meade complex, major cyber security centers set up by the major 
corporations, cyber incubators in the State of Maryland, the University 
of Maryland Cyber Research and Development Center, etc.
    To support the constantly evolving and persistent cyber threat, I 
would recommend establishing a public-private partnership in order to 
perform the following:
    1. Create and institute IT portals that easily convey Government 
        requirements to large and small businesses that enable them to 
        easily explain what they have to offer. The rigid small 
        business methods and forums cannot match the near-real-time 
        speed that is required to keep up in this world; and yet there 
        is a tremendous amount of innovation and capability that can be 
        tapped.
    2. Set up programs with/for small and mid-size businesses, as well 
        as State and local governments, to educate them about what they 
        can do to protect their networks.
    3. Help in the creation of private-sector-run security operations 
        centers to provide cybersecurity services for small and mid-
        sized business, and for certain public sector entities, that 
        will allow them to protect their networks.
    4. Establish a more robust modeling and simulation effort that 
        allow relevant parties to strategize the threat space, model 
        the implications and determine risk mitigation approaches.
    5. Consistent with the Critical Infrastructure Protection (CIP) 
        implementation program, focus on resilience to look at means to 
        quickly recover from a cyber-incident.
    6. Examine the need for more agile contracting strategies that work 
        inside the stimulus-response cycle needed for cyber issues.
            restructure the focus of science and technology
    The budget cuts imposed on the Department's Science and Technology 
Directorate (S&T) have led me to conclude that that S&T must change its 
entire nature in order to reflect its new budget reality. After 
accounting for the existing manpower levels, major laboratories that 
are funded by these appropriations and the University Centers of 
Excellence, very little discretionary funds are remaining.
    Therefore I believe the focus of DHS S&T should be as follows:
    1. Emphasize a more focused and deliberate test and evaluation 
        program to inform users of the right equipment and systems to 
        deploy for the right mission. Work with the users to understand 
        the threat environment, their operational concepts for 
        operations to make sure the test procedures and environments 
        are relevant. Right now we have public and private institutions 
        around the country buying stuff and it is not clear if any 
        competent technical authority knows if it is any good.
    2. Based on an aggressive T&E program to meet users' needs, develop 
        standards for devices and systems that could be procured by the 
        private and public sectors, not the devices themselves, because 
        it is impractical to think that the Government will get enough 
        procurement dollars to field the equipment themselves. This 
        means using T&E and threat-based standards as the basis to 
        inform users of the right equipment for the right mission 
        application. This moves away from the standards-based 
        (industry-driven) approach which is not the correct approach 
        for this situation.
    3. Recognize that State and local governments and the public 
        sector, not just the DHS operational components, are the 
        recipients of S&T investment dollars and include their 
        priorities in the resource allocation process.
    4. Aggressively harvest the enormous amount of technology that the 
        Department of Defense has been/is developing and with the 
        correct set of innovative people look at how to adapt it to DHS 
        uses. In this regard I recommend that consideration be given to 
        forming a team with representatives from Department of Defense 
        (DoD) laboratories and Federally Funded Research and Develop 
        Centers (FFRDCs) and the DHS Systems Engineering FFRDC with DHS 
        operational personnel to evaluate specific scenarios that DoD 
        technology could be readily adapted to enhance mission 
        effectiveness.
    5. While DNDO is a separate organization, these recommendations 
        also apply to the work and RDT&E they do.Within DNDO, the 
        process was and I believe still is to work with State and local 
        law enforcement to determine how they would use detection 
        systems and then to test them using those Concepts of 
        Operations (CONOPs) against threat material and in 
        operationally relevant environments.
    6. Readjust funding allocations from manpower, laboratories, and 
        University centers to S&T that directly and more immediately 
        supports the users.
  consolidate information technology (it) under the chief information 
                             officer (cio)
    The Under Secretary for Management and the Chief Information 
Officer (CIO) has made DHS the leader in data center consolidation and 
the migration to the cloud. Once you have worked with the IT 
underpinnings of DHS, you realize it is one massive IT system that many 
different operational users use, with the bulk of the databases serving 
multiple users under multiple systems and many are interdependent.
    So, whether it is E-Verify, US-VISIT, TECS, and TTAC with all of 
its component systems, there is interlocking because many of the same 
databases are accessed in order for the Government to make 
adjudication. Yet, observing on the outside, as I have, systems 
modifications, modernizations, and upgrades are executed by individual 
components that happen to be responsible for their programs and 
systems.
    While coordination and oversight can be effective, I think the 
current environment dictates a different business model of centralized 
command and control.
    The IT area has and will continue to sustain large financial cuts 
due in some part to the belief that IT is an enabler and therefore iris 
investment ought to achieve savings. I agree that IT is enabler, but 
the business management model that governs is as much of an enabler as 
the technology itself.
    Therefore I recommend the following:
    1. Consolidate all of the IT funding under the DHS CIO;
    2. Empower the CIO and the Under Secretary for Management to 
        determine how best to incrementally phase in a new IT 
        infrastructure building on what they have done with the data 
        center integration and cloud migration, by using the 
        appropriated funds for the individual systems, modulating 
        individual program priorities for the overall good of the 
        Department and the betterment of the overall IT infrastructure.
    For this to succeed DHS will have to continue to make substantive 
and sustained progress in developing a functional command and control, 
communications, and requirements development.
            change the business model for scanning equipment
    Scanning is an essential part of the security architecture for 
aviation security and in my view the technology is dynamic, driven in 
large part to significant advances in the medical field. And as nano 
technology emerges, to an even greater extent technology enables 
enhancements in fidelity for screening in terms of quality and speed of 
the throughput which will be highly desired and valued by DHS. Now, 
these systems are procured and upgraded by the Government.
    Given funding realities and the speed of which the commercial 
sector can quickly develop and respond, this dictates shifting to a 
business model whereby the Government specifies the requirements and 
leases the equipment with stated service-level agreements regarding 
performance like commercial IT contracts, including upgrade and refresh 
requirements. DHS would essentially pay for this as a fee-for-service 
lease. I am acutely aware that OMB has definite views of this type of 
arrangement that may not be as supportive because of scoring 
considerations.
    In my view however, the changing nature of the technology, evolving 
threat scenarios and the budget realities, demand that the current 
business model be changed to one of a more commercial nature.
                         consolidate operations
    While serving as the Deputy Secretary, I was frequently asked by 
those Members of Congress who were on Homeland Security Committees and 
Department of Defense Committees whether or not DHS needed ``Goldwater 
Nichols (GN)'' legislation.
    The Goldwater-Nichols Department of Defense Reorganization Act of 
1986 Pub. L. 99-433, made the most sweeping changes to the United 
States Department of Defense since the Department was established in 
the National Security Act of 1947 by reworking the command structure of 
the United States military. It was subsequently followed by the Defense 
Management Review of 1989 which fully implemented the Packard 
Commission's recommendations and the Goldwater-Nichols Act to 
substantially improve the performance of the defense acquisition 
system; and to manage more effectively the Department of Defense and 
our defense resources.
    I replied that the time was definitely not correct to do that 
because DHS was still in its infancy, not all the requirements of GN 
were appropriate to be considered for DHS, and that the Act's 
operational and acquisition fundamental changes should ultimately be 
considered and adapted for use by DHS, but timing was key.
    At this point in time I think it is appropriate to start thinking 
seriously about how to accomplish a modified version of GN for DHS, 
since I think only a few major provisions as discussed below are 
applicable at this time. The factor that drives me to this conclusion 
is that I believe currently, no unified command structure exists for 
DHS components in the field. Each component has individual field 
structures with unique geographic boundaries and independent chains of 
command. These lines of authority do not converge until they reach the 
Secretary/Deputy Secretary.
    Practically speaking, in the field, there are independent operating 
components. I think this hampers operational effectiveness. While I am 
aware there are several informal teaming arrangements in various ports 
and cities, it is not the same as an integrated command-and-control 
structure. Therefore, I recommend:
    1. Develop a unified field structure with appropriate command-and-
        control or coordination authority. This would provide an 
        opportunity for greater stability in State/local relationships 
        and ability to better coordinate DHS operations in the field.
    2. Consideration should include various alternatives, such as 
        States, regions, ports, interfaces with DOD, and unique State 
        and local considerations and authorities.
    3. Maximizing the collective effectiveness and use of joint assets, 
        both operationally and in the planning and execution of 
        logistics support functions.
    I am aware that certain operating component statutory authorities 
need to be addressed to make this work, but integration of assets at 
the pointy end of the spear is essential in order to maximize 
effectiveness in addressing the evolving threat scenarios.
    The second major element of a GN move would be to examine 
centralizing major acquisition programs in a ``DOD Systems Command'' 
type of structure separate from the Operational Components. This would 
enable operating components to focus on operations and build upon the 
critical acquisition mass currently available, while ensuring major 
cross-component acquisition initiatives are executed in an integrated 
manner (as many current operations are actually executed). As part of 
this effort a total review of the acquisition process, its successes, 
lessons learned, and next steps would be a useful step to help shape 
the structure of this organization. All of this will eliminate 
redundancy, while complying with an integrated enterprise-wide 
architecture and offers the potential for tremendous financial 
economies.
    The basis for this recommendation is simple. The majority of DHS 
operational people wears badges and carry guns. Is it smart to hold a 
major component head, for example the head of CBP, with approximately 
65,000 people, responsible for his 24-hr7-day law enforcement 
responsibilities around the world and at the same time, ask him to be 
responsible for developing and fielding complex systems that must 
integrate with other complex systems? Is this the correct model for the 
future? I think the answer to both questions is no and that is why I 
think this different structure is much more conducive to enhancing 
effective operations.
    In DoD they learned this a long time ago. That is why the Air 
Force's Air Combat Command deploys planes and does not develop the F-
35, and why the Navy's COMSUBLANT operates submarines but does not 
develop the Virginia Class Submarines.
    I am aware that many organizations within DHS will disagree with 
these recommendations and argue vociferously against any changes to the 
status quo to protect their legacy functions and independence. So, it 
would be the challenge to leadership to steer changes of this 
magnitude. The DOD was created in 1947; GN was authorized in 1986, but 
really didn't happen until the DMR in 1989 when the majority of the GN 
changes took effect. It would be unreasonable to assume that this type 
of change would be any different in time scale in DHS.
  overlaps in the assignment/interpretation of homeland security roles
    I think the issue of ambiguities and overlaps in the assignment/
interpretation of homeland security roles, responsibilities, and 
authorities among Federal stakeholders are a continuing obstacle to 
unity of effort within the Federal Government and our allied countries. 
These overlaps and ambiguities also have the effect of fundamentally 
undermining the credibility and ability of Federal agencies to 
effectively engage with State and local governments and the private 
sector.
    As you're well aware, this is a very difficult and politically 
charged issue that is difficult to rationalize. While, barring some 
major catalyst, a holistic attempt to comprehensively frame and address 
all roles/responsibilities/authorities issues is near impossible.
    What is needed is a systems approach to identifying the overlaps 
and ambiguities having the most significant implications for our 
strategic outcomes (e.g., DHS/DOJ re: terrorism prevention and borders; 
DHS/HHS re: Bio/mass casualty event preparedness & response; DHS/DOD 
re: catastrophic response support to civil authorities). The challenges 
with these issues is that agencies and components would rather live 
with and work around current ambiguities than risk losing equities they 
consider vital. Yet these same ambiguities significantly undermine 
unity of effort, and increase risks of failure in preventing or 
responding to potentially catastrophic events. I doubt many in the 
administration or Congress have energy on this, but it is a necessary 
factor that should be addressed.
                               conclusion
    I think DHS has come a long way since its inception and will 
continue to improve over the next few years. I believe as we look to 
the future we need to make refinements along the lines I have 
recommended before you today to meet the many challenges that lie 
ahead.
    I urge you to adapt these recommendations and direct their 
implementation.
    Thank you for your leadership and your continued support of the 
Department of Homeland Security and its programs, and your support and 
commitment to the thousands of men and women who dedicate themselves to 
the defense of our great country.
    Thank you for this opportunity to be here today and I am happy to 
answer any questions that you may have.

    Mr. McCaul. Thank you, Mr. Schneider. I appreciate your 
comments about our support for the Department. We do.
    The reason we are having these hearings is to find out how 
we can reform the Department so it works more efficiently and 
better for its employees. So I appreciate you saying that.
    With that, the Chairman now recognizes Dr. Caudle for her 
testimony.

    STATEMENT OF SHARON L. CAUDLE, PH D, THE BUSH SCHOOL OF 
      GOVERNMENT AND PUBLIC SERVICE, TEXAS A&M UNIVERSITY

    Ms. Caudle. Thank you, Mr. Chairman, for the opportunity to 
be here today. I will specifically focus my remarks on DHS's 
National preparedness approach as components of an overall 
strategic framework, taking a look at what the requirements 
are, expectations are for the homeland security community--
Federal, State, local, private sector, non-Governmental, 
individuals, families, and communities.
    First, there are major themes in DHS's strategy that 
provide the context for challenges I will mention shortly. 
These themes include, for example, homeland security, now 
clearly a part of National security; the whole homeland 
security community, including the Federal Government, 
responsible for preparedness, from prevention to recovery, 
including mitigation; all-hazards and the maximum capacity for 
a catastrophic event as benchmarks for preparedness; core 
capabilities and performance targets update past prescriptive, 
detailed individual tasks, and target capabilities; and 
finally, another homeland security management system crafted 
with performance expectations and assessment mechanisms.
    There are three challenges I see in the overall 
preparedness strategy for subcommittee consideration. The first 
challenge is whether there should be a fundamental change in 
the capability-based approach to achieve National preparedness 
to confront threats.
    Federal policies to date, reinforced by legislation, center 
on building and sustaining robust capabilities--skilled people, 
material, and processes, and partnerships. This approach drew 
on the experience of the defense community.
    Over time DHS has attempted to link the billions of dollars 
spent on preparedness with the development of these 
capabilities. However, valid assessment remains elusive.
    In my view, Federal funding constraints and similar 
challenges for other levels of Government and related homeland 
security partners present an opportune time to consider the 
cost-effectiveness of other policy options. These would be 
compared with the current capabilities approach.
    I suggest that one option is adopting National and/or 
international disaster and emergency management system 
standards. As with management standards, such as the ISO 9000 
quality standards, these can be applied to all organizations.
    Already in place is DHS's PS-Prep National voluntary 
program that does apply preparedness standards to the private 
sector. Also, the current Emergency Management Accreditation 
Program, EMAP, also based on standards, is targeted at State 
and local emergency management programs.
    If these disaster and emergency management standards were 
adopted in lieu of the capabilities requirements, the entire 
homeland security community would share common preparedness 
standards, language, and assessment parameters. Of course, 
still to be resolved would be if the standards should be 
mandated as a National standard of care and how certification 
or accreditation against the standards might occur.
    The second challenge is whether implementation by the whole 
community for what FEMA calls maximum of maximums, or mega-
disaster scenario, is pragmatically achievable. FEMA advocates 
that modern disaster planning should be for a meta-scenario 
that overwhelms all levels of government, including the Federal 
Government. Worse-case planning under this strategy requires 
the expertise and resources of the entire emergency management 
community, from the Federal Government, to the private sector, 
to the NGOs, to individuals and communities.
    One visualizes all preparing for a catastrophe akin to a 
mega-Hurricane Katrina, the Japanese earthquake tsunami and 
nuclear event, or world-wide pandemic. It is not clear to me 
how the Federal Government will operationally craft whole-of-
community preparedness for such a mega-disaster scenario.
    Implementation details to date are sparse regarding how 
members should interact to achieve mega-disaster capability 
targets or make decisions regarding the investment of scarce 
resources. Sound implementation would call for complex, 
coordinated action, assessment, and the commitment of funding 
that may be overwhelming and marked by imprecision.
    The third challenge is whether DHS should include longer-
term emerging threats as priorities for action beyond near-term 
strategies. Current DHS strategies narrowly target threats, 
including a meta-scenario, with a distinct beginning and end--
think earthquake or terrorist attack. Left out by design are 
conditions that are longer-term in their emergence as direct 
threats to National security.
    These include, for example, the impacts of global climate 
change, global illicit trafficking and related transnational 
crime, social disruptions, and economic and financial 
instability. It is not clear how near-term threat capabilities 
will prepare the country for the challenges of these longer-
term threats, often called ``global shocks.'' DHS certainly 
understands the need for action anticipating these global 
shocks under FEMA's Strategic Foresight Initiative, currently 
underway.
    Throughout these three challenges I urge the subcommittee 
to consider the opportunity costs in DHS continuing to pursue a 
comprehensive capabilities approach, insistence that the whole 
homeland security community is being prepared for a mega-
disaster scenario, and delayed action on confronting longer-
term threats.
    Thank you again for the opportunity, and I look forward to 
any questions the subcommittee may have.
    [The statement of Ms. Caudle follows:]
                 Prepared Statement of Sharon L. Caudle
                            February 3, 2012
    Thank you for the opportunity to appear before the subcommittee 
today. My name is Dr. Sharon Caudle. I am the Younger-Carter 
Distinguished Policymaker in Residence and Visiting Lecturer, The Bush 
School of Government and Public Service, Texas A&M University. I am 
also a Senior Fellow at The George Washington University's Homeland 
Security Policy Institute. This testimony represents my personal 
opinions and not necessarily the opinions of the Bush School or the 
Homeland Security Policy Institute.
    Today's hearing focuses on whether the Department of Homeland 
Security (DHS) is implementing an effective strategy to counter 
emerging threats to the security of the Nation. In my statement today, 
I first highlight the DHS policies and overall approach for 
preparedness--from protection to recovery--currently in place as the 
result of Presidential Policy Directive-8 (PPD-8 National 
Preparedness). Then I focus on what I see as three challenges the 
subcommittee should consider: (1) Whether there should be a fundamental 
change in the operational approach to meeting a National preparedness 
goal, (2) whether implementation of capabilities by the ``whole of 
community'' from the Federal Government to individual citizens to 
address the ``maximum of maximums'' threats is pragmatically 
achievable, and (3) whether DHS should include other longer-term, 
emerging threats as priorities for action in its near-term strategies.
         current national preparedness strategies and approach
    In the 5 years following the issuance of President Bush's first 
National homeland security strategy, the administration and Congress 
clarified the scope, mission areas, and responsibilities for homeland 
security. National strategy objectives were consistent in four areas: 
(1) Prevent and disrupt terrorist attacks, (2) protect the American 
people, critical infrastructure, and key resources, (3) respond to and 
recover from incidents that do occur, and (4) continue to strengthen 
the management foundation of homeland security to ensure long-term 
success.
    President Obama's administration has continued the refinement of 
homeland security policies and strategies, consistent with 
Congressional action. In February 2010, DHS released the legislatively-
required Quadrennial Homeland Security Review Report.\1\ As was the 
case with earlier policies, the Report called for a National framework 
of collective efforts and shared responsibilities to build and sustain 
critical homeland security capabilities. The grave security environment 
(beyond terrorism) identified in the Report clearly supported a broader 
security stance: It was expected that violent extremist groups would 
use terrorism to attack United States targets, social, and/or political 
instability would continue, health threats would be more difficult to 
prevent, technological developments, and cyber threats would pose 
threats, climate change would increase weather-related hazards, 
multiple simultaneous crises were likely, and complacency would be a 
danger as major crises receded from memory.
---------------------------------------------------------------------------
    \1\ U.S. Department of Homeland Security (DHS). 2010. Quadrennial 
Homeland Security Review Report: A Strategic Framework for a Secure 
Homeland. [February 2010].
---------------------------------------------------------------------------
    As the subcommittee knows, President Obama released a new National 
Security Strategy that reflected the homeland security policies and 
concepts identified in the Report.\2\ The Strategy reaffirmed the 
``whole of Government'' approach, which is the need for all levels of 
Government, if not the entire country, to strengthen National 
preparedness. The Strategy retained the earlier policy notions of a 
homeland security enterprise (Federal, State, local, Tribal, 
territorial, non-Governmental, and private-sector entities, as well as 
individuals, families, and communities sharing a common National 
interest in American safety and security) and a culture of 
preparedness.
---------------------------------------------------------------------------
    \2\ Obama, Barack. 2010. National Security Strategy. [May 2010].
---------------------------------------------------------------------------
Presidential Policy Directive-8
    The 2010 Report and the newer National Security Strategy set the 
stage for both a restatement and revitalization of the Presidential 
direction for National preparedness. President Obama's March 2011 
Presidential Policy Directive 8 National Preparedness (PPD-8) replaced 
the 2003 Homeland Security Presidential Directive-8 (HSPD-8) issued by 
President Bush,\3\ which had been codified by Congress. The new 
directive reaffirmed past policies and direction, calling for the 
development of: (1) A National preparedness goal identifying the core 
capabilities necessary for preparedness, and (2) a National 
preparedness system guiding activities enabling the Nation to achieve 
the goal. National preparedness was defined as actions taken to plan, 
organize, equip, train, and exercise to build and sustain the 
capabilities necessary to prevent, protect against, mitigate the 
effects of, respond to, and recover from the threats posing the 
greatest risk to the Nation's security.
---------------------------------------------------------------------------
    \3\ Obama, Barack. 2011. Presidential Policy Directive/PPD-8 
National Preparedness. [March 30, 2011].
---------------------------------------------------------------------------
    Specifically related to the subcommittee's interest in addressing 
emerging threats, PPD-8 required that a new National preparedness goal 
address specific threats and vulnerabilities. This overtly reduced 
reliance on National planning scenarios issued several years earlier as 
yardsticks to measure preparedness capabilities. The goal was to define 
the core capabilities necessary to prepare for incidents posing the 
greatest risk to the Nation's security. This made concrete a new policy 
emphasis on maximum capacity for any major disaster or catastrophe.
    The directive also mandated a new piece to the National 
preparedness system--planning frameworks for each of the five 
preparedness objectives--from prevention to recovery. It was envisioned 
that each planning framework would include a basic plan to address all-
hazards. There would be roles and responsibilities at the Federal 
level, but annexes would address unique requirements for particular 
threats or scenarios. The directive also required a ``campaign'' to 
build and sustain preparedness. This would integrate community-based, 
non-profit, and private sector preparedness programs, research and 
development activities, and preparedness assistance.
The PPD-8 Implementation Documents
    DHS has issued a flurry of documents in response to PPD-8's 
mandates. In May 2011, DHS issued the Implementation Plan for 
Presidential Policy Directive 8: National Preparedness.\4\ Under the 
Implementation Plan, DHS was to perform a strategic, National-level 
risk assessment applicable to National, regional, and local levels. The 
assessment would help identify where core capabilities and associated 
performance objectives for the entire homeland security community 
should be placed, topped by the maximum preparedness capacity needed to 
respond to a catastrophic event.
---------------------------------------------------------------------------
    \4\ DHS. 2011. Implementation Plan for Presidential Policy 
Directive 8: National Preparedness. [May 2011].
---------------------------------------------------------------------------
    Thus, developing ``whole of community'' core capabilities for 
catastrophes would not necessarily be restricted to specific threat and 
hazard scenarios described in earlier National planning scenarios. FEMA 
administrator Craig Fugate described the change as planning for a 
``meta-scenario'' (or maximum of maximums) disaster. The basis for 
planning was a worst-case scenario involving multiple factors to plan 
for different hazards that challenges preparedness and overwhelms the 
response capabilities of every Governmental level.\5\ As I understand 
it, the scenario, a no-notice event, contemplates the impact area of at 
least 7 million population and 25,000 square miles, and involving 
several States and FEMA regions. It results in 190,000 fatalities in 
its initial hours, with 265,000 citizens requiring emergency medical 
attention. There is severe damage to critical infrastructure and key 
resources, including transportation. The fiscal year 2011 Regional 
Catastrophic Grant Program guidance uses the meta-scenario to promote 
preparing for a catastrophe where extraordinary levels of mass 
casualties, damage, and disruption overwhelm traditional and well-
established response and recovery plans and procedures.
---------------------------------------------------------------------------
    \5\ Fugate, Craig. 2011. Evolution of Emergency Management and 
Communication. Statement before the U.S. Senate Committee on 
Appropriations, Subcommittee on Homeland Security. [June 8, 2011].
---------------------------------------------------------------------------
    In September 2011, DHS issued the National Preparedness Goal First 
Edition.\6\ The new Goal included detailed tables with core 
capabilities for prevention through recovery (called mission areas) and 
their preliminary targets. For example, prevention capabilities 
included planning, public information and warning, operational 
coordination, forensics and attribution, intelligence and information 
sharing, interdiction and disruption, and screening, search, and 
detection. Each capability was described; to illustrate, interdiction 
and disruption is to delay, divert, intercept, halt apprehend, or 
secure threats and/or hazards.
---------------------------------------------------------------------------
    \6\ DHS. 2011. National Preparedness Goal First Edition. [September 
2011].
---------------------------------------------------------------------------
    The document made clear that these core capabilities presented an 
evolution from the voluminous target capabilities list developed in 
response to HSPD-8. The core capability targets would be the 
performance thresholds for each core capability and the basis to 
develop performance measures to evaluate progress in meeting the 
targets. The description of the core capabilities and their preliminary 
targets were significantly streamlined from the task and capability 
lists issued in response to HSPD-8 and subsequently tied to Federal 
homeland security funding. While still prescriptive, it appears the 
notion was that streamlining should create more room for members of the 
homeland security community to craft capabilities tailored to local and 
regional considerations, as well as the National interest.
    The Goal stated that a strategic National risk assessment should 
confirm the need for an all-hazards, capability-based approach to 
preparedness planning. DHS' December 2011 unclassified Strategic 
National Risk Assessment grouped threats and hazards into National-
level events to test the Nation's preparedness.\7\ These included 
natural, technological/accidental, and adversarial/human-caused threat 
and hazard groups:
---------------------------------------------------------------------------
    \7\ DHS. 2011. The Strategic National Risk Assessment in Support of 
PPD 8: A Comprehensive Risk-Based Approach Toward a Secure and 
Resilient Nation. [December 2011].
---------------------------------------------------------------------------
   Natural.--Animal disease outbreak; earthquake; flood; human 
        pandemic outbreak; hurricane; space weather; tsunami; volcanic 
        eruption; wildfire.
   Technological or Accidental.--Biological food contamination; 
        chemical substance spill or release; dam failure; radiological 
        substance release.
   Adversarial or Human-Caused.--Aircraft as a weapon; armed 
        assault; biological terrorism attack (non-food); chemical/
        biological food contamination terrorism attack; chemical 
        terrorism attack (non-food); cyber attack against data; cyber 
        attack against physical infrastructure; explosives terrorism 
        attack; nuclear terrorism attack; radiological terrorism 
        attack.
    The Goal did not address emerging or longer-term threats or drivers 
of threats such as climate change identified in the Quadrennial 
Homeland Security Review Report. This was purposeful. The unclassified 
Strategic National Risk Assessment said it evaluated the risk from 
known threats and hazards. Those events, it noted, had a distinct 
beginning and end and were clearly linked to homeland security 
missions. Thus, political, economic, and environmental, and societal 
trends possibly contributing to a risk environment but not National 
events for homeland security were excluded from the assessment. 
Nevertheless, the document said non-National-level threats, such as 
droughts and heat waves, could pose risks to jurisdictions and should 
be considered in preparedness planning.
    In November 2011, DHS released a brief description of a new 
National Preparedness System.\8\ Its components included: (1) 
Identifying and assessing risk, (2) estimating capability requirements, 
(3) building and sustaining capabilities, (4) planning to deliver 
capabilities, (5) validating capabilities, and (6) reviewing and 
updating. To identify and assess risk, the System document stated that 
the Strategic National Risk Assessment would analyze the greatest risks 
to the Nation. The Threat and Hazard Identification and Risk Assessment 
guidance under development at that time would provide a common, 
consistent approach to identify and assess risks and associated 
impacts.
---------------------------------------------------------------------------
    \8\ DHS. 2011. National Preparedness System [November 2011].
---------------------------------------------------------------------------
    Measuring progress toward achieving the National Preparedness Goal 
could be done through tools such as exercises, remedial action 
management programs, and assessments. The National Exercise Program was 
deemed the principal mechanism to measure readiness, supplemented by 
exercises done by individual organizations. Training and performance 
during actual events would test and validate achievement of desired 
capabilities. On-going sharing of lessons learned and monitoring would 
also occur through a remedial action management program and a 
comprehensive assessment system of the whole community. A National 
Preparedness Report is due in November 2012.
Major Themes in National Preparedness Expectations
    Up to this point, I have briefly described the current National 
preparedness policy, strategy, and guidance. It has highlighted a 
number of major themes:
   Homeland security placed within National security.
   All-hazards as the centerpiece for preparedness for threats, 
        including terrorism.
   Preparedness defined with the full coverage of objectives: 
        Prevention, protection, mitigation, response, and recovery, 
        with response and recovery no longer the centerpieces of 
        preparedness.
   The whole homeland security community in addition to the 
        Federal Government with the responsibility to protect National 
        interests and way of life.
   Maximum capacity for a catastrophic event (a meta-scenario) 
        as the benchmark for preparedness.
   Known threats and hazards with a distinct beginning and end 
        central to homeland security risk management and preparedness.
   Core capabilities and targets for a National effort update 
        past prescriptive, detailed individual tasks and target 
        capabilities.
   A homeland security management system to accomplish homeland 
        security and crafted with specific components, performance 
        expectations, and assessment and adjustment requirements.
   Assessment of preparedness progress primarily through 
        exercises and actual events.
               challenges in strategy and implementation
    Now, I will turn to the challenges I see in the overall 
preparedness strategy and its implementation to counter emerging 
threats that the subcommittee should consider. The first: Should there 
be a fundamental change in the operational approach to meeting a 
National preparedness goal? The second: Is implementation of the 
``whole of community'' for the ``maximum of maximums'' pragmatically 
achievable? The third: What other emerging threats should DHS set as 
priorities for action?
Alternative to the Current Capabilities Development Approach
    The current and earlier National Preparedness Goal and their 
supporting documents, as well as Federal legislation, have identified 
the need to build and sustain specific preparedness capabilities for 
the entire homeland security community. Federal, State, and local 
governments, non-Governmental organizations, private organizations, and 
the general public are that community. National preparedness comes from 
capabilities across this whole community.
    DHS in large part adopted the capabilities approach from the 
Department of Defense where it was used by the defense community in 
many countries.\9\ HSPD-8 required a National preparedness goal to 
define measurable readiness (preparedness) priorities and targets, but 
also with a caveat about the resource investments. PPD-8 called for 
actions to achieve a preparedness approach to optimize the use of 
available resources.
---------------------------------------------------------------------------
    \9\ Caudle, Sharon L. 2005. Homeland security capabilities-based 
planning: Lessons from the defense community. Homeland Security Affairs 
I, no. 2 [Fall 2005].
---------------------------------------------------------------------------
    Developing capabilities may have been the optimal route at that 
time towards achieving preparedness, but whether other alternatives 
that were better investments were considered was not made explicit--if, 
in fact, they were even considered. In the interim, as the subcommittee 
knows, DHS has provided billions in preparedness grants intended to aid 
States, urban areas, Tribal governments, and non-profit organizations, 
supposedly to strengthen their capabilities to meet threats associated 
with potential terrorist attacks and other hazards. Over time, the 
Department has attempted to link dollars spent with the development of 
capabilities.\10\
---------------------------------------------------------------------------
    \10\ See, for example, the report Local, State, Tribal, and Federal 
Preparedness Task Force. 2010. Perspective on Preparedness: Taking 
stock since 9/11, Report to Congress [September 2010].
---------------------------------------------------------------------------
    Assessing preparedness based on National preparedness capabilities 
remains very elusive. Summing the difficulties, the U.S. Government 
Accountability Office (GAO) \11\ found that evaluation efforts that 
collected data on National preparedness capabilities faced limitations 
such as data reliability and the lack of standardized data collection. 
According to GAO, FEMA had problems in completing a comprehensive 
assessment system and developing National preparedness capability 
requirements based on established metrics. GAO \12\ continues to cite 
these operational and implementation weaknesses, even though the 
assessment of capabilities and evaluation of preparedness is a 
legislative requirement. In addition, the GAO \13\ specifically found 
problems with at least one tool mentioned by the new National 
Preparedness Goal as central to measuring progress--the National 
Exercise Program. FEMA's implementation of the National program has 
consistently run into problems, such as ensuring if Federal and State 
governments had addressed deficiencies identified by the exercises. In 
March 2011, FEMA developed a new National Exercise Program Base Plan 
that extensively revised the program, with major changes in 
requirements and leadership.\14\ The verdict is still out whether the 
past history of the Department of Homeland Security in failing to 
adequately measure progress will be reversed.
---------------------------------------------------------------------------
    \11\ Jenkins, William O. 2010. FEMA Has Made Limited Progress in 
Efforts to Develop and Implement a System to Assess National 
Preparedness Capabilities. Letter to Subcommittee on Homeland Security 
Committee on Appropriations [October 29, 2010].
    \12\ U.S. Government Accountability Office. 2011. Department of 
Homeland Security: Progress Made and Work Remaining in Implementing 
Homeland Security Missions 10 Years after 9/11. GAO-11-881 [September 
2011].
    \13\ U.S. Government Accountability Office. 2009. National 
Preparedness: FEMA Has Made Progress, but Needs to Complete and 
Integrate Planning, Exercise, and Assessment Efforts. GAO-09-369 [April 
2009].
    \14\ U.S. Federal Emergency Management Agency. 2011. National 
Exercise Program [March 18, 2011].
---------------------------------------------------------------------------
    Thus still left unanswered is the most significant question: What 
preparedness did the billions of dollars buy? With Federal funding 
constraints and similar challenges for other levels of government and 
other members of the homeland security community for the foreseeable 
future, this is an opportune time to consider if other policy options 
might be more cost-effective, or, at a minimum, justify the current 
policy of capabilities development and sustainability.
    The capabilities approach is not etched in stone. There is at least 
one policy option the subcommittee might consider to contrast with the 
capabilities approach. This option is already grounded in Congressional 
legislation and administration policies: Simply, it is the application 
of National and/or international management system preparedness 
standards applicable to all organizations, which I have advocated in 
the past.\15\
---------------------------------------------------------------------------
    \15\ Caudle, Sharon L. 2011. ``National Preparedness Requirements: 
Harnessing Management System Standards,'' Homeland Security Affairs, 
7(14) [June 2011].
---------------------------------------------------------------------------
    There are two National voluntary programs where management system 
preparedness standards, not elusive core capabilities, are used as the 
benchmark for preparedness requirements. Legislation implementing many 
of the 9/11 Commission's recommendations (Section 524 of the August 
2007 Pub. L. 110-53) called for DHS to create a voluntary private 
sector preparedness program with standards, including accreditation and 
certification processes. In June 2010, DHS produced the Private Sector 
Preparedness Accreditation and Certification Program (PS-Prep). Three 
management system standards were approved for adoption in the program: 
ASIS SPC.1-2009 Organizational Resilience: Security Preparedness, and 
Continuity Management System; British Standard 25999-2:2007 Business 
Continuity Management; and National Fire Protection Association 1600: 
2007/2010 Standard on Disaster/Emergency Management and Business 
Continuity Programs. At the end of September 2010, DHS announced a 
certification program tailored to the needs of small business.
    The other National effort using management system standards is the 
current Emergency Management Accreditation Program (EMAP), a voluntary 
review process for State and local emergency management programs. EMAP 
certifies Government programs against standards directly based on NFPA 
1600. State and local entities can use Federal homeland security grant 
funding to pay for EMAP activities. Interestingly, at one time, FEMA 
used the EMAP standards to administer its National Emergency Baseline 
Capability Assurance Program. If there truly is to be a ``whole of 
community'' effort, it would seem to be a necessary condition to have a 
compatible approach for all the entities involved.
    Still to be resolved would be whether adoption of the management 
system preparedness standards should be mandated, perhaps tied to 
Federal funding or regulations, and how certification or accreditation 
against the standards would be conducted. Normally, management system 
standards such as those under the PS-Prep program or EMAP are 
voluntary, although compliance with such standards may be seen as part 
of a legal standard of care across an industry.
    Government agencies such as DHS could implicitly mandate standards 
by using them as guidelines for complying with regulatory requirements. 
Or the agencies may forego a mandatory regulation if they view 
voluntary compliance as meeting policy goals. This seems to be the 
Legislative and Executive branch approach taken with the PS-Prep 
voluntary standards for the private sector. There are established 
provisions that can be invoked for mandatory adoption as part of 
National regulatory frameworks or legislation. The National Technology 
Transfer and Advancement Act of 1995 and resulting Office of Management 
and Budget (OMB) Circular A-119 (revised in 1998) mandated Federal 
agencies use management system standards developed by either domestic 
or international standards bodies instead of Federal Government-unique 
standards (e.g., the National Preparedness Goal) in their regulatory or 
procurement activities.
Implementing Whole of Community for the Maximum of Maximums
    A second challenge is realistically implementing a ``whole of 
community'' effort in anticipation of a ``maximum of maximums'' effort, 
at least within 72 hours of a catastrophic incident. In June 2011 
testimony, FEMA Administrator Fugate \16\ stated that emergency 
management historically planned for scenarios to which Government could 
respond and recover from. Instead, he testified that modern disaster 
planning should be for a ``meta-scenario'' (or ``maximum of maximums'' 
event) destined to overwhelm all levels of Government. Such worst-case 
planning would require the efforts of a ``whole community'' approach 
intended to leverage the expertise and resources of Governmental and 
non-Governmental stakeholders--the entire emergency management 
community from the Federal Government to individuals, families, and 
communities.
---------------------------------------------------------------------------
    \16\ Fugate, Craig. 2011. Evolution of Emergency Management and 
Communication. Written statement before the U.S. Senate Committee on 
Homeland Security [June 8, 2011].
---------------------------------------------------------------------------
    The definition of ``whole of community'' is the same as ``all-of-
Nation'' in the new National Preparedness Goal: ``a focus on enabling 
the participation in national preparedness activities of a wider range 
of players from the private and nonprofit sectors, including 
nongovernmental organizations and the general public, in conjunction 
with the participation of Federal, state, and local governmental 
partners to foster better coordination and working relationships.''
    As the subcommittee knows, the emphasis on shared responsibility 
and coordination is not new. President George W. Bush's June 2002 
proposal to create DHS expressed hope that the agency would make State, 
local, and private sector coordination one of its ``key 
components.''\17\ The first National Strategy for Homeland Security 
viewed homeland security as a concerted National effort. The approach 
was based on shared responsibility and partnership involving the 
Congress, State and local governments, the private sector, and the 
American people in a concerted National effort to prevent attacks.\18\
---------------------------------------------------------------------------
    \17\ The White House. The Department of Homeland Security. June 
2002. p. 3.
    \18\ Office of Homeland Security. National Strategy for Homeland 
Security. July 2002, p. 2.
---------------------------------------------------------------------------
    Is the ``whole of community'' approach rooted in a mega-disaster 
scenario realistic or, more particularly, cost-effective? One 
visualizes all homeland security actors anticipating a catastrophe such 
as Hurricane Katrina, a nuclear event, or a worldwide pandemic, that 
will overwhelm all local and regional partners for a good length of 
time. It is not clear to me how the Federal Government will actually 
strategically and operationally determine ``whole of community'' 
preparedness for a mega-disaster going forward.
    PPD-8 calls for planning frameworks with basic plans for all 
hazards--presumably a maximum of maximum effort, plus specific threat 
or scenario annexes. The Implementation details to date do not provide 
the information on how members of the ``whole community'' should 
interact to achieve these capability targets and what scarce resources 
practically can be invested. It is expected that those details will 
await the finalization of the National Preparedness System and the 
publication of all National Planning Frameworks, also required by PPD-
8. The National Preparedness System will ``guide domestic efforts of 
all levels of government, the private and nonprofit sectors and the 
public.''\19\
---------------------------------------------------------------------------
    \19\ PPD-8. p. 2.
---------------------------------------------------------------------------
    In sum, the focus on ``whole of community'' may well be noteworthy, 
but its implementation calls for complexity of coordinated action, 
assessment, and funding that may be overwhelming and marked by 
imprecision. A return to ``whole of Government'' may be more realistic, 
simply because of the ties to Federal funding. Despite the uncertainty 
of Government funding, it is reasonable to assume that preparedness 
will retain its importance, although not perhaps to the hoped levels of 
National capabilities for a meta-scenario.
Emerging Threat Priorities
    A third major challenge I see that the subcommittee might consider 
in the DHS strategy is addressing threats that are longer-term in their 
emergence as a direct threat to National security. Among other things, 
the September 2010 Local, State, Tribal, and Federal Preparedness Task 
Force \20\ report to Congress called for: (1) Improving the ability to 
strategically forecast emerging preparedness requirements and 
associated policies and/or capabilities, and (2) develop a strategic 
policy planning process that prepares for future challenges by 
performing long-range assessments. The Task Force said that the 
complexity of the envisioned homeland security and emergency management 
enterprise, especially in terms of non-Governmental roles, means that 
desired preparedness outcomes often may take years to achieve. In their 
view, a range of dynamic issues--such as the environment, demographics, 
economics, and health trends--are likely to play increasingly important 
roles. Preparedness policies, therefore, should be anticipatory, not 
reactionary, enabling anticipatory investments in key areas.
---------------------------------------------------------------------------
    \20\ Local, State, Tribal and Federal Preparedness Task Force. 
2010.
---------------------------------------------------------------------------
    As I mentioned earlier, the hazards listed in the National 
Preparedness Goal reference well-known, specific event hazards and 
attacks determined by the current Strategic National Risk Assessment. 
However, the current National Security Strategy and Quadrennial 
Homeland Security Review Report explicitly define a strategic threat 
environment and global trends that appear to have National preparedness 
implications, although they are not described as imminent. These 
include the gradual emergencies and disasters that result from 
dependence upon fossil fuels, global climate change, fragile and 
failing states, and global illicit trafficking and related 
transnational crime, and economic and financial instability.
    In a 2009 article on National security strategies,\21\ I discussed 
drivers of changes in security on a National and global scale, such as 
pandemics, population changes, and economic stress. These drivers 
translate into threats to security, whether individually or 
collectively, which countries have incorporated into their strategies. 
In other countries, the security environment includes these longer-term 
threats. In general, their National security strategies (including 
those covering homeland security or domestic security) incorporate them 
into the strategies and follow-on policy and operational requirements 
and guidance. For example, climate change or environmental change pose 
dangers that may occur on a National or global scale, such as more 
frequent heat waves, droughts, flooding, reduced crop yields, and 
wildfires.\22\ The Goal and supporting documents target building and 
sustaining capabilities narrowly for the near-term threat of a meta-
scenario. It is not clear how these capabilities will prepare the 
country for the challenges of the longer-term threats.
---------------------------------------------------------------------------
    \21\ Caudle, Sharon. 2009. ``National Security Strategies: Security 
from What, for Whom, and by What Means,'' Journal of Homeland Security 
and Emergency Management, 6(1), article 22.
    \22\ Hough, Peter. 2008. Understanding Global Security. 2nd ed. 
London: Routledge.
---------------------------------------------------------------------------
    There have been a multitude of studies on these drivers or changes 
with recommendations for immediate action. The Organisation for 
Economic Co-Operation and Development (OECD) presented an analysis of 
``global shocks''--cascading risks that become active threats as they 
spread across global systems.\23\ These included pandemics, financial 
crises, critical infrastructure disruption, and cyber risks, 
geomagnetic storms, and social unrest. As the OECD study pointed out, 
surveillance is central to risk assessment and management. In addition, 
security agencies, working with regulatory agencies, should use, adapt, 
and implement risk-assessment tools to design more resilient National 
and international systems. Emergency management of future global 
shocks, OECD said, called for policy options such as: (1) Surveillance 
and early warning systems, (2) strategic reserves and stockpiles of 
critical resources, (3) addressing where countermeasures to systemic 
threats have been weak, and (4) monitoring of future developments that 
could pose potential risks. OECD cited challenges such as insufficient 
skills and knowledge to manage global shocks and obstacles to 
international cooperation and coordination.
---------------------------------------------------------------------------
    \23\ OECD. 2011. Future Global Shocks: Improving Risk Governance. 
OECD Reviews of Risk Management Policies, OECD Publishing.
---------------------------------------------------------------------------
    DHS certainly understands the need for action anticipating these 
global shocks. FEMA's Strategic Foresight Initiative, initiated in 
2010, emphasizes the importance of understanding and addressing the 
drivers of future change.\24\ FEMA urges the emergency management 
community to establish a foresight capability--identifying key future 
issues, trends, and other factors with an eye to executing an agenda 
for action over the next 20 years. Not surprisingly, FEMA identifies 
well-known drivers--universal access to and use of information, 
technological innovation and dependency, shifting U.S. demographics, 
climate change, global interdependencies and globalization, Government 
budget constraints, critical infrastructure deterioration, and the 
evolving terrorist threat. The FEMA study says that through the 
foresight process, over the next few decades very rapid change and 
complexity will define the emergency management environment. FEMA says 
that even slow-moving and predictable trends such as demographic 
changes could be radically changed because of drivers such as climate 
change or pandemics.
---------------------------------------------------------------------------
    \24\ FEMA. 2012. Crisis Response and Disaster Resilience 2020: 
Forging Strategic Action in an Age of Uncertainty. Office of Policy and 
Program Analysis [January 2012].
---------------------------------------------------------------------------
    FEMA sees a number of emergency management capabilities as needed 
as part of strategic foresight that could be included in preparedness 
efforts (pp. 13-20). For example, these include addressing dynamic and 
unprecedented shifts in local and regional population characteristics 
and migratory flows; anticipating emerging challenges and develop 
appropriate plans and contingencies; employing alternative surge models 
to meet the challenging confluences of social, technological, 
environmental, economic, and political factors and conditions; and 
remediating hidden vulnerabilities in critical supplies from water to 
energy to medical products to offset threats to the full scope of 
emergency management activities.
    Throughout these three challenges, I urge the subcommittee to 
consider if the current DHS strategies overweigh the opportunity costs 
in continuing to pursue a comprehensive capabilities approach, 
insisting on the whole of community being prepared for a maximum of 
maximum event, and delaying action on confronting longer-term threats.
    This concludes my statement. I appreciate the opportunity to appear 
before the subcommittee today and look forward to any questions you may 
have.

    Mr. McCaul. Thank you, Dr. Caudle.
    The Chair now recognizes himself for 5 minutes for 
questions.
    Yes, Dr. Caudle, in our home State of Texas we have many 
homeland security operations on the ground. We have the largest 
stretch of the U.S.-Mexico border, so we have CBP down there, 
we have ICE--immigrations is obviously a huge issue in the 
State of Texas--and then FEMA. Between hurricanes and the 
wildfires that we saw out at Bastrop and all across the State 
of Texas FEMA plays a huge role.
    As I mentioned in my opening statement, though, there are 
about probably five to 10 different, you know, documents of 
strategies out there that doesn't unify the DHS mission. So my 
initial question is: How does this lack of a comprehensive 
strategy impact these operations that I talked about on the 
ground and what can we do to fix that strategy so it works?
    Ms. Caudle. I think overall is coming up, really, with, 
what is the goal on the border? You know, certainly, as you 
have mentioned, we are seeing issues around whether or not it 
is border security, closing the border, stopping illegal 
immigration or cargo or items that are coming across the 
border, but then we also have a policy of immigration 
enforcement in the interior that sometimes is counter to it.
    I think overall, looking at what is the overall goal there 
in terms of the border security and making sure that whether it 
is ICE or the border security agents there, or the technology, 
as Mr. Schneider talked about, are all ones that are looking to 
that security aspect. Right now you do have different types of 
opinion about what the actual goals are there, and certainly 
the Texas Department of Public Safety has similar concerns when 
they talk about border.
    Mr. McCaul. Well, thank you.
    Mr. Schneider, you talked a great deal about the DOD model, 
Goldwater-Nichols, and how we could apply that model to the 
management and strategy of the Department of Homeland Security. 
I have been a big advocate for leveraging existing technologies 
within the DOD to use within DHS--for instance, sensor 
surveillance equipment that we use in Afghanistan, using that 
on the Southwest Border. We talked to the generals in 
Afghanistan on a recent CODEL--Mr. Duncan was with me--about 
that very issue.
    Can you elaborate more on this DOD model that you think 
would be effective?
    Mr. Schneider. Sure. Thank you.
    Quick background: The Goldwater-Nichols Department of 
Defense Reorganization Act of 1986 made very sweeping changes 
to Department of Defense since it was established in 1947. It 
reworked the command structure of the United States military, 
and that has led to the origin of why you have combatant 
commanders, like CENTCOM, PACOM, SOUTHCOM, TRANSCOM, et cetera.
    That fundamentally removed the responsibility from the 
service chiefs from fighting of the war to these combatant 
commanders that could put together adaptive packages--Army, 
Navy, Air Force, Special Ops, et cetera--in those regions 
responding to those unique threats. A fundamental change. Did 
not go over easy; very difficult, busted a bunch of rice bowls. 
But the fact of the matter is, if you take a look at how that 
has progressed since the 1990s, to 2000, to the way we operate 
today, I personally think it has been a huge success.
    It was subsequently followed by the Defense Management 
Review in 1989, which fully implemented the Packard Commission 
Report, which led to Goldwater-Nichols. But basically it 
substantially improved the performance of the defense 
acquisition system and managed acquisition resources across the 
Department. I think by any measure it has worked.
    For example, the Air Force's Air Combat Command basically 
operates aircraft. It does not manage the development and 
production of the F-35. The COMSUBLANT operates nuclear 
submarines. It does not manage the acquisition of the junior 
class submarines.
    So the two questions that I ask in my own mind when I look 
at this relative to the Department is this: Do we want the head 
of CBP, with 65--excuse me, roughly 65,000 people, 24/7 
responsibilities, to keep the incorrect people and the bad 
stuff out of the borders at the same time that we hold him 
responsible for putting together very complicated C4 audios or 
persistent surveillance systems along the border? Is that the 
right model for the future?
    In my mind, the answer to those two questions are 
absolutely not, and that is why I think it is time to take a 
hard look at what the operators do, what the warfighters do, 
operate, and basically provide good law enforcement, and have 
those people that are smart put together integrated systems 
using the maximum amount of technology available and satisfy 
those user requirements.
    Mr. McCaul. That is a very interesting concept that I know 
that this committee will be taking a close look at. Have you 
had any discussions with the Department about using this model?
    Mr. Schneider. When I was in the Department I was--I had 
the opportunity--and part of my blood is probably in on this 
floor somewhere--to have that type of discussion. I was 
frequently asked by Members of the committee that both were in 
the Homeland Security Committee and very knowledgeable at the 
Department of Defense whether or not it is time for Goldwater-
Nichols.
    My answer has always been, at some point in time it is the 
right thing to do. I thought 4 years ago it was not the right 
thing to do because it does create a lot of churn and frankly, 
the Department was still in its infancy. If you take a look at 
how long it took DOD to actually go implement it after it has 
been started by any measure I thought 4 or 5 years ago was not 
the right time. So I have always been consistent in saying that 
and talking about that.
    I think at this point in time, roughly 3 or 4 years later 
since I was in the Department, it is probably a good time to 
start thinking about it.
    Mr. McCaul. Have you had any discussions with the current 
administration about this?
    Mr. Schneider. No. No. I really, for the most part, stay 
hands away from the Department.
    [Laughter.]
    Mr. Schneider. That is by choice.
    Mr. McCaul. I see my time has expired. I know the Ranking 
Member is going to follow up on a line of questioning that I am 
very interested in, as well, and that is the recent cyber 
markup of the National Information Sharing Organization.
    So with that, I recognize the Ranking Member.
    Mr. Keating. Great. Thank you, Mr. Chairman.
    I do want to get into those questions, but I do want to 
follow up on just what you were saying, Mr. Schneider, too. You 
know, I have seen CENTCOM work in the counterterrorism and it 
was a wonderful thing to see, frankly, the way so many 
different areas of government and the--and defense worked 
together in one room, in one central command. I was so 
impressed and pleased.
    The trouble I have, as great as that model is--and I have 
seen it happen and I have seen it work--we can't get the basic 
jurisdictions of homeland security settled first. So, you know, 
I agree with you in theory about that is a great approach, but 
do you honestly think in this time frame that we mentioned, 
since we haven't even set the jurisdictional problems that were 
still there from the 9/11 recommendations and still 
unfulfilled. In that framework how could we, at this time, ever 
overcome that without dealing with the jurisdictional issues 
that have to be dealt with first?
    Mr. Schneider. Well, thank you. Thank you, Congressman.
    I think the way to do that is to accept, basically, 
something less than 100 percent solution. So if you go at--I 
used to travel a tremendous amount of time on the weekends when 
I was the deputy secretary. If you go visit many of the major 
ports and key city areas--I don't care whether it is Detroit, 
San Diego, Charleston, Seattle, Miami, et cetera--what you see 
is, frankly, the individual organizations with, I will call it 
the alphabet soup labels, informally working together--working 
together. Not just within the DHS, but go to San Diego, they 
work with the Navy, they work with the San Diego Harbor Police, 
they work with local law enforcement.
    The reason is basically is this: You have all these 
organizations, you have sea assets, you have got air assets, 
and things like that, so the smart people that are at a lot of 
these places informally figure out a way to basically--figure 
out how to maximize the effective use of all of those assets. 
So I think you could do it, quite frankly, in--at not, maybe, 
100 percent, but at least within the context of making 
substantial progress. That is why I really believe that you 
could do it.
    Mr. Keating. Okay. I would love to see that happen in 
reality, but I would say we would be lucky to get 10 percent 
the way things are going.
    But in any case, I have a question: We had a field hearing 
earlier this year in the Port of Houston, and, you know, there 
really struck me a great deal of how important that is to our 
security in so many respects and the economic impact these 
could have. Now, the President included the Nation's homeland 
security agenda within the National Security Strategy, and in 
that he included climate change as well as violent extremism, 
but also natural disasters.
    Dr. Caudle, how has this, you know, revamped whole-of-
government approach to homeland security strengthened the 
Nation's preparedness? Because I think we saw first-hand what 
could happen if there was a--not only a terrorist attack but a 
natural disaster in something like the Port of Houston or in 
Cape Cod.
    Ms. Caudle. You know, certainly in theory the whole-of-
government, the whole-of-nation, whole-of-community I think is 
fine as a theory. My problem with the language around that is 
how do you practically leverage, really, the resources and 
goals of all of the different communities all the way down to 
the individual level?
    It is one of those things that I think it is a principle 
that we have seen consistently, in fact, since 9/11, if not 
before, about having everyone working together. The practical 
implications of the new National preparedness goal that the 
President issued that really is a continuation, if not an 
enhancement of what President Bush issued in his Presidential 
Directive. I ask for what does this really look like in terms 
of preparedness on the ground because you still have, as you 
mentioned, jurisdictional issues, you still have issues with 
resources, you still have people that are concerned with 
existing capabilities, equipment, hazmat suits, and the like.
    How do they sustain that and where is the money going to 
come--anyway, and then the other thing is this whole issue of 
whether or not the Federal Government can put together this 
preparedness approach that really does not have an existing 
framework and hasn't had, really, a strong existing framework 
for management for the past decade.
    Mr. Keating. Yes. I think, you know, just quickly, and a 
common theme I have seen is the idea that we are retrofitting 
our security issues with budgets.
    You know, what I am afraid of is the next disaster that 
comes we will just start spending and reacting to it and no one 
will be objecting then, but I really think that in the larger 
sense that this is very interesting here, and I appreciate both 
your efforts to try and do what I call retrofitting the budget 
we have. I really think, you know, the explanation has to be 
more expansive than, say, ``Here is what we are facing,'' and I 
think the American public will agree that that is a great 
investment of our tax resources.
    I have run out of time. If you get to fit into it, you 
know, Mr. Schneider, we did have a hearing and a markup 
recently on this committee where we moved forward with a 
public-private approach to cybersecurity. I don't know if you 
have a--can comment now or later, but that is something that we 
have basic agreement on in this committee.
    Mr. Schneider. If I may, briefly, cybersecurity is very, 
very difficult, and I realize, frankly, from the perspective of 
the committee there are so many different committees with 
different jurisdictions of cyber, and you have to rational--you 
know, my answer here would be this: I would also agree to--or 
proceed to accept the half a loaf or a quarter of the loaf 
rather than solve the world hunger problem.
    The reason is this: You have to rationalize so many 
different things. If we talk about cybersecurity in the 
utilities, what about the FERC? If you talk about cybersecurity 
and the companies on the exchange what about the regulation of 
the SEC?
    What about the privacy issues? If somebody basically 
secures a network, how are they identified in case there is a 
problem in this massive exfiltration and economic loss? You 
have the economic trade issues and things like that.
    So I would urge you to do this, quite frankly: I know how 
hard this thing is, and I think if you can make some 
incremental progress area by area this year, accept that as 
success and then move on.
    Mr. Keating. Thank you, Mr. Schneider. I am over my time.
    Mr. McCaul. Thank you for your testimony.
    The Chair now recognizes the gentleman from Missouri, Mr. 
Long.
    Mr. Long. I have only got 14 seconds left.
    [Laughter.]
    Mr. Long. Thank you, Mr. Chairman.
    Thank you all for your testimony here today. Just because I 
am an auctioneer they always want me to talk fast.
    But, Mr. Schneider, to follow up a little bit on that, how 
can we better handle cybersecurity? You are talking about all 
these different committees and all these different 
cybersecurity jurisdictions, and we all know that it is a huge 
problem and I think that Leon Panetta is the one that said that 
our next Pearl Harbor is going to be a cyber attack. You see 
attacks every day and they are just going to get more egregious 
so we really, really need to get ahead of the curve on this if 
we can.
    I know in my hometown of Springfield, Missouri we had some 
folks that--I think it was $440,000, they owned a little tiny 
title company, a land title company, and there was $440,000 
removed from their bank account over the weekend, and I can't 
remember now what country it--Afghanistan, I think it ended up 
in, but what is your suggestion? What is your recommendation 
for getting ahead of the curve on this? Everybody gives it a 
lot of lip service but I never really hear anybody drilling 
down on it.
    Mr. Schneider. Thank you for the question. I appreciate 
that.
    I think you have to do two things. No. 1, you have to 
recognize--and this is my own personal opinion, and I spent 
most of my life in DOD, is that when DOD talks about 
cybersecurity they are really talking about, in many cases, a 
potential for cyber warfare, and what is the escalation curve--
--
    Mr. Long. You spent most of your life in what?
    Mr. Schneider. In Department of Defense.
    Mr. Long. Okay. I thought you said DOT----
    Mr. Schneider. No, no, no, no. No, I was----
    Mr. Long. I don't like acronyms. I am still trying to 
figure out what D.C. stands for, so--spell it out for me.
    [Laughter.]
    Mr. Long. I thought you said DOT. I am sorry----
    Mr. Schneider. No, I am sorry. I wasn't clear. So 
Department of Defense.
    When they talk about cybersecurity a lot of what they are 
talking about has to do with cyber warfare, escalation, 
attribution, and what do you do. When DHS, much to their 
credit, though they have the spearhead responsibilities, a lot 
of what they talk about is, frankly, securing dot-gov. Dot-gov 
is that domain that basically is the Government's network. The 
problem is you have the DHS piece and then you have all these 
other departments.
    What I think we need to be doing is to focusing on not the 
big defense companies, because they have millions of dollars to 
spend on network security. I am talking about the small, the 
mid-sized companies. I am talking about the State and local.
    I think we need to figure out a way so that the Government 
can assist in the development of these cyber secure operation 
centers that can be done locally, regionally, in many ways like 
physical security except it is cybersecurity. Come up with a 
commoditized scheme by which a lot of these State and local, 
small, mid-sized companies in these jurisdictions can have 
affordable cybersecurity for their networks.
    That takes a fundamental shift in focus from the big DOD, 
DHS, dot-gov, dot-mil systems to the rest of the country. I 
believe that, if properly incentivized, the industry, which--
with its expertise in this area, could make a financial market 
to invest in this area and expand. That is just one thing I 
would do.
    The other things you could do is just self-education. There 
is a lot of bad information that is out there about what you 
have to do, and if one could sponsor a series of forums--
educational events and seminars and things like that would have 
widespread regional and local distribution, that would go a 
long way for basically informing the general public of the 
seriousness of the problem.
    Mr. Long. Say that again, that last part again. If you had 
regional what?
    Mr. Schneider. Cybersecurity operational centers and 
educational forums. I think it would help raise the educational 
level of awareness of the public of the severity of this 
problem.
    I honestly believe that until you personally get hacked and 
pay a price, like happened to me about 2 weeks ago, it becomes 
real, okay? So what you have to do is raise the awareness of 
the general public, not just the high-profile players like DHS 
and DOD and the dot-gov, dot-mil folks, but the rest of the 
population.
    Mr. Long. But if we have got too many people trying to 
watch the pot how do we correct that? I mean, if we have----
    Mr. Schneider. You have always got to have--you are always 
going to have the people. There are so many different 
jurisdictions of this and there are so many potential impacts, 
and to be honest with you, you have a reluctance, as happened 
yesterday, I heard on the radio, of companies that have serious 
problems--cyber attacks--from divulging that. The reason is 
they don't want to affect their stock price; they don't want to 
see a run on their investors, and things like that.
    So there has to be some sort of a truth in discussion 
ground rules that are set up for this. This is a massive 
problem that is not going to be solved in a year, and that is 
why I really think the right thing to do is agree on a 
consensus on a couple small pieces that make a difference, 
approve them, and then start working on the next set.
    Mr. Long. Okay. Thank you. I am past my time.
    I yield back.
    Mr. McCaul. Thank you.
    Just to follow up, the sharing of information, that is 
something we try to put forth in this bill--and I know 
Intelligence Committee has one as well--to protect that 
information so that these companies can share that with the 
Government without it being divulged. You are right, they have 
a duty to their stockholders.
    I think on the education and awareness piece, I know NSA 
has said that probably 70 percent of this could be through 
education and awareness computer hygiene--proper, you know, 
computer hygiene, so--with that, I now recognize--Chair 
recognizes the gentleman from Illinois, Mr. Davis.
    Mr. Davis. Thank you very much, Mr. Chairman.
    Let me thank the witnesses for being here.
    Mr. Schneider, in your testimony you propose that the 
Department should shift its business model for scanning 
equipment outside of the Government and focusing on outsourcing 
to commercial vendors. As you also rightly note, this is a 
model that is frowned upon by the Office of Management and 
Budget due to the cost.
    Would it not be wiser to keep those funds in house or 
inside and use them to build on science and technology within 
the Department, and perhaps we get a little bit more mileage 
out of that?
    Mr. Schneider. Thanks. Thanks for the question.
    This is one of those situations I feel that unless you had 
the job I had, it is not very obvious to the outside world. 
When you take a look at the budget, this is the budget of 
reality, and Congress has been kind enough to increase, over 
the years, the amount of operational law enforcement people.
    If you take a look at the Department, the amount of dollars 
required for salaries, throw in a couple of billion for the 
Disaster Relief Fund, throw in a couple of billion for the 
grants, that is about 70 percent of the dollars that are 
appropriated. That doesn't leave much money. A big chunk of 
what that remaining money is is IT.
    So when you are faced with massive scanning equipment that 
is out-of-date and you need to refurbish it or you need to 
update it you are talking about big bills. From my standpoint, 
when I was there and especially today, the Department will 
never get that amount of money to do this. These are very 
expensive machines.
    We are very fortunate that medical technology--imaging 
techniques and things like that--drive innovation. I am hopeful 
that with the advent of dental technology and the like it will 
increase the capability of the machines, but the simple fact is 
when you are there you just don't have the money, and my take 
is you will not have the money in the future, to actually go 
out and buy these machines and then worry about refresh, 
update, et cetera, and maintenance.
    So my recommendation would be change the business model. 
Not basically outsource it, but get a long-term lease with--
just like the IT providers do today, you have service level 
agreements, reliability, refresh requirements, and things like 
that, and pay as you go. It is a financing matter, in my mind, 
and it accepts budget reality that you will never get the big 
chunk of money you will need.
    Frankly, I had great difficulty with the folks at OMB in 
this matter, and this gets back to--this gets to the issue of 
whether it is a capital lease or an operating lease, and I have 
been away from it too long to remember the differences, but the 
one that they don't like is what they consider this type of a 
scheme. I, personally, at the time, thought that they were 
wrong.
    So you are not outsourcing, you are basically leasing. You 
can call that an outsource, but it is no different than your 
car.
    So I just am heavily biased by the budget reality that I 
lived under, and more importantly, the more stringent budget 
reality today. I think this really needs to be looked at.
    Mr. Davis. Well, thank you very much. It seems to me that 
we do a great deal of experimenting, I mean, almost every time. 
I mean, the airport that I use most frequently and there seems 
to be a different approach.
    But thank you very much, and let me thank you.
    Dr. Caudle, let me ask you, is it safe to say that the 
National Security Strategy released by President Obama was 
drastically different from the strategy that was released by 
President Bush?
    Ms. Caudle. In terms of tall--I mean, calling it drastic, I 
think in both strategies there is recognition of the strategic 
threat environment that the Nation faces. The difference that I 
saw in what President Obama put out was this emphasis on 
placing homeland security within National security. You could 
see it coming and I think it--to my mind it certainly made a 
lot of sense to do that because homeland security, as you know, 
doesn't stop at the borders, is a cliche that we normally will 
say, and so extending the borders out in terms of National 
security and what we do overseas internationally, what we do 
with our defense establishments, as well, has implications for 
homeland security. So that is what I saw as a--the major 
feature.
    There also was an emphasis on some other areas in engaging 
partners that was a stronger emphasis, but by and large, at 
least from my area of expertise, that encompassing homeland 
security--and what it said to me, as well, was that it was 
likely we will not have a National strategy for homeland 
security. The Quadrennial Homeland Security Review report that 
tended to replace the 2007 National Strategy for Homeland 
Security--I think now we will only see that National Security 
Strategy, so taking it as the document for, really, what are 
the goals that are laid out there, but then how do you 
operationalize, you know, as I am sure others will talk about.
    Many of these National strategies are almost statements of 
principle. What the SEVA committee is focusing on is: What is 
this boots on the ground? What are the realities? What is the 
management scope that you really need to start paying attention 
to? What is the oversight? Where is the money going? Where is 
the personnel going?
    So that is where--the strategies are fine, the new emphasis 
on homeland security, but how do we drive it down now for the 
preparedness, for the security that the Nation is asking for?
    Mr. Davis. Thank you very much. It is a little build on 
what we are already doing, I would assume. Thank you very much.
    Thank you, Chairman. I yield back.
    Mr. McCaul. Chair now recognizes the gentleman from South 
Carolina, Mr. Duncan.
    Mr. Duncan. Thank you, Mr. Chairman. Thanks for the 
timeliness of this hearing, especially coming in the wake of a 
hearing yesterday in Foreign Affairs where we talked about the 
Iranian threat within the hemisphere and globally.
    I want to thank you for mentioning the trip to Afghanistan 
because since we were there in November I have given a lot of 
thought to our border security here in this country, and it is, 
you know, no secret that I believe that one of the roles of the 
United States Government is to defend the sovereignty of this 
country, and I look simply at our porous Southern Border and 
wonder what we can do, what we should be doing, what we can do 
more of, and where we are making mistakes.
    So as we talk about the effective implementation of a 
strategy I wonder what is the actual strategy of the Department 
of Homeland Security with regard to the border, because I read 
report after report that says we should put our emphasis here 
or should put our emphasis here. Mr. Chairman, I think about 
that Pakistani-Afghan border where there is a natural port of 
entry on Main Highway 1 that we saw, but then the berm that was 
created and the, I think, 60 cuts in that berm that allowed 
illicit activity to come across.
    When we think about Afghanistan we think about IEDs and 
Taliban fighters and enemy combatants coming across, but what 
we were told is what is trying to circumvent that natural 
border crossing was money, drugs, and weapons. It really wasn't 
the Taliban or enemy combatants or IEDs, that most of those 
were attempting to come through that natural port of entry.
    So thinking about that and thinking about the September 
2011 GAO report that cited DOD officials who are concerned that 
there is no comprehensive Southwest Border security strategy 
and the National Guard's role has been ad hoc, and then I look 
at this Texas Border Coalition's January 2012 recent report 
that talks about--we have put a lot of our emphasis on border 
crossings outside of the natural ports of entry. It has really 
brought my focus back to the border crossings and the ports of 
entry.
    Reading this I learned that there are 52 border crossings 
in the Southwest, eight of which are rail, 43 are roadways, 
there are 24 bridges, two dams, 17 roads, and one ferry. So 
when you go to approach a problem you look at what are the 
easiest things to do, you address those first, then you broaden 
your scope until you solve the problem.
    This year I have had the opportunity to go to Israel and 
look at the West Bank border crossings, what Israelis have done 
with fencing and ports of entry, and interdiction back in their 
country and the timeliness of it. So the question I have for 
you guys is why, based on this Texas Border Coalition's report 
saying our problem, most of the drugs and illicit activity that 
are coming across are not circumventing those ports of entry 
and coming across that no man's land, so to speak, on our 
border; a lot of it is coming through that natural port of 
entry where we have got the personnel.
    You all have mentioned the number of--the increase in 
Department of Homeland Security Custom and Border Patrol 
personnel just in the last decade, and my gosh, from $400 
million to $3.6 billion we have spent a lot of money on 
focusing on the Southwest Border, but are we not being 
effective if we are not focusing on the easiest thing, and that 
is where we are funneling that traffic through a natural port 
of entry where we already have systems in place? So what should 
we be doing there? How can we start there and then expand it to 
the fencing, the areas of surveillance and other things in the 
no man's land, so to speak, where we don't have a port of 
entry?
    So my question to you, Mr. Schneider, is what should we do 
on the ports of entry? How can we make sure we do the easy 
things first?
    Mr. Schneider. Congressman, first, I am a little dated 
because I have been out of office for 3 years, but I can tell 
you that based on what I experienced when I was in the 
Department that the more we basically put up fencing, the more 
we used air assets, it focused people on the ports of entry. 
That is why what we saw, in many cases, at some of the ports, 
the--I will call it the frustration by the bad people to 
actually force their way, brute force, bad incidents right 
through the ports of entry.
    So I know what we did at the time was to really beef that 
up relative to the security, beef that up relative to at the 
ports, the entry procedures that they have to do to basically 
get approval to cross, and frankly, rely heavily on 
intelligence and awareness and things like that. That is true 
of the personnel crossings and that is true of especially the 
border crossings with heavy automobile traffics, from the large 
ones, like at San Ysidro, to some of the small ones----
    Mr. Duncan. Let me ask you this, because we are about out 
of time, but do you feel like they are just overwhelmed based 
on the amount of traffic that comes through those port of 
entries?
    Mr. Schneider. Traffics are huge, and they are going to get 
huger. I know there is a modernization plan to expand that.
    I think a lot has to do with intel. I don't know what is 
classified and unclassified; I am removed. But I can tell you, 
when you start talking about interfaces with DEA and ATF and 
things like that, and who passes what, and different analysis 
techniques and things like that, when I was there we were using 
that and using that effectively. I can only assume that just 
based on a lot of how that technology has evolved over the 
years and greater workings with some of these other 
organizations on intel that the performance in responding to 
that threat has gotten greater. But again, I am a little dated.
    Mr. McCaul. Thank the gentleman.
    I have been informed we have votes coming up in just a 
couple of minutes. I think this worked out perfectly.
    So the Chair now recognizes the Ranking Member of the 
Cybersecurity Subcommittee, Ms. Clarke, from New York.
    Ms. Clarke of New York. Thank you very much, Mr. McCaul.
    Thank you to our panelists for your testimony today. I just 
wanted to note that with respect to the GAO report, General 
McCaffrey also stated that as part of the strategy we need to 
include comprehensive immigration reform, and that is always a 
major part of a missing link when we are talking about our 
border security.
    But my question goes to you, Mr. Schneider, and it is with 
regards to the references that you have made in your testimony 
specifically around Goldwater-Nichols. I know that you are a 
proponent of DHS adopting Goldwater-Nichols.
    Some of us disagree with the assertion that Goldwater-
Nichols' framework is applicable at DHS, because as you rightly 
stated, it has still not reached its maturity. By your own 
testimony, DOD was established in 1947 but Goldwater-Nichols, 
although authorized in 1986, did not take effect until 1989--so 
42 years after DOD was stood up.
    So given this time frame, do you think that DHS is still 
not ready, especially--don't you think that it is not ready, 
especially in light of its other challenges, for Goldwater-
Nichols?
    Mr. Schneider. No. I think it is ready, and the reason is 
if you take a look at the long historical basis for a lot of 
the services--Army, Navy, Air Force, Marine Corps, et cetera--I 
think it was a tougher nut to crack, to put it mildly. I fought 
the world change, quite frankly, when in the late 1980s I was 
watching TV and I think it was Haiti I saw on the helicopters 
flying off the decks of the United States Navy aircraft 
carrier. So fundamentally things worked better, packaging the 
right amount of people from the different specialties, et 
cetera. That is why Special Ops gets a lot of credit to these 
days, and that is why I think these combatant commanders do a 
good job.
    I am not sure that there is any right time, and I am not 
sure how long it is, but the fact of the matter is, the longer 
you wait on something like this the less possibility you are 
going to have of reaching some earlier amount of effectiveness 
than if you waited. So I think it is different, quite frankly. 
Law enforcement is different than the military, and I learned 
that from being in the Department.
    Ms. Clarke of New York. Dr. Caudle, for the first time ever 
President Obama including the Nation's homeland security agenda 
within the National Security Strategy. Furthermore, he included 
in his strategy climate change, violent extremism, and National 
disasters. How has this revamped the whole-of-government 
approach to homeland security and strengthened the Nation's 
preparedness?
    Ms. Caudle. You know, certainly at present we don't see the 
follow-on of those emerging threats in the current National 
preparedness system that DHS has put up. The new National 
preparedness goal, the capabilities, and so on, specifically 
talked about only near-term threats, a beginning and end. So 
these emerging threats, they are saying, are something that 
will be under consideration with the next Strategic National 
Risk Assessment Review.
    Certainly it is important. FEMA is working on their 
Strategic Foresight Initiative, which has identified that as an 
issue that should be addressed.
    So we will have to wait and see how it is actually 
incorporated. There is some discussion in the National 
preparedness goal documents about mitigation, but they tend to 
be still for only a near-term, beginning-and-end-type disaster. 
So hopefully we will be seeing that emerge hopefully over the 
next several years.
    Ms. Clarke of New York. Let me ask--and this is to you, Dr. 
Caudle--the previous administration's National Security 
Strategy and National Strategy for Homeland Security excluded 
response to natural disasters from its definition of homeland 
security. How has the inclusion of this term in new strategies 
strengthened our response system, and as efforts are taken to 
further reconcile definitions of homeland security should there 
be an effort to make sure natural disasters continue to be 
included in the definition?
    Ms. Caudle. Well, certainly. The new homeland security 
definition, although it is not in legislation, really speaks to 
the all-hazards approach, from terrorism, natural disasters, 
accidents, and the like, so you really have encompassed in 
homeland security all of the threats and hazards or drivers of 
those threats and hazards that are important.
    The inclusion or non-inclusion almost became moot after 
Hurricane Katrina because the country realized that natural 
disaster--the Deepwater Horizon oil spill also was another 
indicator of these are the types of threat and hazards that are 
not just terrorism that the country should be paying attention 
to.
    Ms. Clarke of New York. Thank you, Mr. Chairman. I yield 
back.
    Mr. McCaul. I thank you.
    Let me just--I would like to enter into the record, if 
there is no objection, the Texas Border Coalition report. It 
basically says without strategy America's border security 
blunders facilitate and empower Mexican drug cartels. It says 
America's border security effort lacks strategic direction and 
operates on an ad hoc basis. So without objection, I would like 
to enter this report into the record, as well.
    [The information follows:]
                Statement of the Texas Border Coalition
                            January 12, 2012
  without strategy: america's border security blunders facilitate and 
                     empower mexico's drug cartels
    The United States Government spent about $90 billion over the past 
decade to secure the U.S.-Mexico border.\1\ The results are mixed, with 
apprehension rates up to 90 percent for undocumented persons seeking to 
cross the frontier between designated U.S.-Mexico border crossings, yet 
the Mexican drug cartels continue to enjoy commercial success smuggling 
more drugs than ever into the country through the legal border 
crossings.\2\
---------------------------------------------------------------------------
    \1\ ``$90 billion spent on border security, with mixed results,'' 
Boston Globe, June 26, 2011, Martha Mendoza, Associated Press.
    \2\ Ibid.
---------------------------------------------------------------------------
``America's border security effort lacks strategic direction and 
        operates on an ad hoc basis.''
    A significant part of the $90 billion Government expense has been 
the deployment of U.S. military forces, including the National Guard, 
to supplement Border Patrol and Customs and Border Protection forces on 
the Mexican border. A recent Government Accountability Office briefing 
on the costs and benefits of the Department of Defense role in securing 
the Southwest land border reported that DOD officials ``are concerned 
that there is no comprehensive southwest border security strategy'' and 
the National Guard's role has been ``ad hoc.''\3\
---------------------------------------------------------------------------
    \3\ Observations on the Costs and Benefits of an Increased 
Department of Defense Role in Helping to Secure the Southwest Land 
Border, GAO-11-856R September 12, 2011.
---------------------------------------------------------------------------
    As the United States spent $90 billion seeking to secure the 
Southwest Border, the Mexican cartels have continued to smuggle 
cocaine, heroin, and methamphetamine through the legal border crossings 
in California and South Texas, and marijuana between border crossings 
in remote areas of Arizona.\4\ They generally smuggle smaller loads of 
cocaine, heroin, and methamphetamine in non-commercial vehicles (cars, 
SUVs, and pickup trucks) to blend in with cross-border traffic.\5\
---------------------------------------------------------------------------
    \4\ U.S. Department of Justice National Drug Intelligence Center 
``National Drug Threat Assessment 2011'' August 2011.
    \5\ Office of National Drug Control Policy, the White House, 
``National Southwest Border Counternarcotics Strategy'', June 2009.
---------------------------------------------------------------------------
    As the Mexican drug cartels flourish in the face of $90 billion 
spent to secure the border through which they conduct their trade, the 
United States continues to focus on border security tactics grounded in 
operation that began in the 1990s when an anti-immigration backlash 
fueled crackdowns code-named ``Operation Gatekeeper'' and ``Operation 
Hold-the-Line.'' Debates in Congress focus on building more fences and 
walls and whether to snuff environmental protections for public lands 
on the Southwest and Northern Borders.
``The legal border crossings on the U.S. southwestern border have 
        become America's weakest border security link.''
    As reported by the Department of Defense and the Government 
Accountability Office, America's border security effort lacks strategic 
direction and operates on an ad hoc basis. Without a strategy, America 
will continue to lose the border security war to the better financed, 
equipped, more mobile and agile drug cartels. Our National success 
depends on defining and executing a strategy to defeat the cartels 
attacking our Nation.
    The legal border crossings on the U.S. Southwestern Border have 
become America's weakest border security link. Since the cartels choose 
to smuggle most of their products through the border crossings, a 
sensible strategy would be to attack their trade where it occurs and 
anticipate where their smuggling operations might move in response. 
Yet, the Department of Homeland Security has chosen to ignore these 
developments and refused to develop a strategy to confront them.
    Budget forecasts by Department of Homeland Security officials 
suggest no new funding for border security infrastructure at the 
official border crossings for many years and personnel accounts will 
essentially remain static during that time.\6\ While new equipment may 
become available, some cannot be utilized because the electrical 
facilities at the border crossings are outdated and inadequate to 
support the expensive new tools.
---------------------------------------------------------------------------
    \6\ ``Meeting Land Port of Entry Modernization Needs in Constrained 
Budgetary Environment,'' presentation by Mikhail Pavlov to the Joint 
Working Committee, October 2011.
---------------------------------------------------------------------------
    Congress and the administration confront a choice when considering 
strategic directions for securing the U.S-Mexican border. At a minimum, 
the Texas Border Coalition recommends that Congress and the President 
have a strategy rather than addressing this challenge ad hoc.
``Spending additional billions of dollars on more fencing-walls or 
        exempting the Border Patrol from the rule of law should be 
        lower priorities until the border crossings can be made 
        functional in securing our borders.''
    The strategic paths forward offer a choice between closing the gaps 
between the border crossings, where criminals face a 90 percent 
likelihood of apprehension, or addressing the inadequate 
infrastructure, technology, and law enforcement personnel at the 
Southwest Border crossings where criminals are less challenged by an 
apprehension rate of merely 28 percent.
    The Texas Border Coalition suggests that the only reasonable path 
forward is to refocus our border security priorities where our Nation 
is most vulnerable: At the legal border crossings. Spending additional 
billions of dollars on more Border Patrol agents, fencing-walls, or 
exempting the Border Patrol from the rule of law should be lower 
priorities compared to making the official border crossings functional 
in securing our borders.
    To choose the other path and continue to fight the border security 
war where it has been won (between the border crossings) and to 
continue to surrender the war where we are losing (at the border 
crossings) is to threaten our National and border security and resign 
our Nation to defeat.
    This document is focused on the security aspects of border 
strategy, especially as they related to Mexican drug cartels. There are 
additional benefits to improving the security at America's border 
crossings, including facilitation of legitimate trade and travel with 
Mexico, providing a major benefit to the American economy and jobs.
    U.S. manufacturers and consumers depend on ready access to Mexican 
markets and goods. U.S. exporters serve the Mexican market and profit 
from foreign sales. Border region businesses in Arizona, California, 
New Mexico, and Texas tie their livelihoods to trade and create jobs 
for American workers. Mexico is America's third-largest trading partner 
behind only Canada and China.
    U.S.-Mexico trade totals $400 billion, a nearly five-fold increase 
since the enactment of the North American Free Trade Agreement (NAFTA), 
with most goods crossing via commercial truck. More than 13,000 trucks 
bring over $630 million worth of goods into the United States from 
Mexico every day. U.S. exports to Mexico total $163 billion.\7\
---------------------------------------------------------------------------
    \7\ U.S. Department of Commerce, Bureau of the Census, Foreign 
Trade Division annual report, 2010, Washington, DC.
---------------------------------------------------------------------------
    As a matter of general strategy, America cannot solve our budgetary 
problems solely by cutting expenses. We must increase our revenues. 
Making our border crossings more efficient in conducting legal trade 
with both Canada and Mexico will increase our National revenues and 
give us the resources to fight the other problems we face in our 
borders.
                       border security background
    The U.S. Government divides its effort to enforce the land border 
with Mexico into two parts: One at the border crossings and the other 
between them. Along the nearly 2,000-mile border with Mexico, 42 
official border crossings--located on bridges in Texas and on highways 
in California, Arizona, and New Mexico--connect the two nations, under 
the command of U.S. Customs and Border Protection (CBP). The CBP has 
multiple responsibilities, including facilitation of legal travel 
across the borders as well as defending against terrorist intrusions. 
Within CBP, the U.S. Border Patrol has responsibility for policing the 
vast areas that separate the border crossings. CBP Officers handle 
traffic through the official border crossings.
``The probability of an illegal crosser being apprehended by law 
        enforcement between the border crossings is about 90 percent; 
        the probability of an illegal crosser being apprehended 
        attempting to enter the U.S. at the border crossings is about 
        30 percent.''
    Since 1993, the United States has engaged in a long-term effort to 
increase enforcement on the Southwest land border with Mexico. It has 
invested heavily in manpower, technology, transportation, and 
infrastructure to arrange a multi-layered defense against illegal 
activities, but that investment has lacked balance.
    The investment in deterrence has been greatest between the border 
crossings; in contrast, the investment at the border crossings 
themselves has been relatively small. This imbalance has produced a 
substantial differential of risk to those who seek to penetrate the 
border to cause harm to U.S. security. While there is admitted weakness 
in some of the data, the probability of an illegal crosser being 
apprehended by law enforcement between the border crossings is about 90 
percent; the probability of an illegal crosser being apprehended 
attempting to enter the United States at the border crossings is less 
than 30 percent.
    This imbalanced deterrence contributes to America's vulnerability 
to the Mexican drug cartels, terrorists, and traffic in people and 
contraband at the designated border crossings.
                      between the border crossings
    Since 1993, the number of agents deployed to secure the borders 
between the border crossings has more than sextupled from 4,000 to a 
projected total of 24,285 in 2012.\8\ The Border Patrol budget has 
increased nine-fold over the same period from $400 million to $3.6 
billion.\9\
---------------------------------------------------------------------------
    \8\ Congressional Budget Justification, Fiscal 2012, U.S. 
Department of Homeland Security, Washington, DC, February 2009.
    \9\ Ibid.
---------------------------------------------------------------------------
``In 2010, the value of cross-border travel at the U.S. border 
        crossings and exports with Mexico and Canada totaled more than 
        $791 billion.''
    The vastly expanded effort between the border crossings accelerated 
in the aftermath of the September 11, 2001 attacks and the 2003 
incorporation of the Border Patrol into the new Department of Homeland 
Security. Prior to September 11, 2001, the Border Patrol's priority was 
to prevent the illegal entry of people and contraband into the United 
States between the border crossings. After the September 11 attacks, 
fighting terrorism was established as one of the agency's prime 
responsibilities.
    In addition, Congress funded construction of 670 miles of border 
fence, now completed at a cost to taxpayers of over $2.4 billion,\10\ 
and an electronic detection system that has been canceled and restarted 
at a cost exceeding $1 billion.\11\
---------------------------------------------------------------------------
    \10\ GAO-09-896 Secure Border Initiative: Technology Deployment 
Delays Persist and the Impact of Border Fencing Has Not Been Assessed, 
Washington, DC, September 2009.
    \11\ Ibid.
---------------------------------------------------------------------------
                        at the border crossings
    Despite expanded responsibility and an exponential increase in 
legitimate trade and tourism across the Southwestern Border as a result 
of the North American Free Trade Agreement's ratification in 1993, the 
enforcement budget for Customs inspection personnel has seen a paltry 
boost when compared to the sharp increase in funding for the Border 
Patrol. Funding for inspectors increased from $1.6 billion in 1993 to 
$2.9 billion in 2012.\12\ Of that 80 percent increase over 19 years, 
nearly three-quarters was consumed by rising inflation.
---------------------------------------------------------------------------
    \12\ Congressional Budget Justification, Fiscal 2012, U.S. 
Department of Homeland Security, Washington, DC, February 2009.
---------------------------------------------------------------------------
    The United States has 163 official border crossings. The General 
Services Administration (GSA) owns 96.5 and leases 22.5. The National 
Park Service owns one. CBP owns the remaining 43, of which 39 are 
located on the Northern Border. The CBP border crossings are relatively 
low-volume entry points, such as those on the Canadian border that 
handle fewer the 100 vehicles a day, while the GSA border crossings 
tend to be larger and have higher traffic volumes, such as at Laredo, 
Texas, which sees several hundred every minute.\13\
---------------------------------------------------------------------------
    \13\ OIG-10-05, Review of the U.S. Customs and Border Protection 
Expenditure Plans for the American Recovery and Reinvestment Act of 
2009, Depart of Homeland Security Office of the Inspector General, 
Washington, DC, October 22, 2009.
---------------------------------------------------------------------------
    On the U.S.-Mexico border, there are 52 border crossings in all, of 
which 8 are rail lines, 43 are roadways (24 bridges, 2 dams, and 17 
roads), and 1 is a ferry. For record-keeping purposes, the Government 
divides the crossings into 26 crossing groups, with data from a set of 
neighboring crossings aggregated under the name of a master port.\14\
---------------------------------------------------------------------------
    \14\ Atlas of the Land Entry Ports on the U.S.-Mexico Border, 
Border Policy Research Institute, Western Washington University, 
Bellingham, Washington, Fall 2010.
---------------------------------------------------------------------------
``The emphasis on Border Patrol enforcement between the border 
        crossings has shifted factors of risk associated with illegal 
        crossings.''
    United States and Mexico facilitate 240 million legal crossings a 
year, nearly 30,000 per hour. The United States' two largest export 
markets are Canada and Mexico. In 2010, the value of cross-border 
travel at the U.S. border crossings and exports with Mexico and Canada 
totaled more than $791 billion.\15\ Three out of four of all legal 
entries into the United States occur at an official border 
crossing.\16\
---------------------------------------------------------------------------
    \15\ U.S. Department of Transportation Bureau of Transportation 
Statistics, Trans-Border Freight Data, http://www.bts.gov/programs/
international/transborder.
    \16\ GAO-08-329T: Despite Progress, Weaknesses in Traveler 
Inspections Exist at Our Nation's Border Crossings: Statement of 
Richard M. Stana, Director, Homeland Security and Justice Issues, 
Washington, DC, January 3, 2008.
---------------------------------------------------------------------------
                       roles not interchangeable
    The operational roles of the Border Patrol and CBP inspection 
officers are not interchangeable. Few recommend attempting to solve the 
imbalance between the two forces by reassigning Border Patrol agents to 
the border crossings. Besides weakening security between the border 
crossings, the training and outlook of the two forces does not qualify 
Border Patrol agents to substitute for CBP officers.
    The primary activity of a Border Patrol agent is to Line Watch: To 
detect, prevent, and apprehend terrorists, undocumented aliens and 
smugglers. The Border Patrol does not recognize any legitimate activity 
in crossing the border between the border crossings.
``Apprehensions of persons seeking to enter the United States between 
        the border crossings--where all entries are illegal--has fallen 
        to levels not seen since 1970s, as the enhanced manpower, 
        mobility, communications, technology, and infrastructure have 
        been brought to bear on the traffic.''
    While CBP officers also defend against terrorist intrusion by 
identifying high-risk individuals who are attempting to enter into the 
United States at the border crossings and stopping criminal activities, 
they have additional responsibilities that are quite different from the 
function of Border Patrol agents. CBP officers are responsible for 
regulating and facilitating legitimate international trade and travel, 
collecting import duties, and enforcing hundreds of U.S. regulations, 
including trade, drug, and immigration laws. CBP officers must be able 
to distinguish between legitimate activities and those that violate our 
laws as they interact with the public in a polite and respectful 
manner.
                         multi-layered strategy
    The multi-layered strategic deterrence built by the Border Patrol 
between the border crossings has increased the difficulty of illegal 
crossings, although controversy remains about the deterrence associated 
with individual layers or whether the effort actually deters migrants 
who are determined to the enter the United States to improve the 
economic state of their families.\17\
---------------------------------------------------------------------------
    \17\ Evaluating U.S. Immigration Control Policy: What Mexican 
Migrants Can Tell Us, Wayne Cornelius, Director, Center for Comparative 
Immigration Studies, University of California, San Diego, CA, April 14, 
2009.
---------------------------------------------------------------------------
    The emphasis on Border Patrol enforcement between the border 
crossings has shifted factors of risk associated with illegal 
crossings. Interviews with migrants show that the use of ``coyotes'' 
\18\ for illegal crossings has increased markedly, which boosts the 
probability of successful illegal entry. This demand has also increased 
the cost of services.\19\
---------------------------------------------------------------------------
    \18\ A coyote or pollero is a professional criminal specializing in 
smuggling humans across the United States border from Mexico for a fee 
paid in advance.
    \19\ Evaluating U.S. Immigration Control Policy: What Mexican 
Migrants Can Tell Us, Wayne Cornelius, Director, Center for Comparative 
Immigration Studies, University of California, San Diego, CA, April 14, 
2009.
---------------------------------------------------------------------------
                            weakness of data
    The lack of statistically reliable data related to the number of 
undocumented aliens residing in or entering the United States year-
over-year hampers effective analysis related to border security. In 
addition, in spite of the data's inherent weakness, Department of 
Homeland Security agencies consider some volumes of related data to be 
``law enforcement sensitive'' and restrict public and academic access 
to it. 


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    For instance, estimating the flow of undocumented migrants is often 
an approximation based on apprehension data reported by DHS. The 
estimated probability of apprehension is often based on factors that 
include the number of Line Patrol hours of Border Patrol staff and the 
relative strengths and weaknesses of U.S. and Central American 
economies. More recently, this data has been supplemented by classified 
data compiled by DHS based on observation from unmanned aerial vehicles 
patrolling the border. While the comparison of apprehensions at and 
between the border crossings is not as precise as would be optimal, the 
estimates included in this report are based on the best available 
existing information, some of which has been publicly supplied by 
Customs and Border Protection Commissioner Alan Bersin.
  between the border crossings--90 percent probability of apprehension
    Apprehensions of persons seeking to enter the United States between 
the border crossings--where all entries are illegal--has fallen to 
levels not seen since 1970s, as the enhanced manpower, mobility, 
communications, technology, and infrastructure have been brought to 
bear on the traffic.
    In addition, increased apprehension rates in most Border Patrol 
sectors, up to 90 percent according to Customs and Border Protection 
Commissioner Alan Bersin, vastly impedes the trafficking of persons 
from Mexico to the United States between the border crossings.\20\
---------------------------------------------------------------------------
    \20\ Border commissioner touts greater enforcement, San Diego Union 
Tribune, January 5, 2011 by Elizabeth Aguilera, and The Border is Safe, 
Federal Officials Say, Texas Tribune, August 17, 2011 by Julian 
Aguilar.
---------------------------------------------------------------------------
    Two notes of caution: The data remains weak, and 90 percent 
apprehension rates do not mean only 10 percent of persons seeking 
illegal entry gain it. In fact, most of those who attempt to enter the 
United States illegally try more than one time, and eventually nearly 
all make it through.
    Another point: The old belief that for every apprehension, three 
more gain entry (the getaway rate) is being proven untrue. Commissioner 
Bersin says that as a result of more reliable data provided by airborne 
surveillance vehicles deployed in the past several years by the Border 
Patrol, the Border Patrol detects far more illegal entries and catches 
a greater percentage of them.\21\
---------------------------------------------------------------------------
    \21\ ``Immigrant arrests nearing 40-year low'' The Arizona Daily 
Star, September 4, 2011 by Brady McCombs.
---------------------------------------------------------------------------
``Only 28 percent of `major violators' attempting to enter the U.S. at 
        the official border crossings are detected and apprehended.''
    Finally, as the Border Patrol improvements in manpower, mobility, 
communications, technology, and infrastructure have made illegal 
crossings more difficult and hazardous, the criminal cartels operating 
in Mexico have moved into the human smuggling market, forcing mom-and-
pop smuggling operations out of business and increasing the cost of 
cross-border transport to would-be immigrants.
    Without the infusion of many billions dollars more, the United 
States has achieved about as much control of illegal entries between 
the border crossings as possible without solving the core problem: Our 
immigration system must be modernized to accommodate immigration needs 
and provide adequate channels for people to legally enter the United 
States so they do not try to go around a broken system. We must have 
comprehensive immigration reform in order to achieve continued 
improvement in the effective control of our borders between the border 
crossings.
    at the border crossings--28 percent probability of apprehension
    According to the most recent data released by the DHS, only 28 
percent of ``major violators'' attempting to enter the United States at 
the official border crossings are detected and apprehended.\22\ In 
addition, CBP reports only 50 to 74 percent success in improving the 
targeting, screening, and apprehension of high-risk international cargo 
and travelers to prevent terrorist attacks, while providing processes 
to facilitate the flow of safe and legitimate trade and travel.\23\ The 
Department, under the claim that the statistics are ``law enforcement 
sensitive,'' has not released more recent data.
---------------------------------------------------------------------------
    \22\ A major violation involves serious criminal activity, 
including possession of narcotics, smuggling of prohibited products, 
human smuggling, weapons possession, fraudulent U.S. documents, and 
other offenses serious enough to result in arrest.
    \23\ Department of Homeland Security Annual Performance Report for 
Fiscal Years 2008-2010, Department of Homeland Security Office of the 
Chief Financial Officer Program Analysis and Evaluation, Washington, 
DC, May 7, 2009.
---------------------------------------------------------------------------
                    strategic response of the enemy
``Nearly all of the drugs smuggled into the U.S., and the guns and bulk 
        cash smuggled into Mexico transits via official border 
        crossings.''
    U.S. border security strategy should not operate in a vacuum. The 
smuggling of drugs and humans into the United States and the smuggling 
of money and firearms into Mexico fuel the criminal cartels operating 
from the Mexican side of the border. The cartels are mature 
organizations, possessing sophisticated communications, transportation, 
and intelligence systems. They are richly informed about the 
environment in which they conduct their criminal operations and highly 
skilled at evaluating risk and executing strategic and tactical 
operations based on risk judgments. One cartel, the Zeta organization, 
``looks very much like any global business organization that can 
quickly, flexibly, and effectively respond to virtually any 
opportunity, challenge, or changing situation.''\24\
---------------------------------------------------------------------------
    \24\ A ``New'' Dynamic in the Western Hemisphere Security 
Environment: The Mexican Zetas and Other Private Armies, Dr. Max G. 
Manwaring. U.S. Army War College Strategic Studies Institute, Carlisle, 
PA, September 25, 2009.
---------------------------------------------------------------------------
    These criminal organizations are capable of discovering and 
exploiting weaknesses between the border crossings, but the Border 
Patrol has developed tactical mobility and agility to identify and 
respond to such threats. When presented with a choice between one path 
that presents a less than 30 percent risk of failure and another that 
presents an up to 90 percent risk of capture, the cartels naturally 
choose the less risky path. In the present environment, the cartels are 
choosing to conduct their trade across the bridges and highways, 
through the sanctioned border crossings and are rejecting the risk of 
crossing the Rio Grande and open desert between the border crossings.
    As reported by Los Angeles Times writer Richard Marosi, ``One of 
the Sinaloa cartel's main pipelines runs through the antiquated U.S. 
port of entry at Calexico, a favorite of smugglers. The inspection 
station sits almost directly on the border, without the usual buffer 
zone of several hundred feet, so inspectors have difficulty examining 
cars in the approach lanes. Drug-sniffing dogs wilt in summer heat that 
can reach 115 degrees . . . Drugs were brought from Sinaloa state to 
Mexicali, Mexico, in bus tires. (The smuggler's) job was to move the 
goods across the border and deliver them to distributors in the Los 
Angeles area, about 200 miles away.
    ``The flow was unceasing, and he employed about 40 drivers, 
lookouts, and coordinators to keep pace.''\25\
---------------------------------------------------------------------------
    \25\ ``Inside the Cartel: Unraveling Mexico's Sinaloa drug cartel'' 
The Los Angeles Times, July 24, 2011 by Richard Marosi.
---------------------------------------------------------------------------
    According to the U.S. Department of Justice National Drug Threat 
Assessment 2010, nearly 90 percent of cocaine, methamphetamine, 
marijuana, heroin, and MDMA smuggled into the United States enters 
through the border crossings. A joint project on U.S.-Mexico Security 
Cooperation coordinated by the Mexico Institute at the Woodrow Wilson 
Center and the Trans-Border Institute at the University of San Diego 
indicates that bulk cash to fuel the Mexican drug cartels' illicit and 
violent activities transits through the border crossings. And while 
data on the smuggling of firearms is incomplete, available information 
points to border crossings as the overwhelming point of entry into 
Mexico.
    The conclusion is irrefutable that nearly all of the drugs smuggled 
into the United States, and the guns and bulk cash smuggled into 
Mexico, transits via the border crossings, a strategic choice made by 
the Mexican cartels because the likelihood of being detected or 
apprehended is three times more likely between the border crossings 
than at them.
                strategic choices for the united states
    Those who mean our Nation harm have adjusted their strategies and 
tactics to reflect situational changes faster than DHS and Congress can 
adjust. Because of the U.S. Government's relative lack of nimbleness, 
DHS and Congress continue to pour billions of dollars of our National 
resources into defending the vast expanses of land between the border 
crossings, a path that the enemy has abandoned, while denying resources 
needed to defend the border crossings that the enemy has chosen to 
directly assault.
    The choice for U.S. policymakers appears clear: Between (1) 
continue on the strategic path that wastes resources and produces fewer 
results by continuing to emphasize border protection between the border 
crossings and (2) changing our strategy to defend against an adroit, 
responsive enemy that is attacking us at the border crossings (while 
preparing for the enemy's next logical move, most likely aimed back to 
the water and the skies).
    As Doris Meissner, former commissioner of the Immigration and 
Naturalization Service, put the choice: ``The more [money] that you 
pour into the Border Patrol and into enforcement between land ports of 
entry (border crossings) . . . the more pressure there is for people to 
misuse the system that gets them through land ports. It's important to 
have a balance of resources between both.''\26\
---------------------------------------------------------------------------
    \26\ Border Security Falls Short In Audit, GAO Criticizes Staffing, 
Training By Spencer S. Hsu, Washington Post, November 6, 2007.
---------------------------------------------------------------------------
``The more [money] that you pour into the Border Patrol and into 
        enforcement between border crossings, the more pressure there 
        is for people to misuse the system that gets them through the 
        legal border crossings.''
    The scenario envisioned by former Commissioner Meissner has already 
been in place for years: A field study conducted in the first quarter 
of 2009 by the Mexican Migration Field Research and Training Program, 
based at the University of California-San Diego, found that more than 
one out of four (28 percent) of unauthorized Mexican migrants 
interviewed for the study had entered the United States on their most 
recent trip to the border through a legal border crossing, either 
concealed in vehicles or using false or borrowed documents. The authors 
noted that ``while crossing the border through a POE costs 
significantly more than crossing in remote areas (people-smugglers can 
charge $5,000 or more for POE crossings), that mode of entry is much 
more likely to yield success.''\27\
---------------------------------------------------------------------------
    \27\ Wayne A. Cornelius, David Fitzgerald, Pedro Lewin-Fischer, and 
Leah Muse-Orlinoff, Mexican Migration and the U.S. Economic Crisis: A 
Transnational Perspective (Boulder, CO: Lynne Rienner Publishers, 
2009), pp. 61-62.
---------------------------------------------------------------------------
    Reports from the Government Accountability Office (GAO) have 
described the situation at the border crossings as inadequate to the 
task of protecting the Nation. GAO found that managers at 19 of 21 
border crossing offices cited examples of anti-terrorism activities not 
being carried out, new or expanded facilities that were not fully 
operational, and radiation monitors and other inspection technologies 
not being fully used because of staff shortages. At seven of the eight 
major border crossings GAO visited, officers and managers told of not 
having sufficient staff, which contributes to morale problems, fatigue, 
lack of backup support, and safety issues when officers inspect 
travelers--``increasing the potential that terrorists, inadmissible 
travelers, and illicit goods could enter the country.''\28\
---------------------------------------------------------------------------
    \28\ GAO-08-329T: Despite Progress, Weaknesses in Traveler 
Inspections Exist at Our Nation's Border Crossings: Statement of 
Richard M. Stana, Director Homeland Security and Justice Issues, 
Washington, DC, January 3, 2008.
---------------------------------------------------------------------------
    Although they refused to make the data publicly available for years 
because they classified it as law enforcement sensitive, DHS officials 
recently acknowledged publicly that for the border crossings to 
successfully complete their mission, the agency needs 6,000 additional 
personnel and $6 billion in funding for infrastructure and 
technology.\29\
---------------------------------------------------------------------------
    \29\ ``Meeting Land Port of Entry Modernization Needs in 
Constrained Budgetary Environment,'' presentation by Mikhail Pavlov to 
the Joint Working Committee, October 2011.
---------------------------------------------------------------------------
``DHS officials recently acknowledged publicly that for the border 
        crossings to successfully complete their mission, the agency 
        needs 6,000 additional personnel and $6 billion in funding for 
        infrastructure and technology.''
    In response, Congress has allocated zero dollars to border crossing 
infrastructure in fiscal 2011 and is likely to refuse to add funds in 
fiscal 2012. House and Senate appropriators have both approved adding 
350 new CBP inspectors in fiscal 2012, but acknowledge that declining 
customs revenues will force a reduction of an equal number available to 
the agency, making the added personnel a net of zero. While technology 
is in the pipeline for delivery to the border crossings, a lack of 
adequate electric infrastructure often makes new equipment useless.
    Instead of dealing with the strategic threat to the United States, 
Congress has chosen to focus legislation to deploy more Border Patrol, 
build additional walls and fences and exempt the Border Patrol from 
regulations that protect communities' air and water, safeguard our 
public lands and honor our cultural and historic heritage.
                 texas border coalition recommendations
    The Texas Border Coalition suggests that mandating more Border 
Patrol, fencing and waiving environmental law reflects an ineffective, 
anachronistic strategy that has not kept pace with developments at the 
border or with the risk assessments made by the criminal cartels. TBC 
urges Congress and the Obama administration to restore balance to 
border security at and between the border crossings by engaging in an 
emergency program to provide the border crossings with $6 billion in 
funding for infrastructure and technology and to employ 6,000 new 
inspectors on America's front line over the next 4 years.
    It is important that the new inspectors must be assigned to the 
front lines of the border crossings where they are needed, not to 
supervisory roles. According to GAO, prior personnel buildups at the 
border crossings have resulted in a 17 percent increase in CBP managers 
and only a 2 percent increase in the number of front-line CBP 
officers.\30\ Anecdotally, there is evidence of this pattern over a 
period of many years. The Nation's security cannot afford to see an 
intended increase in front-line inspectors siphoned off to the 
management level of CBP.
---------------------------------------------------------------------------
    \30\ GAO-06-751R, Information on Immigration Enforcement and 
Supervisory Promotions in the Department of Homeland Security's 
Immigration and Customs Enforcement and Customs and Border Protection, 
Washington, DC, June 13, 2006.
---------------------------------------------------------------------------
``TBC urges Congress and the Obama Administration to restore balance to 
        border security at and between the ports by engaging in an 
        emergency program to provide the border crossings with $6 
        billion in funding for infrastructure and technology and to 
        employ 6,000 new inspectors on America's front line over the 
        next four years.''
    In addition, the TBC commends the leadership of many border 
Representatives in Congress for their attention to developing a real 
strategy for confronting the criminal cartels and security on the U.S.-
Mexico border. We especially wish to salute Michigan Representative 
Candice Miller, Chair of the House Subcommittee on Border and Maritime 
Security, and Texas Representative Henry Cuellar, Ranking Democrat on 
the subcommittee, for advancing legislation requiring the Department of 
Homeland Security to develop strategy for securing borders within 5 
years.
    Finally, TBC agrees with CBP Commissioner Alan Bersin that public-
private partnerships (PPPs) are vital to fund the projects necessary to 
handle the ever-increasing trade between the United States and Mexico. 
Since CBP officials have announced that any PPP relationship would 
require a new law, we propose legislation be enacted to authorize 
public-private partnerships for expenses at border crossings.
                                summary
    In a world of asymmetrical threats to U.S. security, the United 
States cannot rely on outmoded tactics rooted in the past to defend the 
homeland today. It is vital that Congress and the Obama administration 
take immediate action to strengthen our Nation's weakest link in border 
security: American Southwestern Border crossings must be strengthened 
with a crash program of $6 billion to bring our infrastructure up to 
requirements and the hiring of 6,000 additional Customs inspectors.

    Mr. McCaul. I want to thank the witnesses for attending 
this portion of the hearing, and, Dr. Caudle, for you flying 
all the way out from my home State of Texas; I really 
appreciate your testimony here today.
    We have votes coming up so we are going to adjourn this 
panel. We should be back around 11:45 to begin the testimony of 
the second panel. Thank you.
    [Recess.]
    Mr. McCaul. The committee will come back to order. I know 
many of us have flights to catch so I would like to--the 
Ranking Member will be here shortly, but I think in the 
interest of time we are going to go ahead and proceed.
    I would like to go ahead and introduce the witnesses and 
then hear their testimony. First we have Mr. Shawn Reese, who 
is an expert on homeland security policy at CRS. He has written 
numerous reports for Congress at the Federal, State, and local 
levels on homeland security policy issues.
    He has testified before the House Government Reform and 
Oversight Committee and the House Homeland Security Committee 
on Federal counterterrorism training programs. Prior to coming 
to CRS Mr. Reese was an officer in the United States Army for 
10 years.
    Welcome, Mr. Reese.
    Next we have Mr. David Maurer, who is the director in the 
U.S. GAO homeland security and justice team, where he leads 
GAO's work reviewing DHS and DOJ management issues. His recent 
work in these areas includes examining DHS management 
integration, the Quadrennial Homeland Security Review, Secret 
Service financial management, DOJ grant management, the Federal 
prison system, and an assessment of technologies for detecting 
explosives in the passenger rail environment.
    Welcome, Mr. Maurer.
    Last we have Alan Cohn. He is deputy assistant secretary 
for policy at the Department of Homeland Security. He was 
formerly a director of emergency preparedness and response 
policy in the DHS Office of Policy Development and counsel at 
Akin Gump Strauss Hauer & Feld, a very good Texas law firm.
    He took part in the response to the 1993 World Trade Center 
bombing as an emergency medical technician in New York City and 
the response to the 9/11 attacks--and we thank you for your 
service in that regard--then the 2005 hurricane season as a 
member of FEMA's National Urban Search and Rescue Response 
System.
    I want to thank you all for being here today, and the 
Chairman now recognizes Mr. Reese for his testimony.

  STATEMENT OF SHAWN REESE, ANALYST, EMERGENCY MANAGEMENT AND 
    HOMELAND SECURITY POLICY, CONGRESSIONAL RESEARCH SERVICE

    Mr. Reese. Chairman McCaul, Ranking Member Keating, and 
Members of the subcommittee, on behalf of the Congressional 
Research Service I would like to thank you for this opportunity 
to appear before you to discuss the homeland security strategy. 
CRS was asked to discuss National policy on homeland security 
as communicated in National strategic documents.
    My written statement addresses key findings, which include 
the absence of a consensus definition of homeland security and 
varied strategic missions that may result in a vague homeland 
security concept. I will briefly discuss the various homeland 
security definitions and missions identified in National 
strategic documents.
    A consensus definition is necessary but not sufficient. A 
clear prioritization of strategic missions is what is needed.
    Prior to 9/11 the United States addressed crises primarily 
through separate prisms of National defense, law enforcement, 
emergency management. Nine-eleven prompted a strategic process 
that included the debate over and the development of homeland 
security policy.
    Today, this homeland security policy debate and development 
has resulted in a plethora of Federal entities with homeland 
security responsibilities. For example, there are 18 Federal 
departments with homeland security responsibilities excluding 
DHS, and OMB states that approximately 48 percent of Federal 
homeland security funding is appropriated to these Federal 
entities.
    The concept of homeland security evolved over the last 
decade, and this evolution has been communicated in several 
strategic documents. As stated earlier, they include the 
National Strategy for Homeland Security, the DHS Strategic Plan 
of 2008, the 2010 National Security Strategy, the 2010 
Quadrennial Homeland Security Review, the 2010 Bottom-Up 
Review, and the 2011 National Strategy for Counterterrorism.
    While definitions and mission embodied in these strategic 
documents have commonalities, there are significant 
differences. Natural disasters are specifically identified as 
an integral part of homeland security in only four of the six 
documents, and only two of the documents--the Bottom-Up Review 
and the Strategic Plan--specifically include border and 
maritime security and immigration in their homeland security 
definition.
    All of these mentioned issues are important and require 
significant funding. However, the lack of consensus about the 
inclusion of these areas of policy may have negative or 
unproductive consequences for National homeland security 
activities.
    A consensus definition is necessary but not sufficient. A 
clear priority of strategic missions is what is needed.
    So why is this important to Congress? As deficit reduction 
causes demand for reduced Federal spending Congress will likely 
pay more stringent attention to homeland security funding. With 
reduced funds comes the need for higher degrees of 
organization, focus, and clarity about the purpose and 
objectives of homeland security.
    Additionally, if homeland security policy priorities are 
unclear Congress' ability to provide effective oversight may be 
hampered. For example, how can policymakers determine whether 
to authorize and fund additional personnel for such areas as 
border security as opposed to aviation security?
    What are the priorities of homeland security and how do 
such priorities help determine the right choice between 
additional border patrol agents or aviation security screeners? 
Limited resources heightens the importance of prioritization.
    Additionally, Congress, due to its oversight function, 
evaluates the execution of current homeland security policies. 
For example, do the DHS homeland security grant programs 
provide a measurable impact on State and local security? What 
strategic missions are expected to be fulfilled through the 
expenditure of grant funds? Where do those missions fit 
relative to one another in terms of priority?
    In closing, a vague homeland security concept may hamper 
Congressional authorization, appropriation, and oversight 
functions. It may also restrict the Executive Branch's ability 
to prioritize and implement policy initiatives. Failure to 
effectively prioritize and utilize homeland security 
investments today can affect the Nation's security and 
potential vulnerability tomorrow.
    I will conclude my testimony here. If CRS may be of further 
assistance to you I and my colleagues are here to assist.
    Once again, thank you for the privilege to appear before 
you today.
    [The statement of Mr. Reese follows:]
                   Prepared Statement of Shawn Reese
                            February 3, 2012
                              introduction
    Chairman McCaul, Ranking Member Keating, and Members of the 
subcommittee, on behalf of the Congressional Research Service I would 
like to thank you for this opportunity to appear before you to discuss 
National homeland security strategy.
    The subcommittee requested that CRS discuss National policy on 
homeland security as communicated in National strategic documents and 
the report CRS is developing on Homeland Security Definitions, and 
Missions.
    Accordingly, my statement summarizes the salient portions of this 
CRS work, and addresses key findings which include the absence of a 
universal definition of homeland security and varied strategic 
missions. Ten years after the September 11, 2001, terrorist attacks, 
the U.S. Government does not have a universal view of ``homeland 
security.''
    Currently, different strategic documents and mission statements 
offer varying homeland security missions. The strategic documents 
framing the U.S. homeland security mission include National strategies 
produced by the White House and strategy statements developed by the 
Department of Homeland Security (DHS). The White House has produced 
documents such as the 2007 National Strategy for Homeland Security, the 
2010 National Security Strategy, and the National Strategy for 
Counterterrorism. DHS has developed the Strategic Plan--One Team, One 
Mission, Securing the Homeland; the Quadrennial Homeland Security 
Review; and the Bottom-Up Review.
    Varied homeland security definitions and missions may impede the 
development of a coherent homeland security strategy, and the 
effectiveness of Congressional oversight may be hampered. This written 
testimony discusses examples of the varying homeland security 
definitions and missions identified in the aforementioned White House 
and DHS documents, and analyzes the policy question of how varied 
homeland security definitions and missions may affect the development 
National homeland security policy. This testimony, however, does not 
examine DHS' implementation of strategy.
           issuance of homeland security strategic documents
    The evolution of U.S. homeland security strategy produced a series 
of White House and DHS documents. President George W. Bush's 
administration's issuance of a National homeland strategy was 
foundational in this process. The 2002 National Strategy for Homeland 
Security was described as a grand strategy.\1\ Five years later, the 
administration issued a second version and its purpose was `` . . . to 
guide, organize, and unify our Nation's homeland security efforts.''\2\ 
Some critics, however, argued that while the 2002 version had merit, 
the 2007 version of the strategy `` . . . obfuscates rather than 
clarifies the government's homeland security mission. ''\3\ Conversely, 
others state that the 2007 version was a comprehensive effort that 
attempted to define America's homeland security mission.\4\
---------------------------------------------------------------------------
    \1\ Richard A. Falkenrath, ``Homeland Security: The White House 
Plan Explained and Examined,'' Brookings Forum, Washington, DC, 
September 4, 2002, p. 4.
    \2\ Office of the President, Homeland Security Council, The 
Homeland Security Strategy, Washington, DC, October 2007, p. 1.
    \3\ James Jay Carafano, New Homeland Security Misses the Mark, 
Heritage Foundation, Washington, DC, October 10, 2007, http://
heritage.org/Research/HomelandDefense/wm1659.cfm.
    \4\ Christopher Bellavita, ``Changing Homeland Security: Ten 
Essential Homeland Security Books,'' Homeland Security Affairs, vol. 3, 
no. 1 (February 2007), pp. 3-4.
---------------------------------------------------------------------------
    Subsequent to these two versions of the National homeland security 
strategy, President Barack Obama's administration issued the 2010 
National Security Strategy and the 2011 National Strategy for 
Counterterrorism. DHS issued the Strategic Plan--One Team, One Mission, 
Securing Our Homeland; the 2010 Quadrennial Homeland Security Review; 
and the Bottom-Up Review.
    These documents, collectively, are an example of the numerous 
strategies that have been issued that address homeland security. These 
strategic documents provide varied homeland security definitions and 
missions. Additionally, some of the documents do not prioritize 
resources to address the varied homeland security missions.
                       homeland security defined
    It has been argued that homeland security is a ``uniquely'' 
American concept, developed because of geography and an American belief 
in a distinct divide between events and issues inside and outside of 
U.S. borders. Homeland security development as a strategic concept was 
precipitated by the terrorist attacks of 9/11. Prior to those attacks, 
National policy was typically described as law enforcement, emergency 
response, and National defense. Discussions of the need to evolve the 
way National policy was conceptualized occurred with such entities as 
the Gilmore Commission \5\ and the United States Commission on National 
Security (which referenced homeland security early in 2001).\6\
---------------------------------------------------------------------------
    \5\ For information on the Gilmore Commission, see http://
www.rand.org/nsrd/terrpanel.html. The Gilmore Commission was 
established prior to 9/11, however, it released its fifth and final 
report in December 2003.
    \6\ For information on the U.S. Commission on National Security, 
see http://www.fas.org/irp/threat/nssg.pdf. The U.S. Commission on 
National Security was established in 1998 and issued its final report 
in February 2001.
---------------------------------------------------------------------------
    After the 9/11, policymakers realized a new approach was needed to 
address large-scale terrorist attacks. The establishment of a 
Department, a Presidential council, and a series of Presidential 
directives in the name of ``homeland security'' occurring after 9/11 
further demonstrated that it was a distinct, although in these cases, 
undefined concept.\7\ Later, the Federal, State, and local government 
responses to disasters such as Hurricane Katrina expanded the homeland 
security definition to include significant disasters, major public 
health emergencies, and other events that threaten the United States, 
the economy, and the rule of law, and Government operations.\8\
---------------------------------------------------------------------------
    \7\ Harold C. Relyea, ``Homeland security and information,'' 
Government Information Quarterly, vol. 19, 2002, p. 219.
    \8\ Nadav Morag, ``Does Homeland Security Exist Outside the United 
States?,'' Homeland Security Affairs, vol. 7, September 2011, p. 1.
---------------------------------------------------------------------------
Homeland Security Definitions
    The debate over the varied definitions persists as the Federal 
Government continues to issue and implement homeland security strategy. 
All of the strategic documents discussed in this written testimony 
define homeland security as security efforts, however, each one defines 
these efforts in different terms. Examples of these documents include 
the 2007 and 2010 National Security Strategy, the Strategic Plan--One 
Team, One Mission, Securing Our Homeland; the 2010 Quadrennial Homeland 
Security Review; and the Bottom-Up Review.
    Additionally, these documents provide further information on the 
homeland security concept. This information is not necessarily what 
homeland security is, but rather what it entails or how it is achieved. 
This conceptualization is both explicitly and implicitly implied, and 
includes the following:
   the homeland security enterprise encompasses a Federal, 
        State, local, Tribal government and private sector approach 
        that requires coordination;
   that homeland security can involve securing against and 
        responding to both hazard-specific and all-hazards;
   that homeland security activities do not imply total 
        protection or complete threat reduction;
   homeland security includes the need to ensure that the U.S. 
        critical infrastructure, key assets, and economy are resilient; 
        and
   that homeland security includes border, waterway, and marine 
        security.
    The following table provides examples of U.S. strategy documents 
and their homeland security definitions.

           TABLE 1.--SUMMARY OF HOMELAND SECURITY DEFINITIONS
------------------------------------------------------------------------
           Document                            Definition
------------------------------------------------------------------------
2010 National Security         A seamless coordination among Federal,
 Strategy.                      State, and local governments to prevent,
                                protect against and respond to threats
                                and natural disasters.\1\
2007 National Strategy for     A concerted National effort to prevent
 Homeland Security.             terrorist attacks within the United
                                States, reduce America's vulnerability
                                to terrorism, and minimize the damage
                                and recover from attacks that do
                                occur.\2\
2010 Quadrennial Homeland      A concerted National effort to ensure a
 Security Review.               homeland that is safe, secure, and
                                resilient against terrorism and other
                                hazards where American interests,
                                aspirations, and ways of life can
                                thrive.\3\
2007 U.S. Department of        A unified National effort to prevent and
 Homeland Security Strategic    deter terrorist attacks, protect and
 Plan, Fiscal Years 2008-2013.  respond to hazards, and to secure the
                                National borders.\4\
2011 National Strategy For     Defensive efforts to counter terrorist
 Counterterrorism.              threats.\5\
2010 Bottom-Up Review.         Preventing terrorism, responding to and
                                recovering from natural disasters,
                                customs enforcement and collection of
                                customs revenue, administration of legal
                                immigration services, safety and
                                stewardship of the Nation's waterways
                                and marine transportation system, as
                                well as other legacy missions of the
                                various components of DHS.\6\
------------------------------------------------------------------------
\1\ Office of the President, National Security Strategy, Washington, DC,
  May 2010, p. 2.
\2\ Office of the President, Homeland Security Council, The National
  Homeland Security Strategy, Washington, DC, October 2007, p. 1.
\3\ U.S. Department of Homeland Security, Quadrennial Homeland Security
  Review, Washington, DC, February 2010, p. 13.
\4\ U.S. Department of Homeland Security, One Team, One Mission,
  Securing the Homeland: U.S. Homeland Security Strategic Plan, Fiscal
  Years 2008-2013, Washington, DC, 2008, p. 3.
\5\ Office of the President, National Strategy For Counterterrorism,
  Washington, DC, June 29, 2011, p. 11.
\6\ U.S. Department of Homeland Security, Bottom-Up Review, Washington,
  DC, July 2010, p. 3.

Homeland Security Definition: Analysis
    The common themes among the many homeland security definitions are 
that National homeland security efforts are unified, concerted, and 
coordinated across all levels of government. Thus, the importance of 
the Federalism approach to homeland security is highlighted. This 
approach is a combined effort of Federal, State, local, and Tribal 
governments, however, individual Federal, State, local, and Tribal 
government efforts are not identified in the documents. Another common 
theme across all of the documents in defining homeland security is 
preventing, responding to, and recovering from terrorist attacks, which 
is consistent with evolving homeland security policy after the 
terrorist attacks of September 11, 2001.
    The focus of the concept of homeland security communicated in the 
strategy documents differs in regard to two areas that may be 
considered substantive. Natural disasters are specifically identified 
as an integral part of homeland security in four of the six documents, 
but are not mentioned in the 2007 National Strategy for Homeland 
Security and the 2011 National Strategy for Counterterrorism.\9\ Two 
documents--the Bottom-Up Review and the Strategic Plan--specifically 
include border and maritime security, and immigration in their homeland 
security definition. Homeland security issues such as natural disaster 
prevention, response, and recovery; border and maritime security, and 
immigration are important and require significant funding. Failure to 
have consensus on their importance and role in homeland security may 
result in the Nation's efforts being uncoordinated and 
counterproductive.
---------------------------------------------------------------------------
    \9\ Obviously, the National Strategy For Counterterrorism would not 
mention any hazard or threat other than terrorism.
---------------------------------------------------------------------------
    The competing or varied views in these documents may indicate that 
there is no succinct homeland security definition. It is, however, 
possible that such definition exists among relevant policymakers and 
just isn't communicated in the strategic documents. However, without 
such a definition, homeland security stakeholders and policymakers may 
not be able to coordinate and resource homeland security missions 
necessary to secure the Nation. These differing definitions may also be 
attempting to identify and counter every threat and risk with 
prioritization.
    In addition to these strategic document examples, DHS Deputy 
Secretary Jane Lute recently stated that homeland security `` . . . is 
operation, it's transactional, it's decentralized, it's bottom-
driven,'' and influenced by law enforcement, emergency management, and 
the political environment. Conversely, DHS Deputy Secretary Lute stated 
that National security `` . . . is strategic, it's centralized, it's 
top-driven,'' and influenced by the military and the intelligence 
community.\10\ Some see these comments as reflection of a DHS attempt 
at establishing a homeland security definition that is more operational 
than strategic and an illustration of the complexity of a common 
understanding of homeland security.
---------------------------------------------------------------------------
    \10\ Christopher Bellavita, ``A new perspective on homeland 
security?'' Homeland Security Watch, Dec. 20, 2011, http://
www.hlswatch.com/2011/12/20/a-new-perspective-on-homeland-security/.
---------------------------------------------------------------------------
                       homeland security missions
    Varied homeland security definitions may result in all levels of 
government identifying and executing varied missions. These efforts may 
be competing rather than integrated and result in ineffective or 
inefficient security. The examples of strategic documents in this 
written testimony provide numerous homeland security missions such as 
terrorism prevention, response, and recovery; critical infrastructure 
protection and resilience; Federal, State, and local emergency 
management and preparedness; and border security. As noted earlier, 
none of these documents specifically task a homeland security entity or 
stakeholder with these missions. The following table summarizes the 
varied missions identified in these strategic documents.

        TABLE 2.--SUMMARY OF HOMELAND SECURITY MISSIONS AND GOALS
------------------------------------------------------------------------
           Document                        Missions and Goals
------------------------------------------------------------------------
2007 National Strategy for     -Prevent and disrupt terrorist attacks.
 Homeland Security.            -Protect the American people, critical
                                infrastructure and key resources.
                               -Respond to and recover from incidents
                                that do occur.
                               -Strengthen the foundation to ensure long-
                                term success.\1\
U.S. Department of Homeland    -Protect the Nation from dangerous
 Security Strategic Plan,       people.
 Fiscal Years 2008-2013.       -Protect the Nation from dangerous goods.
                               -Protect critical infrastructure.
                               -Strengthen the Nation's preparedness and
                                emergency response capabilities.
                               -Strengthen and unify the Department's
                                operations and management.\2\
Quadrennial Homeland Security  -Prevent terrorism and enhance security.
 Review.                       -Secure and manage our borders.
                               -Enforce and administer our immigration
                                laws.
                               -Safeguard and secure cyberspace.
                               -Ensure resilience to disasters.\3\
                               -Provide essential support to National
                                and economic security.\4\
Bottom-Up Review.............  -Prevent terrorism and enhance security.
                               -Secure and manage borders.
                               -Enforce and manage immigration laws.
                               -Safeguard and secure cyberspace.
                               -Ensure resilience to disasters.
                               -Improve Departmental management and
                                accountability.\5\
2010 National Security         -Strengthen National capacity.
 Strategy.                     -Ensure security and prosperity at home.
                               -Secure cyberspace.
                               -Ensure American economic prosperity.\6\
National Strategy for          -Protect the American people, homeland,
 Counterterrorism.              and American interests.
                               -Eliminate threats to the American
                                people's, homeland's, and interests'
                                physical safety.
                               -Counter threats to global peace and
                                security.
                               -Promote and protect U.S. interests
                                around the globe.\7\
------------------------------------------------------------------------
\1\ Office of the President, Homeland Security Council, National
  Strategy for Homeland Security, Washington, DC, October 2007, p. 1.
\2\ U.S. Department of Homeland Security, One Team, One Mission,
  Securing the Homeland: U.S. Homeland Security Strategic Plan, Fiscal
  Years 2008-2013, Washington, DC, 2008, p. 6-25.
\3\ U.S. Department of Homeland Security, Quadrennial Homeland Security
  Review, Washington, DC, February 2010, p. 2.
\4\ This mission of providing essential support to National and economic
  security was not part of the 2010 Quadrennial Homeland Security
  Review, but has been subsequently added as an additional mission. U.S.
  Government Accountability Office, Quadrennial Homeland Security
  Review: Enhanced Stakeholder Consultation and Use of Risk Information
  Could Strengthen Future Reviews, GAO-11-873, September 2011, p. 9.
\5\ U.S. Department of Homeland Security, Bottom-Up Review, Washington,
  DC, July 2010, pp. i-ii.
\6\ Office of the President, National Security Strategy, Washington, DC,
  May 2010, p. 14.
\7\ Office of the President, National Strategy for Counterterrorism,
  Washington, DC, June 2011, p. 2.

Homeland Security Missions: Analysis
    The missions in these documents identify a consensus that 
preventing, responding to, recovering from, and being resilient against 
terrorist attacks are essential in securing the Nation. Additionally, 
there is an agreement that the Nation's populace, critical 
infrastructure, and key resources need protection from both terrorism 
and disasters. This protection from both terrorism and disasters is 
seen as a key homeland security mission. Some, but not all, of the 
documents include missions related to border security, immigration, the 
economy, and general resilience.
    Some of these documents have been criticized. Senator Susan 
Collins--current Ranking Member, Committee on Homeland Security and 
Governmental Affairs--expressed disappointment in the Quadrennial 
Homeland Security Review and Bottom-Up Review because it does not 
communicate priorities and stated that it does not compare favorably to 
the most recent Quadrennial Defense Review. \11\ The Quadrennial 
Defense Review identifies National security and U.S. military 
priorities and these priorities through a process `` . . . from 
objectives to capabilities and activities to resources.'' \12\ 
Furthermore, the Quadrennial Homeland Security Review missions are 
different from the 2007 National Strategy for Homeland Security\13\ 
missions, and neither identifies priorities, or resources, for DHS, or 
other Federal agencies. Since the National Strategy for Homeland 
Security and the Quadrennial Homeland Security Review missions are 
differing and varied, and because the Quadrennial Homeland Security 
Review does not specifically identify a strategic process to achieve 
the missions, one may assume that this document is solely operational 
guidance. Additionally, critics found the Bottom-Up Review lacking in 
detail and failing to meet its intended purpose.\14\
---------------------------------------------------------------------------
    \11\ U.S. Congress, Senate Committee on Homeland Security and 
Governmental Affairs, Charting a Path Forward: The Homeland Security 
Department's Quadrennial Review and Bottom-Up Review, 111th Cong., 2nd 
sess., July 21, 2010.
    \12\ U.S. Department of Defense, Quadrennial Defense Review, 
Washington, DC, February 2010, p. iii.
    \13\ The 2007 National Strategy for Homeland Security is the most 
recent National strategy specifically on homeland security.
    \14\ Katherine McIntire Peters, ``DHS Bottom-Up Review is long on 
ambition, short on detail,'' GovernmentExecutive.com, July 2010.
---------------------------------------------------------------------------
    Overall, strategic documents intended to provide guidance do not 
identify the same missions for any homeland security entity or 
stakeholder. One example, however, of homeland security entities and 
stakeholders being tasked with specific missions is the National 
Response Framework. The National Response Framework is not a strategy 
document but is a ``guide to how the Nation conducts all-hazards 
response. It is built upon scalable, flexible, and adaptable 
coordinating structures to align key roles and responsibilities across 
the nation, liking all levels of government, nongovernmental 
organizations, and the private sector.''\15\ Some policy makers may 
view the National Response Framework as effective guidance regarding 
all-hazards response and may be a model to develop a similar guide to 
National homeland security missions. The National Response Framework, 
however, does not identify National homeland security missions.
---------------------------------------------------------------------------
    \15\ U.S. Department of Homeland Security, National Response 
Framework, Washington, DC, January 2008, p. i.
---------------------------------------------------------------------------
    There is no evidence in the existing homeland security strategic 
documents that supports the aligning and prioritization of the varied 
missions, nor do any of the documents convey how National, State, or 
local resources are to be allocated to achieve these missions. 
Arguably, without prioritized resource allocation to aligned missions, 
the Nation's homeland security activities and operations may be 
haphazard and inconsistent. Another consequence of the absence of clear 
missions is that available funding then tends to govern the priorities. 
Thus the appropriations process may dictate National homeland security 
missions.
                        analysis of consequences
    Congress may wish to address the issues of homeland security 
strategy, definitions, and missions, in light of the potential for 
significant events to occur much like those of the terrorist attacks of 
September 11, 2001 or natural disasters such as Hurricane Katrina. 
These outstanding policy issues result from the varied definitions and 
missions identified in numerous National strategic documents. 
Additionally, these documents do not consistently address risk 
mitigation associated with the full range of homeland security threats. 
Finally, one piece arguably missing from these documents, and their 
guidance, is a discussion of the resources and fiscal costs associated 
with preparing for low-risk, but high-consequence threats.
    Policymakers are faced with a complex and detailed list of risks, 
or threats to security, for which they then attempt to plan. However, 
managing those risks 99% of the time with even a single failure may 
lead to significant human and financial costs.\16\ The actual end 
product of any homeland security strategic process that involves 
clarifying definitions and missions will invariably aid in this 
planning process though a number of risks may still not be adequately 
countered.
---------------------------------------------------------------------------
    \16\ Donald F. Kettl, System Under Stress: Homeland Security and 
American Politics, 2nd ed., Washington, DC, CQPress, 2007, p. 82.
---------------------------------------------------------------------------
    Homeland security is essentially about managing risks. The purpose 
of a strategic process is to develop missions to achieve that end. 
Before risk management can be accurate and adequate, policymakers must 
coordinate and communicate. That work begins by developing a foundation 
of common definitions of key terms and concepts. It is also necessary, 
in order to coordinate and communicate, to ensure stakeholders are 
aware of, trained for, and prepared to meet assigned missions. Finally, 
this analysis leads to the conclusion that missions are most effective 
when they are the product of a prioritization process based on National 
homeland security interests.
    It has been argued that homeland security, at its core, is about 
coordination because of the disparate stakeholders and risks.\17\ 
Homeland security is not only about coordination of resources and 
actions to counter risks; it is also about the coordination of the 
strategic process policymakers use in determining the risks, the 
stakeholders and their missions, and the prioritization of those 
missions.
---------------------------------------------------------------------------
    \17\ Ibid.
---------------------------------------------------------------------------
    Without a general consensus on the physical and philosophical 
definition and missions of homeland security, achieved through a 
strategic process, there will continue to be the potential for 
disjointed and disparate approaches to securing the Nation. This 
general consensus on the homeland security concept starts with a 
consensus definition and an accepted list of prioritized missions that 
are constantly reevaluated to meet risks of the new paradigm that is 
homeland security in the 21st Century. These varied definitions and 
missions, however, may be the result of a strategic process that has 
developed an approach that adjusts Federal homeland security policy to 
emerging threats and risks.
    Thank you.

    Mr. McCaul. Thank you, Mr. Reese. I want to thank the 
outstanding work that CRS does for the Congress.
    Next, Mr. Maurer is recognized for 5 minutes.

 STATEMENT OF DAVID C. MAURER, DIRECTOR, HOMELAND SECURITY AND 
         JUSTICE TEAM, GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Maurer. Thank you, Mr. Chairman.
    Good morning, Chairman McCaul, Ranking Member Keating, 
other Members and staff. I am pleased to be here today to 
discuss the findings from our prior work on strategic planning 
at the Department of Homeland Security.
    To set the stage a bit, it is important to remember that 
DHS conducts a wide variety of operations every day--securing 
the border, protecting the President, providing grants to local 
governments, screening airline passengers, researching 
technologies. DHS does all of this and more.
    It costs about $56 billion a year to do this. DHS is now 
the third-largest Department in the Federal Government and its 
sheer size and scope can complicate efforts to develop a common 
strategy to guide it all.
    DHS needs to have a clear strategy because what it does is 
so important. DHS and its various components need to have a 
clear idea of what should be done, how daily operations align 
with broader priorities, what resources are necessary to 
achieve those goals, and how to assess progress along the way.
    My statement for the record discusses our findings on DHS's 
efforts to develop this strategy as well as the Department's 
on-going work to build a single, unified Department that is 
greater than the sum of its whole. Right now I would like to 
briefly highlight three key points from our work.
    First, DHS's strategic approach currently resides in three 
documents. The QHSR explains what DHS should be doing. DHS used 
the BUR to understand what it was actually doing and then 
developed a budget plan to align resources to keep priorities.
    Our work found that DHS conducted significant outreach to 
various stakeholders and used their input when developing the 
QHSR. However, we recommended that DHS do a better job next 
time seeking input from non-Federal stakeholders and providing 
all stakeholders more time to comment.
    Second, DHS did not formally consider risk when studying 
strategic priorities. For example, the QHSR identifies five key 
missions for the entire Department but does not prioritize them 
as called for in the 9/11 Commission Act. The QHSR also 
discusses threats to homeland security but DHS did not conduct 
a National risk assessment.
    In addition, DHS used the BUR to identify 14 key 
initiatives deemed a priority in the Department's fiscal year 
2012 budget request. While DHS can be commended for identifying 
a discrete list of priorities, the Department did not consider 
risk information when making these key resource decisions. In 
our September 2011 report we recommended that DHS improve its 
consideration of risk during the next QHSR process and DHS 
agreed to do so.
    Finally, effectively implementing a common strategy 
requires a unified Department. DHS has made significant 
progress knitting itself together, but 9 years after its 
creation DHS has not completed its transformation into an 
integrated department.
    When DHS opened its doors in 2003 GAO designated it as a 
high-risk because building a new department out of 22 legacy 
agencies represented a significant challenge. Most 
significantly, the Department lacked an effective and unified 
management structure to support its critically important daily 
operations.
    I am pleased to say that in recent years DHS leadership has 
placed considerable attention and effort addressing these 
issues, and as a result, DHS has made important progress 
recognizing and addressing its management challenges. GAO has 
worked closely with the Department in this regard.
    In September 2010 we provided DHS 31 key actions and 
outcomes that are critical to addressing the challenges within 
and across the Department's management functions. Since then 
DHS has developed a series of plans to achieve these outcomes.
    I believe these plans, if fully implemented, create an off-
ramp from our high-risk designation, but the key for DHS is 
execution. DHS needs to implement its plans, align resources to 
support key outcomes, and most importantly, demonstrate 
sustained progress. A solid management foundation will help DHS 
carry out its vital missions and help ensure the Department can 
translate the words in its strategies into concrete actions.
    Mr. Chairman, thank you for the opportunity to testify this 
morning. I look forward to your questions.
    [The statement of Mr. Maurer follows:]
                 Prepared Statement of David C. Maurer
                            February 3, 2012
                             gao highlights
    Highlights of GAO-12-382T, a testimony before the Subcommittee on 
Oversight, Investigations, and Management, Committee on Homeland 
Security, House of Representatives.
Why GAO Did This Study
    The Implementing Recommendations of the 9/11 Commission Act of 2007 
(9/11 Commission Act) requires that beginning in fiscal year 2009 and 
every 4 years thereafter the Department of Homeland Security (DHS) 
conduct a review that provides a comprehensive examination of the 
homeland security strategy of the United States. In February 2010, DHS 
issued its first Quadrennial Homeland Security Review (QHSR) report, 
outlining a strategic framework for homeland security. In July 2010 DHS 
issued a report on the results of its Bottom-Up Review (BUR), a 
Department-wide assessment to implement the QHSR strategy by aligning 
DHS's programmatic activities, such as inspecting cargo at ports of 
entry, and its organizational structure with the missions and goals 
identified in the QHSR. This testimony addresses DHS's efforts to: (1) 
Strategically plan its homeland security missions through the QHSR; (2) 
set strategic priorities and measure performance; and (3) build a 
unified department. This testimony is based on GAO reports issued in 
December 2010, February 2011, and September 2011.
What GAO Recommends
    GAO made recommendations in prior reports for DHS to, among other 
things, provide more time for consulting with stakeholders during the 
QHSR process, examine additional mechanisms for obtaining input from 
non-Federal stakeholders, and examine how risk information could be 
used in prioritizing future QHSR initiatives. DHS concurred and has 
actions planned or underway to address them.
    Department of Homeland Security.--Additional Actions Needed to 
         Strengthen Strategic Planning and Management Functions
                             what gao found
    DHS's primary strategic planning effort in recent years has been 
the QHSR. In September 2011, GAO reported on the extent to which DHS 
consulted with stakeholders in developing the QHSR. DHS solicited input 
from various stakeholder groups in conducting the first QHSR, but DHS 
officials, several stakeholders GAO contacted, and other reviewers of 
the QHSR noted concerns with time frames provided for stakeholder 
consultations and outreach to non-Federal stakeholders. Specifically, 
DHS consulted with stakeholders--Federal agencies; Department and 
component officials; State, local, and Tribal governments; the private 
sector; academics; and policy experts--through various mechanisms, such 
as the solicitation of papers to help frame the QHSR. DHS and these 
stakeholders identified benefits from these consultations, such as DHS 
receiving varied perspectives. However, stakeholders also identified 
challenges in the consultation process, such as concerns about the 
limited time frames for providing input into the QHSR or BUR and the 
need to examine additional mechanisms for including more non-Federal 
stakeholders in consultations. By providing more time for obtaining 
feedback and examining mechanisms to obtain non-Federal stakeholders' 
input, DHS could strengthen its management of stakeholder consultations 
and be better positioned to review and incorporate, as appropriate, 
stakeholders' input during future reviews.
    DHS considered various factors in identifying high-priority BUR 
initiatives for implementation in fiscal year 2012 but did not include 
risk information as one of these factors, as called for in GAO's prior 
work and DHS's risk-management guidance. Through the BUR, DHS 
identified 43 initiatives aligned with the QHSR mission areas to serve 
as mechanisms for implementing those mission areas. According to DHS 
officials, DHS did not consider risk information in prioritizing 
initiatives because of differences among the initiatives that made it 
difficult to compare risks across them, among other things. In 
September 2011, GAO reported that consideration of risk information 
during future implementation efforts could help strengthen DHS's 
prioritization of mechanisms for implementing the QHSR. Further, GAO 
reported that DHS established performance measures for most of the QHSR 
objectives and had plans to develop additional measures. However, with 
regard to specific programs, GAO's work has shown that a number of 
programs and efforts lack outcome goals and measures, hindering the 
Department's ability to effectively assess results.
    In 2003, GAO designated the transformation of DHS as high-risk 
because DHS had to transform 22 agencies--several with major management 
challenges--into one department, and failure to effectively address 
DHS's management and mission risks could have serious consequences for 
U.S. National and economic security. DHS has taken action to implement, 
transform, and strengthen its management functions, such as developing 
a strategy for addressing this high-risk area and putting in place 
common policies, procedures, and systems within individual management 
functions, such as human capital, that help to integrate its component 
agencies. However, DHS needs to demonstrate measurable, sustainable 
progress in implementing its strategy and corrective actions to address 
its management challenges.
    Chairman McCaul, Ranking Member Keating, and Members of the 
subcommittee: I am pleased to be here today to discuss Department of 
Homeland Security (DHS) strategic planning. Various strategies and 
plans exist for guiding homeland security efforts across the homeland 
security enterprise.\1\ For example, the May 2010 National Security 
Strategy outlines key security priorities and the 2007 National 
Homeland Security Strategy defined the homeland security mission for 
the Federal Government. More specific to DHS, the Implementing 
Recommendations of the 
9/11 Commission Act of 2007 (9/11 Commission Act) requires that 
beginning in fiscal year 2009 and every 4 years thereafter DHS conduct 
a review that provides a comprehensive examination of the homeland 
security strategy of the United States.\2\ In February 2010, DHS issued 
its first Quadrennial Homeland Security Review (QHSR) report, outlining 
a strategic framework for homeland security to guide the activities of 
homeland security partners, including Federal, State, local, and Tribal 
government agencies; the private sector; and non-Governmental 
organizations.\3\
---------------------------------------------------------------------------
    \1\ DHS defines the homeland security enterprise as the Federal, 
State, local, Tribal, territorial, non-Governmental, and private-sector 
entities, as well as individuals, families, and communities, who share 
a common National interest in the safety and security of the United 
States and the American population.
    \2\ Pub. L. No. 110-53,  2401(a), 121 Stat. 266, 543-45 (2007) 
(codified at 6 U.S.C.  347).
    \3\ DHS, Quadrennial Homeland Security Review Report: A Strategic 
Framework for a Secure Homeland (Washington, DC: February 2010). 
Although the act requires the first QHSR to be conducted in 2009--see 6 
U.S.C.  347(c)--the QHSR report was issued in February 2010 and we 
refer to it in this statement as the 2010 QHSR.
---------------------------------------------------------------------------
    In addition to the QHSR, in July 2010 DHS issued a report on the 
results of its Bottom-Up Review (BUR), a Department-wide assessment to 
implement the QHSR strategy by aligning DHS's programmatic activities, 
such as apprehending fugitive aliens and inspecting cargo at ports of 
entry, and its organizational structure with the missions and goals 
identified in the QHSR.\4\ The BUR report described DHS's current 
activities contributing to: (1) QHSR mission performance, (2) 
Departmental management, and (3) accountability. Subsequent to 
publishing the BUR report, DHS identified priority initiatives, such as 
strengthening aviation security and enhancing the Department's risk 
management capability, to strengthen DHS's mission performance, improve 
departmental management, and increase accountability.
---------------------------------------------------------------------------
    \4\ DHS, Bottom-Up Review Report (Washington, DC: July 2010).
---------------------------------------------------------------------------
    DHS's on-going efforts to identify strategic goals and align key 
missions and resources with those goals are supported by another key 
Departmental goal: Building a unified department. In 2003, GAO 
designated implementing and transforming DHS as high-risk because DHS 
had to transform 22 agencies--several with major management 
challenges--into one department. Failure to effectively address DHS's 
management and mission risks could have serious consequences for U.S. 
National and economic security. Our prior work, undertaken before the 
creation of DHS, found that successful transformations of large 
organizations, even those faced with less-strenuous reorganizations 
than DHS, can take years to achieve. DHS is now the third-largest 
Federal department with more than 200,000 employees and $56 billion in 
budget authority, and its transformation is critical to achieving its 
homeland security missions.
    My testimony today focuses on the findings from our prior work in 
three key areas:
   DHS's efforts to strategically plan its homeland security 
        missions Department-wide through the QHSR,
   DHS's efforts to set strategic priorities and measure 
        performance Department-wide, and:
   DHS's efforts to build and implement a unified department.
    This statement is based on four past reports, issued in December 
2010, February 2011, and September 2011, related to DHS's QHSR, GAO's 
high-risk series, and DHS mission implementation.\5\ For these past 
reports, among other things, we interviewed DHS officials; analyzed DHS 
strategic documents; and reviewed our past reports, supplemented by DHS 
Office of Inspector General (IG) reports, issued since DHS began its 
operations in March 2003. We conducted this work in accordance with 
generally accepted Government auditing standards. More detailed 
information on the scope and methodology from our previous work can be 
found within each specific report.
---------------------------------------------------------------------------
    \5\ GAO, Quadrennial Homeland Security Review: Enhanced Stakeholder 
Consultation and Use of Risk Information Could Strengthen Future 
Reviews, GAO-11-873 (Washington, DC: Sept. 15, 2011); Department of 
Homeland Security: Progress Made and Work Remaining in Implementing 
Homeland Security Missions 10 Years after 9/11, GAO-11-881 (Washington, 
DC: Sept. 7, 2011); High-Risk Series: An Update, GAO-11-278 
(Washington, DC: February 2011); and Quadrennial Homeland Security 
Review: 2010 Reports Addressed Many Required Elements, but Budget 
Planning Not Yet Completed, GAO-11-153R (Washington, DC: Dec. 16, 
2010).
---------------------------------------------------------------------------
  dhs strategically planned its homeland security missions department-
 wide through the qhsr, but stakeholder consultations could be enhanced
    The QHSR identified five homeland security missions--(1) Preventing 
Terrorism and Enhancing Security, (2) Securing and Managing Our 
Borders, (3) Enforcing and Administering Our Immigration Laws, (4) 
Safeguarding and Securing Cyberspace, and (5) Ensuring Resilience to 
Disasters--and goals and objectives to be achieved within each mission. 
A sixth category of DHS activities--Providing Essential Support to 
National and Economic Security--was added in the fiscal year 2012 
budget request but was not included in the 2010 QHSR report.
    DHS's primary strategic planning effort in recent years has been 
the QHSR. DHS approached the 9/11 Commission Act requirement for a 
quadrennial homeland security review in three phases.
   In the first phase, DHS defined the Nation's homeland 
        security interests, identified the critical homeland security 
        missions, and developed a strategic approach to those missions 
        by laying out the principal goals, objectives, and strategic 
        outcomes for the mission areas. DHS reported on the results of 
        this effort in the February 2010 QHSR report in which the 
        Department identified 5 homeland security missions, 14 
        associated goals, and 43 objectives. The QHSR report also 
        identified threats and challenges confronting U.S. homeland 
        security, strategic objectives for strengthening the homeland 
        security enterprise, and Federal agencies' roles and 
        responsibilities for homeland security.
   In the second phase--the BUR--DHS identified its component 
        agencies' activities, aligned those activities with the QHSR 
        missions and goals, and made recommendations for improving the 
        Department's organizational alignment and business processes. 
        DHS reported on the results of this second phase in the July 
        2010 BUR report.
   In the third phase DHS developed its budget plan necessary 
        to execute the QHSR missions. DHS presented this budget plan in 
        the President's fiscal year 2012 budget request, issued 
        February 14, 2011, and the accompanying Fiscal Year 2012-2016 
        Future Years Homeland Security Program (FYHSP), issued in May 
        2011.
    In December 2010, we issued a report on the extent to which the 
QHSR addressed the 9/11 Commission Act's required reporting 
elements.\6\ We reported that of the nine 9/11 Commission Act reporting 
elements for the QHSR, DHS addressed three and partially addressed 
six.\7\ Elements DHS addressed included a description of homeland 
security threats and an explanation of underlying assumptions for the 
QHSR report. Elements addressed in part included a prioritized list of 
homeland security missions, an assessment of the alignment of DHS with 
the QHSR missions, and discussions of cooperation between the Federal 
Government and State, local, and Tribal governments.
---------------------------------------------------------------------------
    \6\ GAO-11-153R.
    \7\ We considered an element addressed if all portions of it were 
explicitly included in either the QHSR or BUR reports, addressed in 
part if one or more but not all portions of the element were included, 
and not addressed if neither the QHSR nor the BUR reports explicitly 
addressed any part of the element.
---------------------------------------------------------------------------
    In September 2011, we reported on the extent to which DHS consulted 
with stakeholders in developing the QHSR.\8\ DHS solicited input from 
various stakeholder groups in conducting the first QHSR, but DHS 
officials, stakeholders GAO contacted, and other reviewers of the QHSR 
noted concerns with time frames provided for stakeholder consultations 
and outreach to non-Federal stakeholders. DHS consulted with 
stakeholders--Federal agencies; Department and component officials; 
State, local, and Tribal governments; the private sector; academics; 
and policy experts--through various mechanisms, such as the 
solicitation of papers to help frame the QHSR and a web-based 
discussion forum. DHS and these stakeholders identified benefits from 
these consultations, such as DHS receiving varied perspectives. 
However, stakeholders also identified challenges in the consultation 
process. For example:
---------------------------------------------------------------------------
    \8\ GAO-11-873.
---------------------------------------------------------------------------
   Sixteen of 63 stakeholders who provided comments to GAO 
        noted concerns about the limited time frames for providing 
        input into the QHSR or BUR.
   Nine other stakeholders commented that DHS consultations 
        with non-Federal stakeholders, such as State, local, and 
        private-sector entities, could be enhanced by including more of 
        these stakeholders in QHSR consultations.
   Reports on the QHSR by the National Academy of Public 
        Administration, which administered DHS's web-based discussion 
        forum, and a DHS advisory committee comprised of non-Federal 
        representatives noted that DHS could provide more time and 
        strengthen non-Federal outreach during stakeholder 
        consultations.
    By providing more time for obtaining feedback and examining 
mechanisms to obtain non-Federal stakeholders' input, DHS could 
strengthen its management of stakeholder consultations and be better 
positioned to review and incorporate, as appropriate, stakeholders' 
input during future reviews. We recommended that DHS provide more time 
for consulting with stakeholders during the QHSR process and examine 
additional mechanisms for obtaining input from non-Federal stakeholders 
during the QHSR process, such as whether panels of State, local, and 
Tribal government officials or components' existing advisory or other 
groups could be useful. DHS concurred and reported that it will 
endeavor to incorporate increased opportunities for time and meaningful 
stakeholder engagement and will examine the use of panels of non-
Federal stakeholders for the next QHSR.
 dhs did not prioritize qhsr missions or use risk assessments to help 
set strategic priorities and could improve department-wide performance 
                                measures
    The 9/11 Commission Act called for DHS to prioritize homeland 
security missions in the QHSR.\9\ As we reported in December 2010, DHS 
identified five homeland security missions in the QHSR, but did not 
fully address the 9/11 Commission Act reporting element because the 
Department did not prioritize the missions.\10\ According to DHS 
officials, the five missions listed in the QHSR report have equal 
priority--no one mission is given greater priority than another. 
Moreover, they stated that in selecting the five missions from the many 
potential homeland security mission areas upon which DHS could focus 
its efforts, the five mission areas are DHS's highest-priority homeland 
security concerns.
---------------------------------------------------------------------------
    \9\ 6 U.S.C.  347(c)(2)(C).
    \10\ GAO-11-153R.
---------------------------------------------------------------------------
    Risk management has been widely supported by Congress and DHS as a 
management approach for homeland security, enhancing the Department's 
ability to make informed decisions and prioritize resource investments. 
In September 2011, we also reported that in the 2010 QHSR report, DHS 
identified threats confronting homeland security, such as high-
consequence weapons of mass destruction and illicit trafficking, but 
did not conduct a National risk assessment for the QHSR.\11\ DHS 
officials stated that at the time DHS conducted the QHSR, DHS did not 
have a well-developed methodology or the analytical resources to 
complete a National risk assessment that would include likelihood and 
consequence assessments--key elements of a National risk assessment. 
The QHSR terms of reference, which established the QHSR process, also 
stated that at the time the QHSR was launched, DHS lacked a process and 
a methodology for consistently and defensibly assessing risk at a 
National level and using the results of such an assessment to drive 
strategic prioritization and resource decisions. In recognition of a 
need to develop a National risk assessment, DHS created a study group 
as part of the QHSR process that developed a National risk assessment 
methodology. DHS officials plan to implement a National risk assessment 
in advance of the next QHSR, which DHS anticipates conducting in fiscal 
year 2013. Consistent with DHS's plans, we reported that a National 
risk assessment conducted in advance of the next QHSR could assist DHS 
in developing QHSR missions that target homeland security risks and 
could allow DHS to demonstrate how it is reducing risk across multiple 
hazards.
---------------------------------------------------------------------------
    \11\ GAO-11-873.
---------------------------------------------------------------------------
DHS Could Strengthen Its Use of Risk Information in Prioritizing 
        Initiatives and Planning and Investment Decision-Making
    DHS considered various factors in identifying high-priority BUR 
initiatives for implementation in fiscal year 2012 but did not include 
risk information as one of these factors as called for in our prior 
work and DHS's risk management guidance.\12\ Through the BUR, DHS 
identified 43 initiatives aligned with the QHSR mission areas to help 
strengthen DHS's activities and serve as mechanisms for implementing 
those mission areas (see app. I for a complete list). According to DHS 
officials, the Department could not implement all of these initiatives 
in fiscal year 2012 because of, among other things, resource 
constraints and organizational or legislative changes that would need 
to be made to implement some of the initiatives.
---------------------------------------------------------------------------
    \12\ See GAO, Risk Management: Further Refinements Needed to Assess 
Risks and Prioritize Protective Measures at Ports and Other Critical 
Infrastructure, GAO-06-91 (Washington, DC: Dec. 15, 2005), and 
Transportation Security: Comprehensive Risk Assessments and Stronger 
Internal Controls Needed to Help Inform TSA Resource Allocation, GAO-
09-492 (Washington, DC: Mar. 27, 2009). For DHS risk-management 
guidance, see DHS, Risk Management Fundamentals: Homeland Security Risk 
Management Doctrine (April 2011).
---------------------------------------------------------------------------
    In identifying which BUR initiatives to prioritize for 
implementation in fiscal year 2012, DHS leadership considered: (1) 
``Importance,'' that is, how soon the initiative needed to be 
implemented; (2) ``maturity,'' that is, how soon the initiative could 
be implemented; and (3) ``priority,'' that is, whether the initiative 
enhanced Secretarial or Presidential priorities. Risk information was 
not included as an element in any of these three criteria, according to 
DHS officials, because of differences among the initiatives that made 
it difficult to compare risks across them, among other things. However, 
DHS officials stated that there are benefits to considering risk 
information in resource allocation decisions. Consideration of risk 
information during future implementation efforts could help strengthen 
DHS's prioritization of mechanisms for implementing the QHSR, including 
assisting in determinations of which initiatives should be implemented 
in the short or longer term. In our September 2011 report, we 
recommended that DHS examine how risk information could be used in 
prioritizing future QHSR initiatives. DHS concurred and reported that 
DHS intends to conduct risk analysis specific to the QHSR in advance of 
the next review and will use the analysis as an input into decision-
making related to implementing the QHSR.
    Further, in September 2011, we reported on progress made by DHS in 
implementing its homeland security missions since 9/11.\13\ As part of 
this work, we identified various themes that affected DHS's 
implementation efforts. One of these themes was DHS's efforts to 
strategically manage risk across the Department. We reported that DHS 
made important progress in assessing and analyzing risk across sectors. 
For example, in January 2009 DHS published its Integrated Risk 
Management Framework, which, among other things, calls for DHS to use 
risk assessments to inform decision-making. In May 2010, the Secretary 
issued a Policy Statement on Integrated Risk Management, calling for 
DHS and its partners to manage risks to the Nation.
---------------------------------------------------------------------------
    \13\ GAO-11-881.
---------------------------------------------------------------------------
    We also reported that DHS had more work to do in using this 
information to inform planning and resource-allocation decisions. Our 
work shows that DHS has conducted risk assessments across a number of 
areas, but should strengthen the assessments and risk management 
process. For example:
   In June 2011, we reported that DHS and Health and Human 
        Services could further strengthen coordination for chemical, 
        biological, radiological, and nuclear (CBRN) risk assessments. 
        Among other things, we recommended that DHS establish time 
        frames and milestones to better ensure timely development and 
        interagency agreement on written procedures for development of 
        DHS's CBRN risk assessments. DHS concurred and stated that the 
        Department had begun efforts to develop milestones and time 
        frames for its strategic and implementation plans for 
        interagency risk assessment development.\14\
---------------------------------------------------------------------------
    \14\ GAO, National Preparedness: DHS and HHS Can Further Strengthen 
Coordination for Chemical, Biological, Radiological, and Nuclear Risk 
Assessments, GAO-11-606 (Washington, DC: June 21, 2011).
---------------------------------------------------------------------------
   In November 2011, we reported that the U.S. Coast Guard used 
        its Maritime Security Risk Assessment Model at the National 
        level to focus resources on the highest-priority targets, 
        leading to Coast Guard operating efficiencies, but use at the 
        local level for operational and tactical risk-management 
        efforts has been limited by a lack of staff time, the 
        complexity of the risk tool, and competing mission demands.\15\ 
        Among other things, we recommended that the Coast Guard provide 
        additional training for sector command staff and others 
        involved in sector management and operations on how the model 
        can be used as a risk-management tool to inform sector-level 
        decision-making. The Coast Guard concurred and stated that it 
        will explore other opportunities to provide risk training to 
        sector command staff, including on-line and webinar training 
        opportunities.
---------------------------------------------------------------------------
    \15\ GAO, Coast Guard: Security Risk Model Meets DHS Criteria, but 
More Training Could Enhance Its Use for Managing Programs and 
Operations, GAO-12-14 (Washington, DC: Nov. 17, 2011).
---------------------------------------------------------------------------
   In November 2011, we reported that the Federal Emergency 
        Management Agency (FEMA) used risk assessments to inform 
        funding-allocation decisions for its port security grant 
        program.\16\ However, we found that FEMA could further enhance 
        its risk-analysis model and recommended incorporating the 
        results of past security investments and refining other data 
        inputs into the model. DHS concurred with the recommendation, 
        but did not provide details on how it plans to implement it.
---------------------------------------------------------------------------
    \16\ GAO, Port Security Grant Program: Risk Model, Grant 
Management, and Effectiveness Measures Could Be Strengthened, GAO-12-47 
(Washington, DC: Nov. 17, 2011).
---------------------------------------------------------------------------
   In October 2009, we reported that TSA's strategic plan to 
        guide research, development, and deployment of passenger 
        checkpoint screening technologies was not risk-based.\17\ Among 
        other things, we recommended that DHS conduct a complete risk 
        assessment related to TSA's passenger screening program and 
        incorporate the results into the program's strategy. DHS 
        concurred, and in July 2011 reported actions underway to 
        address it, such as beginning to use a risk-management analysis 
        process to analyze the effectiveness and efficiency of 
        potential countermeasures and effect on the commercial aviation 
        system.
---------------------------------------------------------------------------
    \17\ GAO. Aviation Security: DHS and TSA Have Researched, 
Developed, and Begun Deploying Passenger Checkpoint Screening 
Technologies, but Continue to Face Challenges. GAO-10-128. (Washington, 
DC: Oct. 7, 2009).
---------------------------------------------------------------------------
DHS Has Established Performance Measures, but Has Not Yet Fully 
        Developed Outcome-Based Measures for Many of Its Mission 
        Functions
    In September 2011, we reported that DHS established performance 
measures for most of the QHSR objectives and had plans to develop 
additional measures.\18\ Specifically, DHS established new performance 
measures, or linked existing measures, to 13 of 14 QHSR goals, and to 3 
of 4 goals for the sixth category of DHS activities--Providing 
Essential Support to National and Economic Security. DHS reported these 
measures in its fiscal years 2010-2012 Annual Performance Report. For 
goals without measures, DHS officials told us that the Department was 
developing performance measures and planned to publish them in future 
budget justifications to Congress.
---------------------------------------------------------------------------
    \18\ GAO-11-873.
---------------------------------------------------------------------------
    In September 2011, we also reported that DHS had not yet fully 
developed outcome-based measures for assessing progress and performance 
for many of its mission functions.\19\ We recognized that DHS faced 
inherent difficulties in developing performance goals and measures to 
address its unique mission and programs, such as in developing measures 
for the effectiveness of its efforts to prevent and deter terrorist 
attacks. While DHS had made progress in strengthening performance 
measurement, our work across the Department has shown that a number of 
programs lacked outcome goals and measures, which may have hindered the 
Department's ability to effectively assess results or fully assess 
whether the Department was using resources effectively and efficiently. 
For example, our work has shown that DHS did not have performance 
measures for assessing the effectiveness of key border security and 
immigration programs, to include:
---------------------------------------------------------------------------
    \19\ GAO-11-881.
---------------------------------------------------------------------------
   In September 2009, we reported that U.S. Customs and Border 
        Protection (CBP) had invested $2.4 billion in tactical 
        infrastructure (fencing, roads, and lighting) along the 
        Southwest Border under the Secure Border Initiative--a multi-
        year, multi-billion dollar program aimed at securing U.S. 
        borders and reducing illegal immigration.\20\ However, DHS 
        could not measure the effect of this investment in tactical 
        infrastructure on border security. We recommended that DHS 
        conduct an evaluation of the effect of tactical infrastructure 
        on effective control of the border. DHS concurred with the 
        recommendation and subsequently reported that the on-going 
        analysis is expected to be completed in February 2012.
---------------------------------------------------------------------------
    \20\ GAO, Secure Border Initiative: Technology Deployment Delays 
Persist and the Impact of Border Fencing Has Not Been Assessed, GAO-09-
1013T (Washington, DC: Sept. 17, 2009).
---------------------------------------------------------------------------
   In August 2009, we reported that CBP had established three 
        performance measures to report the results of checkpoint 
        operations, which provided some insight into checkpoint 
        activity.\21\ However, the measures did not indicate if 
        checkpoints were operating efficiently and effectively, and 
        data reporting and collection challenges hindered the use of 
        results to inform Congress and the public on checkpoint 
        performance. We recommended that CBP improve the measurement 
        and reporting of checkpoint effectiveness. CBP agreed and, as 
        of September 2011, reported plans to develop and better use 
        data on checkpoint effectiveness.
---------------------------------------------------------------------------
    \21\ GAO, Border Patrol: Checkpoints Contribute to Border Patrol's 
Mission, but More Consistent Data Collection and Performance 
Measurement Could Improve Effectiveness, GAO-09-824 (Washington, DC: 
Aug. 31, 2009).
---------------------------------------------------------------------------
   Further, we reported that U.S. Immigration and Customs 
        Enforcement (ICE) and CBP did not have measures for assessing 
        the performance of key immigration enforcement programs. For 
        example, in April 2011, we reported that ICE did not have 
        measures for its overstay enforcement efforts, and in May 2010 
        that CBP did not have measures for its alien smuggling 
        investigative efforts, making it difficult for these agencies 
        to determine progress made in these areas and evaluate possible 
        improvements.\22\ We recommended that ICE and CBP develop 
        performance measures for these two areas. They generally agreed 
        and reported actions underway to develop these measures.
---------------------------------------------------------------------------
    \22\ GAO, Overstay Enforcement: Additional Mechanisms for 
Collecting, Assessing, and Sharing Data Could Strengthen DHS's Efforts 
but Would Have Costs, GAO-11-411 (Washington, DC: Apr. 15, 2011) and 
Alien Smuggling: DHS Needs to Better Leverage Investigative Resources 
to Measure Program Performance along the Southwest Border, GAO-10-328 
(Washington, DC: May 24, 2010).
---------------------------------------------------------------------------
   dhs has taken action to implement, strengthen, and integrate its 
  management functions, but needs to demonstrate sustainable progress
    In 2003, GAO designated the transformation of DHS as high-risk 
because DHS had to transform 22 agencies--several with major management 
challenges--into one department, and failure to effectively address 
DHS's management and mission risks could have serious consequences for 
U.S. National and economic security. This high-risk area includes 
challenges in strengthening DHS's management functions--financial 
management, human capital, information technology, and acquisition 
management--the impact of those challenges on DHS's mission 
implementation, and challenges in integrating management functions 
within and across the Department and its components. Addressing these 
challenges would better position DHS to align resources to its 
strategic priorities, assess progress in meeting mission goals, enhance 
linkages within and across components, and improve the overall 
effectiveness and efficiency of the Department.
    On the basis of our prior work, in September 2010, we identified 
and provided to DHS 31 key actions and outcomes that are critical to 
addressing the challenges within the Department's management functions 
and in integrating those functions across the Department. These key 
actions and outcomes include, among others, validating required 
acquisition documents at major milestones in the acquisition review 
process; obtaining and then sustaining unqualified audit opinions for 
at least 2 consecutive years on the Department-wide financial 
statements while demonstrating measurable progress in reducing material 
weaknesses and significant deficiencies; and implementing its workforce 
strategy and linking workforce planning efforts to strategic and 
program-specific planning efforts to identify current and future human 
capital needs.\23\
---------------------------------------------------------------------------
    \23\ A material weakness is a significant deficiency, or a 
combination of significant deficiencies, in internal control such that 
there is a reasonable possibility that a material misstatement of the 
entity's financial statements will not be prevented or detected and 
corrected on a timely basis. A significant deficiency is a deficiency, 
or combination of deficiencies, in internal control that is less severe 
than a material weakness, yet important enough to merit attention by 
those charged with governance. A deficiency in internal control exists 
when the design or operation of a control does not allow management or 
employees, in the normal course of performing their assigned functions, 
to prevent, or detect and correct, misstatements on a timely basis.
---------------------------------------------------------------------------
    In our February 2011 high-risk update, we reported that DHS had 
taken action to implement, transform, and strengthen its management 
functions, and had begun to demonstrate progress in addressing some of 
the actions and outcomes we identified within each management area.\24\ 
For example, we reported that the Secretary and Deputy Secretary of 
Homeland Security, and other senior officials, have demonstrated 
commitment and top leadership support to address the Department's 
management challenges. DHS also put in place common policies, 
procedures, and systems within individual management functions, such as 
human capital, that help to integrate its component agencies. For 
example, DHS:
---------------------------------------------------------------------------
    \24\ GAO-11-278.
---------------------------------------------------------------------------
   revised its acquisition management oversight policies to 
        include more detailed guidance to inform departmental 
        acquisition decisionmaking.
   strengthened its enterprise architecture, or blueprint to 
        guide information technology acquisitions, and improved its 
        policies and procedures for investment management.
   developed corrective action plans for its financial 
        management weaknesses, and, for the first time since its 
        inception, DHS earned a qualified audit opinion on its fiscal 
        year 2011 balance sheet;\25\ and,
---------------------------------------------------------------------------
    \25\ For DHS, obtaining a qualified audit opinion is a first step 
toward achieving an unqualified audit opinion.
---------------------------------------------------------------------------
   issued its Workforce Strategy for Fiscal Years 2011-2016, 
        which contains the Department's workforce goals, objectives, 
        and performance measures for human capital management.
    Further, in January 2011, DHS provided us with its Integrated 
Strategy for High Risk Management, which summarized the Department's 
preliminary plans for addressing the high-risk area. Specifically, the 
strategy contained details on the implementation and transformation of 
DHS, such as corrective actions to address challenges within each 
management area, and officials responsible for implementing those 
corrective actions. DHS provided us with updates to this strategy in 
June and December 2011. We provided DHS with written feedback on the 
January 2011 strategy and the June update, and have worked with the 
Department to monitor implementation efforts. We noted that both 
versions of the strategy were generally responsive to actions and 
outcomes we identified for the Department to address the high-risk 
area. For example, DHS included a management integration plan 
containing information on initiatives to integrate its management 
functions across the Department. Specifically, DHS plans to establish a 
framework for managing investments across its components and management 
functions to strengthen integration within and across those functions, 
as well as to ensure that mission needs drive investment decisions. 
This framework seeks to enhance DHS resource decision-making and 
oversight by creating new Department-level councils to identify 
priorities and capability gaps, revising how DHS components and lines 
of business manage acquisition programs, and developing a common 
framework for monitoring and assessing implementation of investment 
decisions. These actions, if implemented effectively, should help to 
further and more effectively integrate the Department and enhance DHS's 
ability to implement its strategies. However, we noted in response to 
the June update that specific resources to implement planned corrective 
actions were not consistently identified, making it difficult to assess 
the extent to which DHS has the capacity to implement these actions. 
Additionally, for both versions, we noted that the Department did not 
provide information on the underlying metrics or factors DHS used to 
rate its progress, making it difficult for us to assess DHS's overall 
characterizations of progress. We are currently assessing the December 
2011 update and plan to provide DHS with feedback shortly.
    Although DHS has made progress in strengthening and integrating its 
management functions, the Department continues to face significant 
challenges affecting the Department's transformation efforts and its 
ability to meet its missions. In particular, challenges within 
acquisition, information technology, financial, and human capital 
management have resulted in performance problems and mission delays. 
For example, DHS does not yet have enough skilled personnel to carry 
out activities in some key programmatic and management areas, such as 
for acquisition management. DHS also has not yet implemented an 
integrated financial management system, impeding its ability to have 
ready access to information to inform decisionmaking, and has been 
unable to obtain a clean audit opinion on the audit of its consolidated 
financial statements since its establishment.
    Going forward, DHS needs to implement its Integrated Strategy for 
High Risk Management, and continue its efforts to: (1) Identify and 
acquire resources needed to achieve key actions and outcomes; (2) 
implement a program to independently monitor and validate corrective 
measures; and (3) show measurable, sustainable progress in implementing 
corrective actions and achieving key outcomes. Demonstrated, sustained 
progress in all of these areas will help DHS strengthen and integrate 
management functions within and across the Department and its 
components.
    Chairman McCaul, Ranking Member Keating, and Members of the 
subcommittee, this concludes my prepared statement. I would be pleased 
to respond to any questions that you may have.
                Appendix I: Bottom-Up Review Initiatives
    Initiatives selected by DHS for implementation in fiscal year 2012 
listed in bold.
        mission one: preventing terrorism and enhancing security
    1. Strengthen counterterrorism coordination across DHS
    2. Strengthen aviation security
    3. Create an integrated Departmental information sharing 
architecture
    4. Deliver infrastructure protection and resilience capabilities to 
the field
    5. Set National performance standards for identification 
verification
    6. Increase efforts to detect and counter nuclear and biological 
weapons and dangerous materials
    7. Leverage the full range of capabilities to address biological 
and nuclear threats
    8. Standardize and institutionalize the National Fusion Center 
Network
    9. Promote safeguards for access to secure areas in critical 
facilities
    10. Establish DHS as a center of excellence for canine training and 
deployment
    11. Redesign the Federal Protective Service (FPS) to better match 
mission requirements
             mission two: securing and managing our borders
    12. Expand joint operations and intelligence capabilities, 
including enhanced domain awareness
    13. Prioritize immigration and customs investigations
    14. Enhance the security and resilience of global trade and travel 
systems
    15. Strengthen and expand DHS-related security assistance 
internationally (e.g., border integrity and customs enforcement 
security assistance) consistent with U.S. Government security, trade 
promotion, international travel, and foreign assistance objectives
    16. Enhance North American security
    mission three: enforcing and administering our immigration laws
    17. Comprehensive immigration reform
    18. Improve DHS immigration services processes
    19. Focus on fraud detection and National security vetting
    20. Target egregious employers who knowingly exploit illegal 
workers
    21. Dismantle human smuggling organizations
    22. Improve the detention and removal process
    23. Work with new Americans so that they fully transition to the 
rights and responsibilities of citizenship
    24. Maintain a model detention system commensurate with risk
           mission four: safeguarding and securing cyberspace
    25. Increase the focus and integration of DHS's operational 
cybersecurity and infrastructure resilience activities
    26. Strengthen DHS ability to protect cyber networks
    27. Increase DHS predictive and forensic capabilities for cyber 
intrusions and attacks
    28. Promote cyber security public awareness
             mission five: ensuring resilience to disasters
    29. Enhance catastrophic disaster preparedness
    30. Improve DHS's ability to lead in emergency management
    31. Explore opportunities with the private sector to ``design-in'' 
greater resilience for critical infrastructure
    32. Make individual and family preparedness and critical facility 
resilience inherent in community preparedness
                    improving department management
    33. Seek restoration of the Secretary's reorganization authority 
for DHS headquarters
    34. Realign component regional configurations into a single DHS 
regional structure
    35. Improve cross-Departmental management, policy, and functional 
integration
    36. Strengthen internal DHS counterintelligence capabilities
    37. Enhance the Department's risk management capability
    38. Strengthen coordination within DHS through cross-Departmental 
training and career paths
    39. Enhance the DHS workforce
    40. Balance the DHS workforce by ensuring strong Federal control of 
all DHS work and reducing reliance on contractors
                       increasing accountability
    41. Increase Analytic Capability and Capacity
    42. Improve Performance Measurement and Accountability
    43. Strengthen Acquisition Oversight

    Mr. McCaul. Thank you, Mr. Maurer.
    The Chairman now recognizes Mr. Cohn for his testimony.

 STATEMENT OF ALAN COHN, DEPUTY ASSISTANT SECRETARY, OFFICE OF 
            POLICY, DEPARTMENT OF HOMELAND SECURITY

    Mr. Cohn. Thank you.
    Chairman McCaul, Ranking Member Keating, distinguished 
Members of the subcommittee, thank you very much for the 
opportunity to appear before you today. You have my written 
testimony; I will provide a brief overview of that testimony in 
these opening remarks and I am happy to take your questions 
after that.
    As was noted, I am the deputy assistant secretary in the 
Office of Policy. I head the Department's Strategic Planning 
Office. I am a career member of the Senior Executive Service 
and I have led the Department's Strategic Planning Office for 
the past 4 years, since January 2008.
    As the subcommittee has requested, I have focused my 
written testimony and I will focus these opening remarks on the 
Department's strategy for homeland security. Let me start by 
stating clearly that the strategy that the Department of 
Homeland Security has pursued for the past 3 years to ensure a 
safe, secure, and resilient homeland is set forth in the 
Quadrennial Homeland Security Review report 2010.
    The QHSR provided the Department the opportunity to work 
with its Federal interagency partners and stakeholders across 
the homeland security enterprise in setting a strategic 
framework for achieving a secure homeland. Subsequent planning 
activities, such as the Bottom-Up Review as well as the 
development of the Department's fiscal year 2012 budget 
proposal and accompanying documents, filled in other aspects of 
the Department's strategic approach; in particular that the 
Bottom-Up Review provided the opportunity for the Department to 
align its activities and its programs to the strategic 
framework of the Quadrennial Review, and that the fiscal year 
2012 budget process and the regeneration of performance 
measures that were reported in our annual performance report 
from that year filled in the budget alignment and performance 
alignment elements of that strategy.
    The Department's forthcoming fiscal year 2012 to 2016 
strategic plan--our third DHS strategic plan--consolidates the 
QHSR strategic framework with DHS performance measures and BUR 
initiatives focused on maturing and strengthening DHS. However, 
as a basic matter of understanding, the Department's strategy 
for addressing emerging and enduring threats and challenges is 
and has been the approach set forth in the QHSR report, and 
that approach nests within the overall structure of the 2010 
National Security Strategy.
    The Department has also taken steps to develop and 
implement a comprehensive strategic management approach. The 
Office of Policy supports that approach through several 
mechanisms, including annual strategic investment guidance, 
support to capability development through portfolio management 
bodies such as the Screening Coordination Office, and review of 
major acquisition programs to ensure consistency and alignment 
of mission needs to Department strategy and policy beginning 
with the QHSR.
    Finally, the Office of Policy is focused on enhancing the 
Department's ability to develop strategy and conduct strategic 
analysis through strengthened analytic techniques and 
methodologies, including remedying some of the shortfalls that 
were pointed out by the Government Accountability Office 
relating to the last QHSR.
    Congress' recent authorization for the Secretary to 
transfer risk management and analysis functions to the Office 
of Policy will help the Department's risk modeling analysis and 
strategic planning functions and aid in ensuring that risk 
analysis is most effectively informed strategy development and 
strategic choice.
    Thank you very much for your support of our efforts and our 
people and hopefully for your support of our future efforts to 
continue strengthening and maturing the Department. I am happy 
to take any questions that you have.
    [The statement of Mr. Cohn follows:]
                    Prepared Statement of Alan Cohn
                            February 3, 2012
                              introduction
    Chairman McCaul, Ranking Member Keating, and distinguished Members 
of the subcommittee, thank you for the opportunity to appear before you 
today to discuss how the Department of Homeland Security (DHS) is 
implementing a strategy to counter emerging threats. As the 
subcommittee has requested, we have focused primarily on how the QHSR 
has provided a strategic foundation for DHS, and DHS strategic 
management based on the QHSR.
    I serve as Deputy Assistant Secretary and head of the Office of 
Strategic Plans in the DHS Office of Policy within DHS headquarters. 
One of the key responsibilities of the DHS Office of Policy is to 
ensure that the Secretary, Deputy Secretary, Assistant Secretary for 
Policy, and the senior headquarters and Component leadership of DHS are 
provided with objective, analytically rigorous decision support. In 
short, we help ensure that tough policy and strategy decisions are 
informed by a consideration of viable alternatives, with a clear sense 
of the associated risk and resource implications, and that those 
decisions, once made, carry through to subsequent decisions concerning 
investments and operations. For that reason, I am pleased to be able to 
highlight how we do that at DHS and how we intend to continue improving 
that process in the context of emerging threats.
    The homeland security strategic environment is constantly evolving, 
and while we have made significant progress, threats from terrorism 
continue to persist. Today's threats are not limited to any one 
individual or group, are not defined or contained by international 
borders, and are not limited to any single ideology. Terrorist tactics 
can be as simple as a homemade bomb and as sophisticated as a 
biological threat or a coordinated cyber attack. In addition, broader 
strategic trends such as the dramatic spread of internet and mobile 
technologies around the world and the growing relevance of non-state 
actors on the world stage suggest new opportunities and challenges that 
must be accounted for in our current and longer-term homeland security 
strategic planning.
    Another defining characteristic of our strategic environment is the 
tightening fiscal environment. It is increasingly important to define 
clear priorities, develop and assess viable alternatives, and make 
well-informed decisions involving difficult trade-offs. DHS has made 
substantial progress in this regard, particularly with respect to 
establishing an enduring strategic foundation for National homeland 
security efforts, refining our strategic and policy analysis 
capabilities and approaches, and improving strategic alignment through 
focused management tools and processes. Together, these improvements 
have positioned DHS to effectively address today's security environment 
while ensuring that we are sufficiently flexible, agile, and capable in 
the face of emerging threats and risks.
    In my testimony, I will highlight our activities in each of these 
areas. Specifically, I will: (1) Describe how the Quadrennial Homeland 
Security Review Report (2010) (QHSR) has provided a strategic 
foundation and common framework to inform subsequent analysis and 
planning; (2) describe targeted efforts aimed at enhancing strategic 
alignment that ensure DHS is a strategy and policy-driven organization; 
and (3) outline key improvements in our analytic capabilities and 
approaches.
          strategic foundation: the qhsr and bottom-up review
QHSR
    The Implementing the 9/11 Commission Recommendations Act of 2007 
directed the Department to begin conducting quadrennial reviews in 
2009, and every 4 years thereafter. The QHSR and subsequent Bottom-Up 
Review (BUR) were critical first steps in the process of examining and 
addressing fundamental strategic issues that concern homeland security, 
and establishing an enduring strategic foundation.
    As the first review of its kind for DHS, the QHSR clarified the 
conceptual underpinnings of homeland security, described the security 
environment and the Nation's homeland security interests, identified 
the critical homeland security enterprise missions, and outlined the 
principal goals and essential objectives necessary for success in those 
missions. I would like to highlight three elements of the QHSR that, in 
particular, provided the strategy and planning foundation that have 
positioned DHS to effectively address emerging strategic challenges.
    First, the QHSR clarified the conceptual underpinnings of homeland 
security. In defining homeland security as the intersection of evolving 
threats and hazards with traditional Governmental and civic 
responsibilities for civil defense, emergency response, law 
enforcement, customs, border control, and immigration, the QHSR 
emphasized the importance of eliminating traditional stovepipes to 
achieving success in homeland security. The QHSR also established the 
idea of the homeland security enterprise, which refers to the 
collective efforts and shared responsibilities of Federal, State, 
local, Tribal, territorial, nongovernmental, and private-sector 
partners--as well as individuals, families, and communities--to 
maintain critical homeland security capabilities. Each of these 
conceptual elements has infused all aspects of our strategy and 
planning.
    Second, the QHSR took a comprehensive approach to threats by 
expanding the focus of homeland security to specifically address high-
consequence weapons of mass destruction; global violent extremism; mass 
cyber attacks, intrusions, and disruptions; pandemics and natural 
disasters; and illegal trafficking and related transnational crime. 
Almost 3 years later, these challenges remain top priorities. At the 
same time, DHS is assessing major trends and drivers in the strategic 
environment in order to understand how these challenges may be evolving 
and to anticipate emerging threats and risks.
    Third, the QHSR adopted a mission structure designed to endure 
across inevitable changes in the security environment. Our missions are 
to prevent terrorism and enhance security, secure and manage our 
borders, enforce our immigration laws, safeguard and secure cyberspace, 
enhance resilience to disasters, and provide critical support to 
economic and National security. Because tomorrow's security environment 
will not necessarily look like today's security environment, the 
missions provide a durable framework to effectively address whatever 
risks and threats may emerge over time.
    This framework has informed all subsequent DHS strategy and 
planning efforts, whether they are DHS products or products that DHS 
supports with partners across the enterprise. For example, the 
recently-released Blueprint for a Secure Cyber Future defines the ends, 
ways, and means by which DHS and the homeland security enterprise will 
meet the goals and objectives set forth in Mission 4 of the QHSR, 
Safeguarding and Securing Cyberspace.
The BUR and Strategy Implementation
    The QHSR and other strategic guidance within the Department are 
implemented through the programming and budgeting process, and the 
oversight of major acquisitions. As a first step in this process, the 
BUR was initiated in November 2009 as an immediate follow-on and 
complement to the QHSR. The BUR focused on three elements: (1) How to 
improve DHS's operational performance within the five homeland security 
missions; (2) how to improve Department management; and (3) how to 
increase DHS accountability for the public funds entrusted to us.
    The Department's fiscal year 2012 budget request began the process 
of implementing the QHSR and specific BUR initiatives and enhancements, 
and the corresponding fiscal year 2012-2016 Future Years Homeland 
Security Plan set forth the budget plan required to provide sufficient 
resources to successfully execute the Department's responsibilities 
across the full range of homeland security missions as described in the 
QHSR. The Department's approach to managing its annual performance and 
its priority goals are guided by the QHSR and BUR, as reflected in the 
fiscal year 2010-2012 Annual Performance Report and Plan. In addition, 
the forthcoming Fiscal Year 2012-2016 DHS Strategic Plan is founded on 
the framework and methodological approach of the QHSR, reflects 
performance measures aligned against the mission areas of the QHSR, and 
emphasizes the initiatives concerning Department management and 
accountability set forth in the BUR.
    Based on the strategic foundation set forth in the QHSR and BUR, 
DHS's Components complete their own strategies, strategic plans, and 
other strategic initiatives. These efforts may be legislatively-driven, 
or may be initiated within the Department in order to address a 
persistent or emerging threat or challenge. However, all strategies and 
strategic plans should reflect the overall framework set forth in the 
QHSR and BUR. For example, the 2011-2014 FEMA Strategic Plan describes 
the cascade from the National Security Strategy through the Quadrennial 
Homeland Security Review Report to the FEMA Administrator's Intent 
Priorities. Similarly the 2010-2014 ICE Strategic Plan draws its four 
priorities from the QHSR mission structure. Likewise, efforts such as 
the Border Intelligence Fusion Section at the El Paso Intelligence 
Center, the supply chain security initiative, and the Balanced 
Workforce initiative can be traced back to initiatives identified or 
described in the BUR. DHS harmonized its account structure and reworked 
its suite of performance measures as part of the BUR process, which 
resulted in enhanced management effectiveness and accountability.
The Next QHSR
    Under the schedule set forth in the Implementing the 9/11 
Commission Recommendations Act of 2007, the Department will conduct its 
next quadrennial review in 2013. While the first QHSR set a durable 
framework of homeland security missions, the next quadrennial review 
can focus on a more extensive examination of the security environment 
and potential future trends and shocks, and provide a deeper review of 
a few key areas. The review can provide a more in-depth look at those 
key areas with respect to current strategic environment, future 
strategic environment, National homeland security risk, strategy 
options and alternatives, and capability and resource implications for 
changes in strategy. In this way, the next QHSR can begin to look much 
more like the Quadrennial Defense Review on which it is modeled. The 
review will also reflect a greater integration of risk analysis into 
all stages of the quadrennial review, as recommended by the Government 
Accountability Office in their review of the first QHSR. The Department 
has begun planning for the next QHSR and we look forward to working 
with Congress going forward on executing this second quadrennial 
review.
  implementing the qhsr: ensuring policy and strategy inform resource 
                               allocation
    The Under Secretary for Management is leading the development and 
implementation of a comprehensive, strategic management approach 
focused on maturing organizational effectiveness within DHS. The 
``front end'' of this strategic management system is really the ``back 
end'' of the policy and strategy process. To that end, the Office of 
Policy supports the Under Secretary for Management's efforts, not only 
by ensuring clear statements of policy and strategy, but by translating 
strategic guidance into investment guidance in the annual Integrated 
Planning Guidance, supporting capability development and analysis, and 
ensuring that the Department's major acquisitions are grounded in 
mission needs derived from Department policy and strategy.
    The Integrated Planning Guidance sets forth the Secretary's 
specific investment guidance for Components to use in developing their 
Resource Allocation Plans (RAP), consistent with the QHSR and other 
strategy documents. The Integrated Planning Guidance marks the 
transition from the planning to the programming phase of the 
Department's Planning, Programming, Budgeting, and Execution (PPBE) 
process. The Office of Policy also supports the Management 
Directorate's Office of Program Analysis & Evaluation, which 
administers the PPBE process, in conducting analysis of specific issues 
for the annual budget cycle, reviewing Component RAP submissions for 
consistency with the IPG, and raising issues as part of the Program 
Review Board process.
    The Office of Policy also supports capability development through 
portfolio management bodies such as the Screening Coordination Office 
(SCO). Portfolio management bodies help identify areas where better 
coordination and a common set of goals can make DHS more efficient and 
effective. For example, SCO, an element of the Office of Policy, 
establishes standards for Departmental programs which deal with the 
screening of people, and helps the Department meet those standards. 
Working closely with DHS Components and the headquarters programming 
and budgeting staff, SCO has helped increase information flow and 
reduce duplication among screening programs. This not only reduces the 
overall cost of such programs, it enhances the ability of programs to 
share information and enhance our Nation's security. The Office of 
Policy also conducts strategic requirements planning in support of 
portfolio management efforts involving domain awareness and information 
sharing. Ultimately, portfolio management bodies become the engines to 
develop integrated, cross-Departmental requirements for homeland 
security functions such as screening, domain awareness, and information 
sharing.
    Another place where policy and strategy intersect with Departmental 
strategic management is the major acquisition oversight process. The 
Office of Policy supports the Management Directorate in Phase 1 (Need) 
and Phase 2 (Analyze/Select) of the acquisition review process, by 
reviewing Mission Needs Statements and Operational Requirements 
Documents for consistency with Department policy and strategy. During 
these reviews, Policy focuses on the following key questions:
    1. Is the program consistent with approved policy, guidance, and 
        requirements (e.g. the Quadrennial Homeland Security Review; 
        applicable laws and regulations)?
    2. Is the program duplicative of other similar capabilities 
        elsewhere in the Department?
    3. Is there a coherent scope for the program, and clear mission-
        oriented objectives, consistent with the QHSR and other 
        strategy documents?
    4. Are the requirements set forth in the document best fashioned to 
        advance mission and functional needs, as articulated in the 
        QHSR and other strategy documents?
    This ``back end'' involvement in the PPBE, portfolio management, 
and major acquisitions oversight processes is an essential element in 
the full cycle of policy and strategy development and implementation. 
DHS is committed to ensuring that articulated policy and strategy 
influences programming and budgeting, capability development, and major 
acquisition decisions.
               enhancing strategy and strategic analysis
    Given the complexity of homeland security challenges and our 
primary role in decision support, a consistent priority within the 
Office of Policy is the application of rigorous and cutting-edge 
analytic techniques and methodologies. The Office of Policy developed 
and has been piloting a methodology for developing strategy. Informed 
by best practices and insights from business, academia, the military, 
and Government, including a highly valuable Government Accountability 
Office report on developing counter-terrorism strategies, our 
methodology stresses the importance of prioritization and choice, the 
consideration of resource implications, and analytically-informed 
insights in any strategy discussion. An anticipatory posture is 
emphasized through a fulsome examination of both the current and future 
strategic environment. The methodology is built around four basic 
elements: (1) Setting the foundations for good strategy; (2) 
establishing appropriate context; (3) developing viable alternative 
solutions; (4) conducting analysis to support decision-making. Key 
steps across these four elements include:
   Obtaining leadership guidance regarding key priorities and 
        expectations for the strategy;
   Developing a plan to execute the strategy that includes 
        identifying and engaging stakeholders, roles, and important 
        time lines;
   Identifying the current strategy, including the implicit 
        strategy as expressed through the budget;
   Framing the problem and identifying strategic assumptions 
        given a common understanding of the current and future 
        strategic environment;
   Defining success through outcomes and strategic level 
        measures;
   Generating viable alternative strategic approaches;
   Identifying the resource implications of each alternative 
        approach; and
   Assessing the degree to which each alternative would achieve 
        success and at what cost.
    In addition, the Office of Policy has worked with the National 
Protection and Programs Directorate's Office of Risk Management and 
Analysis (RMA) as RMA has developed models for assessing strategic 
National risk and capability--and program-level risk reduction. The 
fiscal year 2012 DHS Appropriations Act authorized the Secretary to 
transfer the risk management and analysis functions performed by RMA to 
the Office of Policy in 2012. Such a transfer will enhance the 
Department's risk modeling, analysis, and strategic planning functions, 
and aid in ensuring that risk analysis most effectively informs 
strategy development and strategic choice.
    Effective strategy provides a unifying device through which an 
organization's capabilities are integrated and employed efficiently, 
resources are allocated toward the highest priorities, and different 
organizational elements are collaborating in the pursuit of common 
objectives, all of which are essential for a highly distributed, 
operationally-focused enterprise like DHS. Our strategy methodology 
represents a critical step in producing effective strategy.
                               conclusion
    The best way to posture the Department to effectively address 
emerging threats is to ensure that tough policy and strategy decisions 
are informed by a consideration of viable alternatives, with a clear 
sense of the associated risk and resource implications, and that those 
decisions once made effectively influence subsequent programming and 
budgeting, capability development, and major acquisition decisions.
    I look forward to addressing your questions.

    Mr. McCaul. Thank you, Mr. Cohn.
    You know, this is a critical mission of the United States 
Government. It is clearly within the Constitutional 
responsibility. I personally wish we could appropriate more 
dollars, but we live within a tough budgetary time and so I 
think we need to make best use out of the dollars that we have 
and make it more efficient, and I think that is part of what 
these hearings are going to be all about.
    One thing, Mr. Maurer, you mentioned is that implementing 
this strategic plan that risk is not taken into account, I 
guess, as much as it should. Can you explain that a little bit 
more?
    Mr. Maurer. Sure. In our September 2011 report that we 
issued on the QHSR we talked about risk in sort of two 
different ways. First, in developing the QHSR the Department 
started going down the road of developing a National risk 
assessment, sort of pulling up at the National level what are 
the risks to homeland security and trying to build that into 
the overall analysis.
    They developed a methodology but they didn't have the full 
analytic framework in place in time to complete that for this 
current QHSR. So in our report we recommended that they do it 
for the next QHSR, and our understanding is that the DHS has 
actions in place to do that.
    The second aspect of risk that we looked at was in the 
Department's decisions about which of these BUR initiatives to 
prioritize. These were key initiatives coming out of the 
Bottom-Up Review. What were the things that the DHS really 
wanted to focus on as a priority?
    There were a number of things that went into that equation 
but there was not a formal risk assessment that was part of 
determining what things sort of floated to the top. Part of 
that reason was because some of these BUR initiatives weren't 
really apples-to-apples comparisons. They ranged from very 
large things like aviation security to more focused, narrow 
things, like developing--improving the capabilities of canines 
who can detect explosives.
    So again, we recommended that DHS take this into account in 
next year--in the next iteration of the QHSR and they said that 
they would do so.
    Mr. McCaul. Do you agree that that would make DHS a more 
efficient agency?
    Mr. Maurer. Absolutely. We think risk is one of several 
inputs in these kinds of strategic decisions, but certainly 
that is what DHS is in the business of doing, protecting the 
homeland security, and risk needs to be part of that equation.
    Mr. McCaul. Mr. Cohn, are you willing to, in the next, I 
guess this strategic plan will come out again this next year, 
is that correct?
    Mr. Cohn. So the strategic plan will be released with the 
President's fiscal year 2013 budget, so on or about February 
13. But we agreed with the recommendations of the Government 
Accountability Office and are planning to incorporate both 
elements into the next QHSR, which we will conduct in calendar 
year 2013.
    If I could just add to what Mr. Maurer said, in terms of 
the overall strategic National risk assessment, we recognized 
in the QHSR in the terms of reference that the Department did 
not have the methodology to conduct that, and one of the things 
we did in the first QHSR was charter a working group to 
determine how we would go about approaching that problem. That 
working group reported its results and part of that methodology 
was actually used to develop the strategic National risk 
assessment that informed our preparedness efforts that Dr. 
Caudle referenced.
    For the next Quadrennial Review we are planning to do a 
full assessment of the homeland security environment to include 
the current strategic environment, future strategic 
environment, threat landscape, strategic National risk 
assessment for a full-scope look.
    In addition, in terms of the BUR initiatives, the challenge 
that we had was the Department did not have a overall mechanism 
for doing as Mr. Maurer noted, an apples-to-apples comparison 
of dissimilar activities across missions and across 
organizations. Certainly most of our organizations use robust 
risk assessment processes in determining the thrust of their 
activities. The challenge has been for the Department in 
figuring out a holistic way to use risk at the capability, 
program, or activity level to look not only within 
organizations but across organizations, across missions and 
portfolios.
    Mr. McCaul. Well, I look forward to seeing that and I am 
glad that you are taking Mr. Maurer's advice and his 
recommendations. You know, we heard testimony from Mr. 
Schneider, who has an interesting background both in the DOD 
and in DHS, has a lot of experience in management.
    Mr. Cohn, you would probably be the best, and maybe perhaps 
Mr. Maurer, as well--what is your response to his idea of 
looking at kind of a DOD model that is a Goldwater-Nichols 
approach?
    Mr. Cohn. So it is interesting. I think that Deputy 
Secretary Schneider, both in his remarks and his written 
testimony, pointed out the time line that DOD worked on to 
reach the point of integration that it is at. Created in 1947, 
9 years into the Department of Defense was 1956 and the 
Department of Defense struggled with a lot of the same issues 
that have been pointed out here.
    In the early 1960s Secretary Robert McNamara implemented 
the planning, programming, and budgeting process in DOD, which 
was really an effort to get the Department to look holistically 
across its organizations at its Nationally-oriented programs 
from a mission perspective. It was not until 1986 with 
Goldwater-Nichols and 1989 with the Defense Management Review 
that you got to that heightened level of operational 
integration.
    What the Department is really focused on right now is 
focusing on getting to that first step of being able to look at 
our investment processes from an integrated perspective across 
our Secretary and deputy secretary, the heads of our 
directorates, our components, looking at making sure we have 
cross-departmental perspectives and decisions on strategy and 
policy, on requirements, on programming and budgeting, and on 
acquisition oversight. That is a lot of the work that the 
management director is doing and that they are working in 
concert with the----
    Mr. McCaul. I would like to follow up with that. I think it 
is an interesting idea. You know, whether it is workable, I 
think, you know--Mr. Keating and I can discuss that, but I--it 
is certainly an interesting idea to take a look at.
    Mr. Maurer, do you have any thoughts on that?
    Mr. Maurer. Yes. I think it is absolutely an interesting 
idea to look at, and I think that conceptually it makes sense 
to try to do whatever you can to try to break down some of the 
stovepipes across the various operational components of the 
DHS. The Department is doing some things to go down that road.
    They have, for example, recently consolidated the process 
for developing an SES class. They used to have four separate 
processes; now it is just--whole Department. One of the BUR 
initiatives is looking at how the different components are 
having a regional presence and trying to consolidate that 
across the Department, as well.
    I think there are definitely some lessons learned from 
Goldwater-Nichols that could be applied to DHS, and that would 
be something interesting to follow----
    Mr. McCaul. I would like to follow up with Mr. Schneider.
    Perhaps, Mr. Cohn, you and I can discuss it more.
    One last question--I see my time is expired--but, Mr. 
Reese, you mentioned an interesting fact that I was not aware 
of, and how many agencies outside of DHS have a homeland 
security mission?
    Mr. Reese. The Federal department there are a total of 19, 
just based on research that has been done, and that is 
including Department of Homeland Security. The CRS Homeland 
Security Department fiscal year 2012 appropriations has a table 
in the back that I will be happy to provide to staff that 
breaks down funding. DHS gets 51.7 percent of the funding and 
then the rest is broken down in those other agencies with 
Department of Defense being second, at approximately----
    Mr. McCaul. I would like to see those agencies, because 
what you are telling me is Homeland Security Department, which 
has the primary mission of defending the Nation and the 
homeland, essentially gets 51 percent of the funding for the 
mission.
    Mr. Reese. Yes, sir.
    Mr. McCaul. That is a very interesting fact. I would like 
to follow up with you on that.
    With that, I recognize the Ranking Member.
    Mr. Keating. Thank you, Mr. Chairman. That is a great segue 
to my question.
    I think this discussion begins with, you know, the first 
analysis being the 9/11 Commission Report. Earlier this year 
our committee heard testimony from Lee Hamilton, from Tom 
Ridge, and they said that one of the primary results of their 
report is--still remains, even after these--this period of 
time, unmet, and that is breaking down the jurisdictional 
barriers that exist. I understand, you know, I am no novice to 
Government, how difficult that is, but I want to tell you, it 
is not only the inefficiencies that you are talking about and 
the inability to get management in place when it is so 
fragmented, but I want you to comment, if you could.
    I think the first view of this is: What is the effect of 
this fragmentation on our security itself? I look at that as 
the primary question that remains--and whether we are talking 
about, you know, the approaches that were mentioned by our 
prior speakers and how to deal with it, if someone that was in 
the trenches saying, ``Well, we have to take these small, 
incremental approaches to work around all these''--how 
important is it--we know we are wasting money; we know we are 
not being efficient. But in terms of security--anyone--tell me 
how serious that fragmentation of bureaucracies remains, in 
terms of our National security.
    Mr. Maurer. I think it is definitely--falls in the realm 
of, there is not really a clear answer to that. You just don't 
know, actually, what the results are because you can certainly 
get better efficiency, better effectiveness if things are 
better integrated and pulled together in a more cohesive way.
    But to sort of answer your question, though, it is in the 
realm of the unknowables. I mean, we don't really know what is 
being lost by not taking advantage of some simple things, like 
if you have a consolidated management approach it would be 
easier for the Department leadership to understand the 
tradeoffs when they are making resource decisions within the 
Department of Homeland Security. If you had better performance 
measures you would have a better handle on what parts of the 
Department are working more effectively than others and make 
changes accordingly.
    When you don't have that kind of consistent management 
framework it is really difficult to have an analysis to address 
the question that you raised, which is a very key question.
    Mr. Keating. I think it is the fundamental question. You 
know, I look at, you know, with the President did with, you 
know, incorporating emerging threats and natural disasters 
under that same umbrella, I applaud that approach because I 
think he is moving in that direction.
    But we have to go further. I know there is legislation here 
in front of the Congress that has bipartisan support, yet 
nothing gets moved forward. To me, what we are left with, then, 
with declining revenues--and you have all addressed this--is 
the fact that we are looking at the monies we have and 
determining our security strategy around those parameters 
instead of looking at our security strategies and our needs and 
our threats and saying, ``What is it going to take to fund 
safety?''
    I mean, the holes are gaping. You know, our primary person 
in the panel this morning talked about his biggest threat being 
biological threats and that there was no priority to that at 
all.
    Yet, that was the end of the discussion. We didn't get into 
that beyond that. We are looking at the cyber threats and we 
are trying to grapple with that on the public-private side, 
too, and think of approaches there.
    But am I wrong? But doesn't it seem like the tail is 
wagging the dog here, that we are looking at our limited 
revenues and saying, ``All right, how are we going to spread 
this around to all these different agencies and 
bureaucracies?'' Lost in all this is, what are we doing to 
really put the premium on our security needs and risk 
assessment, and then putting the money forward?
    I represent a coastal community. The Chairman, here, 
represents the region that includes Port of Houston, I 
mentioned before. Those kind of natural disaster threats as 
well as terrorist threats really have a fundamental economic 
and security threat to our country.
    Do you have any advice to us other than just do our job and 
start reorganizing here? Do you have any plans? Can you come 
out with what we should look at as a blueprint for 
reorganizing, making sure we have--we are doing things the 
right way instead of--there is another term that comes to mind; 
I won't use it here.
    But what are your thoughts on that?
    Mr. Cohn. You know, from the Department's perspective, we 
articulated a security environment that recognized the threats 
that Deputy Secretary Schneider laid out. We articulated five 
National missions that we need to engage in and we understand 
we need to engage with almost the entirety of the Federal 
interagency in accomplishing those goals as well as with a--
with an enormous stakeholder community across all of those 
missions.
    Obviously the fiscal environment is what it is. The 
Department has articulated a strategic approach that it follows 
and a priority of goals and objectives that we need to achieve, 
but the fiscal environment requires us and requires our 
Secretary to then carefully weigh what the relative priorities 
will be and to allocate resources in the best way possible to 
optimize to those goals and objectives.
    Mr. Maurer. I think historically, in the early days of the 
Department when it was first being stood up, it was undergoing 
a period of significant growth. There was a recognition that 
there was a substantial threat, and so frankly, there was a lot 
of money thrown at the Department very quickly.
    They are now starting to have to reposition themselves into 
a more austere fiscal environment which forces them to do 
exactly what you are talking about. They have to start--they 
have to flip the lens. They have to start thinking about, what 
are the predominant risks and the threats facing the Nation, 
and align the resources and priorities accordingly. That is 
going to take some time.
    Now, the one thing that is encouraging, I have seen 
evidence of that in some of the plans that DHS has put forward 
to address the high-risk designation, so on paper those things 
are there to put those things in place. But we need to see 
execution on those plans and we need to see sustained progress 
in doing so.
    Mr. Keating. Thanks.
    Mr. Chairman, I am over my time.
    Mr. McCaul. That was a very good question.
    Gentlelady from New York, Ms. Clarke, is recognized.
    Ms. Clarke of New York. Thank you very much, Mr. Chairman.
    Thank you, Ranking Member, and to our panelists.
    My first question is for Mr. Reese: Emerging threats 
represent a broad spectrum of possibilities. In your opinion, 
are the strategies we have in place and the efforts of DHS 
effective in confronting these threats?
    Mr. Reese. Ma'am, first of all, working for CRS I don't 
have an opinion.
    [Laughter.]
    Mr. Reese. I would also say that the definitions identified 
in the documents--getting a succinct definition is sufficient. 
We can add what we want to the definition of homeland security; 
what is important is identifying the missions that evolve from 
that definition or our concept of homeland security, and then 
through risk assessment and through threat evaluation then 
prioritize those missions. I believe that is the important step 
that has to be done here.
    It was stated earlier that these are--these documents 
provide principles or guidance. The next step is actually 
prioritizing.
    Ms. Clarke of New York. So I guess the follow-up would be: 
Is there anything that you have observed that may be lacking? 
Are there any missing components? I mean, again, you are 
looking at so many different ways in which the homeland is 
threatened today.
    You know, we have talked about a few areas, but there are 
so many more, whether it is radiological weaponry and things 
that may be already resident in many of our communities. You 
know, we have talked about the radiological transfers for 
medical facilities. Is there anything that you have observed 
that seems to be obvious but not so obvious?
    Mr. Reese. Ma'am, everything that--especially when you look 
at the missions and the goals identified in the Bottom-Up 
Review and the Quadrennial Homeland Security Review, they do--
and as I stated earlier, seem to be nested in the 2010 National 
Security Strategy. It seems that we understand what we need to 
be doing; it is just figuring out how do we prioritize and to 
achieve those goals.
    So no, ma'am, I haven't observed anything that----
    Ms. Clarke of New York. Very well.
    Mr. Maurer, you sort of, like peeked up a little bit. Would 
you want to comment here?
    Mr. Maurer. Well, it is an interesting topic, of course. 
Yes, I think what is really missing are sort of the things that 
we have already talked about from the GAO perspective, which is 
the National risk assessment and a more informed risk-based 
foundation to these kinds of analyses, and the Department says 
it is taking actions to do that, and that is good.
    Also talked about the need for having improvements in 
getting stakeholders more involved in the next process for 
developing these kinds of strategies, giving them more time to 
comment, as well as doing more effective outreach to non-
Federal stakeholders. We recognize that that is a key challenge 
for the Department since there are so many. But State, local, 
Tribal, private sector play a big role and we have to make sure 
that they are a part of developing these strategies.
    We would also like to see a little more detail in the 
implementation plan. But the key thing from a GAO perspective 
is we want to see execution on these plans and an--supported by 
an integrated management foundation.
    Ms. Clarke of New York. Very well.
    Mr. Cohn, as a follow-up, it is well settled that the 
multiple agencies must cooperate with each other when it comes 
to homeland security and terrorism-related issues. The QHSR 
should have included a thorough discussion of the status of 
cooperation between Federal, State, local, and Tribal 
government in preventing terrorist attack and preparing for 
emergency responses to threats. This was not, however, included 
in the final product, and it appears to be outside of the scope 
of the BUR.
    Does the Department plan to complete this statutorily 
required analysis? If so, when can we expect to have it 
delivered to Congress?
    Mr. Cohn. As I think the GAO found in their review, DHS did 
make an--did undertake to describe the interaction between the 
Department and its external stakeholders as well as other 
Federal agencies in fulfilling its mission to prevent terrorism 
as well as the other missions articulated in the Quadrennial 
Review. What we did not do was assess the status of cooperation 
by other Federal agencies with their partners as opposed to 
DHS.
    That is a very difficult thing for an individual agency to 
do with its peer agencies. That is a topic of conversation and 
something we are looking to--to understand how we would fulfill 
that obligation as the requirement to conduct the next 
quadrennial review is coming up, and we will be looking and 
working to figure out how we complete that portion of the 
statutory requirement in the upcoming 2013 review.
    Ms. Clarke of New York. Oh boy. That doesn't sound too 
good. I say that, you know, in all honesty because that is 
almost at the core of your mission, which is to coordinate, 
right? So if you are not getting cooperation from other Federal 
agencies to meet that mandate, there is a challenge there that 
has to be met.
    Mr. Cohn. We absolutely recognize our obligation, and to 
coordinate with other agencies, and we do coordinate 
extensively with our Federal interagency partners and with our 
vast majority of stakeholders in the homeland security 
enterprise. The challenge comes in evaluating the actions of 
other Federal departments and agencies, and that is a similar 
challenge to the challenge, I think, of jurisdiction that the 
Congress is facing, of how different organizations, with their 
own authorities, might look to one another and assess one 
another's roles.
    So it is a challenge that the Department recognizes in 
terms of that assessment. It is a difficult process and it is 
one that we will be working through.
    Ms. Clarke of New York. Mr. Maurer.
    Mr. Maurer. I certainly understand that DHS faces in trying 
to assess the level of cooperation from other departments. It 
is an important issue, though, and it is certainly vital to the 
overall success of addressing homeland security threats.
    I mean, we at GAO stand ready to perform that kind of 
service for the Congress if that is something we have been 
asked to do. We certainly have criteria analysis in place to 
look at overall interagency cooperation.
    Ms. Clarke of New York. Very well.
    Mr. Chairman, before I yield back I just want to make a 
quick correction. I was informed by Mr. Keating that a comment 
I made earlier was not accurate, and it was about--with regard 
to General McCaffrey's comments on comprehensive--the need for 
comprehensive immigration reform. Those comments were actually 
made in the context of responding to the Texas report that you 
had submitted into the record. So I just wanted to clarify.
    Mr. McCaul. I appreciate that clarification.
    Ms. Clarke of New York. Thank you, Mr. Chairman.
    Mr. McCaul. Let me thank the witnesses for their valuable 
testimony. I think this has been a very productive discussion. 
You know, we are not here to play ``gotcha'' politics. We 
really want the homeland security to succeed. It is the right 
thing for the American people and for the mission.
    I want to commend the witnesses. I also want to commend all 
of the employees in the Department of Homeland Security for 
their hard efforts. It is sometimes a thankless job and it is 
an easy target sometimes, an easy whipping boy. But the fact of 
the matter is they work long, hard hours. I know the Border 
Patrol agents down on the border have a very difficult job, the 
ICE agents, and really all across the spectrum at DHS. So I 
want to just take this opportunity--they may not hear it very 
often from Congress, but I want to say thank you to all of the 
employees in the Department for your hard work.
    With that, this hearing now stands adjourned.
    [Whereupon, at 12:27 p.m., the subcommittee was adjourned.]

                                 
