[Senate Hearing 112-612]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 112-612

 
                    THE FUTURE OF HOMELAND SECURITY

=======================================================================

                                HEARINGS

                               before the

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                      ONE HUNDRED TWELFTH CONGRESS


                             SECOND SESSION

                               __________

              EVOLVING AND EMERGING THREATS--JULY 11, 2012

     THE EVOLUTION OF THE HOMELAND SECURITY DEPARTMENT'S ROLES AND 
                        MISSIONS--JULY 12, 2012

                               __________

        Available via the World Wide Web: http://www.fdsys.gov/

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs



                  U.S. GOVERNMENT PRINTING OFFICE
76-059                    WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202�09512�091800, or 866�09512�091800 (toll-free). E-mail, [email protected]  


        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

               JOSEPH I. LIEBERMAN, Connecticut, Chairman
CARL LEVIN, Michigan                 SUSAN M. COLLINS, Maine
DANIEL K. AKAKA, Hawaii              TOM COBURN, Oklahoma
THOMAS R. CARPER, Delaware           SCOTT P. BROWN, Massachusetts
MARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana          RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri           ROB PORTMAN, Ohio
JON TESTER, Montana                  RAND PAUL, Kentucky
MARK BEGICH, Alaska                  JERRY MORAN, Kansas

                  Michael L. Alexander, Staff Director
  Christian J. Beckner, Associate Staff Director for Homeland Security
                       Prevention and Protection
               Nicholas A. Rossi, Minority Staff Director
   Brendan P. Shields, Minority Director of Homeland Security Policy
        Eric B. Heighberger, Minority Professional Staff Member
           Mark K. Harris, Minority U.S. Coast Guard Detailee
                  Trina Driessnack Tyrer, Chief Clerk
                 Patricia R. Hogan, Publications Clerk
                    Laura W. Kilbride, Hearing Clerk


                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Lieberman...........................................  1, 39
    Senator Collins.............................................  3, 41
    Senator Carper.............................................. 21, 58
    Senator McCain...............................................    24
    Senator Johnson............................................. 28, 62
    Senator Akaka................................................    66
Prepared statements:
    Senator Lieberman.......................................... 79, 148
    Senator Collins............................................ 81, 151
    Senator Carper...............................................   153

                               WITNESSES
                        Wednesday, July 11, 2012

Hon. Michael V. Hayden, Principal, Chertoff Group................     5
Brian Michael Jenkins, Senior Adviser to the President, RAND 
  Corporation....................................................     7
Frank J. Cilluffo, Director, Homeland Seurity Policy Institute, 
  George Washington University...................................     9
Stephen E. Flynn, Ph.D., Founding Co-Director, George J. Kostas 
  Research Institute for Homeland Security, Northeastern 
  University.....................................................    12

                        Thursday, July 12, 2012

Hon. Jane Harman, Director, President, and Chief Executive 
  Officer, Woodrow Wilson International Center for Scholars......    44
Admiral Thad W. Allen, U.S. Coast Guard (Retired), Former 
  Commandant of the U.S. Coast Guard.............................    48
Hon. Richard L. Skinner, Chief Executive Officer, Richard Skinner 
  Consulting.....................................................    51

                     Alphabetical List of Witnesses

Allen, Admiral Thad W.:
    Testimony....................................................    48
    Prepared statement with an attachment........................   157
Cilluffo, Frank J.:
    Testimony....................................................     9
    Prepared statement...........................................   102
Flynn, Ph.D., Stephen E.:
    Testimony....................................................    12
    Prepared statement...........................................   114
Harman, Hon. Jane:
    Testimony....................................................    44
    Prepared statement...........................................   154
Hayden, Hon. Michael V.:
    Testimony....................................................     5
    Prepared statement...........................................    83
Jenkins, Brian Michael:
    Testimony....................................................     7
    Prepared statement...........................................    86
Skinner, Hon. Richard L.:
    Testimony....................................................    51
    Prepared statement...........................................   168

                                APPENDIX

.................................................................
Response to post-hearing questions for the Record of July 11, 
  2012:
    Mr. Hayden...................................................   125
    Mr. Jenkins..................................................   127
    Mr. Cilluffo.................................................   135
    Mr. Flynn....................................................   142
Response to post-hearing questions for the Record of July 12, 
  2012:
    Ms. Harman...................................................   179
    Admiral Allen with an attachment.............................   183
    Mr. Skinner..................................................   200


     THE FUTURE OF HOMELAND SECURITY: EVOLVING AND EMERGING THREATS

                              ----------                              


                        WEDNESDAY, JULY 11, 2012

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:09 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Joseph I. 
Lieberman, Chairman of the Committee, presiding.
    Present: Senators Lieberman, Carper, Pryor, Collins, 
Coburn, Brown, McCain, and Johnson.

            OPENING STATEMENT OF CHAIRMAN LIEBERMAN

    Chairman Lieberman. The hearing will come to order. I 
apologize to my colleagues for being late. I got a call about a 
pending legislative matter that I had to attend to. And I thank 
Senator Collins for resisting the urge to grab the gavel. 
[Laughter.]
    Although a twist of fate may take somebody at this table to 
the gavel in January.
    This is the first of two hearings that this Committee will 
hold this week, today and tomorrow, and other hearings will 
probably follow in a series that is aimed at looking backward 
and forward to both the terrorist threat to our country, 
particularly to our homeland, and how the Department of 
Homeland Security (DHS) has done in responding to that threat 
and what it should do to respond to the threat, be ready to 
meet the evolving threat in the decade ahead.
    This review is engendered first and most significantly in 
anticipation of the 10th anniversary of the Homeland Security 
Act being passed, in November 2002, that created the Department 
of Homeland Security legislation, which this Committee 
sponsored and originated.
    I suppose in a different sense more directly related to the 
Committee, as I said a moment or two ago, there will be a 
change in leadership of this Committee in the next session 
since I am leaving the Senate at the end of this term. I 
personally thought that it would be responsible for me in the 
last 6 months of my chairmanship to try to build a record, 
particularly from outside experts such as those we have here 
today, but also from the Department and others in government in 
later hearings, to help guide the new leadership of the 
Committee as it continues its work in the next session of 
Congress.
    This first hearing is going to examine the mid- to long-
term evolution of the terrorist threat and other threats to our 
homeland security. It will focus less on current or near-term 
terrorism threats.
    In September, the Committee will hold once again our annual 
threat hearing with Secretary Janet Napolitano, Federal Bureau 
of Investigations (FBI) Director Robert Mueller, and National 
Counterterrorism Center (NCTC) Director Matthew Olsen that will 
focus more on the current threat picture, and then tomorrow 
with another set of witnesses, we will take a look at how the 
Department of Homeland Security has evolved over the last 10 
years, how it has done, and what it will need to do in the 
decade ahead.
    Within the longer-term time frame that we are going to 
discuss today, I hope we will answer questions such as this: To 
what extent will the terrorist threat to the homeland 5 to 10 
years from now resemble the current threat picture? What is the 
mid- to long-term significance of Osama bin Laden's death and 
the death of other al-Qaeda operatives for core al-Qaeda 
external operations? Will the historic developments in the Arab 
world politically--the Arab Spring or Arab Awakening--affect 
the terrorist threat to our homeland in any way? And then, more 
broadly, what societal or technological factors are likely to 
have an impact on the future threat within the time frame that 
we have talked about?
    For example, how will the continued expansion of online 
social networking impact the way terrorist groups recruit and 
radicalize individuals? And in a different way, what will be 
the impact of current demographic trends in different parts of 
the world--the Middle East, Africa, and Europe?
    So those are some of the kinds of questions that I hope we 
will deal with today. We have a really extraordinary panel of 
witnesses, and I am grateful to the four of you for being here.
    Very briefly, General Michael Hayden, one of our Nation's 
leading intelligence and security experts, served within the 
last decade as Director of the Central Intelligence Agency 
(CIA), Deputy Director of National Intelligence, and Director 
of the National Security Agency (NSA). A retired four-star 
general from the Air Force, General Hayden is now currently a 
principal at the Chertoff Group, which is a strategic 
consultancy led by former DHS Secretary Michael Chertoff.
    Brian Jenkins is a senior analyst at RAND and has been a 
greatly respected expert on terrorism and related issues since 
the 1970s. He was very young at the time he first appeared as 
an expert in this regard. He has authored dozens of reports on 
homeland security and terrorism issues in the last decade.
    Frank Cilluffo is Director of the Homeland Security Policy 
Institute at the George Washington University (GW), one of the 
leading think tanks for homeland security issues in our 
country. Before working at GW, he served from 2001 to 2003 as 
Special Assistant to President Bush for Homeland Security, 
working in the White House Office of Homeland Security as a 
Principal Adviser to Governor Tom Ridge.
    And Steve Flynn, Founding Co-Director of the Kostas 
Research Institute for Homeland Security at Northeastern 
University. Prior to this, he was President of the Center for 
National Policy and a senior fellow at the Council on Foreign 
Relations. He has testified dozens of times before Congress on 
homeland security issues and is the author of two books, 
``America the Vulnerable,'' and ``The Edge of Disaster: 
Rebuilding a Resilient Nation.''
    I could not ask for four better people to help us look 
back, look forward, and build the kind of record that we want 
to build. I appreciate your presence here.
    With that, I will yield to Senator Collins.

              OPENING STATEMENT OF SENATOR COLLINS

    Senator Collins. Thank you, Mr. Chairman.
    The terrorist threats facing our country have evolved since 
the horrific attacks on September 11, 2001 (9/11). That awful 
day steeled our national resolve and drove us to rethink how 
our intelligence agencies were organized and how our 
instruments of national power ought to be used.
    Since then, we have taken significant actions to better 
counter the terrorist threat, but the terrorists have 
constantly modified their tactics in an effort to defeat the 
security measures we have put in place. An example is the 
October 2010 air cargo plot originating in Yemen in which al-
Qaeda apparently sought to avoid improvements in passenger and 
baggage screening by exploiting vulnerabilities in cargo 
security.
    Let me emphasize that it is extremely troubling that 
terrorists have been aided in their efforts to circumvent our 
security by the all-too-frequent leaks regarding our 
counterterrorism activities and capabilities. As we consider 
the challenges posed by emerging threats, we simply cannot 
tolerate giving our adversaries information that they can turn 
against us.
    When Chairman Lieberman and I authored the Intelligence 
Reform and Terrorism Prevention Act of 2004 (IRTPA), our goal 
was to create a coordinated effort among the Department of 
Homeland Security, the Director of National Intelligence (DNI), 
and the National Counterterrorism Center as well as other 
Federal partners and stakeholders.
    One instrument used in these collaborative efforts has been 
the network of 77 State and local fusion centers that help 
manage the vital flow of information and intelligence across 
all levels of government. These centers are recipients of 
national intelligence products, but they must also become 
robust aggregators and analyzers of information from their own 
areas that can be shared so that trends can be identified and 
the understanding of threats to our homeland can be 
strengthened.
    An example of the effectiveness of fusion centers occurred 
on June 25 of last year when officers from the Colorado State 
Patrol attempted to pull over a man who was driving 
erratically, fled authorities, and eventually crashed. As the 
police processed the driver and information about his pick-up 
truck, they learned from the Colorado Fusion Center that he was 
linked to an attempted bombing of a book store. That driver is 
now in custody facing Federal charges.
    This type of grassroots teamwork is essential to combat a 
deceptive and often elusive enemy. As discussed in a recent 
report by the Homeland Security Policy Institute at George 
Washington University, however, fusion centers have yet to 
achieve their full potential. Questions have been raised about 
their analytic capabilities and about whether they are 
duplicative of the work of the Joint Terrorism Task Forces.
    The reforms enacted in response to the 9/11 attacks have 
helped to ensure that there have been no other large-scale 
attacks in the United States. The absence of such attacks and 
our success in thwarting terrorist plots at home and abroad 
should not lull us into a false sense of security, for this is 
no time to rest as gaps in our security net remain.
    We continue, for example, to witness the growing threat of 
violent Islamist extremists within our own borders. Sometimes 
these terrorists have been trained overseas. Others have taken 
inspiration from charismatic terrorists via the Internet, 
plotting the attacks as lone wolves.
    Last year, as Members of this Committee well know, two 
alleged al-Qaeda terrorists were arrested in Bowling Green, 
Kentucky. This highlighted a gap where elements of our security 
establishment had critical fingerprint information that was not 
shared with those granting access to these three men to our 
country.
    Another growing and pervasive threat is that of cyber 
attacks. Earlier this year, the FBI Director warned that cyber 
threats will soon equal or surpass the threat from terrorism, 
and just last month, several former national security officials 
warned that the cyber threat is imminent and represents one of 
the most serious challenges to our national security since the 
onset of the Nuclear Age 60 years ago. They further wrote that 
protection of our critical infrastructure is essential in order 
to effectively protect our national and economic security from 
the growing cyber threat, and that is exactly what Chairman 
Lieberman and I have been working with our colleagues on 
legislation that would accomplish the goal of helping to secure 
our Nation's most critical infrastructure, such as the power 
grid, nuclear facilities, water treatment plants, pipelines, 
and transportation systems. I can think of no other area where 
the threat is greater and we have done less to counter it.
    There is also a growing threat from transnational organized 
crime. The Director of National Intelligence has testified that 
these criminal organizations, particularly those from Latin 
America, are an abiding threat to U.S. economic and national 
security interests. Our intelligence community needs to focus 
on their evolution and their potential to develop ties with 
terrorist groups and rogue states.
    The 9/11 Commission devoted substantial attention to the 
challenge of institutionalizing imagination. In an 
understatement, the Commission's report observed that 
imagination is not a gift usually associated with 
bureaucracies. Yet imagination is precisely what is needed to 
address emerging and future threats. We must persistently ask: 
What are the future threats? What technology could be used? Do 
we have the intelligence that we need? How can we stop these 
leaks that compromise our security? Are we prepared to thwart 
novel plans of attack? What will our enemy even look like in 2, 
5, or even 10 years?
    Surely we are safer than we were a decade ago, but we must 
be relentless in anticipating the changing tactics of 
terrorists. As the successful decade-long search for Osama bin 
Laden has proved, America's resolve and creativity are our most 
powerful weapons against those who seek to destroy our way of 
life.
    Thank you, Mr. Chairman.
    Chairman Lieberman. Thank you, Senator Collins, for that 
excellent opening statement.
    General Hayden, let us go right to you, and thanks again 
for being here.

  TESTIMONY OF HON. MICHAEL V. HAYDEN,\1\ PRINCIPAL, CHERTOFF 
                             GROUP

    General Hayden. Well, thank you, Mr. Chairman, Senator 
Collins, and other Senators. Thank you for the invitation to be 
here.
---------------------------------------------------------------------------
    \1\ The prepared statement of General Hayden appears in the 
Appendix on page 83.
---------------------------------------------------------------------------
    Mr. Chairman, as you pointed out, I am with Secretary 
Chertoff and the Chertoff Group, and we actually deal with a 
lot of the issues that we are going to discuss today. But I am 
here, of course, in a personal capacity, and I am really 
delighted to be here with this team. And I know the other 
members of the panel are going to drill down into some specific 
issues in their own areas of expertise. So what I would like to 
do is maybe just step back a little bit and perhaps provide a 
broader context in which we can place some of this morning's 
discussion.
    One of my old bosses, General Brent Scowcroft, wrote very 
recently for the Atlantic Council--and I am kind of 
paraphrasing what the General said here--that he had spent his 
professional career dealing with a universe that was dominated 
by nation-states in which the pieces on the board were by and 
large influenced by what all of us today would call ``hard 
power.''
    And he writes that is no longer true. Because of 
globalization, the international structure that was actually 
created by the Treaty of Westphalia about five centuries ago is 
no longer dominant. General Scowcroft points out that during 
the age of industrialization practically everything tended to 
make the state stronger. In today's era of globalization, 
practically everything tends to make the state weaker and less 
relevant.
    And in addition to eroding the traditional role of the 
nation-state, globalization has pushed on to the international 
stage actors that we have never seen before, and it has made 
immediate and direct threats that a few decades ago were, at 
best, distant and oblique.
    And here we sit with institutions, built for that age 
General Scowcroft governed in, practiced to be methodical, 
thorough, and stable, which are attributes, Senator Collins, 
none of which you listed as to what we need to be in terms of 
this new age.
    So that really demonstrates our challenge. How do we adapt 
to these new dangers, be they terrorism or cyber or 
transnational crime? Frankly, I would suggest they are all 
merely specific expressions of this new reality of what we 
have, an intensely interconnected world that empowers 
individuals and small groups beyond all previous experience.
    Now, with that as a premise as to what we are facing, let 
me illustrate both the challenge we face, repeating some of the 
things already mentioned, and the difficulty we are having 
forming an appropriate response. My personal experience: Prior 
to 9/11, we all believed, wrongly, that we had little to fear 
personally from religious fanatics living in camps in 
Afghanistan. We were wrong.
    Prior to that, we saw no need for a Department of Homeland 
Security, and we were well practiced and very comfortable 
protecting both our liberty and our security by creating 
barriers to separate things that were foreign from things that 
were domestic, dividing things that were intelligence related 
to those things that were law enforcement related, and, 
frankly, that model worked just fine for about two centuries. 
But they failed, and now we are still adapting, and as this 
Committee knows, we are adapting with a great deal of 
controversy.
    Again, pulling out of my personal experience, the Terrorist 
Surveillance Program that we created at NSA, designed to close 
an obvious gap: Detecting the communications of foreign 
terrorists operating from within the homeland. A very 
controversial program. You embraced that controversy in 2008 
when you debated changes to the Foreign Intelligence 
Surveillance Act (FISA). And it is still controversial as the 
Senate debates even now an extension of the FISA Amendments 
Act.
    We all agreed, for example, in the 9/11 Commission report 
that we needed a domestic intelligence service and that it was 
probably best to put it in the FBI. And despite that agreement, 
look at the reaction even today when the Bureau tries to 
collect information on anything without a criminal predicate, 
in that area we would call ``spaces between cases.''
    And heaven help us and save us from the Associated Press if 
the New York City Police Department tries to do anything like 
the same thing.
    Now, over two administrations, we have had measurable 
success against al-Qaeda, against those who attacked us on 
September 11, 2001. Dangers remain, though. Al-Qaeda Central 
could still reconstitute if we ease up the pressure on it; al-
Qaeda franchises continue to pose danger, and at least one of 
them, al-Qaeda in the Arabian Peninsula (AQAP), is intent on 
showing global reach. And finally, and, frankly, I think, 
Senator Collins, you suggested this, quite disturbingly, that 
homegrown radicalized threat, self-radicalized threat, still 
persists. Also persisting is the question about what 
constitutes an appropriate, lawful, and effective response from 
us.
    We are seeing this same thing play out in the cyber domain 
where the threats are all too obvious but, frankly, where our 
response is very late to need. I know this Committee knows more 
than most what we are losing out there in terms of state 
secrets, private information, and intellectual property being 
stolen by foreign governments; how much of our wealth is being 
pilfered by criminal gangs; and how much of our infrastructure 
is now vulnerable to cyber-enabled malcontents and anarchists.
    And here our response--and I know you know this--is even 
slower and more difficult to organize than we have seen in the 
fight against terror. There are some who fear regulation being 
too burdensome. Others fear a loss of civil liberties. And yet 
all of us should fear the loss of privacy, ideas, jobs, and 
wealth that is going on right now.
    As we encountered 10 years ago in the fight against terror, 
the old forms do not fit. They do not fit the new cyber 
dangers. But here, absent that catastrophic stimulus of a 9/11, 
we are moving very slowly to adapt to new realities.
    Now, as you suggested, Senator Collins, there are other 
dangers out there, and I know we are going to touch on 
transnational crime. But, again, I am trying to suggest the 
immediacy of all of these--terror, cyber, and transnational 
crime--and why it is so threatening today, is this new effect 
of globalization.
    Our response has to be synchronized, and the challenge is 
we have optimized our institutions across all three branches of 
government for a different world, and now we have to undertake 
the same tasks our political ancestors undertook over two 
centuries ago. How do we best secure our safety and our liberty 
in our time?
    This Committee has been relentless in its efforts to answer 
that question in a way consistent with our enduring values, and 
I congratulate you on that.
    It is hearings like, frankly, what we are doing today that 
help push this necessary debate forward.
    Thank you again for the opportunity to contribute my 
personal views, and I know we will have more detailed questions 
as we go forward. Thank you.
    Chairman Lieberman. Thanks, General. That was really a 
perfect way to begin the discussion. I appreciate it. You raise 
a lot of questions in my mind which I look forward to asking 
you.
    Mr. Jenkins, thanks for being here.

 TESTIMONY OF BRIAN MICHAEL JENKINS,\1\ SENIOR ADVISER TO THE 
                  PRESIDENT, RAND CORPORATION

    Mr. Jenkins. Mr. Chairman, Senator Collins, and Members of 
the Committee, thank you very much for inviting me to address 
these important matters. I have prepared some written 
testimony, which I suspect will provoke some questions, but let 
me just highlight some of the headlines.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Jenkins appears in the Appendix 
on page 86.
---------------------------------------------------------------------------
    Looking ahead, the United States confronts a more diverse 
terrorist threat. Al-Qaeda, still our principal concern, is 
exploiting the turmoil created by the Arab uprisings to make 
tactical advances and open new fronts. Several incidents in the 
past year suggest a resurgence of Iranian-sponsored terrorism. 
South of our borders, Mexico faces what some analysts are 
calling a ``criminal insurgency,'' which could expose the 
United States eventually to the kind of savage violence we have 
seen in that country.
    The global economic crisis has sparked mass protests, which 
are entirely legitimate. But these in turn attract violence-
prone anarchists and other extremists seeking venues and 
constituents. Anti-Federal Government sentiments have become 
more virulent, fueled in part by economic dislocation that 
transcends the current economic crisis, by long-term 
demographic shifts, and by deep national divisions and 
rancorous partisanship. For now, the anti-government extremists 
seem content to talk about armed resistance, but the hostility 
runs deep, and the potential for violence, long-term violence, 
is there.
    Let me come back to al-Qaeda. Al-Qaeda today is more 
decentralized, more dependent on its affiliates and allied 
groups and on its ability to activate homegrown terrorists. It 
is exploiting opportunities created by the Arab uprisings in 
Yemen, in the Sinai, in the Sahara, and most recently in Syria, 
where it can attach itself to local insurgencies and resistance 
movements.
    Now, al-Qaeda's presence in a particular part of the world 
where it has not been before does not always present an 
immediate threat to U.S. security. While local insurgents may 
welcome al-Qaeda's brand name and assistance, this does not 
necessarily mean that they embrace al-Qaeda's war on the ``far 
enemy.'' That is us. The longer-term threat is that al-Qaeda 
will be able to deepen relationships that ultimately give it 
new operational bases and recruits for international terrorist 
operations.
    Its own operational capabilities degraded, unable to 
directly attack the West, al-Qaeda has emphasized--embraced, 
really--a do-it-yourself strategy supported by an intensive 
online recruiting campaign. They have had modest success. In 
fact, the meager response suggests that thus far this marketing 
effort appears to be failing. It is still a danger, but they 
are not selling a lot of cars.
    Since 9/11, there have been 96 cases of homegrown terrorism 
involving 192 persons who offered support to jihadist groups or 
plotted to carry out terrorist attacks in this country. Of 37 
homegrown jihadist terrorist plots since 9/11, 34 were 
uncovered and thwarted by the authorities.
    Our success in preventing further terrorist attacks is owed 
largely to our own intensive intelligence collection efforts 
worldwide and at home, plus unprecedented cooperation among the 
intelligence services and law enforcement organizations 
worldwide. That latter aspect is going to become more difficult 
to sustain in the future, in part because of fiscal 
constraints, in part because of a certain amount of 
complacency, but also in part because we are going to be 
dealing with governments in the Middle East that are being 
challenged by their own citizens whose efforts we support in 
principle, and also we are going to be dealing with governments 
for which counterterrorism is no longer their top priority. It 
is new political institutions, it is the creation of jobs. We 
are going to be dealing with some governments whose leaders may 
have very different ideas about terrorism--for example, the 
recent statements by the new president of Egypt. This places an 
increased burden on our domestic intelligence capabilities.
    Now, Senator Collins, I certainly agree with you that our 
domestic intelligence collection, although not optimized, 
certainly has been a remarkable success. It is, however, under 
assault, in part motivated by concerns about civil liberties, 
but also by personal, ideological, and political agendas which 
in some cases are further fueled by organizational rivalries.
    Now, intelligence collection is always a delicate business 
in a democracy, and review is always appropriate. But the 
dismantling of the intelligence effort, which seems to be the 
politically correct desire of some, I think would be extremely 
dangerous.
    The recent string of terrorist plots by Iranian-trained 
operatives in Azerbaijan, Georgia, India, Thailand, Kenya, and 
the United States, itself, I think indicate a resurgence in 
Iranian-sponsored terrorism. Its future trajectory will depend 
on Iran's perceptions of Western intentions and its own 
calculations of risk. And, of course, the uncovering of a plot 
in this country I think really raises some questions about our 
calibrations of their willingness to accept risk.
    Let me make a couple comments briefly about the terrorist 
targets and tactics. Terrorists have contemplated a wide range 
of targets: Government buildings, public transportation, 
hotels, tourist sites, and religious institutions predominate, 
but they remain obsessed with attacking commercial aviation, 
currently with well-concealed explosive devices that are 
difficult to detect, hoping to kill hundreds. I think that 
protecting airliners will remain a matter of national security.
    But while terrorists consider airlines gold medal targets, 
when it comes to slaughter, they do their work on surface 
transportation, which offers easier access and crowds of people 
in confined spaces.
    Let me just follow on something that General Hayden has 
said here, and that is, it is really a long-term trend that we 
are struggling with. We have known for some years that power--
and here I mean power defined crudely, simply as the capacity 
to kill, destroy, disrupt, compel us to divert vast resources 
to security--is coming into the hands of smaller and smaller 
groups, into the hands of gangs whose grievances, real or 
imaginary, it is not always going to be possible to satisfy. 
And how we deal with that within the context of a democracy and 
remain a democracy I think is one of the major challenges we 
face in this century. Thank you.
    Chairman Lieberman. Thank you. Right you are. I think you 
both pointed to the changes that are affecting the nature of 
the threat. I am going to wait until the question period to say 
more.
    Mr. Cilluffo, thanks for being here again. Good to see you.

TESTIMONY OF FRANK J. CILLUFFO,\1\ DIRECTOR, HOMELAND SECURITY 
         POLICY INSTITUTE, GEORGE WASHINGTON UNIVERSITY

    Mr. Cilluffo. Thank you, Chairman Lieberman, and not to 
soften you up for the question period, but I do want to say we 
all owe you a debt of gratitude in terms of your oversight on 
homeland security. It is really sad that these are the last 
rounds of hearings, but really we are pleased you have 
contributed so much to all of our efforts here.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Cilluffo appears in the Appendix 
on page 102.
---------------------------------------------------------------------------
    Let me also say thank you to Senator Collins, a good friend 
and a big champion on these issues, distinguished Members of 
the Committee, and even those from other committees, which I 
think is really important in terms of Senator McCain, which, 
when you look at cyber, you cannot look at the world through 
the boxes and organization charts that make up our governments 
and agencies because these threats require us to look at it 
holistically. So when you talk cyber in particular, it 
obviously transcends any particular department and agency, but 
also any particular committee, so thank you, Senator McCain, 
for being here as well.
    All too often, hearings along these lines are after a 
crisis occurs, what we ``coulda, shoulda, woulda.'' I think it 
is really important that we take the time in advance--I guess 
it was President Kennedy who said that the time to fix your 
roof is when it is sunny, not when it is raining. And I think 
it is important to be able to reflect, it is important to be 
able to recalibrate, because ultimately that is the objective 
here, to be able to try to shape outcomes.
    Before jumping into the particular issues, I almost think 
that, General Hayden, maybe the NSA does spy because you guys, 
I think, hacked my system. You said everything I wanted to be 
able to say. So I will try to pick up on a couple of very brief 
points here.
    I think it was Yogi Berra who said this--``the future ain't 
what it used to be.'' I would add some time since the end of 
the Cold War, threat forecasting has tended to make astrology 
look respectable. That said, the best way to predict is to 
shape, and I think we do have an opportunity to shape and are 
doing so right now.
    It was Mark Twain, or Samuel Clemens at the time, who said, 
``While history may not repeat itself, it does tend to rhyme.'' 
And let me say we have some rhyming that is warrant for 
concern.
    Senator Collins, you mentioned complacency. I am very 
concerned that complacency is setting in. That is stymieing 
some of the initiatives that could be moving at a faster clip 
and ought to be moving at a faster clip.
    General Hayden, one point I may disagree a teeny bit with 
you on is whereas technology, tactics, techniques, and 
procedures continue to change and advance based on new 
advancements, human nature never changes. So to think that we 
are out of the woods right now would be a big mistake. And I 
get the sense that we are not necessarily recognizing that.
    Ding, dong, the witch is not dead. Good news that we have 
had some very successful strikes against Osama bin Laden and 
Anwar al-Awlaki, I would say most significantly underdiscussed 
is Ilyas Kashmiri. He was one of these guys that cut across all 
the jihadi organizations. And the threat today comes in various 
shapes, sizes, flavors, and forms, ranging from al-Qaeda senior 
leadership that has proven to be resurgent, able to pop up 
again, is resilient, so let us not take our eye off the ball 
there; but also to its affiliates that are growing by leaps and 
bounds. Whether it is AQAP, home to one of the world's most 
dangerous bomb makers, Ibrahim al-Asiri; al-Qaeda in the 
Islamic Maghreb spreading all throughout the Sahel; al-Shabaab 
in Somalia; or across Africa, you are seeing fall under an arc 
of Islamist extremism right now, from east to west. I mean, 
Timbuktu, who would have thought that would fall to Islamist 
extremists, but it has. So all the news is far from good.
    One of the more concerning trends when you look at some of 
these organizations, historically they had very indigenous, 
regional, and local objectives. More and more they are 
ascribing to al-Qaeda's goals, to the broader global jihad, and 
who is in the crosshairs? Obviously, the United States, Israel, 
and India--the West generally. So that warrants additional 
concern.
    Then let us look at the Federally Administered Tribal 
Areas. We have had major success here, but do not think it is 
happening in a vacuum. It is because we are applying pressure, 
continuing to apply pressure. If we take a foot off the gas 
pedal, you are going to see instantaneously our adversaries re-
emerge. Think of it as suppressive fire. They are looking over 
their shoulder, spending less time plotting, less time 
training, and less time carrying out attacks. So as much as we 
can--and I know drones are not the complete answer, but I think 
some of these approaches have been very successful in terms of 
some of our counterterrorism opportunities.
    Pakistan, a big issue. You see a witch's brew of terrorist 
organizations there, from Tehrik-i-Taliban to Harkat-ul-Jihad 
al-Islami (HuJI) to the Haqqani Network, which I think should 
be designated a foreign terrorist organization (FTO)--if you 
guys are jumping into that--to a number of other organizations. 
So when you look at the threat, by no means gone.
    Then, as Mr. Jenkins touched on, the homegrown threat. I 
take a little different perspective than perhaps Mr. Jenkins 
does. I think it is very significant. We have seen 58 plots, 
according to the Congressional Research Service (CRS), that 
have been disrupted, ranging from very sophisticated plots, 
such as Najibullah Zazi, down to less sophisticated. But at the 
end of the day, let us keep in mind terrorism is a small-
numbers business. You do not need big numbers to cause real 
consequences. Nineteen hijackers--look at the impact they had. 
And to me, the missing dimension of our counterterrorism 
statecraft is, to paraphrase Bill Clinton, it is not the 
economy, stupid--or maybe it is--but it is the narrative, 
stupid. We have not done enough in combating violent Islamist 
extremism to go after the narrative, the underlying fuel or 
blood that makes the system fly.
    So we need to expose the hypocrisy, unpack, dissect, and 
attack that narrative, expose it for what it is. It is 
ideologically bankrupt. And I would argue that part of that is 
also looking at--I see we have a good friend of mine here, 
Carie Lemack, and others--the role of victims. Why do we know 
all the martyrs, why do we know all the terrorists, why don't 
we know al-Qaeda's victims of terrorism? To me that has to be 
part of the equation. So defectors, disaggregate, deglobalize, 
and ultimately remember the victims.
    Two words on cyber. I know I am over time. I have never had 
an unspoken thought. I think it is fair to say in terms of 
cyber we are where we were in the counterterrorism environment 
shortly after September 11, 2001. We do not need any more 
examples, anecdotes, and incidents to be able to wake us up. 
What we do lack is strategy, and I may disagree with everyone 
here, and am probably a minority position, but I do not feel we 
can firewall our way out of this problem. Yes, we need to get 
security high enough, we need to raise the bar, but to me we 
need to ultimately communicate a clear and articulated cyber 
deterrent strategy aimed to dissuade, deter, and compel our 
adversaries from turning to computer network exploit, 
espionage, or attack. We have now named names: China, Russia. 
We have all known this for a long time. But what are we doing 
to compel them to stop continuing what they are doing?
    To me, it is about investing in some of our computer 
network attack capabilities. We need the cyber equivalent of 
nuclear tests that ultimately demonstrate a need to respond. 
And critical infrastructure. If anyone is doing the cyber 
equivalent of intelligence preparation of the battlefield, that 
is not for stealing secrets. That can only be as an advance 
equivalent of mapping our critical infrastructure that can be 
used in a time of crisis. Completely unacceptable. I hope we 
can act on legislation, and information sharing is critical, 
but we need to go the next step as well.
    Thank you, Mr. Chairman.
    Chairman Lieberman. Thank you very much. Cybersecurity 
legislation, as you know, is the No. 1 priority of this 
Committee, and hopefully the Senate will take up the bill soon, 
and we will have a good and open debate and get something done.
    Mr. Flynn, great to see you again. Welcome back. Please 
proceed.

TESTIMONY OF STEPHEN E. FLYNN, PH.D.,\1\ FOUNDING CO-DIRECTOR, 
  GEORGE J. KOSTAS RESEARCH INSTITUTE FOR HOMELAND SECURITY, 
                    NORTHEASTERN UNIVERSITY

    Mr. Flynn. Thank you very much, Mr. Chairman, Senator 
Collins, and other Senators. It is an honor to be here. As I 
went back to prepare for this testimony, I reflected on my 
first time appearing before you, Mr. Chairman. It was when this 
was still the Governmental Affairs Committee, and it was 
literally a month after Sepember 11, 2001, on October 12, 2001. 
And at that point, I concluded my testimony essentially arguing 
that we need to fundamentally rethink and reorganize how we 
provide the security for this Nation in this new and dangerous 
world. And you, Mr. Chairman, have really taken up that mantle 
with Senator Collins, and I really want to express my gratitude 
for the enormous service you have done to this Nation over the 
last 10 years. I am honored to be here at this hearing.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Flynn appears in the Appendix on 
page 114.
---------------------------------------------------------------------------
    I am now here in my new capacity as the founding co-
director of the Kostas Research Institute for Homeland 
Security, made 10 years after 9/11 as a result of a very 
generous gift from a graduate and trustee from Northeastern 
University, and I was honored to take on this role at a 
university that has made security one of its three focal areas 
for research. That I think speaks to the greatest strength of 
this country that we have not yet really tapped, which is the 
everyday citizens who are out there, who are patriotic and 
willing to give, and also our universities that have largely 
been missing in action unless we have bribed them into it to 
play an effective role. In the Second World War, we harnessed 
the best talents we had across our Nation, from our civil 
society to universities that mobilized for the war. Today, to a 
large extent, civil society has been left on the sidelines.
    When we come to today's hearing topic on the nature of the 
threat, I would certainly suggest that what we have heard so 
far and what I think we are going to continue to see in terms 
of evidence going forward is we really need to recalibrate, to 
have that engagement with civil society happen with a greater 
order of magnitude.
    What do we know? We know essentially that there are limits 
to the war on offense. That was pretty much the approach we 
took in the immediate aftermath of 9/11. We even used the terms 
often of ``we do it over there so we do not have to do it 
here,'' and ``the only defense is offense.'' That effort, 
certainly a case can be made, has helped to protect this 
country from another 9/11 scale attack, but it does not and did 
not succeed at eliminating the threat.
    The reality is now the threat has morphed into the more 
smaller-scale attacks that have one key attribute highlighted 
by the testimony we have heard so far that I think should give 
us a little pause, which is they are almost impossible to 
prevent. These smaller-scale attacks, particularly with 
homegrown dimensions, essentially do not hit enough tripwires. 
They are really not that sophisticated. They can be done 
relatively nimbly and quickly, so it means we are going to have 
them from time to time.
    The second thing we know is that al-Qaeda is not the only 
threat that we need to be dealing with to the homeland. What we 
also have, with the example of 9/11, is the illustration of how 
warfare will be waged against the United States in the 21st 
Century. This is a country that is so dominant on the 
conventional military realm, it is just insane for an adversary 
to want to take on our second-to-none armed forces. The future 
battle space, therefore, is in our civil and economic space, 
with the critical infrastructure that underpins the great 
strength of this Nation. That genie came out of the bottle on 
9/11, and we see it primarily in terms of the current threat 
environment in the cyber realm, where, through the use of cyber 
attacks on critical infrastructure, we are not only talking 
about disruption of service but sabotage of those key 
components with loss of life and huge economic losses.
    Any current and future adversary of the United States will 
essentially gravitate to wanting to target the critical 
infrastructure that underpins the power of this country, and we 
have to think about defensive measures to deal with that.
    The other key hazards that we definitely face that falls 
under the homeland security mission are always clear, always 
present, age-old; they are natural disasters. In the big scheme 
of things, one it is hard put in some cases to come up with a 
terrorist attack that can come close to causing the loss of 
life and disruption of property as what Mother Nature can throw 
our way. And in that regard, we have to be prepared to deal 
with natural disasters because we cannot prevent them.
    Now, what is the implication arising from the fact that we 
have smaller attacks that are more difficult to prevent, a 
growing asymmetric threat largely through cyber that we have to 
defend against, and the ongoing risk of natural disasters? It 
is that we really have to take homeland security very seriously 
and not imagine, as General Hayden also pointed out, that all 
threats can be managed beyond our shores. We have to manage 
them here at home.
    How do we go about doing that? I argue that three key ways 
are important. One is we have to reset some expectations with 
the American public. There are limits to what the Federal 
Government can do to prevent every possible hazard, and 
responding to them is all-hands evolution. We have to say 
frequently and often that bad stuff is going to happen from 
time to time, and the measure of an individual's character as 
well as our Nation's character is how you cope, not necessarily 
that you prevent every bad thing from happening. Overcoming 
adversity has always been part of our national DNA, and it is 
something that we are going to continue to need as we move 
forward.
    The other is this real tension over secrecy--and, Senator 
Collins, you certainly highlighted it--about the leak issue. On 
the one hand, you cannot engage civil society unless we are 
more forthcoming about threat, about vulnerability, and, very 
importantly, what it is we all have to do. So we really have to 
figure out how we not keep everything in a cone of silence, but 
we really push the envelope on pushing information out. These 
small attacks have almost always been broken up by locals or by 
citizens. We have to make them a part of the solution.
    And the last thing I suggest is that an overarching focus 
going forward is this concept of resilience, of building a more 
resilient society. In a world where there are no risk-free 
zones--and I have yet to find one--it will be the communities, 
the companies, and the countries that are best able to manage 
risk, to withstand it, to promptly respond and recover from it, 
and to adapt to it that will be a competitive advantage over 
everybody else. People will not invest in and live in places 
that when they get knocked down, cannot get back up. They will 
live in places that can manage risk very well.
    America historically has done that, and we need to harness 
that capability again, and the focus has to be around 
individual resilience, our self-sufficiency, self-reliance, 
character that was very much a part of our Nation's blood, our 
companies, our communities. It is, in other words, a bottom-up 
effort that we need to be engaged in versus a top-down one. And 
taking on this effort, I would argue, has a remarkably 
beneficial effect. It reminds us why we come together as 
communities in the first place, because there are some problems 
we cannot manage all by ourselves. And it turns out that we 
have to work together as a society in order to nail down these 
problems.
    So a call to the American people is necessary because the 
threat and the ongoing hazard risk necessitates the engagement 
of the private sector and necessitates the engagement of 
everyday citizens and companies. We need to move away from 
essentially a largely offense-based and largely overreliance on 
Federal capability and not one that engages on the lowest 
levels.
    I just want to finish with a final number to help us put 
this all in context on the away-versus-home sort of investment.
    If we take the rough number of the cost of war operations 
since 9/11, the number that is used is roughly about $1.3 
trillion. That is what we have invested in those war operations 
to make this country a bit safer. Well, that turns out to be a 
burn rate of $350 million a day every single day for a decade, 
$15 million an hour every hour, 24 hours a day for a decade. 
Fifteen million dollars is the highest we have spent as an 
annual investment in Citizen Corps, which is a program designed 
to get everyday citizens to play a voluntary role in supporting 
front-line first responders. That is one hour of our investment 
in war operations in a decade.
    I think we need to put some resources where the need is, 
and that is in how we basically make our Nation a bit more 
secure in defense and preventing and prepare to dealing with 
the kinds of challenges that are facing us today.
    Thank you so very much, Mr. Chairman.
    Chairman Lieberman. Thank you, Mr. Flynn. Again, an 
excellent statement. And I agree with you. We have found in 
some ways, through the See Something, Say Something programs 
that began in New York, a way to involve the citizenry, and it 
has been effective. But we have only begun to do that here.
    We will do 7-minute rounds of questions.
    General Hayden, I will start with your evocative beginning 
and ask a question that is either an overview of the 
philosophical or even strategic stakes. You said that ``. . . 
most of the attributes of the age of industrialization made the 
state stronger and more relevant. Most of the effects of 
today's globalization make the state weaker and less 
relevant.'' I presume that within the term ``globalization''--I 
know you are quoting General Scowcroft, or paraphrasing him--
that he must have meant digitalization, information technology, 
and the whole array of modern technological development.
    General Hayden. I think he did, Senator, and that actually 
might be the best poster child for the whole process.
    Chairman Lieberman. Yes.
    General Hayden. But it is just not confined to that. Look 
at manufacturing.
    Chairman Lieberman. Right.
    General Hayden. You pull the question of supply chain 
issues in a global economy. It is impossible to build even 
critical systems in an autarchic sort of way in which you have 
control over everything. Everything has just gotten so much 
more interconnected that it allows, again, actors that were 
very small, self-motivated, as Mr. Jenkins pointed out, and 
cannot be satisfied. A degree of destructive power that we have 
just never experienced.
    Chairman Lieberman. I agree. So let me make this statement 
and then ask you to respond. Certainly in terms of the threat 
to us, as you just cited Mr. Jenkins, small groups, non-state 
actors, like we saw on 9/11 and since, can do great damage to 
us. But I want to just mention this irony, and I think you are 
right that the developments of digitalization and 
globalization, ``have made the state weaker and less 
relevant.'' And notwithstanding the exchange I just had with 
Mr. Flynn about the citizens' responsibility, it is the state 
ultimately that in our country still has the constitutional 
responsibility to provide for the common defense.
    So really part of what I hear you saying, paraphrasing 
General Scowcroft, is that the state has to figure out how to 
get in the new game in a defensive way, how to protect the 
citizenry, which is our fundamental responsibility in the 
Federal Government.
    General Hayden. Senator, that is exactly the message I was 
trying to lay out. The effects of the broader environment work 
against state power, make it more difficult for states to 
influence events for a variety of reasons. It does not change 
the moral, political, or legal responsibility of the state to 
protect its citizens, and that is precisely the dilemma we now 
have.
    I will use an example. We are very sensitive in this 
country because of our political culture and--God bless us, I 
believe in it strongly--foreign and domestic intelligence and 
law enforcement that protected our liberties very well, and the 
threat to our security that created for two centuries, not so 
much. Now it does. And so we now need a new formula.
    I am sure Senator McCain is very aware of this. Getting NSA 
involved in terms of defending something other than ``dot-mil'' 
Web sites seems to be an obviously clear thing to do because of 
its capability. But our old structures work against that. It is 
very difficult for us to digest that institution assuming that 
new role.
    Chairman Lieberman. You are absolutely right, and, in fact, 
that is exactly what we are dealing with now in the 
cybersecurity legislation because you really want NSA, which 
has traditionally, and still does largely, had responsibility 
for protecting the country and operating overseas, protecting 
us from overseas attack, but then you have DHS with a set of 
responsibilities for homeland security, and now the FBI with 
law enforcement responsibilities. We have a challenge of how we 
break through the traditional stovepipes and get them all at 
the table together to protect our security against state actors 
and non-state actors in a cyber world is a challenge we have. I 
appreciate that exchange.
    Let me ask one of those questions we tend to ask, which is 
I would ask you to be much more simplistic than I know you want 
to be, but I want to ask each of you. Tell me what you would 
say today are the two or three, your choice, most significant 
threats to our homeland security. And then give us a guess--and 
I agree with what Mr. Cilluffo said, that prophecy in this area 
is pretty close to astrology. But give us your guess about 
whether your ordering of the threats to our homeland security 
will be the same 5 years from now or 10 years from now.
    Mr. Flynn. Senator, I will begin with the one I have been 
testifying for a long time before this Committee about, which 
is I think the ongoing vulnerability of the intermodal 
transportation system profound disruption. I think the fact is 
while some measures have been put in place to improve the 
ability for it not to be used essentially as a weapons delivery 
device, that threat still exists. My concern is not so much the 
successful attack, which is certainly quite worrisome, but it 
is that the only tool in the tool bag likely is to throw a kill 
switch to sort it out afterwards and then try to figure out how 
to restart it. And what we will have, basically, is a meltdown 
of the global economy in the interim. So what we have there in 
short is a very critical system infrastructure that currently 
is quite fragile if we are spooked, and more work I think needs 
to be done there.
    Chairman Lieberman. So that would be by a terrorist bombing 
or by cyber attack.
    Mr. Flynn. Yes, there are two sides there, I guess. For 
that one, it is essentially the bomb in the box scenario that 
basically gets everybody looking at trains and worried.
    Chairman Lieberman. Right, a traditional terrorist attack.
    Mr. Flynn. Then my next would go to highlight the cyber 
threat, like a cyber attack on the grid, because everything 
requires electricity. We have some huge vulnerabilities with 
industrial control systems across all our critical 
infrastructure, and that one is, I think, a newer one that we 
need to really step out smartly on.
    Chairman Lieberman. Thanks. How about your guess about 
whether that ordering will be the same 5 years from now?
    Mr. Flynn. Well, I think on the current trajectory in terms 
of dealing with the cyber threat, our government response does 
not look like it is going to get any better. I worry unless we 
have a large incident that motivates some change--both of these 
problems are solvable in the next 5 years.
    Chairman Lieberman. Right.
    Mr. Flynn. The question really is our actions, not 
necessarily those of the terrorists.
    Chairman Lieberman. That is up to us,
    Because my time is up, I am not going to even ask you to be 
more simplistic. Just give me your two or three top ones and 
whether you think they will change in 5 years, Mr. Cilluffo.
    Mr. Cilluffo. I agree with Mr. Jenkins and General Hayden. 
Al-Qaeda senior leadership, and those that are in one way or 
another affiliated with al-Qaeda are still No. 1 right now.
    Chairman Lieberman. Right.
    Mr. Cilluffo. No. 2, and based on consequence, not 
necessarily likelihood, but if you were to break out the risk 
management, I would put the government of Iran and other 
countries that may look to asymmetric forms of attack that can 
have catastrophic implications. So I would not discount state 
sponsors of terrorism, looking to proxies and the convergence 
of crime and terrorism. I mean, this is scary stuff. Who knows 
who is exploiting Anonymous even?
    Chairman Lieberman. Right.
    Mr. Cilluffo. If it is foreign intelligence services or 
other organizations.
    Chairman Lieberman. Same 5 years from now?
    Mr. Cilluffo. I actually think on the terrorism threat, I 
am hoping our actions will mitigate that. I think cyber and 
nation-states and their capabilities------
    Chairman Lieberman. Will become a greater threat. Mr. 
Jenkins.
    Mr. Jenkins. I am not nationally recognized in the field of 
prophecy, so I am going to be very cautious about----
    Chairman Lieberman. But we will convey that authority on 
you officially today. [Laughter.]
    Mr. Jenkins. I am not going to try to identify the group or 
the event, but rather I'll talk about something really 
internally on our side, and that is our psychological 
resilience.
    Look, terrorists cannot win by force of arms. They can hope 
only to create terror that will cause us to overreact or 
destroy our own economy or sap our will, and that makes our 
determination, our courage, our self-reliance, our sense of 
community part of the assessment, and these are really 
difficult to measure. But there are some vulnerabilities here 
in terms of our tendency to overreact and the divisions that we 
have in our own society.
    So I really look internally and say, ``What really can we 
do''--as Mr. Flynn and the others were saying--``about really 
strengthening our own capacity, not just our physical capacity 
but our psychological capacity?''
    Chairman Lieberman. Right.
    Mr. Jenkins. And I think that is going to remain the same. 
I hope it does, because there are some trends that say some of 
these divisions in our society are going to get worse.
    Chairman Lieberman. Well said. I agree. General Hayden.
    General Hayden. Senator, I would agree with all that, and 
let me just add one. If you look at dangers in the cyber 
domain, the actors, the sinners, you have criminals, 
anarchists--now often called hacktivists. States are generally 
stealing our stuff, and I know some states can be very 
dangerous, and they are very capable. But, in essence, a state 
has to judge whether or not they are making themselves 
vulnerable to retaliation.
    Criminals are stealing our money. They are in a symbiotic 
relationship with their target. Parasites are generally not 
motivated to destroy their hosts so they do not bring about 
catastrophic damage. I am really worried about that third 
layer, the anarchists or the hacktivists. They are currently 
the least capable, but as time goes on, the water level for all 
these ships is rising in the harbor. So imagine a world in 2, 
3, or 4 years in which the hacktivist groups, the ones that 
cannot be deterred, who cannot be satisfied----
    Chairman Lieberman. You are talking about cyber attacks?
    General Hayden. Yes, sir. Those that cannot be deterred, 
cannot be satisfied, begin to acquire tools and skills we 
associate with nation-states today, and I think it gives you 
some sense of how dramatic that threat can be.
    Chairman Lieberman. Thank you. Senator Collins.
    Senator Collins. Thank you, Mr. Chairman.
    General Hayden, I want to draw a distinction between what 
Mr. Flynn said about the need for more citizen involvement 
versus the leaks that I think have made it more difficult for 
our country to defend ourselves against both current and future 
threats. I certainly agree with Mr. Flynn that an alert 
citizenry in many ways is our best defense. We have seen that 
over and over again. The Times Square Bomber, for example, was 
caught by an alert street vendor. The Chairman and I are the 
authors of the See Something, Say Something law that applies to 
the transportation sector.
    But it seems to me that is very different from leaks from 
within agencies, from within the Administration, perhaps from 
within the White House, that reveal highly classified 
information, may compromise sources that are working with us, 
and that, for example, identify the President's personal role 
in targeting terrorists.
    Could you comment on the impact of these national security 
leaks, of which there have been a great many recently, on our 
ongoing counterterrorism efforts as well as our larger effort 
to stay ahead of those who would do us harm?
    General Hayden. Senator, as I think Mr. Flynn pointed out, 
this is a hard question in a democracy, but let me take the 
negative side first and then maybe treat very briefly some of 
the dialogue that might be more appropriate and proper with 
regard to what espionage services do or do not do.
    I think the single greatest toll on us by the unauthorized 
disclosure of information--for whatever purpose, even for 
policy reasons that may have some legitimacy or political 
reasons that are understandable, if not forgivable--is the 
confidence in potential partners in working with us and their 
belief that we can be discreet. And that works down to the guy 
on the street who is going to betray the organization of which 
he is a part, only if he has confidence that you can keep that 
relation secret, to the foreign intelligence service who might 
be willing to do something very edgy with you, lawful, 
certainly, but politically very edgy in our government and in 
their government, they will only do it if they can count on 
your discretion
    Let us use one that was authorized, one I am very familiar 
with. The Administration decided several summers ago to release 
the Department of Justice memos when it came to the CIA 
detention and intelligence program. A separate question, 
something fully within the ability of the President to do. That 
is not the issue. But that was over the objection of the then 
current CIA Director and six of his predecessors. I can imagine 
intelligence chiefs around the world saying, ``When I meet with 
that person and he gives me assurances of secrecy and 
discretion, it is now clear to me that he does not have 
absolute control over that process inside the American 
political system.'' That is the dilemma we face.
    Now, to echo something that Mr. Flynn said earlier, though, 
when I came to NSA in 2000, I actually tried to make some of 
what the Agency was doing more public, and the reason I did 
that was I did not think the American people would give us the 
authority and the resources to do that which I thought we had 
to do without having a greater comfort level with regard to 
what the Agency was, with whom it was populated, and how it 
deeply respected American privacy. So there is this need to 
have this dialogue.
    Let me end with this, Senator. I had a panel of outside 
experts, a board of advisers at the CIA. I gave them tough 
problems. The toughest problem I gave them was this: Can 
America continue to conduct secret espionage in the future 
inside a society that every day demands more transparency and 
more accountability from every aspect of national life? And 
that is where we are. That is where the dilemma is.
    Senator Collins. I would say that I think there is an 
easily drawn distinction between educating the American people 
about the threat generally, the role played by various Federal 
agencies, the need for certain authorities versus getting into 
the details of specific counterterrorism actions that may 
compromise the agent involved--I think of that poor physician 
in Pakistan, for example, who is now in jail; I think of other 
cases more recently that have occurred in Yemen--and also would 
jeopardize, as you said, the willingness of foreign 
intelligence services to work with us, to trust us not to 
reveal the details in a way that may compromise their 
government politically or may truly put in danger sources and 
methods.
    General Hayden. I agree totally, Senator.
    Senator Collins. Thank you. Mr. Cilluffo, I want to get 
back to an issue that you touched on which I think is so 
important, and in some ways it contradicts a little bit or 
takes a different view from Mr. Jenkins' testimony in which he 
talks about a failure of al-Qaeda, a marketing failure, to 
spread its ideology in a large-scale way.
    You, on the other hand, were critical that there is a lack 
of a strategy to counter the narrative that inspires people, 
whether as larger groups or countries or as individual lone 
wolves. And this is an issue that the Chairman and I have 
brought up over and over again with the Administration, the 
failure to appoint a point person to come up with a narrative, 
the failure to recognize the term of Islamist extremism within 
our country.
    What do you think we should be doing to more effectively 
put out a counter-narrative to help dissuade young people in 
particular who may be drawn to the radical perversion of a 
great religion, Islam, that they are seeing on the Internet?
    Mr. Cilluffo. Thank you, Senator Collins. I do not want to 
suggest we are completely out of step in some of this thinking, 
but I do think our efforts to address the counter-narrative and 
counter-radicalization in countering violent extremism (CVE) is 
lacking at best. In fact, I think that is the missing dimension 
of our counterterrorism statecraft right now. We are having 
major successes kinetically. We have to continue to do that, 
but it needs to be a full complementary approach, all 
instruments of statecraft. And let me also note that I very 
much supported the letter you and the Chairman sent to Mr. 
Brennan in terms of the release of what could very liberally be 
called the CVE strategy.
    My view--this is personal, and I am not sure everyone else 
will see it this way. It is about going negative. It is not 
about what is great and this, that, and the other thing. Think 
of a negative political campaign, expose the hypocrisies, 
expose the lies, and illuminate the seamy connections to drug 
traffickers. It really is kind of frustrating that the country 
that invented the Internet, the country that is home to Madison 
Avenue, the country that is Silicon Valley is getting our butts 
kicked in this space.
    So I would feel we need to be able to--rather than try to 
look at--just expose the negatives and then bring up the 
defectors. There have been so many defectors of al-Qaeda who 
are going to have much more resonance, they are going to have 
more balance, or street cred, as my kids might say, with the 
community than any of us will simply because they have come 
out. They have made the arguments justifying acts of--well, 
they should be--we should have a Web site where you can get all 
of that. And then it is not because Carie Lemack is here, but 
the victims are so important, and why don't we know their 
stories? Why don't we know their dreams? Why don't we know 
their lives' aspirations? We simply do not.
    So this is not to be pejorative, but we need a Facebook of 
the dead. We need the equivalent of all these voices, all these 
dreams--faces, visuals, and pictures, not nouns and verbs, 
actual visuals. And I think that to me has been lacking. The 
State Department is doing some decent work at the Center for 
Strategic Counterterrorism Communication right now, but more 
needs to be done.
    Senator Collins. Thank you.
    Chairman Lieberman. That was a great answer. Thank you. 
Thanks for mentioning Carie Lemack. I join you in welcoming 
her. If it was not for her and a lot of the other survivors of 
9/11, we probably would not have passed the Homeland Security 
Act in the first place and would not have created the 9/11 
Commission and would not have passed the 9/11 legislation.
    Second, your reference to negative campaign advertising is 
very--it is relevant.
    Mr. Cilluffo. I am all for that.
    Chairman Lieberman. It is relevant. So maybe what we should 
do is form a Super PAC to begin to negative advertise against 
Islamist extremism.
    Mr. Cilluffo. Sounds good to me.
    Chairman Lieberman. I have one or two people I can think of 
who might contribute to that.
    I apologize to my colleagues because my late arrival may 
have affected the order somewhat because our rule is that we 
call in order of seniority on the Committee before the gavel, 
and then after the gavel in order of arrival. So for your 
information, the order is Senators Carper, Coburn, McCain, 
Johnson, Brown, and Pryor.
    Senator Carper.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. Thanks, Mr. Chairman. I want to commend you 
and Senator Collins on assembling really an exceptional panel, 
and we thank you each for joining us again today and for your 
testimony and for your responses. This is really time well 
spent.
    I have been slipping back into the anteroom here a couple 
times during the hearing. We have a group of soybean farmers 
from the Delmarva Peninsula, and to go back to the point that 
you raised, Mr. Flynn, we are experiencing a drought on 
Delmarva, high temperatures, no rain for some time, and it is 
not just a drought in our part of the country, but it is 
apparently a nationwide drought. And the threat that poses to 
our homeland, to our economic security, is really significant 
and could be severe.
    I mention that because the nature of the threats to our 
country tend to change over time. The war that Senator McCain 
and I served in in Southeast Asia, the kind of threat and the 
way we fought that war was different than the war that my Uncle 
Ed fought in Korea a generation earlier. The Persian Gulf War 
was different from what we did in the Vietnam War. And the war 
in Iraq is different from really the Persian Gulf War, although 
the terrain was pretty much the same. In Afghanistan, it is 
different still.
    We figured out, thanks to people like David Petraeus, how 
to be successful in Iraq and I think how to be successful in 
Afghanistan. And we need to figure out how to be successful in 
this next threat that we face, growing threat that we face, and 
that is cybersecurity.
    This is a panel where, as you know, we get along pretty 
well here, Democrats, Republicans, occasionally we let in an 
Independent. [Laughter.]
    But we work well on this Committee, and the fellow to my 
left here, a dear colleague, and the fellow over there, are 
close friends, and they have a different take on what we ought 
to be doing on cybersecurity legislation. And we are not going 
to have a better panel, I suspect, than what we have right now 
to help us find a little something closer to common ground.
    I am going to start with you, General Hayden. Looking at 
the legislation that Senator Collins and Senator Lieberman have 
introduced with the support of a number of us, how do we make 
it better? How do we make it better in terms of more effective, 
and how do we make it better in terms of getting something done 
politically so that we can help address this threat?
    One of our dear colleagues is Senator Michael Enzi from 
Wyoming. He has something called the 80/20 rule. And I said, 
``What is the 80/20 rule, Michael?'' Several years ago, I was 
talking about him and Senator Kennedy working so well together, 
and he said, ``Ted Kennedy and I agree on 80 percent of this 
stuff. We disagree on 20 percent of this stuff. And what Ted 
and I have decided to do is focus on the 80 percent on which we 
agree.''
    Now, I do not know in cybersecurity if we should have an 
80/20 rule or 70/30 rule or a 60/40 rule, but we need to get 
something done here this year, and we cannot go home without 
completing action. And if we only do 60 or 70 percent of the 
deal, that is a lot better than nothing.
    General Hayden.
    General Hayden. Yes, sir, I will be very brief and probably 
overly simplistic. I would do it all. I do not view these 
fundamentally to be competing bills. I would get NSA in on the 
field. I would try to get standards into our critical 
infrastructure. And I would take Congressman Mike Rogers and 
Congressman Dutch Ruppersberger's bill about information 
sharing, and I would do that, too. I think they are all steps 
in the right direction. And we can adjust fire in a year or 
two. With clear, close, and conscientious oversight, we will 
make adjustments. But sitting here freezing ourselves into 
inaction is--I hesitate to say any course of action is better 
than standing still, because obviously there are some that 
could be very destructive. I do not view any of these in that 
light at all. I think they will all move in a positive 
direction, and we can make adjustments as needed.
    Senator Carper. I am going to ask you to say that again. 
Mr. Chairman, Senator Collins, I am looking for some common 
ground with Senator McCain over here and the renegade group 
that he is running around with. But I just said it to General 
Hayden--Where is the common ground? Where does it lie? And he 
gave us about one minute that was very insightful.
    General Hayden. I would do them all. We need NSA in on the 
field. We really do. We need information sharing. The bill 
coming out of the House Intelligence Committee, Chairman Rogers 
and Congressman Ruppersberger, we need standards for critical 
infrastructure, check, check, check. I would do it all, and I 
would keep an open mind, and I would adjust fire 1, 2, or 3 
years into the future as each of these begin to roll forward.
    Senator Carper. All right. Mr. Jenkins, any thoughts or 
reactions to that or other thoughts that you have, please?
    Mr. Jenkins. No, I certainly would agree with that. Look, 
we are dealing with a technology that moves at about 150 miles 
an hour here. Legislation moves at about 15 miles an hour. And 
our adversaries are somewhere in between. They move very fast 
and exploit vulnerabilities with the new technologies as fast 
as they come out. And we spend a long time trying to catch up 
with them.
    The longer we delay in implementing these things, the 
greater that gap grows. In that particular case--I guess you 
are going to have two former soldiers here that are agreeing--
you do something now. It is not going to be 100 percent right. 
And you watch it carefully, and then you make adjustments as 
you go forward. So get these things moving, as opposed to 
waiting to try to find the absolute perfect piece of 
legislation, and by the time we do that, the technology is 
going to be 1,000 miles ahead of us.
    Senator Carper. Thank you. Mr. Cilluffo, please?
    Mr. Cilluffo. Senator Carper, I think it is an important 
question. It is a significant set of issues. I do feel you can 
meld the various pieces together. There are some areas of that 
20 percent of disagreement that are not trivial. But I do not 
see them as mutually exclusive either/or propositions.
    A couple of fundamental things. One, it is not about 
regulation. It is about building standards, self-initiated, 
that the various sectors can identify. I kind of feel like it 
is kids' soccer, and I have a daughter who just made it to the 
finals in regionals, so they get better when they get older, I 
promise you. But when they are younger, they all swarm the 
ball. So at the end of the day, let us not look at the 
technology du jour. But I can tell you this. If we do not act 
now, whatever is going to come after something occurs will be 
much more draconian, and it will not be as constructive as I 
would argue it could be.
    Two, the other thing to keep in mind, we are very reactive. 
The cyber domain is very much reactive. There is nothing in 
prevention. We need active defenses. We need to look at 
deterrents. We need to enhance our offensive capabilities. We 
need to do so in a way that articulates but does not compromise 
operations and secrets, to Senator Collins' point. We have not 
done any of that, which to me is a little frustrating.
    So the time to act is now. Long on nouns, short on verbs. 
Let us get it done.
    Senator Carper. Thanks so much. Mr. Flynn.
    Mr. Flynn. I just want to emphasize again that we will need 
standards, and the debate really has got to be about just how 
we can achieve those. We have a number of models, and they are 
not all regulation, but we need standards, and we need 
incentives for standards. So let us just move forward on that.
    I would suggest a piece that could be quite helpful in 
getting to a mature end state is missing, which is engaging 
universities to be a part of the solution. We talk about 
private-public cooperation, but completely missing from this is 
the role of universities. A consulting professor out of 
Stanford University, literally as something is going up on the 
white board, is thinking about how to market it. The government 
is coming in multiple years later. The universities are 
creating some of the problem, but we are trying to retrofit to 
fix. Let us get them engaged. They can be helpful, honest 
brokers. They can bring some expertise. And they try to change 
the culture that you need, or we all need, to be mindful of the 
risks that are associated with cyberspace. And I do not see 
much role given to universities a part of the legislation, and 
I think anything could be added to that. They are one of the 
few institutions Americans still somewhat respect, so let us 
get them in the game and make sure that expertise and some of 
that honest broker role, I think, can be harnessed.
    Senator Carper. Good. Those are very helpful responses. I 
would just say to my colleagues, Senator Lieberman and I, and 
probably Senator Collins, have talked with the Majority Leader 
just in the last 24 hours about how do we move forward. He has 
committed to bring cybersecurity legislation to the floor 
during the course of this work period, and it is imperative 
that we do that. He is reluctant to provide an unending amount 
of time. We cannot spend a week or two doing this. But to the 
extent that we can take some of what you said here today to 
heart and to enable us to quicken our pace, maybe get something 
done, we can make very good use of that week, and we need to.
    Chairman Lieberman. Thanks, Senator Carper, for your line 
of questioning, for what you said. Thanks to the witnesses for 
their response. It was interesting to me that in the response 
to my questions about the threat to homeland security today and 
what it would be 5 years from now, there is a clear presence in 
your answers of the cyber threat and the extent to which you 
feel it will grow. So we really have to act. We have a chance 
to act thoughtfully this year, to begin something so that we 
are doing it not reacting to an attack in which, I agree, what 
we do in reaction will be much less well thought out. And I 
agree, we have to find a way to do it all, do information 
sharing and do standards as well.
    Senator Carper. Mr. Chairman, could I just have another 30 
seconds? I will be very brief.
    Chairman Lieberman. Sure.
    Senator Carper. Some people think we do not get much done 
around here. Just in the last 7 months, we have actually agreed 
on bipartisan legislation on the Federal Aviation 
Administration reauthorization; on patent reform legislation; 
free trade agreements with three major countries, trading 
partners; Export-Import Bank reauthorization; the so-called 
Jumpstarting Our Business Startups Act to improve access to 
capital; transportation legislation; Food and Drug 
Administration reform; and flood insurance. We passed a good 
postal bill in the Senate, and a good agriculture bill. That is 
a pretty good track record. And what we need to do, I think, in 
the Senate, is to try to set the example for our colleagues in 
the House and just to get something done.
    Chairman Lieberman. Thanks, Senator Carper. I know that 
Senator McCain is inspired by your statement. [Laughter.]
    And I could see the smile on his face. You made him very 
happy with that report. Senator McCain, welcome.

              OPENING STATEMENT OF SENATOR MCCAIN

    Senator McCain. Dare I point out that we have not done a 
single appropriations bill? Dare I point out that we have not 
done the defense authorization bill? Dare I point out that we 
have done literally no authorizing bills with the exception--12 
bills have been passed by this Congress. That is the least in 
any time in history. But we will continue that debate at a 
later time.
    Chairman Lieberman. Senator McCain, you are up. Senator 
Coburn was next, but he had to leave.
    Senator McCain. Thank you, and I appreciate the enthusiasm 
and the positive attitude of my dear friend from Delaware.
    First of all, my friends, in all due respect to your 
comments, I have been around here 25 years, and I have grown to 
believe over time that the Hippocratic Oath is the first thing 
we should observe: First, do no harm. I have seen legislation 
pass this body that has done a great deal of harm, so when you 
say do something, one thing we should not do is not get it 
right. And one of the things we should not get wrong is giving 
the Department of Homeland Security the authority to issue a 
blizzard of regulations unchecked and unmonitored. Also, 
information sharing has to be done. You mentioned the 
universities. How about Silicon Valley? They are the people 
that really know how to react rather than the Department of 
Homeland Security. The next time you go through an airport, you 
will go through the same procedure that you went through right 
after September 11, 2001. So my confidence in the Department of 
Homeland Security to be the lead agency is extremely limited.
    With that, I would like to move on quickly. General Hayden, 
would you say that these cyber leaks about Stuxnet and these 
others is a significant blow to national security as well as 
our relationship with other nations?
    General Hayden. Senator, the common denominator is the blow 
to relationships with regard to discreet relationships, the 
lack of confidence. That has to be very painful, and we will 
suffer for that over the long term.
    Each of the leaks in terms of its specific harm had a 
different effect. The one about how we do or do not do drone 
activity, for example.
    Senator McCain. I am specifically talking about cyber.
    General Hayden. On cyber, whether the story was true or 
false, a publication that the United States was responsible for 
that activity is almost taunting the Iranians to respond at a 
time and in a manner of their own----
    Senator McCain. I was just going to say, if I were the head 
of Iranian intelligence, I would have been in the Supreme 
Leader's office the next day.
    General Hayden. Senator, it is Qasem Soleimani, and I would 
have gone in saying ``Remember that briefing I gave you about a 
year ago, and you told me to put it on the back burner? Well, I 
have brought it forward.''
    Senator McCain. Would you say that given the nature of it 
and given the book, I mean, like people being taken up to the 
presidential suite in Pittsburgh to be briefed on Iran, that 
these leaks probably came from the highest level?
    General Hayden. Senator, I will defer. Although I have 
assigned the book as a textbook, I have not yet read it.
    Senator McCain. All right. Mr. Jenkins, let us talk about 
Mexico really quickly. They just had an election. Obviously, 
the Mexican people are extremely frustrated. As you pointed out 
in your testimony, 50,000 people have been murdered. The 
Mexican people, with some justification, believe that the 
United States is the destination. Why should they be the fall 
guy for all these deaths, terrorism, killing of journalists, 
and all the terrible things that are going on in Mexico?
    How much effect do you think over time this situation is 
going to affect the United States of America as far as violence 
and also corruption in our country?
    Mr. Jenkins. I think it is already having an effect. Look, 
the criminal cartels in Mexico are acquiring vast sums of 
money. They are diversifying. They are going into legitimate 
businesses, and that is going to give them increased revenue 
flows. But the one thing they are going to do is move 
downstream; that is, in the drug business, which is their 
primary form of commerce in this country, the profits increase 
as one gets closer to the retail level. That is, at the 
cultivation level, at the production level, the profit margins 
are narrower. As you go on through the process, the big profits 
increase.
    They are going to move downstream to take control in an 
alliance with gangs already in the United States, exploiting 
those alliances to take increasing control of the drug traffic 
in this country. That is going to set off wars between them and 
wars with others in this country, and we have seen the quality 
of violence with which they conduct those wars in Mexico. So 
this is going to put them in increasing direct conflict with 
U.S. authorities. They will try first, as they always do, to 
suborn those authorities with cash and with other means, and 
when that fails, with the kind of direct challenges to society 
itself where you get this quality of violence, not just 
violence as a norm but beheadings, torture----
    Senator McCain. I understand.
    Mr. Jenkins [continuing]. Things of this sort, as an effort 
to intimidate the entire society.
    Senator McCain. It is my understanding that the price of an 
ounce of cocaine on the street in any major city in America has 
not gone up one penny. Is that correct, in your assessment? 
Which means that we have had no success in restricting the 
flow, the old supply-and-demand situation. So we can identify 
the leaders of the drug cartels in Mexico, but we do not seem 
to be able to identify the leaders in the United States of 
America.
    Mr. Jenkins. I do not know that we cannot identify or 
actually, I think----
    Senator McCain. But if the price has not gone up, isn't the 
point that we have to do something different?
    Mr. Jenkins. That is true. The fundamental strategy, to the 
extent that we base our strategy entirely upon either crop 
substitution or interdiction, we have to do those. But that is 
not the most effective way we can respond. The strategy has to 
be fundamentally altered.
    Senator McCain. Should we have a conversation in the United 
States about the demand for drugs?
    Mr. Jenkins. We have to do demand reduction. If we can do 
demand reduction, then we can suck the profits out of a lot of 
this.
    Senator McCain. Do you think it will be very interesting 
what strategy the new President of Mexico is going to adopt?
    Mr. Jenkins. The new President of Mexico has addressed the 
issue where violence in Mexico has become the issue itself, not 
the criminality that creates the violence, but just the 
existence of the violence itself.
    Senator McCain. And the corruption.
    Mr. Jenkins. The solution that he has proposed in his most 
recent speech is that he is going to basically put the army 
back into the barracks and respond with police. Now, that 
sounds good, and it will create a new police force, and that is 
what he is promising to do. That will take time and resources.
    In the meantime, the only way you can significantly reduce 
the violence in Mexico is by achieving some level of 
accommodation with the cartels themselves. Now, that brings us 
potentially back to the bad old days.
    Senator McCain. That brings us back to the Colombian 
experience under President Pastrana.
    Mr. Chairman, I have just a short time. Maybe Mr. Cilluffo 
and Mr. Flynn would like to comment.
    Mr. Cilluffo. Just very briefly on Mexico, I think it also 
does require rethinking our own doctrine--it is a mixture, a 
hybrid threat, a hybrid set of issues from a counterinsurgency, 
counter narcotics, counterterrorism, even from a tactical 
perspective, as well as counter crime. So, I mean, it depends 
how we look at it.
    I think you brought up Plan Colombia. When that was rolled 
out, I do not think one person in any room would have thought 
that would have been a success many years later. And if you 
look at it, it is a success. But it also required more than a 
traditional straight-up law enforcement function. It did 
address the corruption issues, judicial issues, law 
enforcement, but ultimately you had a para-law enforcement or 
paramilitary role that I think played a significant role in its 
success.
    Senator McCain. Mr. Flynn, doesn't it also indicate that we 
still have significant problems with border security?
    Mr. Flynn. Thank you, Senator. The first time I actually 
testified before Congress in 1991 was on this issue. In terms 
of what Mr. Cilluffo just said about Plan Colombia, one of the 
things that I remember commenting on a decade ago was that 
while that may have some prospect for success, almost certainly 
it will displace the drug trade into Mexico, and Mexico is a 
much more difficult problem for us to deal with being literally 
on our border. And yet there was no catcher's mitt strategy. We 
were so focused on who the current bad guys are and how we 
disrupt it, we were not thinking about how the commodity might 
actually flow and figure out what the plan to respond should 
be.
    Senator McCain. Which is also true of Central America as 
well as Mexico.
    Mr. Flynn. Absolutely. At its core, the arithmetic is 
pretty straightforward which you have laid out. Cocaine is just 
as available today in terms of price, actually at higher 
quality, than it was in 1980, adjusted for inflation. That is 
the reality.
    The bulk of the money is made in retail, as Mr. Jenkins 
just pointed out here, in the United States. The arithmetic is: 
Take a kilo of cocaine--the amount of dollars that the coca 
farmer gets is roughly about $100. Then if he turns it into 
paste, he gets $300. If they turn it into refined the high-
quality pure cocaine, then it is up to $1,000. They land in the 
United States with about 12,000 kilos, and if we distribute it, 
about $100,000. So that is where the money is. If you do not 
get at the demand, you are really not going to affect the 
dollars, and this trend that Mr. Jenkins highlighted of 
essentially moving retail, capturing where the money is, is 
something I think should be deeply worrying for us. At its 
core, though, this is why this is such an ugly problem. Ninety 
percent of the use is by addict population. When we reduced 
half the casual use of drugs in the 1990s, that would affect 
roughly about 5 percent of the demand. Your addicts consume the 
overwhelming majority of drugs because they have very high 
tolerance levels, and it is a daily activity. And so if you do 
not go after your addict population, you are not going to make 
a dent on the market, and that is a messy population to try to 
deal with to drive down demand. But that is the economics of 
it.
    Senator McCain. Thank you, Mr. Chairman.
    Chairman Lieberman. Thanks, Senator McCain, for focusing on 
that unique and serious threat to our homeland security.
    Senator Johnson.

              OPENING STATEMENT OF SENATOR JOHNSON

    Senator Johnson. Thank you, Mr. Chairman, first of all, for 
your leadership, as well as Senator Collins, on this issue, and 
for holding this hearing. I would also like to thank the 
witnesses for their time and very thoughtful testimony.
    One common thread here is the power of information, and I 
would like to go back to what Senator Collins was talking 
about--and Senator McCain also talked about--in terms of our 
intelligence gathering and the damage caused by these leaks. I 
do not want to rerun the testimony in terms of how damaging 
they have been. I want to talk about how we repair that damage. 
What is the way we can improve our information in our 
intelligence-gathering capability if we are going to secure the 
homeland? And, General Hayden, I would like to go to you.
    General Hayden. Well, Senator, it is almost better than a 
locked door because there are many opportunities to do a lot of 
things better. Let me depart from the first point about 
protecting sources and methods, and I think that is what 
Senator Collins was saying is the distinction. You can talk 
about how law-abiding your force is, maybe even how effective 
it is. But when you get into revealing sources and methods, it 
is at a great cost. And so I think we need to be especially 
protective of that.
    Let me give you a bit of a dilemma. Some of the things we 
are doing--and let me use targeted killings against al-Qaeda as 
an example because a lot of that has been declassified. So much 
of that is in the public domain that right now this witness 
with my experience, I am unclear what of my personal knowledge 
of this activity I can or cannot discuss publicly. That is how 
muddled this has become. And I think to a first order, just 
clarity so that folks understand what is on the one side and 
what is on the other in terms of public discussion. That would 
be the first order.
    Senator Johnson. Mr. Cilluffo, you talked about deterrence 
when it came to cybersecurity. I guess I would like to ask the 
question in terms of deterrence so we do not have future leaks. 
Now, we do have a couple prosecutors assigned to this case, 
ones that I do not necessarily have confidence in. I think 
there is some conflict of interest. Is there a way that we can 
provide that deterrence in a more rapid fashion? I think our 
Chairman mentioned that the last successful prosecution of a 
leak was 25 years ago. Can we really rely on the Justice 
Department to provide that deterrence in the future?
    Mr. Cilluffo. I do not have a good answer for you, but I 
think it is the right way to look at it, because if there are 
not consequences, then behavior will continue in whatever space 
we are looking at.
    The big impact is what General Hayden was saying. Potential 
relationships with third-party and other intelligence services 
could suffer. And if we are not able to build some of that 
cooperative relationship, none of whom wants to advertise it, 
we will know what the impact has been. As to the leakers 
themselves, that is a question far beyond my ability to answer. 
But you need consequences, absolutely.
    Senator Johnson. So in order to get to this in a rapid 
fashion, I guess, if we cannot rely on the Department of 
Justice, which I do not believe we can, I believe we have to 
rely on Congress. And I believe it is really this Committee 
that has jurisdiction, so I guess I may be unfair to turn to 
the Chairman here, but I think what we really need to do--and I 
would like your comments on this--is start holding hearings. If 
they have to be classified, fine. But I think we need to get to 
the bottom of these leaks. We need to figure out where the 
leaks occurred, whether crimes occurred. And I guess I would 
just ask the Chairman and Senator Collins to potentially 
consider doing those types of hearings.
    General Hayden, can you comment on that?
    General Hayden. Sure. It has proven very difficult within 
the judicial system to push this forward in a way you are 
describing that creates a deterrent--the laws, the First 
Amendment, a whole host of things. And here we are trying to 
impose a judicial punishment.
    Senator I have not thought it through, but I have begun to 
think broadly personally that maybe this is best handled by the 
political branches, that the consequences may be in terms of 
policy and politics as opposed to judicial. And in that case, 
the Congress with its oversight authority could use that 
function to perhaps create the kind of deterrence that you are 
describing, because we have not been successful going down a 
purely judicial track for lots of reasons, some of which 
actually I understand and appreciate in terms of the First 
Amendment.
    Senator Johnson. Right, and we have talked about 
complacency. If we sit back as a Congress and do nothing, 
doesn't that just feed right into that complacency?
    Mr. Flynn. Yes, I think it certainly can, Senator. One of 
the concerns that I have--and I have spent a lot of time 
talking to particularly critical infrastructure owners, the 
private sector, and folks in the civil, State, local levels--is 
if the impulse of the Federal folks who have information to 
share it is to keep it close to the chest because of the fear 
of consequence, then we really stifle the flow of information 
that needs to go down. I would just say that there are clearly 
some things that absolutely are disgraceful in terms of being 
released, have national security implications, the kind of 
things that General Hayden said, and we have to figure out how 
to deal with those.
    My worry is sometimes the way bureaucracies respond to 
those very visual events is essentially to circle the wagons, 
and then you can have the most common-sense piece of 
information not passed out to critical players. So you have 
cases where a former senior Secret Service agent cannot be told 
something because his clearance has lapsed when it is the bank 
he now works at is being targeted. Some of that has been 
improved, but there is still too much of that going on because 
the impulse is to keep the cards close to the chest, and that 
is one of the consequences of this challenge.
    Senator Johnson. You mentioned the word ``disgrace,'' and 
that might be the best deterrence, to expose it, disgrace the 
individuals that leak the information, that have harmed our 
national security, and, again, that is what I think only 
Congress can do and do it in a timely fashion. So that would be 
my recommendation.
    Let me turn to cybersecurity very quickly. The reality of 
the situation is it is going to be very difficult to pass a 
bill, so from my standpoint, I think we start with a step-by-
step approach of what is necessary to pass. We talked about 
standards. I would like to ask just two questions. Who would be 
best to develop those standards? And then, what would be the 
next top priority thing that should be passed? Is it 
information sharing? Is it something else? Let us start with 
General Hayden.
    General Hayden. Yes, sir. Information sharing, I think, 
sets the groundwork. We do not get action because we do not all 
have a common view of the battle space, so to speak. And the 
more we can create this common view of the battle space, I 
think good people will all want to and will do the right 
things. So I would put an exclamation point next to that one.
    Senator Johnson. And that is kind of what the House bill 
does--really centers on that, correct?
    General Hayden. Yes, sir.
    Senator Johnson. What about setting standards? Mr. Jenkins, 
do you have a comment on that?
    Mr. Jenkins. I think standards are extremely important 
here. The fact is, the critical infrastructure is vulnerable to 
the extent that it is connected to the systems that can be 
penetrated by hackers and so on. We have to set standards that 
break that easy access into the operating systems. Now, in my 
personal view, in many cases, that connectivity was put in 
there because of convenience, not because of operational 
necessity. We have operating systems that are hooked up to the 
Internet that do not have to be hooked up to the Internet. They 
are not directly hooked to the Internet, but they are hooked to 
the corporate management structure which in turn is hooked to 
the Internet, and that provides a path in. And we have to 
separate those operating systems--somebody can mess with the 
corporate sites, that is one thing. But to get down into the 
operating systems, I think that is the real vulnerability.
    Senator Johnson. Just briefly, again, I come from a 
manufacturing background where we have International 
Organization for Standardization standards set by industry. I 
guess that is what I am getting at. Because technology moves at 
such a rapid pace, should we be looking to industry to set 
these standards themselves as opposed to the Department of 
Homeland Security?
    Mr. Cilluffo. Senator, in my testimony that is my preferred 
approach. I mean, ultimately the sectors are going to know 
their systems and vulnerabilities best. How do you ensure that 
they are meeting certain objectives and goals? So, to me, I 
almost think the ideal answer, which may be a bridge afar now, 
is you have a trusted third party. Think of a Good Housekeeping 
Seal of Approval. That is neither public nor private. That 
ultimately has the ability to be able to red team test 
vulnerability and systems, looking at it across the board.
    One thing, though, that I would argue--and General Hayden I 
think was right--I mean, we cannot allow the information-
sharing piece not to occur. You cannot expect the private 
sector to defend themselves against foreign intelligence 
services. That information, we need to build on the Defense 
Industrial Base Initiative, the pilot that is going on right 
now. That should be to other critical sectors.
    So I do not think this should become a cigarette wrapped in 
asbestos. We do not want the lawyers defining the outcomes. We 
want the security experts. But if we do not do it now, that is 
who is going to define it. So, to me, let us get to that level 
of standards. And as much as it can be self-initiated, we 
should, they should.
    Senator Johnson. Mr. Flynn, quickly. I am out of time.
    Mr. Flynn. I think we have some analogues for how to do 
this, some examples. But I do believe it needs to be the 
standards that are built with private sector input. They know 
where the vulnerabilities are. They know what the workable 
competitive solutions are. There has to be some enforcement, 
basically because there are often a lot of free riders. Big 
companies are responsible with brands, but there are small 
players who come in who do not want the cost. So everybody has 
to know it is a level playing field. So third parties, that is 
often a fee-based approach to make sure everybody is playing by 
the rules, is important.
    Security, though, is a public good, so I do think you need 
to essentially audit the auditors. The model that I come out 
of, my Coast Guard background, we have standards set for very 
complicated things--the safety of ships. They are enforced by 
private third-party players like the American Bureau of 
Shipping and the fees cover that. But the Coast Guard spot-
checks the system, and the way it ends up being enforced is if 
it stops a vessel that clearly got an approval by a third party 
but is not up to speed, not only is that vessel held, but 
everybody else who used that lousy classification society gets 
held. And that keeps the standards up.
    So there is a role for government, I believe, because it is 
a public good we are talking about. But I think it is that 
building block. Industry develops the standards. The third 
party is a largely enforcement role, but government has a role 
to provide some oversight. I hope we could come to some 
reasonable closure on this because it is so important, the risk 
is so great.
    Senator Johnson. Thanks a lot, Mr. Chairman.
    General Hayden. Senator, if I may just add one additional 
thought?
    Chairman Lieberman. Go ahead.
    General Hayden. As we create standards, we all know what 
the standards should be, and then industry has to decide. There 
are costs and benefits. There is risk you embrace, risk you 
cannot embrace, and so on. We need something overarching to 
help identify and categorize and quantify risk because if an 
industry is left with its own field of view, the risk will be 
adjudged based upon how much it costs the industry rather than 
how much it costs the broader critical infrastructure. An 
overly simplified example, we lost power in Northern Virginia a 
week or two back. That obviously cost something to the 
electrical industry. But its impact was infinitely beyond the 
electrical industry. So we need something that infuses that 
into the calculus when you do cost and gain.
    Chairman Lieberman. Thanks, Senator Johnson. Thanks to the 
panel for their responses. The bill that not only the Committee 
reported out but that has been negotiated since really follows 
the model of a lot of what you have described.
    Incidentally, I agree with you that if we do not do 
something, the lawyers will do it, and the lawyers will do it 
in the sense that there will be an attack and then there will 
be litigation to hold companies liable for what they did not do 
to protect customers from the attack. And then it will be done 
by lawyers arguing in court, and that is exactly the wrong 
place for it to happen.
    We are trying to build a system in our bill where the 
private sector is involved in a collaborative effort to set 
standards for who is covered by this, just to get to the point 
that General Hayden was talking about, and we only want to 
cover the most critical infrastructure defined in a very 
demanding way. And then in the same collaborative process, to 
approve standards but standards that we do not want to be too 
prescriptive. They are basically outcome requirements, and we 
are going to leave it to the private sector to comply with 
those. But at some point--and we are open in the bill to 
certified third-party auditors, if you will, private sector 
auditors--it could be universities, probably will be 
universities in a lot of cases, who the government will say, 
OK, you are a credible operation, you are not a fly-by-night 
operation, so we are going to rely on you to tell us whether 
the companies have met the standards. And once you do that, 
obviously you get some benefits, one of which is protection 
from liability.
    Mr. Flynn.
    Mr. Flynn. Mr. Chairman, just to add one more thing as you 
come to closure of the hearing, first, thank you for your 
extraordinary leadership during your tenure here.
    Chairman Lieberman. Thank you.
    Mr. Flynn. I would also like to commend your extraordinary 
staff, this bipartisan role with you, Senator Collins. I deal a 
lot across this body, and the staff that works so well 
together, I think, is a real tribute to the leadership that you 
both provide and also to the majority and minority staff 
directors.
    One thing I would commend to you is the amount of knowledge 
that is in your staffs, and it would be, I think, a tremendous 
service to all of us for that staff to prepare a report of its 
findings based on what has been learned over the course of this 
past decade. There is a lot of turnover at DHS.
    Chairman Lieberman. Right.
    Mr. Flynn. This used to be a very unpopular business before 
September 11, 2001. It was a lonely one. It got a little more 
popular. It is getting a little more lonely again. So 
harnessing that enormous capability that I see behind you here 
would be, I think, a service to the Nation.
    Chairman Lieberman. Thank you for your kind words, and I 
agree with you. We have been very lucky with our staff, and I 
appreciate you giving them that substantial assignment. 
[Laughter.]
    I have one more question, and I think Senator Collins may 
have one more question, too.
    We talk a lot about state-sponsored terrorism. The State 
Department has a list of state sponsors of terrorism. But, 
really, we have been focused over the last decade much more on 
non-state actors, particularly al-Qaeda and the various 
iterations of al-Qaeda. But as one or two of you have said, we 
now have the kind of reappearance on a global scale of Iran-
backed terrorism.
    I wanted to start with you, Mr. Jenkins, and ask you how, 
if in any way, we should alter our response to this kind of 
state-based terrorism as compared to non-state terrorism? Or is 
it basically the same?
    Mr. Jenkins. Well, in terms of dealing with the Iranian 
thing, the terrorist campaign, these incidents that we have 
seen thus far, is really only one small component of a much 
broader set of issues in which we are engaging with Iran. And 
from their perspective, what they are doing with these 
terrorist attacks is in part saying that there is going to be a 
cost for what they perceive as a campaign of sabotage and 
assassination directed against their nuclear program. I will 
not get into whether that is a correct perception or not, but 
certainly that is their perception.
    Their future use of this terrorism is going to depend very 
much on what they calculate our intentions are about the 
Islamic Republic itself. If they believe--and there are radical 
elements within Iran that I suspect do believe this--that the 
aim of the United States is to ultimately bring about the fall 
of the Islamic Republic, then that is going to affect their 
risk calculations, and they are going to basically conclude 
they do not have a lot to lose. And they would be willing to--
they will be willing to--escalate that.
    Now, this implies, by the way, that there is a rational 
actor model: That is, what they do is in response to what we 
do, which is in response to what they do. And people who will 
challenge that rationality model, saying, no, we are dealing 
with apocalyptic types here who are not always going to behave 
rationally; but right now, in terms of our efforts to stop 
their nuclear weapons program, we are depending on that model 
to work.
    How do we respond to this? I think, in fact, we are going 
to see the continuation of a long-term, complicated, shadow 
terrorist war, not simply involving the United States and Iran. 
It will involve Israel, it will involve Saudi Arabia, it would 
involve others. This is a tool that they have, and here I would 
go back to underscore a point that Mr. Flynn made, and that is, 
no one can take us on in an open, conventional way. That simply 
is not going to work. So they have this as an instrument. They 
feel righteous about its use. They have capacity, and so I 
think that capacity is going to be used going forward. And I do 
not think there is any way, any easy way, out of this contest.
    Chairman Lieberman. Barring some shockingly surprising 
rapprochement with Iran and settlement of the dispute over 
their nuclear weapons capability program, no, I agree. I think 
the emergence of Iran-backed terrorist acts or attempted acts 
over the last year or so is obviously related to the tension 
that is going on between us, the Israelis, the Saudis, and a 
lot of others in the Arab world with Iran about their nuclear 
weapons development program. So they are sending a message by 
these acts or attempted acts.
    Mr. Jenkins. Well, you said barring some dramatic reversal 
of their policy with regard to nuclear technology. And, of 
course, the trajectory can go the other way as well.
    Chairman Lieberman. Correct.
    Mr. Jenkins. And, that is, the tensions can increase, 
hostilities can look as if they are imminent.
    Chairman Lieberman. Right.
    Mr. Jenkins. And then I think our operative presumption has 
to be that there will be an escalation in the terrorist 
campaign directed against their targets in the region as well 
as targets further on.
    Chairman Lieberman. And the second scenario, today you 
would have to say based on what has happened in the P5+1 talks 
with Iran and in their lack of any change in response to the 
sanctions, the second scenario is the more likely.
    Mr. Jenkins. The most positive assessment would be a 
continuation of things as they are. That would be good news?
    Chairman Lieberman. Yes, right.
    Mr. Jenkins. If it is going to move one way or the other, 
it probably looks as if it will head----
    Chairman Lieberman. In a worse direction.
    Mr. Jenkins. In a worse direction, yes.
    Chairman Lieberman. Mr. Cilluffo, do you want to add 
something quickly? Then I want to yield to Senator Collins.
    Mr. Cilluffo. Mr. Chairman, I just want to be very brief. 
The red lines we historically looked at are out of focus today. 
From Beirut to Bangkok to Baku, I mean, you are starting to see 
an uptick in activity, by whom precisely is unknown, the 
Revolutionary Guard, the Ministry of Information, or others.
    But at the end of the day you are seeing an uptick in 
activity. The cyber issue that came up in the conversation--I 
mean, cyber is made for plausible deniability. That is why the 
extra shame if what has been said is accurate in the New York 
Times that we are even discussing these sorts of issues. I 
recently testified on the House side on Iran and cyber before 
all these leaks, and they are investing heavily in this space. 
And I would argue that they will not be discriminate. In other 
words, who really should shed a tear? I think it was the right 
thing to do to go to stymie Iran's nuclear programs and slow 
that down a little bit. Do not think that their response in 
kind would be discriminate. And those same vulnerabilities that 
can be used there could be exploited in other ways.
    So, to me, it is a significant set of issues, and the Los 
Angeles Police Department, I might note, has elevated the 
government of Iran and Hezbollah as a Tier 1 threat, highest 
potential threat. So their intelligence requirements are 
starting to kick in.
    Chairman Lieberman. That is significance. Thank you. 
Senator Collins
    Senator Collins. Thank you, Mr. Chairman. First, I am 
grateful that my friend Senator Johnson has stayed to the very 
end of the hearing because I do want to put into context, and 
to some extent counter his commission on cybersecurity and what 
we need to do by reminding him that General Hayden's first list 
was we need to do all three, and that includes protecting 
critical infrastructure.
    Mr. Flynn reminded us that critical infrastructure is 
vulnerable to sabotage. We have seen just in the last week what 
a natural disaster can do, the chaos, the loss of life, the 
decreased economic activity, the hardship, and the accidents 
that occurred at non-working traffic lights. Well, that would 
be multiplied many times over by a sustained cyber attack that 
deliberately knocked out our electric grid. And as Mr. Flynn 
also pointed out, not only is there a lack of protection of our 
critical infrastructure, but it is not as resilient as it 
should be, and that is why here we still have people without 
power in West Virginia and some parts of Virginia as well.
    I would also point out as my final comment that while all 
of us, everybody agrees that improved information sharing is 
absolutely essential, it is far from a panacea that will lead 
to improved cybersecurity. A joint report by the Center for 
Strategic and International Studies and McAfee that was 
published just last year found that 40 percent of critical 
infrastructure companies were not taking even the most basic 
security precautions such as regularly installing software 
patches or changing passwords, just basic precautions that all 
of us know we ought to be taking. And given the unending 
publicity about almost daily cyber attacks--including, I might 
add, a cyber attack that infiltrated the Chamber of Commerce's 
own computers for many months without their being aware of it. 
Given all of that evidence, I think that we can conclude that a 
completely voluntary system where we do nothing related to 
critical infrastructure will not solve the problem.
    And I would ask all of our witnesses just very quickly, 
even if you think that information sharing may be No. 1 or some 
other step, such as better intelligence gathering, may be No. 
1, are we truly going to improve the security of critical 
infrastructure in this country--our electric grid, our 
transportation system, our financial systems--if we do nothing 
legislatively related to critical infrastructure? General 
Hayden.
    General Hayden. Ma'am, obviously the information sharing 
helps, but I stand by my original statement, as you pointed 
out. All three of these are good ideas, and we need to move out 
on all three fronts.
    Senator Collins. Thank you. Mr. Jenkins.
    Mr. Jenkins. No, I think it is essential that we do 
something now in terms of addressing the vulnerabilities in our 
critical infrastructure. I mean, we have seen these threats 
mount, and to go back to earlier comments made, what is likely 
to take place in the wake of some type of cyber catastrophe is 
going to be messier and not nearly as useful as doing something 
now. So the choice is not doing something or not doing 
something now. The choice is doing something thoughtful, 
perhaps 90 percent right, hopefully, versus doing something 
later on which is likely to be really messy.
    Senator Collins. Thank you. Mr. Cilluffo.
    Mr. Cilluffo. I think it absolutely does require 
legislative prescriptions. All my views aside, I do think the 
intelligence and information-sharing piece is priority No. 1. 
But you have other pieces that need to be addressed, and quite 
honestly, we have not made the business case for cybersecurity. 
So, to me, that is where we need to be looking, because we need 
to look at what the carrots are as well as the sticks. The fact 
that the insurance and reinsurance sectors, they have always 
had more success in inducing changes in behavior, the fact that 
they are not in this space to me is a little upsetting. The one 
thing I would argue against is we tend to look at this issue 
reactively, and I am not just talking legislatively. I am 
talking cyber generally. Think about it this way: After your 
system gets broken into, what do you do? You get a patch. That 
would be like in a physical domain, after someone breaks into 
your home, you are calling the locksmith first, not a police 
department, and you are not dealing with prevention.
    So let us just make sure we are not only looking at it 
picking up the pieces after they have already fallen. I want to 
get a little more proactive. I think we need to invest in 
active defenses. This will require legislation, too. So these 
are the sorts of issues I think we need to also include.
    Senator Collins. I cannot tell you how many chief 
information officers of major companies have come to me and 
said, ``I know we need to invest in this area. We are so 
vulnerable. But we cannot get the attention of the chief 
executive officer.'' I have heard that countless times.
    Mr. Flynn. I would very much reinforce what has just been 
said. The need for standards is critical, and they have to be 
enforced in order to change this behavior, the behavior right 
now as the system is wide open. And the risk is--and as I 
constantly say to industry--the morning-after problem. When we 
have an incident--you will have legislation, and there will not 
be as much time for industry input. So let us use this moment 
now when you have a voice at the table where there are clearly 
trade-offs that have to be made here, engage.
    I wanted to really reinforce something that General Hayden 
said about one of the challenges of dealing with just purely a 
sector-by-sector approach with each group setting standards. 
Take the Port Authority of New York and New Jersey. At rush 
hours, which, of course, it has in the morning and evening, 
there are 1.8 million people inside Port Authority facilities--
on the bridges, in the tunnels, on the trains, or in its 
airports. When the power goes out, those folks get stranded in 
those facilities. You have to deal with that. The Port 
Authority does not produce any power. It is depending on 
utilities to do that. But its core mission, mobility, depends 
on that.
    The utilities have to go to raise their rates to state-run 
public review boards in order to get the investment for 
security. So, again, the tension becomes, absent a regulation 
or a requirement, how do they make a case when other sectors 
are being impacted? There is some need for some adult 
supervision here. And it is also important to insurers and 
reinsurers. If there are no standards, you are not going to 
insure. Insurers, if they have to go out and do all the 
enforcement themselves, which has costs, to make sure that 
people buy off on the standard, that is not a profitable market 
for them to do. They need to know there are standards. They 
need to know there is a mechanism like third parties to do it. 
Then they can come up with incentives. But they are not going 
to give anybody incentives if they do not know anybody is 
complying with it, and that basically is where this whole thing 
has broken down.
    Senator Collins. We often bemoan the fact that there was a 
failure to connect the dots prior to the attacks on us on 9/11. 
This time, there have been so many warnings that we are 
vulnerable to a major cyber attack that shame on Congress if we 
do not take steps now to try to avert a cyber 9/11. This is not 
a case where there was a failure to connect the dots. This is a 
case where every expert has told us that a cyber attack could 
happen at any time, and indeed happens every day. And this 
poses a threat not only to our national security but to our 
economic prosperity, because we are not only in danger of being 
disrupted from a national security perspective, but we are 
losing trade secrets and intellectual property, research and 
development developed by American firms every single day. And 
to me, that is another compelling reason that we must act.
    Mr. Jenkins. Can I add a comment here? This body can pass 
legislation, and this Committee's responsibilities cut across 
government. But actually, when you pass that legislation, some 
portion of government is going to have to have the 
responsibility for implementing these pieces, and it looks as 
if DHS is going to have a heavy role here. And that really 
raises a question of capacity, in terms of the capacity to 
assess threat, to do the analysis, to ensure that this thing is 
being implemented properly. And there is a real-question mark 
about the existence of that capacity right now.
    So the legislation, however good it is, is not going to 
work unless there is the machinery somewhere in government to 
do it. And I am not sure it is there right now.
    Senator Collins. Well, that is why, as we did with the 
Intelligence Reform Act in 2004, we created a National 
Counterterrorism Center that brought together, as General 
Hayden well knows, expertise from many agencies, which we do in 
our bill, and we also tap into the private sector repeatedly in 
a collaborative relationship.
    Finally, I would say that having personally spent a lot of 
time at the cyber center that DHS has now, I think most people 
would be impressed with the progress that has been made. And 
they have done it with cooperation with NSA, which is an 
absolutely vital player, and with many other agencies as well. 
But the point is, while we may have differing views on exactly 
how to structure this, if we let those disagreements sink a 
bill that requires critical infrastructure to meet certain 
standards in order to get liability protection, for example, I 
think we will be failing the American people. And when the 
attack comes--and it will come--everyone will be saying why 
didn't we act. And then we will rush to act, and we will do far 
less good a job, and the damage will have been done. Thank you, 
Mr. Chairman.
    Chairman Lieberman. Thanks, Senator Collins. I was going to 
add something, but you have said it all. Senator Johnson, do 
you have another question you would like to ask?
    Senator Johnson. No. I would just like to make a comment.
    First, I do not really believe there is much I would 
disagree with anything that has been said by anybody here. The 
point I was trying to make in my questioning is based on the 
failure of this Stop Online Privacy Act (SOPA) and PROTECT IP 
Act (PIPA) legislation. I think it is critical that we do move 
forward on this, and I am just trying to ask to prioritize it. 
It sounds to me like standards would be the first thing, to set 
those so that we can start maybe using the private sector and 
insurance markets to start enforcing things, then information 
sharing. I was just trying to get the priority of things that, 
if we cannot go for the full loaf--I would love to pass a 
perfect piece of legislation. I just think it is going to be 
very difficult. What are the confidence-building steps we can 
pass now to start the process going?
    That was the only comment I was trying to make. Thank you.
    Chairman Lieberman. I appreciate that, and as you know, 
there is a lot of, I think, very constructive work going on 
which Senator Collins and I have encouraged and are keeping in 
touch with, that is in a bipartisan process being led by 
Senator Sheldon Whitehouse and Senator Jon Kyl. I do not know 
that it will produce common ground that everybody will want to 
occupy, but I am hopeful that it will produce common ground 
that at least 60 Senators will want to occupy.
    I thank the panel. You have really been extraordinary. Just 
looking at you, each one of you has given great service to our 
country in various capacities, and I think you have added to 
that by the written statements that you have submitted for the 
record and by your testimony here today, and I appreciate it 
very much.
    We will leave the record of this hearing open for 15 days 
for any additional statements or questions. We will be back 
here tomorrow morning with part two, which will be a review of 
the first decade of the Department of Homeland Security and 
some looks forward into the next decade. The witnesses will be 
our former colleague, Jane Harman, now at the Woodrow Wilson 
Center, Admiral Thad Allen, and Richard Skinner, who is a 
former Inspector General at the Department of Homeland 
Security.
    So, with that, I thank you all, and the hearing is 
adjourned.
    [Whereupon, at 12:21, the Committee was adjourned.]


THE FUTURE OF HOMELAND SECURITY: THE EVOLUTION OF THE HOMELAND SECURITY 
                    DEPARTMENT'S ROLES AND MISSIONS

                              ----------                              


                        THURSDAY, JULY 12, 2012

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:03 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Joseph I. 
Lieberman, Chairman of the Committee, presiding.
    Present: Senators Lieberman, Akaka, Carper, Collins, and 
Johnson.

            OPENING STATEMENT OF CHAIRMAN LIEBERMAN

    Chairman Lieberman. Good morning, and the hearing is 
convened. Thank you all for being here, particularly thanks to 
the witnesses who we will introduce in a few moments.
    This is the second in a series of hearings the Committee is 
holding on the past, present, and future of homeland security 
in our country, coincident with the 10th anniversary of the 
adoption of the Homeland Security Act in November of 2002--
obviously following the events of September 11, 2001 (9/11).
    Also, Senator Collins has been good enough to support my 
desire, as I end my service in the Senate, to take a look back 
at where we have been in homeland security over the last 10 
years, but really more importantly, to look forward and to try 
to discuss some of the unfinished business and to anticipate 
how we can meet evolving threats. I hope thereby to create a 
record which will be of help to this Committee in its new 
leadership next year.
    We had a very good hearing yesterday with a panel that was 
describing the evolving homeland security threat picture. Today 
we are going to focus in on the Department of Homeland Security 
(DHS) itself, how it has done over almost 10 years now, and 
what it should be doing in the years ahead.
    The Department of Homeland Security does not include all of 
the Federal Government's major homeland security agencies. 
Obviously, the Departments of State, Defense, Justice, Health 
and Human Services, along with the key intelligence agencies of 
our government, all play very important roles in protecting our 
homeland security. And, of course, State and local partners as 
well as the private sector, and, as we discussed yesterday, the 
American people themselves all have significant 
responsibilities. But really the center of homeland security 
was intended to be the Department of Homeland Security. It was 
intended to be not only the center point but the coordinating 
point of the agencies that were brought within it and also to 
make sure that we were interacting with a lot of other agencies 
over the Federal, State, and local governments that had both 
the responsibility and some opportunity to contribute to our 
homeland defense.
    As I look back, I would say that the Department has come an 
awful long way in its first decade, but this is a mission that 
it has that in a sense has no final destination point. It has 
to continue getting better, and there are ways to meet the 
evolving threat, and there are ways in which in the first 
decade there were some things that happened that were not as 
good as we wanted.
    But as I go back to 10 years ago, I think the vision that 
Congress had for the Department of Homeland Security when we 
created it was to have a Department that would be more than the 
sum of its parts, a Department that would integrate key 
homeland security functions such as border preparedness and 
infrastructure protection, and a Department that would help 
ensure, as we said over and over again after 9/11, that we 
would never again fail to connect the dots so that we would 
prevent the next 9/11 from happening.
    As I said, I think the Department has made tremendous 
strides forward in the nearly 10 years since the passage of the 
Homeland Security Act in achieving some of these broad goals 
that we have talked about and that we had in mind 10 years ago. 
Al-Qaeda, which we were focused on, of course, because it 
claimed credit for the attacks against America, and its 
affiliates have not carried out a successful attack, certainly 
not one anywhere near the catastrophic dimensions of September 
11, 2001 since 9/11, which I think is a credit not only to our 
offensive forces led by the U.S. military and intelligence 
communities, but also to the tremendous work that the Homeland 
Security Department has done.
    Let me talk about some of the areas where I think there has 
been significant progress. We have a screening system now at 
points of entry into the United States that is integrated with 
information from the intelligence community and others and has 
become very effective at detecting bad actors trying to enter 
our country. Our aviation screening system is vastly improved 
from what we had before 9/11. We also now have much more robust 
two-way information sharing on potential threats, not only 
within the Federal Government but with State and local 
governments, and that is in large measure due to the leadership 
of the Department of Homeland Security and its support for 
State and local fusion centers.
    In a different aspect of the DHS responsibilities, our 
Nation's preparedness and response efforts, led by the Federal 
Emergency Management Agency (FEMA), have improved significantly 
in the 7 years since Hurricane Katrina, which obviously showed 
how inadequate FEMA was at that point, and their response to 
just about every natural disaster that has occurred in our 
country since then has been significantly better and drawn very 
positive reviews.
    These are important achievements, and we should not forget 
them in the occasional griping from people who do not like to 
take their shoes off or go through magnetometers or whatever 
else at airports. But the Department still has a way to go to 
fully realize what we want it to be, and let me just mention a 
few of the areas where I think that there is much more to be 
done. And, interestingly, most of these have to do with the 
administration of the Department, with process, if you will, 
but process is important.
    For example, the Department's operational components I 
think are still not adequately integrated with its headquarters 
and with each other, and that causes problems. That causes at 
least less than optimal use of the Department's resources.
    The Department of Homeland Security continues to have 
workforce morale challenges, as reflected in the annual ratings 
done in the Federal Human Capital Survey. These have improved 
over the years, but nowhere near to the extent needed.
    The Department of Homeland Security also struggles with 
setting requirements and effectively carrying them out for 
major acquisitions and ensuring that these acquisition programs 
stay on track while they are underway. The Department of 
Homeland Security unfortunately is not unique among Federal 
agencies in this problem, but this is the Department that we 
helped create, and we have oversight responsibility for it, and 
we have to be honest and say their performance in this regard 
has not been adequate.
    And, of course, in the years ahead, the Department in a 
different way will need to take actions to anticipate and 
respond to evolving homeland security threats, including 
continuing to increase its improving capabilities with respect 
to cybersecurity in response to cyber attacks on our country.
    The greater challenge, of course, is that the Department of 
Homeland Security, along with every other Federal agency, will 
have to find a way to do this in a period of flat or perhaps 
even declining budgets. In a budget environment like the one we 
are in today, the natural tendency is to focus on preserving 
and protecting current capabilities, but the risk of doing only 
that is that we will be underinvesting in systems needed to 
meet evolving and new threats of tomorrow.
    So I think in its second decade, the Department of Homeland 
Security will have to be, if I may put it this way, as agile as 
our enemies, and that may mean that the Department will have to 
cut back in some of its now traditional areas of responsibility 
if they seem less relevant to the threat and take that money 
and invest it in programs to meet new threats that come along.
    The three witnesses that we have--Congresswoman Harman, 
Admiral Allen, and Mr. Skinner--are really uniquely prepared by 
experience and capability to contribute to our discussion and 
build exactly the kind of record that I hope this Committee 
will build to hand over to the leadership in the next session. 
I cannot thank you enough for being with us this morning, and I 
look forward to your testimony.
    Senator Collins.

              OPENING STATEMENT OF SENATOR COLLINS

    Senator Collins. Thank you, Mr. Chairman.
    Nearly 10 years ago, the creation of the Department of 
Homeland Security brought together 22 different agencies into a 
single Department to focus like a laser on protecting our 
country and its citizens. Yesterday, as the Chairman indicated, 
we explored the emerging security threats our Nation is likely 
to confront. In my judgment, the largest threat in that 
category is a cyber attack. Today we will examine whether DHS 
is well positioned to address these emerging threats as well as 
other longer-standing threats.
    The changing threat landscape at home and abroad requires 
the Department to be nimble and imaginative, effective and 
efficient--qualities not often associated with large 
bureaucracies. Yet the men and women of DHS can take pride in 
the absence of a successful large-scale attack on our country 
during the past decade and in the Department's contributions to 
thwarting numerous terrorist plots.
    There have been successes and failures over the past 10 
years. Information sharing has improved, but remains very much 
a work in progress. Ten years ago, we envisioned that DHS would 
be a clearinghouse for intelligence. Although incidents like 
the failed Christmas Day underwear bomber made clear that 
information sharing is still imperfect, numerous public and 
classified counterterrorism successes since 9/11 demonstrate 
that information sharing has indeed improved.
    This is also true with respect to information sharing 
between DHS and the private sector, an essential partner in the 
protection of our country since 85 percent of our critical 
infrastructure is privately owned. The growing network of State 
and local fusion centers also presents opportunities not only 
for the improved dissemination of information but also for the 
collection and analysis of intelligence at the local level.
    As we discussed yesterday, however, these centers have yet 
to achieve their full value. They have yet to truly become 
successful aggregators and analyze local threat information in 
too many cases.
    The Transportation Security Administration (TSA), the 
agency within DHS that is most familiar to the public, has 
strengthened airline passenger risk analysis, but it still 
troubles many Americans to see screeners putting the very young 
and the very elderly through intrusive and in most cases 
unnecessary patdowns. TSA is making progress toward 
implementing more intelligence-focused, risk-based screening 
through such efforts as Pre-Check, but many challenges remain 
for TSA.
    DHS has also bolstered the security of our borders and 
identification documents, yet two Iraqi refugees associated 
with al-Qaeda in Iraq were arrested in Kentucky last year. When 
a bomb maker whose fingerprints we have had for some time is 
able to enter our country on humanitarian grounds, it is an 
understatement to say that ``work remains,'' as DHS's self-
assessment states.
    In order to meet and overcome current and future threats, 
DHS must support its component agencies with stronger 
management. Since 2003, the Government Accountability Office 
(GAO) has designated the Department as high risk. It has done 
so because of the management and integration challenges 
inherent in any large undertaking. But what people often do not 
realize is the high-risk designation refers not to just being 
at risk for waste, fraud, and abuse; it is at risk for program 
failure and, thus, the consequences of being on the high-risk 
list are serious indeed. DHS must implement changes that will 
hasten the day when the Department is no longer included on 
GAO's high-risk list.
    The roles of the Department's components have evolved over 
time. As a positive example, I would note the adaptability and 
can-do attitude of the Coast Guard. I do not believe that there 
is another agency within DHS that has done a better job of 
adapting to the new challenges and its expanding mission in the 
post-9/11 world. This was never more clear than after Hurricane 
Katrina.
    As this Committee noted in its report on Hurricane Katrina, 
the Coast Guard demonstrated strength, flexibility, and 
dedication to the mission it was asked to perform, and saved 
more than half of the 60,000 survivors stranded by this 
terrible storm.
    Many experts have predicted a disaster in the cyber realm 
that would compare to Hurricane Katrina. Compared to 10 years 
ago, the cyber threat has grown exponentially. Clearly, this 
requires an evolution in the Department's mission to secure 
critical systems controlling critical infrastructure, such as 
our transportation system, our nuclear power plants, the 
electric grid, our financial systems--a goal that we hope to 
accomplish through the enactment of legislation that Chairman 
Lieberman and I have championed.
    Despite the fact that DHS has made considerable strides 
over the past decade, it still has a long way to go by any 
assessment. To understand what challenges the Department is 
facing, what changes are needed, and to prioritize our limited 
resources, we must learn from the Department's past mistakes 
and be able to better measure what has worked and what has not. 
To do so requires metrics and accountability, an area where the 
Department has been challenged.
    I very much appreciate that we have such outstanding 
experts here with us today to help us in evaluating the 
Department's progress and its future direction.
    Thank you, Mr. Chairman.
    Chairman Lieberman. Thanks very much, Senator Collins.
    Our first witness, I am delighted to say, is Congresswoman 
Jane Harman. With Senator Collins, Congresswoman Harman, and 
myself here, we have three of what we used to call ``the Gang 
of Four.''
    Ms. Harman. ``The Big Four.''
    Chairman Lieberman. ``The Big Four.'' Much better. We could 
say ``The Final Four.'' No. [Laughter.]
    What I am referring to in this inside conversation is that 
we were privileged to constitute bipartisan and bicameral 
leadership on the processing and ultimate adoption of the 9/11 
legislation, which actually followed the creation of the 
Department of Homeland Security. And I had known Ms. Harman, of 
course, before but really got to know her well, greatly admire 
her, and even like her.
    Ms. Harman comes to us today as the President of the 
Woodrow Wilson Center. Her tenure in the House included service 
as Chair of the House Committee on Homeland Security's 
Subcommittee on Intelligence, Information Sharing, and 
Terrorism Risk Assessment, and as Ranking Member of the House 
Permanent Select Committee on Intelligence. So I am really 
delighted that you could make it, and we welcome your testimony 
now.

  TESTIMONY OF HON. JANE HARMAN,\1\ DIRECTOR, PRESIDENT, AND 
 CHIEF EXECUTIVE OFFICER, WOODROW WILSON INTERNATIONAL CENTER 
                          FOR SCHOLARS

    Ms. Harman. Thank you, Mr. Chairman and Senator Collins and 
friends, for the opportunity to join you and to return to 
Capitol Hill to testify on a topic I am passionate about, which 
is the security of our homeland.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Harman appears in the Appendix on 
page 154.
---------------------------------------------------------------------------
    I am also honored to be testifying with Admiral Allen, who 
is here in facial disguise, and Mr. Skinner. They have far more 
hands-on experience with this topic than I do.
    Our collaboration, which you just referred to, over many 
years I believe shows that bipartisanship--indeed 
tripartisanship--is possible. We had a good gig going during my 
nine terms in the House, and our legislative efforts, as you 
said, yielded significant results--and many special times.
    Well over 10 years ago--my goodness how time flies--I 
joined you, Mr. Chairman, and a hardy little band of 
legislators who thought a homeland security function made sense 
in the aftermath of 9/11. What we had in mind, however, was 
something far less ambitious than the plan ultimately sketched 
out by then White House Chief of Staff Andy Card.
    As I recall, we envisioned a cross-agency ``jointness'' 
similar to the concept we were able to enact into law as the 
2004 Intelligence Reform Act. And, by the way, yes, we were the 
Big Four, along with Pete Hoekstra. But I would point out that 
two of the Big Four happened to be female, so, of course, we 
did 98 percent of the work, and that is why the bill passed. 
[Laughter.]
    Chairman Lieberman. I want to note from this perspective 
that the women in the room laughed at that. [Laughter.]
    Ms. Harman. I saw Senator Carper laugh.
    Senator Carper. That is the feminine side of me coming 
through. I always thought of you as the ``Fab Four.'' 
[Laughter.]
    Ms. Harman. Back to the homeland bill, I remember that once 
the White House proposal had been announced, we all decided to 
embrace it because that would ensure presidential support. And 
so it was.
    Although DHS comprised of 22 departments, as Senator 
Collins said, and agencies, Congress tried to organize that 
around four main directorates: Border and Transportation 
Security, Emergency Preparedness, Science and Technology, and 
Information Analysis and Infrastructure Protection. That is the 
intelligence function.
    The Information Analysis Directorate was supposed to 
analyze intelligence and information from other agencies, as I 
think you said, including the Central Intelligence Agency 
(CIA), the Federal Bureau of Investigation (FBI), the Defense 
Intelligence Agency (DIA), and the National Security Agency 
(NSA), involving threats to the homeland and to evaluate 
vulnerabilities in the Nation's infrastructure--something we 
definitely need to be doing. Emergency Preparedness would 
oversee domestic disaster response and training. Border 
Security would streamline all port-of-entry operations, and the 
Science and Technology (S&T) Directorate would acquire 
scientific and technological skills, mostly from the private 
sector--this was the idea--to secure the homeland.
    Well, the initial strategy morphed into something 
different, and we all learned, if we did not know it before, 
that merging government functions is difficult, and the threats 
against us are evolving, and so are our enemies. So it is 
important that we take this look today that you have suggested.
    While DHS has experienced real success, there have also 
been what I would call hiccups and significant growing pains. 
It is certainly not the first Department to run into problems.
    But my bottom line is that, to fix those problems, we 
should not rearrange the deck chairs again. What we should do 
is make a clear-eyed assessment of what works and what does 
not.
    Here are some of the functions that execute well:
    Last year, as you said, I think, Mr. Chairman, Customs and 
Border Protection (CBP) stopped more than 3,100 individuals 
from boarding U.S.-bound aircraft at foreign airports. And CBP 
was able to process more than 15 million travelers at 15 pre-
clearance locations in the same year. That is like picking 
needles from a haystack.
    TSA now fully implements Secure Flight, the program 
screening all passengers on flights from, within, or bound for 
the United States against government terror watch lists. 
Extending our ``borders'' by using real-time, threat-based 
intelligence in addition to multiple layers of security is 
working.
    The Department expanded ``If You See Something, Say 
Something'' to dozens of States, cities, transit systems, 
fusion centers, Federal buildings, etc. Local residents are the 
first line of defense against terror plots in this country 
because they know what looks suspicious in their neighborhoods.
    That is why I think fusion centers are so important. Last 
year, the Colorado fusion center helped identify an attempted 
bombing suspect. And fusion centers around the country worked 
together to share tips and leads necessary to arrest and 
convict Faisal Shahzad, the 2010 Times Square bomber. There are 
problems with them which we can discuss, but some are terrific.
    Finally, the Office of Infrastructure Protection conducted 
more than 1,900 security surveys and 2,500 vulnerability 
assessments on the Nation's most significant critical 
infrastructure to identify potential gaps.
    But the challenges are significant. I do not want to abuse 
my time here, so I will rush through them.
    First, the intelligence function has never fully developed. 
Part of the reason is that President George W. Bush stood up 
the Terrorist Threat Integration Center (TTIC), which is now 
the National Counterterrorism Center (NCTC), outside of the 
Department of Homeland Security. So a significant portion of 
its jurisdiction moved out.
    Intelligence reports are meant to be consumed by State and 
local law enforcement, but many of those entities consider what 
DHS reports to be ``spam,'' cluttering overflowing inboxes. In 
many cases, law enforcement still reports that State fusion 
centers provide better information.
    The new DHS Strategic Plan for fiscal years 2012-16 said 
that intelligence is an area needing ``enhancement,'' and we 
can discuss that if you want.
    Chairman Lieberman. Excuse me a second. If you want to take 
a few extra minutes, you should go ahead and do that.
    Ms. Harman. Thank you.
    One of the enhancements necessary, in my view, is writing 
reports that are actually useful to local law enforcement, and 
that was the point of establishing the Interagency Threat 
Assessment and Coordinating Group (ITACG), which I understand 
may suffer some funding problems, and I want to thank you, Mr. 
Chairman, just as a citizen out there for fighting to restore 
the funds that may be taken away.
    Second, the homeland mission is so large that the 
Department must assess where it can be most effective and where 
it cannot. For example, I believe that DHS will never be the 
leader in preventing cyber attacks. But I do think it can 
perform the mission that you in your legislation suggest, and I 
think it is absolutely crucial that the legislation Congress 
enacts include parts that protect critical infrastructure. So I 
support your bill over the one that the House has been 
considering, and I hope that Congress will move forward on 
legislation promptly.
    Third, I think that Congress has been a very disappointing 
player in this process. Not this Committee, but Congress has 
failed to reorganize its committee structure, and the homeland 
jurisdiction here, but more significant in the House, is 
anemic. The Department still has to report to more than 80 
committees and subcommittees. We have simplified that somewhat 
but not enough. And the one recommendation of the 9/11 
Commission that remains basically unimplemented is the 
recommendation to reorganize Congress.
    So what are the biggest opportunities?
    First, while the Department should be praised for 
overhauling its privacy and civil liberties office, which I 
know you care about, it should not stop there. You and I all 
urged the White House to appoint the membership of the Privacy 
and Civil Liberties Oversight Board, which is mandated in the 
2004 law. In the Bush Administration, that Board barely 
functioned. I think that would be fair. And in this 
Administration, finally all the members have been nominated, 
they have been reported from committee, but they are not 
confirmed. So we do not have that function yet.
    Second, DHS should do much more to reduce 
overclassification of intelligence. Your Committee worked for a 
year to help pass the Reducing Overclassification Act of 2010, 
but very little has happened to implement it. I think it should 
be a high priority.
    And, finally, the Secretary must continue to be the face of 
homeland security. Janet Napolitano happens to be an old friend 
of mine, and before she took office, I suggested that she be 
the Everett Koop of threat warnings--just as he was the 
Nation's most trusted anti-smoking crusader. And, frankly, this 
reminds me of a kind of silly thing. Once there was a color-
coded system for homeland security warnings. I remember the 
Department saying that we were moving from pale yellow to dark 
yellow, and I commented that the Homeland Security Secretary 
should not be an interior designer. That prompted a hilarious 
call from Tom Ridge, but the point of this is there are some 
homeland functions that only the Secretary can carry out, and 
one of them is being the respected voice to warn the rest of us 
of the threats we face and to prepare us.
    In conclusion, as you said, Mr. Chairman, no major attack 
on U.S. soil has occurred since 9/11. DHS deserves some real 
credit, but so does this Committee.
    As you said, soon you will join the ranks of what I would 
call policy wonks and grandparents--like me--who work outside 
of Congress. And just this week--I think it happened already. 
Did Senator Collins break Cal Ripken's record?
    Senator Collins. Today.
    Ms. Harman. Today, 5,000 votes. Can we all applaud you?
    [Applause.]
    And next month, you will taste married life. Both of you 
bring such skill and dedication to this work. I strongly doubt 
that your new roles will diminish your passion, and mine 
remains as strong as ever.
    I really salute you, dear friends. Thank you, Mr. Chairman, 
for the opportunity to testify.
    Chairman Lieberman. Thanks very much for your testimony.
    I was watching TV the day that Cal Ripken broke the 
previous record, and it was one of many occasions when my wife 
was befuddled by my behavior because, as Ripken circled the 
field, receiving the adulation of the crowd, I began to cry. 
She did not understand that. But I am going to try to control 
my tears today. [Laughter.]
    Ms. Harman, you said something that I just want to draw 
attention to because this is the kind of--with all the problems 
and unfinished work DHS has, you cited some statistics that I 
did not cite about border security and counterterrorism 
prevention, and almost nobody in the country knows this, but 
people ought to have a greater sense of confidence--I believe 
they do--when they get on a plane. Last year, CBP stopped more 
than 3,100 individuals from boarding U.S.-bound aircraft at 
foreign airports for national security reasons. And that is out 
of 15 million travelers at 15 pre-clearance locations that they 
cleared.
    So it took very sophisticated data systems and 
implementation of those systems to make that happen, but we are 
all safer as a result of it. Thank you very much for your very 
thoughtful testimony.
    Next, Admiral Thad Allen served as Commandant of the Coast 
Guard from 2006 to 2010. As we all remember, he led the Federal 
Government's response to Hurricane Katrina and the Deepwater 
Horizon oil spill, and in both really distinguished himself. In 
Hurricane Katrina, he was the singular source of reassurance to 
the American people that somebody really was in charge and was 
effectively coordinating response efforts and aid to the people 
who suffered, which really was a great moment for our country.
    Admiral Allen, I believe Congresswoman Harman suggested you 
may be undercover as a result of your facial hair, but I know 
better that you are now currently a senior vice president at 
Booz Allen Hamilton, Incorporated. Thanks very much for being 
with us this morning.

    TESTIMONY OF ADMIRAL THAD W. ALLEN,\1\ U.S. COAST GUARD 
      (RETIRED), FORMER COMMANDANT OF THE U.S. COAST GUARD

    Admiral Allen. Mr. Chairman, Senator Collins, and Members 
of the Committee, I have sat before these hearings countless 
times and said I am delighted to be here. This morning, I 
really mean it. [Laughter.]
---------------------------------------------------------------------------
    \1\ The prepared statement of Admiral Allen appears in the Appendix 
on page 157.
---------------------------------------------------------------------------
    Chairman Lieberman. Thank you.
    Senator Carper. How about all the other times?
    Admiral Allen. And it is an honor to be here with Jane 
Harman and Richard Skinner, my colleagues. We have worked 
together a lot in the past. She has been a tremendous leader at 
the Port of Long Beach in the past, and Mr. Skinner and I 
worked very closely in the last 10 years over the evolution of 
the Department of Homeland Security.
    The perspective I am trying to bring this morning, Mr. 
Chairman, is one of somebody that has worked this problem from 
the inside out from the onset. I was the Atlantic Commander on 
9/11 when we closed Boston Harbor after the planes took off 
from Logan Airport. We closed New York Harbor, with the 
tremendous challenge of evacuating people off of Lower 
Manhattan, and we closed the Potomac River north of the Woodrow 
Wilson Bridge, and it marks a sea change for the Coast Guard in 
how we addressed that end of the fall of 2001 and the winter of 
2002. As you talked about, there was much discussion about how 
to aggregate these types of functions and increase the security 
for the United States.
    I consulted with the Commandant at the time, who was 
Admiral James Loy, and there was some kind of a feeling there 
would be some kind of an aggregation of functions, as 
Representative Harman said, and then I believe it was in June 
2002, the Administration placed the bill on the Hill proposing 
the creation of a new Department. Sir, I know you were right in 
the middle of all of that, including the very robust discussion 
on work rules.
    Chairman Lieberman. Yes.
    Admiral Allen. I want to settle a context for my testimony 
by just recounting some of this because I think it is really 
important to have it on the record.
    There was an initial push, as you know, to have this bill 
passed by the first anniversary of 9/11. That did not happen 
for a lot of reasons, and you are familiar with that.
    When the bill finally passed, the President was in a 
position where the bill had to be signed right away, and it was 
signed on the November 25, 2002. It required that the 
Department be established in 60 days and then by March 1, 2003, 
the components moved over. So that means from the time the bill 
went on the Hill until the Department was created was basically 
about a year. And from the time of the enactment of the bill 
until the first component had to move over was a little over 3 
months.
    Now, we are all astounded when government operates at light 
speed, but when you do it that fast, you lack the elements of 
deliberate planning and analysis of alternatives on how you 
want to do it to actually execute the legislation correctly. 
And I have talked for years about how the conditions under 
which the Department was formed are some of the issues we have 
had to deal with.
    The legislation was passed between sessions of Congress, so 
there was no ability for the Senate to be empaneled and confirm 
appointees, although Secretary Ridge was done I believe a day 
before he was required to become the Secretary. We moved people 
over that had already been confirmed because we could do that. 
And it took up to a year to get some of the other senior 
leaders confirmed.
    We were in the middle of a fiscal year. There was no 
appropriation, so in addition to the money that was moved over 
from the legacy organizations from the Department where they 
were at, some of the new entities, we had to basically 
reprogram funds from across government. It was a fairly chaotic 
time to try and stand up the organic organization of the 
Department and put together a headquarters. Emblematic of that 
would be the location of the Department that still exists, the 
Nebraska Avenue complex, and the unfortunate situation where we 
are right now where we have been able to resolve the St. 
Elizabeths complex there.
    Because of that, what happened was we had the migration of 
22 agencies with legacy appropriations structures, legacy 
internal support structures, different shared services, and 
different mission support structures in the Departments where 
they came from. And because of that, a lot of the resources 
associated with how you actually run the components or need to 
run the Department rest in the components and still do today. 
And I am talking about things like human resource management, 
information technology (IT), property management, and so forth, 
the blocking and tackling of how you have to run an agency in 
government.
    Over the past 10 years, there have been repeated attempts 
in the Department to try and tackle some of these problems. The 
two most noteworthy are consolidation of financial management 
systems and the ability to create a core accounting system, and 
the other one would be the attempts to create a standardized HR 
system for personnel across the Department. These are 
emblematic, in my view, of the difficulty which you encounter 
when you try and do these things when they are not pre-planned 
and thought out. When the legislation went to the Hill, they 
established a Transition Planning Office in the Office of 
Management and Budget (OMB) under an Executive Order, but they 
were legally barred from sharing that because the law had not 
been enacted and there was not anybody to make a hand-off and 
that caused some duplicative work.
    I will not dwell on the past, but when I talk to folks 
about how the Department was formed, I think we need to 
understand that was a very difficult time, and we still carry 
the legacy of that moving forward.
    That said, as we look forward, I think we need to 
understand that we are confronting greater complexity and a 
kind of challenge as to the way we think about the Department's 
missions. And I do not think we can look at them as a 
collection of components with individual authorities and 
jurisdictions. We have to have more of a systems of systems 
approach moving forward. And I think that is the challenge in 
trying to define the mission set because once you do that, then 
you know the capabilities and competencies that you need to 
have a discussion, and then we can talk about the mission 
support function, which has not matured to where it needs to be 
and needs to move forward in the future.
    If I could take just a couple of examples, there has been a 
lot of talk about secure borders, protecting our borders, or 
managing our borders. And when you really think about it, our 
borders are not a monolithic line drawn in the land. It is a 
combination of authorities and jurisdictions, some of which 
have physical and geographical dimensions, some of which are 
bands of authority, like the ocean, which extend from our 
territorial sea out to the limits of the exclusive economic 
zone. We also do many of our sovereign border functions through 
analysis of data that facilitates trade and does targeting to 
understand based on manifests and so forth whether or not there 
is a threat that is coming into the country.
    I think as we move forward, we need to understand that we 
need to take the collective threat environment out there and 
look at the consolidated authorities and jurisdictions of the 
Department and whether or not that is a match.
    We have had the first Quadrennial Homeland Security Review 
(QHSR). That basically validated the budget priorities that 
were established when the Administration came in in 2009, which 
pretty much focused on terrorism, the border, disasters, and so 
forth.
    I think after 10 years we need to probably take a look at 
the fact of whether or not we got the legislation right to 
begin with, some of the confirming legislation about the legacy 
authorities that have moved over, and what do the aggregate 
authorities and jurisdictions of the components that have not 
significantly changed since the Department was created, and 
aggregated produce the right legislative base for the 
Department to move forward and meet these emerging threats as 
we look to the future.
    I think there is an opportunity to do that as we move to 
the second QHSR. That was my counsel when I was the Commandant 
of the Coast Guard. I know the Department is working on that. 
But I think we need to take a look at things like the cyber 
threat, the fact that resiliency involves not only natural 
disasters but the interface of the human built environment with 
the ever-changing natural environment, and take a new strategic 
view on how we approach the missions of the Department of 
Homeland Security.
    I see my time is up. I thank you for having me here this 
morning. I would be glad to take any questions you may have for 
me.
    Chairman Lieberman. Thanks very much, Admiral. Excellent 
and very helpful.
    Richard Skinner, welcome back. I am sure it has always been 
a pleasure for you to testify before the Committee.
    Mr. Skinner served as Inspector General (IG) of the 
Department of Homeland Security from 2005 to 2011 and was 
Deputy IG from the Department's inception in 2003 to his 
confirmation as IG in 2005. In both of those capacities, Mr. 
Skinner was enormously helpful to this Committee in carrying 
out its oversight responsibilities. He comes to us today as an 
independent consultant, and we welcome you.

   TESTIMONY OF HON. RICHARD L. SKINNER,\1\ CHIEF EXECUTIVE 
              OFFICER, RICHARD SKINNER CONSULTING

    Mr. Skinner. Thank you, Chairman, and it is good to be back 
and good to see everyone again, Senator Collins and Members of 
the Committee. And it is truly an honor to be here today. I was 
excited about the opportunity to testify today, and I am 
especially honored to be with such a distinguished panel here.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Skinner appears in the Appendix 
on page 168.
---------------------------------------------------------------------------
    I have worked with Admiral Allen over the years when I was 
the IG, and he is one of the leaders in the Department that I 
have always admired and respected, and I commend him for his 
service at the Coast Guard and all he has done for the Coast 
Guard.
    When we talk about Homeland Security and its failings or 
its shortcomings and its successes, we always tend to want to 
talk about the operational side of the house, that is, our 
border security, our transportation security, or our 
intelligence capabilities. And I think what is often overlooked 
are those functions that are supporting all of that, behind the 
scene, so to speak, and that is the management support 
functions, particularly financial management, acquisition 
management, IT management, and grants management.
    Those are the functions which, in my opinion and my 
experience at DHS, that constitute the platform on which the 
Department's programs must operate and are critical to the 
successful accomplishment of the Department's mission. Some of 
those challenges that were inherited, those management 
challenges that Admiral Allen hit upon, when we stood up, the 
management support functions were, in fact, shortchanged. We 
brought over all of the operational aspects of 22 different 
agencies, but we did not bring the management support functions 
to support those operations. And as a result, we have been 
digging ourselves out of a hole ever since.
    Now it has been 10 years. You would think we would have 
made more progress than we should have, and we have not. There 
are a variety of reasons for that, and a lot of it is cultural, 
a lot of it is budget issues, etc. But the Department is not 
where it should be as far as maintaining an effective 
management support operation to support its real mission in 
protecting our homeland.
    Financial management is a good example, and this has been a 
problem since we stood up in 2003. In 2011, the Department made 
some progress. For the very first time, it was able to get a 
qualified opinion on its balance sheet. It reduced its 
management weaknesses, I think from some 18 materials 
weaknesses to five. That is a significant accomplishment. But 
it is also unfortunate because the Department is not continuing 
to invest in taking its financial management systems the next 
step forward, and if it does not do that and if it does not 
invest in building an integrated financial management system, 
it is unlikely that the progress that it has achieved over the 
last 10 years, which has been slow, but that progress will not 
continue.
    The Department in 2011 decided to change its strategy for 
financial management or its Financial System Modernization 
Program. Rather than implement a department-wide integrated 
financial management solution, which we know it has tried twice 
and failed, they are now taking a more disciplined, and I think 
a very wise decentralized, approach to modernize its financial 
management systems at the component level. However, if we look 
at the 2012 budget, you will see that these initiatives have 
been curtailed, and as a result, they have been put on hold 
indefinitely. It is not now clear whether the Department will 
resume its modernization strategy, nor is it clear whether this 
new decentralized approach, if and whenever it is implemented, 
will ensure that the component financial management systems can 
generate reliable, useful, and timely information for managers 
to use to make informed decisions about their limited 
resources.
    Second, with regard to IT modernization, DHS and its 
components are still struggling to this day to upgrade or 
transition their respective IT infrastructure, both locally and 
enterprise-wide. There has been progress. I remember when we 
first stood up back in 2003, we did not even know how many IT 
systems we had. It took us 12 months just to do an inventory. 
And we found we had well over 2,000, many of them archaic, 
outdated, and actually useless. Within 2 years from the 
development of that inventory, I think DHS reduced its systems 
down to 700, and it has been reduced even further.
    So there has been progress, but integrating the systems and 
networks and capabilities to form a single infrastructure for 
effective communications--and I think someone hit upon that 
earlier today, how important it is that we can communicate on a 
real-time basis and exchange information still to this day 
remains one of the Department's biggest challenges.
    Program and field offices continue to develop IT systems 
independently of the chief information officer (CIO), and they 
have been slow to adopt the agency's standard information IT 
development approach. As a result, systems are not integrated, 
do not meet user requirements, and do not provide the 
information technology capabilities agency personnel and its 
external partners need to carry out critical operations in a 
timely, efficient, and effective manner.
    For example, earlier this week, I believe on Monday, the 
Office of Inspector General (OIG) reported that the IT 
environment and the aging IT infrastructure within CBP does not 
fully support CBP's missions. According to the IG report, 
interoperability and functionality of the technology 
infrastructure have not been sufficient to support the CBP 
mission's activities fully. As a result, CBP employees, 
particularly out in the field, have created workarounds or 
employed alternative solutions, which could hinder CBP's 
ability to accomplish its mission.
    Technical and cost barriers, aging infrastructure that is 
difficult to support, outdated IT strategic plans to guide 
investment decisions, and stovepiped system development have 
and continue to impede the Department's efforts to modernize 
and integrate its IT systems.
    Third, with regard to acquisition management, as we all 
know, those that were around here in 2003, we inherited such a 
large organization with close to a $40 billion budget, but we 
had a skeleton staff. We were spending about 40 percent of our 
budget at that time on contracts, very complex, large 
contracts, yet we had a skeleton staff to provide oversight and 
to manage those contracts. And, of course, as a result, a lot 
of things went south on us, as we know by SBInet, the TSA 
hiring program, the Coast Guard's Deepwater program, which has 
since been corrected. But the Department has recognized this. 
When I was the IG, I would like to point out that Secretary 
Napolitano and Deputy Secretary Jane Holl Lute both showed a 
genuine commitment to improve the Department's acquisition 
management functions and has been working very hard to do that. 
However, much work remains to fully implement those plans and 
address those challenges. Most notably, the Department needs to 
identify and acquire the resources needed to implement its 
acquisition policies.
    The urgency and complexity of the Department's mission will 
continue to demand rapid pursuit of major investment programs, 
as we all know. The Department will continue to rely heavily on 
contractors to accomplish its multifaceted mission and will 
continue to pursue high-risk, complex acquisition programs. To 
effectively manage those complex and large-dollar procurements, 
the Department will need to show a sustained commitment to 
improving its acquisition function, increase resources to 
manage those complex contracts, and engage in smarter processes 
to administer and oversee the contractors' work.
    Finally, I would just like to touch briefly upon grants 
management because this is something that we spend billions of 
dollars on year in and year out. I believe to date, since the 
Department's stand-up in 2003 through 2011, FEMA has 
distributed over $18 billion through the Homeland Security 
Grant Program. However, according to an OIG report that, again, 
was just released this past Monday, FEMA still does not have a 
system in place to determine the extent that homeland security 
grant funds enhance the States' capability to prevent, deter, 
respond to, and recover from terrorist attacks, major 
disasters, and other emergencies.
    According to the OIG, in their report that was released 
earlier this week, FEMA needs to make improvements in strategic 
management, performance measures, and oversight. Many of the 
States cannot demonstrate what progress they have made or what 
improvements have actually occurred as a result of these grant 
programs, and FEMA or the Department of Homeland Security 
cannot demonstrate how much safer we are today as a result of 
spending billions and billions of dollars over the years. That 
needs to change.
    I think that the Department has to develop performance 
metrics and start holding the States accountable. Without a 
bona fide performance measurement system, it is impossible to 
determine whether our annual investments are actually improving 
our Nation's homeland security posture. Furthermore, without 
clear, meaningful performance standards, FEMA and DHS lack the 
tools necessary to make informed funding decisions. In today's 
economic climate, it is critical that FEMA concentrate its 
limited resources on those threats that pose the greatest risk 
to our country today.
    It is evident that the Department's senior management are 
well aware of these challenges and are attempting to fix them, 
and they have actually made some headway. Does the Department 
have the resolve and wherewithal to sustain these efforts? The 
ability of the Department to do so is fragile, not only because 
of the early stage of development that the initiatives are in, 
but also because of the government's budget constraints and the 
current lack of resources to implement planned corrective 
actions. In today's environment of large government deficits 
and pending budget cuts, the new challenge will be to sustain 
the progress already made and at the same time continue to make 
necessary improvements.
    Unless the Department and Congress stay focused on these 
challenges, it will be harder than ever to facilitate solutions 
to strengthen the Department's critical management functions 
and ultimately to ensure the success of homeland security.
    This concludes my statement. I will be happy to answer any 
questions you may have.
    Chairman Lieberman. Thanks, Mr. Skinner. You two were very 
helpful and very direct. I appreciate it a lot.
    We will start with 7-minute rounds of questions for each 
Senator.
    It is striking, of course, and not surprising, I suppose, 
that each of you in different ways has focused on the 
unfinished work, the deficiencies in the management operations 
of the Department. There is a natural tendency, as one of you 
said, to focus on operations, and operations have gone pretty 
well; but unless the management functions are carried out 
efficiently, then the operation of the Department is obviously 
going to suffer.
    I thought you all were helpful in reminding us of the 
circumstances under which the Department took shape, which were 
quite hurried both because of the sense of threat that remained 
very much in the air after 9/11, but also just because of the 
time it took us to get it going.
    I have fallen into the habit of saying that this was the 
most significant change in our national security apparatus 
agencies since the end of the Second World War. Certainly 
together with 9/11 changes in the intelligence community it 
was. But we did them very quickly.
    So let me give you a chance just to give a quick answer on 
what you think, as this Committee and the Department go 
forward, are the most important things that the Department and 
we ought to do to improve the management functions of the 
Department. In other words, is it money? Is it personnel? Is it 
for some reason a lack of will to focus on management? What 
needs to be done? Mr. Skinner, do you want to start first?
    Mr. Skinner. Yes, it is a variety of issues, I think, that 
are holding us back. Of course, one of them is a resource 
issue. But we could have done a lot better job with the 
resources that we were given. We were given a lot of 
opportunities to make changes, and we did not take advantage of 
them, and we more or less were spinning our wheels, 
particularly in the areas of financial management. But it is 
also a cultural issue. The Department and its components need 
to come together and realize that for the good of the 
Department, for the good of the country, and for the good of 
the mission that they have been entrusted to perform, they have 
to start working better together. They are going to have to 
give up some of their turf, so to speak, and work in a more 
collaborative, cooperative, and integrated fashion. And I think 
that is one of the big things that is really holding everyone 
back, and this is particularly evident when we talk about the 
integration of our IT systems. Everyone agrees at the highest 
level it needs to be done, but when it gets down into the 
grassroots where it is going to affect our operations, that is 
where we start seeing pushback and the tendency of saying, 
well, no, I do not want to give up my systems to do this.
    Chairman Lieberman. Right.
    Mr. Skinner. We have to overcome that.
    Chairman Lieberman. And, not surprising, we watched that 
happen over the decades, really, in the integration of the 
Department of Defense, for instance. But what you are saying is 
that a lot of the components agencies--maybe all of them--have 
still maintained too much of an independent management 
structure, including something as critical as IT.
    Mr. Skinner. Yes, and the CIO--and I have issued reports, 
and I think I have testified previously on this topic--needs to 
be given the authority to ensure compliance and that components 
are entering into the department-wide domain with their IT 
enterprise reforms.
    Chairman Lieberman. So that is something you think we 
should do legislatively?
    Mr. Skinner. That is, I think, something that the 
Department needs to do internally. I think Admiral Allen stated 
in his testimony that there are three alternatives: One, top-
down; two, bottom-up; or, three, the least feasible would be 
external driven through legislation.
    Chairman Lieberman. Right.
    Mr. Skinner. But unless they do something--because now they 
are 10 years old. They are no longer infants. They are 
teenagers. Now they can comprehend what is right and what is 
wrong. So unless they start doing something to ensure that they 
are going to be moving in the right direction so that they can 
support its operations, then maybe external forces would have 
to be brought into play.
    Chairman Lieberman. Admiral Allen, let me bring you into 
this, because in your prepared remarks you focus on the need 
for improved unity of effort and operational coordination 
within the Department, and there is no question that was a main 
objective that we had in mind in the creation of the 
Department. So I wonder if you would talk a bit about what you 
think, if anything, we in Congress should be doing to promote 
or facilitate those efforts in the years ahead.
    Admiral Allen. Mr. Chairman, in regards to operational 
coordination and execution, there have been several attempts to 
establish a robust planning and execution system that takes 
place through the National Operations Center on behalf of the 
Secretary. One of the problems is it was kind of a come-as-you-
are department, and a lot of people stayed in the facilities 
where they were at in Washington, and there was a Balkanization 
of the facilities. There are a lot of command centers around 
town that are independent of the Department. FEMA runs the 
National Response Coordination Center at FEMA headquarters. 
There is a command center at Coast Guard headquarters.
    I am not proposing that we go to a joint structure like we 
have in the military. That is far too organized for the rest of 
the government to handle, quite frankly, but to create unity of 
effort, you need to have at a minimum a way to do planning and 
coordinated operations that are synchronized to have the 
Department fulfill the promise that was created in the Homeland 
Security Act, not only in the Department but, as you said in 
your opening remarks, to basically help coordinate that process 
across the Federal Government.
    At that point it comes down to two things. Representative 
Harman talked about the information intelligence analysis 
sharing that is necessary to create a common intelligence 
picture, but all this needs to come together at a fused 
operations center where all the agencies are represented to 
create that kind of unity of effort. And there was an attempt 
made to establish an operational planning and coordination cell 
up there. There was headway made into the fall of 2008, but I 
think that needs to move forward, and it is going to require 
the components to have to participate in that, to put some skin 
in the game, if you will, to have people up there that are 
actually working the problem set every day that can reach back 
to their components to create that unity of effort.
    Chairman Lieberman. I appreciate that answer.
    Congresswoman Harman, my time is running out, but would you 
want to add anything to that?
    Ms. Harman. Yes. I think the key is sustained leadership by 
the Secretary and the Deputy Secretary. You cannot legislate 
leadership, but they need to articulate what the focus of the 
Department is, and presumably Congress should support that 
articulation or participate in making it. But the Department 
cannot do everything equally well, and I would suggest that 
some of the functions should be narrowed, including the 
intelligence function. I think there is a huge role to collect 
information from all of the agencies inside the Department and 
fuse that information together. But I do not think the 
intelligence function at the Homeland Security Department needs 
to compete with the CIA or NCTC. I think those agencies are 
better able to do what they do. And as part of the other 
structure we set up, this joint command over 16 agencies, the 
homeland function in a more targeted way I think would be 
accomplished better. And there is an example of doing less but 
doing it in a much more effective way.
    Chairman Lieberman. Good. Thank you.
    Admiral Allen. If I could add a comment to Representative 
Harman's statement?
    Chairman Lieberman. Please.
    Admiral Allen. I think to strengthen the language between 
the Department and the Director of National Intelligence (DNI), 
there has been an ongoing discussion whether or not there needs 
to be a domestic intelligence management function that is 
resident in the DNI that could create that link. And I think 
that is something that really needs to be put in place.
    Ms. Harman. But it would be in the DNI.
    Admiral Allen. Right, in the DNI.
    Ms. Harman. It would not be in the Homeland Security 
Department. It would be a coordinating function.
    Chairman Lieberman. And, again, that is possible to do 
without statutory authority.
    Admiral Allen. Yes, it is, sir.
    Chairman Lieberman. Thank you. Senator Collins.
    Senator Collins. Thank you, Mr. Chairman.
    Congresswoman Harman, you have had extensive experience not 
just on the Homeland Security Committee in the House but on the 
Intelligence Committee, and I know you have continued your 
interest in homeland and national security at the Wilson 
Center.
    Our Committee, over the past decade, has held a variety of 
hearings to try to highlight possible vulnerabilities that our 
country has and how we should respond to them. In your 
testimony, you have pointed out that DHS has evolved and so 
have our enemies.
    One of the problem that I believe DHS has is figuring out 
what is the greatest threat and what resources should be 
concentrated on which threats. Is it a weapon of mass 
destruction smuggled into a cargo container coming into our 
seaports? Is it an act of bioterrorism? Is it cargo security? 
Is it homegrown terrorism? Which we have done a great deal of 
work on, at your suggestion, I might add. Is it a cyber attack?
    If you were Secretary of the Department, what would be your 
priority? What do you believe the Department's chief focus 
should be?
    Ms. Harman. That is a very hard question, and my first 
answer is it should not just be the Department's 
responsibility. It is a government-wide responsibility. We have 
coordinated our intelligence agencies under the Office of the 
Director of National Intelligence, and I think part of the 
answer to your question has to come from there. DHS has a role, 
but not an exclusive role. And as I mentioned, I think DHS is 
not in the prevention business, certainly not in the cyber 
prevention business, but it is much more in the consequence 
management business.
    So I think we have to keep in mind that our enemies, at 
least in this era of terror, are attacking us asymmetrically. 
They are looking for our weakest links. So if we announce we 
are focusing on three things, they will attack us in the fourth 
area. So I do not think that is a great idea.
    I think we just have to keep agile and keep looking. Cyber 
security is near the top or at the top of my list now--and I 
brought a prop. I thought you would be impressed. Today's 
Washington Post has an article about cyber risks, and there are 
these new gizmos that integrate everybody's information, and 
that just makes richer targets out of all of us, so this 
article says, and I actually believe it. So I think this is a 
place where the Homeland Security Department, if your 
legislation passes, should beef up its intelligence and 
prevention and consequence management capability. There is one 
issue.
    Another issue is I think lone wolves are the growing 
threat, people with clean records who are radicalized on the 
Internet, something I tried to work on when I was in the House 
and still care about.
    I think the bigger attacks are harder to pull off because 
we have been quite effective, and we have also decimated at 
least core al-Qaeda. That does not mean they cannot happen. And 
they might happen using ingredients inside our country. It is 
not always a border question. So, for example, something I have 
always worried about is some of the radiation materials in 
machines in hospitals which could be compromised and made into 
dirty bombs.
    So it is a huge problem, but we have to keep agile and 
understand how these people are coming at us.
    Senator Collins. Thank you.
    Mr. Skinner, I was interested when you described the gains 
made by the Department as ``fragile,'' and I think that is a 
good cautionary note to us. When I think back over the past 
decade of this Department, I can come up, off the top of my 
head, with numerous examples of failures in procurements: the 
SBInet program; the puffer machines at TSA; the problems with 
improper and fraudulent payments in the wake of Hurricane 
Katrina, which approached $1 billion and your office did so 
much work on; and IT projects throughout the Department--and 
the Department is not unique in this regard--that have failed. 
And you talked about some of those management failures and the 
importance of having a robust acquisition staff. But another 
important safeguard is having an effective IG, and you were 
certainly a very effective watchdog who brought to light a lot 
of those problems.
    Right now, the Department is without an IG, just an Acting 
IG. Could you share with us what qualities you think the 
Administration and this Committee should be looking for in a 
new Inspector General? And if you could also describe for us 
the scope of the office. This is not only a huge Department. 
Isn't the Office of the IG one of the biggest in the Federal 
Government?
    Mr. Skinner. Yes, it is. I think it is probably somewhere 
between the third, fourth, or fifth largest IG in the Federal 
Government. In my opinion, the next IG is someone who is going 
to require extensive executive experience with demonstrated 
leadership skills. This is not a place for training a leader. 
This is someone that should have already demonstrated their 
leadership abilities, and preferably someone that has some type 
of background or appreciation for audits, investigations, and 
inspections and who can provide the leadership and the vision 
for the office. Just like the Department, the IG has multi-
missions. Although it is just a microcosm of the Department, it 
does have multi-missions with regards to policy evaluations and 
with regards to financial audits. The background that we had in 
the old days--back in the 1950s and 1960s, I hate to say it, 
when I entered the government--was strictly financial. But now 
we have learned that you have to be able to recruit and 
motivate a whole wide range of people, people that are 
competent in doing policy evaluations, people that have 
engineering backgrounds, people that have public administration 
backgrounds. It goes way beyond just the audit and financial 
management. The individual who leads this organization should 
have demonstrated management skills and should have, I think, 
extensive executive experience.
    Senator Collins. Thank you. Thank you, Mr. Chairman.
    Chairman Lieberman. Thanks, Senator Collins. Senator 
Carper.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. Again, let me just reiterate our thanks to 
each of you, not just for being with us today but a lot of 
other days as well, and for your willingness to continue to 
serve our country in different ways.
    I just want to follow up, if I could briefly, on a point 
that Senator Collins was making. We play what I call 
``Executive Branch Swiss cheese'' from Administration to 
Administration. It is getting worse, not better. And 2 or 3 
years into this Administration, we still have gaping holes in 
major leadership roles because in some cases the Administration 
could not figure out who to nominate, but in many cases, when 
they did, it took forever to vet them, to go through the 
nomination process, and the confirmation process in the Senate. 
We have ended up with big problems in a number of departments. 
One of those is the acquisition side in the Department of 
Defense. In the Bush Administration we saw it. We saw it again 
in this Administration. And when you see major weapons system 
cost overruns growing about $400 billion--and having to go 18 
months with having a vacancy in the top watchdog position in 
the Department of Defense is just, I think, unthinkable.
    But I want to come back to the point that Senator Collins 
was making with respect to filling the position that you once 
held and performed admirably. I do not know that the 
Aministration is going to come back to us and say, well, this 
is who we think ought to be the person or the right kind of 
person to fill this role. You have given us some ideas what the 
Administration should be looking for, and they certainly make 
sense. But this has to be a priority, and I know it is 
something you care a lot about, and it is something we just 
need to work together with the Administration to make sure we 
get it done. Maybe this is one of those deals that we do and it 
gets done after the election. I do not know. But it is really 
important.
    These are great hearings, and I think it is unfortunate 
that more of our colleagues are not here, but I just want to 
thank you, Mr. Chairman, for providing these for us and for our 
staffs.
    At our hearing we had yesterday with three panelists, there 
was a fair amount of focus on cybersecurity and looking for a 
to-do list on cybersecurity. Actually what we are looking for 
was common ground with Senator McCain sitting to my left and 
Senator Lieberman over here, our Chairman, to my right and 
Senator Collins to see if the panel could give us some ideas of 
what we could do to define the 80 percent or the 70 percent on 
which we agree and do that this year and not waste more time.
    I really would like to ask--this is not a fair question, I 
suspect, for Mr. Skinner, but I think for Congresswoman Harman 
and for Admiral Allen, in terms of when you look at the 
different approaches between the two major bills here in the 
Senate, a bipartisan bill and the legislation that Senator 
McCain and others have worked on, where do we find the common 
ground? Give us some advice on how to meld these together in 
ways that make sense and get that done this year.
    Ms. Harman. Well, bring back the Big Four. That would be my 
first answer. But, unfortunately, I think the hangup is this 
debate that we keep having about the role of government. I 
think the argument that the better bill's sponsors make is that 
infrastructure has to be in the bill. If we are not protecting 
against cyber threats against critical infrastructure, we are 
not protecting the country. I am there. I think that is right. 
I do not think it is a Republican or a Democratic argument. I 
think it is a proper role of government to provide for the 
common defense. It is in the Constitution. It is an oath I took 
and you all still take. And if we are going to provide for the 
common defense, we have to protect our critical infrastructure. 
So I start there.
    I suppose if I were doing it, I would find any possible way 
to keep that in the bill, and then I would negotiate on the 
other stuff. I know that one of the issues that some of the 
outside groups are concerned about is how information is shared 
and about violation of privacy. But, of course, again, if we 
had a Privacy and Civil Liberties Oversight Board that was 
functioning, that could help us or help the government develop 
the regulations that would be appropriate to implement the 
cyber bill. But with no cyber bill, as Keith Alexander has said 
recently, ``Our country is extremely vulnerable, and those of 
us who have been briefed in classified settings on both 
offensive and defensive cyber understand the capability of this 
tool now.''
    And just one final point: Ten years ago, when we were 
setting up this Department, I do not think any of us was 
talking about this. I do not even know what capability existed 
then. Certainly there was cyber. And as this threat evolves, we 
have to evolve. This is a core requirement I think now for the 
Homeland Security Department, and it is overdue that some 
strong legislation should pass.
    Senator Carper. All right. Thank you. Admiral Allen, help 
us out.
    Admiral Allen. I think Representative Harman hit it right 
off the bat there. This is really a question about what is 
inherently governmental and what is the role of government. In 
a really complex regulatory environment, we always have these 
questions. I am sure the same questions were raised when the 
nuclear industry came about, and what should the private 
industry be doing and what should government be doing.
    We faced some of the same problems and challenges looking 
at port security right after 9/11. I will tell you this. We 
used to say if you have seen one port, you have seen one port. 
And I guess you could say if you have seen one sector, you have 
seen one sector. And when you go between the sectors, I think 
there is probably a different varying ability for the markets 
to clear this type of functionality and protect their assets. 
In other cases, there is not a market-driven reason to do that, 
and there is probably a valid role for government.
    I think what we probably need to do is understand what the 
standards and the performance are trying to achieve to secure 
the infrastructure and then apply those standards to each 
sector. That may produce a different outcome in each one, but 
at least there is a standard way to think about it and move 
ahead. And in some cases where there is not a market solution, 
there is inevitably a role for government. If there is a role 
for government, there is probably already a standing department 
that has the legal authorities to do that. It becomes a matter 
of execution and proper oversight regarding private citizen and 
personal information.
    We need a bill. I cannot urge you more strongly to get a 
bill out this year. Exactly where that line is on the role of 
the government from a harder regulatory stand that is requiring 
these audits and the development of covered assets that are 
covered in your bill, information sharing, and industry-led 
organizations, I think those are things that need to be worked 
in the Congress as a bill moves through. But I think a bill is 
necessary. There is a valid role for the government if the 
government is to play. That role is homeland security. We 
should build on what has already been done there, even if the 
progress we have seen to date has not been as significant as we 
think, but we should move to pass a bill.
    Senator Carper. All right. That is very helpful. There is 
some convergence here, actually a fair amount of convergence 
here in the views we just heard, and also with the panel that 
was here earlier this week. That gives me not just cause for 
encouragement but just strengthens my belief that we have to 
move.
    Mr. Chairman, I do not know if you are keeping a bucket 
list, a to-do list of things you want to check off before the 
end of the year. Clearly we want to finish postal reform. We 
have already spent plenty of time on that, and the House of 
Representatives continues to delay taking up legislation. We 
passed very good bipartisan legislation, not perfect 
admittedly, but instead of actually taking up a bill and 
passing it, they continue to delay it and the Postal Service 
loses $25 million a day. It makes no sense. I do not want to 
come back and have to deal with that next year. I am sure 
Senator Collins does not. I might not be back next year. You 
never know. But I hope to have a chance to serve with her and 
my colleagues for a bit longer.
    The other one that is just crying out to get done is 
cybersecurity. It is crying out to get done, and my hope is 
that we will do that.
    If I could, just one concluding thought. A lot of times at 
a hearing like this, during an exercise like this, we focus on 
the stuff we have not done well, the to-do list that still 
needs to be done. GAO still has management integration on their 
high-risk list for waste, fraud, and abuse. A lot of good has 
been done. There are thousands, maybe tens of thousands of 
people in this country that are still alive, unharmed, 
unmaimed, they have lives, jobs, families, and so forth because 
of the protections that are put in place, in no small part 
because of the work that has been done by the Department that 
we stood up 10 years ago. I think that is important to keep in 
mind.
    The other thing, I am a Senator, like some of you, who 
cares a lot about trying to make sure we figure out what works, 
as Congresswoman Harman said, and to make sure that we are 
spending taxpayers' money as cost-effectively as we can. We are 
looking at this fiscal cliff at the end of this year. We are 
going to have to figure out how to raise revenues. We are going 
to have to figure out how to spend more cost-effectively. One 
of the very encouraging things for me, as the guy who was 
involved, along with Senator Bill Roth years ago, in the 
creation of the Chief Financial Office and Federal Financial 
Reform Act of 1990, which said all Federal agencies have to 
have auditable financials. And lo and behold, Secretary 
Napolitano announced earlier this year, maybe late last year, 
they are going to be auditable way ahead of the Department of 
Defense. Finally the leadership we had been hoping for. And I 
think you cannot manage what you cannot measure, and I think we 
are making progress there.
    So there is some very good work that has been done in the 
last 10 years, and we need not lose sight of that. Thank you 
all.
    Chairman Lieberman. Thanks very much, Senator Carper.
    Just responding to your question, I do have a bucket list, 
and, as a matter of fact, I think I have engaged Senator Jon 
Kyl at least in the formation of a Bucket List Caucus, and I 
will tell you that at the top of the list is cybersecurity. And 
Senator Kyl is working very hard now with Senator Sheldon 
Whitehouse in a bipartisan effort to reach a meaningful 
compromise on the cybersecurity bill. But the priorities for 
the Committee I think are clearly cybersecurity and postal.
    Incidentally, just to say what I think all the witnesses 
know, but it cannot be said too much, just reflecting on your 
strong statements about the need to have a cybersecurity bill 
adopted this year--unfortunately there seems to be somewhat of 
a partisan divide on this question in Congress. Among those who 
have had responsibility for our national and homeland security 
across the last two Administrations--that is, the Bush and 
Obama Administrations--there is real unanimity of opinion that 
we have to adopt a bill, and I think I am not stretching to say 
that they support a bill like the one that came out of our 
Committee. So it is not just people in the current 
Administration and the President, but Secretary Michael 
Chertoff, Admiral Mike McConnell, who I believe is your 
colleague, Admiral Allen, at Booz Allen, and Stewart Baker. So 
I hope that will have an impact in helping us get over 60 votes 
in the Senate.
    Senator Carper. If I could just add quickly. Senator 
Collins, you, and I said to our respective leaderships on 
postal, the only way we are ever going to finish a postal bill 
is to get the bill on the floor, debate it, amend it, and vote 
on it. And I think the same is probably true with cyber. We 
have to get the bill on the floor. I am encouraged that the 
Democratic leader--and I hope the Republican leader--believes 
in that and during this work period, while we are here before 
August, will actually do that.
    Chairman Lieberman. Thank you.
    Senator Johnson, I was just thinking, as we referred to Cal 
Ripken, I would say you are the rookie with the most Cal 
Ripken-like record on this Committee, which I appreciate. You 
have really been very steadfast in your contributions here.

              OPENING STATEMENT OF SENATOR JOHNSON

    Senator Johnson. Well, thank you, Mr. Chairman, and thank 
you and Senator Collins for holding these hearings. For 
somebody new, these are extremely helpful. I am learning a lot, 
so thank you.
    And I would also like to thank the witnesses for your time 
and your testimony and also for all of your service to the 
country.
    As somebody new--I was not around here, you were--I would 
like to ask each one of you, what was the primary rationale or 
reason for establishing the Department. I want to go down the 
list. And if a previous answer is your answer, you can tell me 
the second one, but I also want you to acknowledge that was the 
reason. I will start with you, Congresswoman Harman. And, by 
the way, for the record, I want to say I smiled when you said 
that 90 percent of the work was done by the women on Fab Four. 
[Laughter.]
    Ms. Harman. I appreciate that.
    I remember the time vividly. We were all here on 9/11, and 
I was then a very senior member on the House Intelligence 
Committee, walking to the dome of the Capitol, which most 
people think was the intended target of the fourth plane that 
went down in Pennsylvania, so it focuses the mind. We had no 
evacuation plan here. We, unfortunately, closed these 
buildings. A huge mistake. We reopened them later in the day, 
but, nonetheless, it was terrifying, which is the point of a 
terror attack.
    At any rate, I felt--and I certainly know that Chairman 
Lieberman did--that our government organization was completely 
inadequate to the new set of threats, and we needed something 
different. We had missed clues, obviously. Two of the hijackers 
were living in plain sight in San Diego, and the FBI did not 
talk to the FBI internally and, of course, did not talk to the 
CIA, or we might have been able to find them and unravel the 
plot. So the goal was to somehow find a better way to put 
government functions together.
    As I mentioned in my testimony, many of us thought there 
was a simpler way to do this, but we embraced what President 
Bush proposed because we knew he would support that and we 
would get something done.
    Senator Johnson. Admiral Allen.
    Admiral Allen. Senator, the concept of a border security 
agency actually predates 9/11. There were discussions about 
trying to do something like this clear back in the Nixon 
Administration regarding border control on the Southwest 
Border. So the concept itself is not novel.
    As former Commandant of the Coast Guard and somebody that 
has worked with these agencies for nearly 40 years before I 
retired, the relationships between the Coast Guard, FEMA, 
Immigration, and Customs have never been better. FEMA is a 
better organization because they are in a Department with the 
Coast Guard, and the Coast Guard is a better organization 
because they are in a Department with FEMA. And I testified to 
that after Hurricane Katrina.
    I was also asked by Senator Frank Lautenberg one time, what 
was the best thing about the Coast Guard being moved out of the 
Department of Transportation, because he was our Chairman, 
moving to the Department of Homeland Security. At the time I 
said we got our appropriations on time. I am not sure anybody 
can say that anymore.
    There was an all-out bureaucratic war between the Coast 
Guard and Customs in the mid-1980s over who would do air 
interdiction and maritime interdiction in this country. It was 
internecine warfare and it was ugly. That does not happen 
anymore, and while there have been overlaps and things to talk 
about how we can coordinate better and create unity of effort, 
some of the bureaucratic struggles that I saw throughout my 
career have gone away.
    Senator Johnson. That was how many agencies? About five 
that you are talking about that you were originally thinking 
about?
    Admiral Allen. The original border security, that has been 
a discussion that has gone on for years. Sometimes it was just 
border focused.
    Senator Johnson. But of the 22 agencies, how many of 
those----
    Admiral Allen. I think originally they would be talking 
about Immigration, Customs, Coast Guard--the organizations that 
actually have a physical presence on the air, land, or sea 
domains and borders. But it had been something that had been 
discussed for quite a while.
    Senator Johnson. Mr. Skinner.
    Mr. Skinner. I agree with Admiral Allen. The whole concept 
of homeland security predates 9/11 actually. As a matter of 
fact, I think there was actually a bill that was introduced and 
it was closeted a couple years prior to 9/11. It was brought 
out and dusted off, and I think that started the ball rolling 
for getting the legislation that we now have through the 
Congress so fast.
    Quite frankly, the whole concept was to have unity of 
effort, to bring together the different functions within 
government so that they can work better together to not only 
protect or prevent another terrorist attack, but also to 
develop a resilience and an ability to respond and recover from 
a terrorist attack should one occur. So it brought together 
these different elements that would sit under one roof, one 
leadership, with one common mission, that is, to prevent, 
protect, respond, recover, and mitigate against not only a 
terrorist attack but also natural disasters.
    Senator Johnson. Here is my concern. My bias, having been 
part of a small company that got bought by a larger 
conglomerate and then demerged, I have gone through that 
merging process on a far smaller scale, I understand that, but 
I also understand that when you go into a larger organization, 
so much of your effort then is directed toward basically 
feeding the beast, trying to do all these things we are trying 
to do with integration, and I guess that is my question. Have 
we created something that is simply too big to manage? We have 
a Department now that is 200,000 people. It has $6.5 billion 
worth of overhead. And should we be taking a look at maybe 
splitting out some of those? Should we maybe demerge some of 
these into some different areas? I guess I always thought it 
was kind of breaking down the silos, information sharing, maybe 
take that back to the national intelligence level for that 
sharing. Is there a more intelligent way of potentially taking 
a look at this? These agencies were large bureaucracies to 
start with. Now we have made something even larger, and have we 
actually made it less effective?
    Ms. Harman. Well, on the front end, I think we bit off too 
much, but we made a tactical, political decision that, along 
with the President's proposal, this was the fastest, easiest 
way to get something to happen. There have been huge growing 
pains. It has been 10 years, and still some functions are not 
done well.
    Yes, I would recommend narrowing some of the functions. But 
I would be against rearranging the deck chairs again because I 
think that is an extremely painful exercise for any 
organization, and this one is finally, in many respects, 
becoming a cohesive organization. More leadership to integrate 
some functions that are still not integrated would be good. 
Sustained leadership in the next Administration would be 
excellent. But I think it has come a long way, and it really 
has served the function, by and large, of protecting our 
country along with oversight of Congress.
    If I had to pick an area to reorganize right this minute, 
it would be Congress. I think this Committee should have a lot 
more jurisdiction than it does, and that is true on the House 
side, too.
    Senator Johnson. Thank you.
    Admiral Allen. Sir, I think it is hard to disaggregate the 
inelegant conditions under which the Department was formed that 
I discussed earlier and the issues you talked about, about 
management, the size, the span of control, and so forth.
    We are going to have to get over the first part. It has 
been 10 years. The country expects the Department is going to 
start functioning better, and I think that is a mandate for the 
Department.
    I think, on the other hand, there is a leadership 
management imperative here that has not been exhausted yet, and 
I would support Representative Harman's comments there. I think 
we have an opportunity, as we move to a new Administration or 
continuity of the current Administration, to have a leadership 
management agenda that is focused on the Department, that takes 
care of the basic X's and O's of blocking and tackling. And I 
think until we have done that, we have not exhausted the 
potential for the Department.
    Mr. Skinner. Senator, I would like to also add that I agree 
wholeheartedly with Congresswoman Harman. This is not a time to 
rearrange the deck chairs. If you study the history of the 
creation of the Department of Homeland Security, you have to 
understand the environment in which it was created. It was a 
very emotional environment. This country was very upset with 
what happened on 9/11, at what happened in New York, here at 
the Pentagon, and also in Pennsylvania.
    This bill was pushed through very quickly, at a historic 
pace, and we were not given the opportunity to think it through 
so that we could prepare ourselves. We saw this at TSA when we 
stood that up, hiring all the screeners in record time, and as 
a result, we had to go back and redo a lot of that. But that 
environment in which we stood up created a lot of our problems 
when we did not think it all the way through. For example, I 
said earlier we shortchanged the management support functions 
when we stood it up. We brought in all the operations without 
the management support to back these operations.
    Senator Johnson. Let me just close with an interesting 
article that I read in Newsweek where basically Secretary 
Robert Gates was talking about when he came in, Secretary 
Donald Rumsfeld said there were 17 layers between his command 
decision and the implementation in the military. Now it is 30. 
That is not moving in the right direction in terms of 
efficiency, and that is my primary concern about the Department 
of Homeland Security as well.
    Mr. Skinner. Actually, the Department has reduced layers, 
because when it was originally stood up, the Secretary had the 
opportunity, and the President, with congressional approval, to 
reorganize, which they did, and they have actually removed 
layers. Now I think the layers that remain need to be 
empowered, particularly in the management support arena. The 
progress we have made to date I think is substantial. I do not 
think the Department does a very good job of marketing itself. 
It still has a long way to go. The biggest threat I think the 
Department has for its success right now is the budget 
constraints, the ability to sustain what they have already 
started and the ability to make the improvements they need to 
move forward and to address evolving threats.
    Senator Johnson. Thanks a lot. Thank you, Mr. Chairman.
    Chairman Lieberman. Thanks, Senator Johnson. That was a 
really constructive exchange.
    Senator Akaka, welcome. Senator Akaka is another Member of 
our retiring class who is characteristically involved in a very 
constructive way on our Committee's two priorities, which are 
the cybersecurity bill and the postal reform bill. So thank you 
for that, Senator Akaka, and it is your turn for questioning.

               OPENING STATEMENT OF SENATOR AKAKA

    Senator Akaka. Thank you very much, Mr. Chairman, and also 
I also want to thank Senator Collins for her efforts on this 
Committee and for holding this hearing to examine DHS, and also 
to discuss some reforms that can improve the efficiency and 
delivery of services of this Department for our country. So I 
want to thank you very much for this opportunity.
    I also want to take the time to thank the Federal workers. 
As you know, I have always been concerned about our human 
capital, and here it is, one of those situations where our 
Federal workers have responded, and I want to thank them for 
their response, called to service since September 11, 2001. And 
so here we are now examining what has happened and how we can 
improve it.
    I would like to ask Congresswoman Harman, your written 
testimony notes improvements of the DHS Privacy Office and an 
urgent need to stand up the Privacy and Civil Liberties 
Oversight Board. I strongly agree. As you know, dramatic 
technical advances in the past decade allowed DHS to obtain and 
use Americans' personal information in new ways.
    What are the key privacy challenges that DHS will face in 
the future? And is the Department really equipped to address 
these challenges?
    Ms. Harman. Well, thank you for that question, Senator 
Akaka. And, by the way, life outside of Congress is quite 
sweet. I want to assure you and Senator Lieberman that I am 
really OK and enjoying my life.
    On this, I watched carefully as the Department developed, 
and I have seen progress and good effort in the privacy 
protection area. So I do not want to be critical. What bothers 
me as a more general matter is the absence of people inside the 
Executive Branch as policy is formulated there, as regulations 
are developed or new actions are contemplated, who say, wait a 
minute, there is another way to think about this or there are 
more things to think about. As I have often said--in fact, 
Benjamin Franklin said it first, I am sure, better than I am 
going to say it--security and liberty are not a zero sum game. 
You either get more of both or less of both. You have to factor 
them both in on the front end. If you think of them as a zero 
sum game and we have threats against us, then we are going to 
basically shred our Constitution. None of us wants to do that. 
And if you, alternatively, just punt, then after we are 
attacked, we are definitely going to shred our Constitution. 
Bad idea.
    So my basic point is we need advocates all over, in the 
right rooms, at the right time, as the Executive Branch 
contemplates security actions. What DHS is doing inside of DHS 
is pretty good, although I have seen some problems. They relate 
to what information is collected, how long it can stay there, 
and who has access to it--the usual stuff like that. But, 
again, I think the others here, maybe Mr. Skinner, more than 
any of us, can answer whether the systems are working.
    But I saw a couple of things there that I was able to stop. 
One of them was the National Applications Office (NAO). It was 
going to task satellites, basically our defense satellites, to 
accomplish certain homeland security missions over the 
continental United States, and that worried me because I did 
not think the guidelines were specific enough. And what ended 
up happening was NAO, I think, was discontinued, which I 
thought was a very good outcome.
    Senator Akaka. Thank you, Congresswoman Harman. This week 
the National Journal poll released information that almost two-
thirds of respondents said that the government and businesses 
should not be allowed to share cybersecurity information 
because it would hurt privacy and civil liberties. You also 
note in your testimony the need to protect personal information 
in the event of a cyber attack.
    Will you please discuss the importance of including robust 
privacy and civil liberties safeguards in any cybersecurity 
legislation considered on the Senate floor?
    Ms. Harman. I think it is very important. What the final 
version of the legislation should look like I do not know. But, 
again, it is the same point, that security and liberty are not 
a zero sum game. We have to think about how to protect 
information as we also are blocking access by either business 
interests that are stealing information or government interests 
that pose, I think, a grave threat to all of the dot-mil, dot-
gov, and dot-com space. These are serious tools, and the point 
of cybersecurity legislation, obviously, is to protect our 
personal information, but also our government secrets. So that 
is the point of the legislation. But individuals should not be 
forced by the legislation to share data that it is unnecessary 
to share.
    So it is complicated. I just have to look at the specific 
language. But I think the bill authored by Senator Lieberman 
and Senator Collins is closer to what I think would keep our 
country safe and protect our critical infrastructure.
    Senator Akaka. Thank you, Mr. Chairman.
    Chairman Lieberman. Thanks very much, Senator Akaka.
    If the witnesses have time, I have just one more line of 
questions, a little bit different than we have focused on, and 
it builds on yesterday's hearing when we discussed with the 
experts an interesting, in some ways unsettling range of 
potential future homeland security threats. And I wanted to ask 
you what your assessment is of the current capabilities within 
DHS to assess and identify future threats and then obviously to 
take actions to address them, and if it is not adequate, what 
we might do about it. And I do want to go down the road, and, 
Admiral Allen, as you well know, the Coast Guard has an 
internal futures planning initiative called Project Evergreen, 
and I would like you to talk about that and how it might 
relate, if it does, to DHS overall.
    Congresswoman Harman, do you want to begin that? Is there 
within DHS the capability to accurately, or adequately anyway, 
anticipate changing threats and respond?
    Ms. Harman. I think I am least qualified on this panel to 
answer that because I have not been in the operating mechanism 
of the Department. But I think it is uneven, would be my 
answer. I think some threats are better understood than others. 
And as I mentioned in my answer to Senator Collins, if we give 
a pat answer to that question, then the bad guys will somehow 
plan around us. We cannot do that. We have to be ever agile and 
reassessing that all of the time.
    But I do not think most of the planning mechanisms are that 
good. The ones I have seen that I like the best have to do with 
airplane and airport security, which I think work very well. 
And we authored legislation, Senator Collins and I, on port 
security, which involves--and obviously Admiral Allen knows all 
about that--pushing borders out and layers of protection. And I 
think that one works pretty well. But I do not know how to 
answer that across the whole range of threats.
    Chairman Lieberman. Good enough. Admiral Allen.
    Admiral Allen. Yes, sir. To answer your first question, 
about 10 years ago or 12 years ago, the Coast Guard initiated a 
project called the Longview Project, and this was trying to 
look strategically into our future using alternative scenario 
planning, which is a planning method the Royal Dutch Shell 
Company had put in about 20 years ago, a leading consultative 
method to try and figure out what you should do to plan for the 
future. To summarize it, you get your senior leaders, you look 
at the consequential trends that are out there, and you develop 
alternative worlds that you might see. And then you reduce that 
to the four or five highest risk or most consequential. Then 
you isolate teams, and they come up with strategies on how you 
would cope with that world. And they do not talk to the other 
ones.
    When you bring them back in, you compare what they all 
said, and if you have five very different worlds, of the 10 
strategies they come up with each world, three or four of them 
the same--those are robust, apply to a variety of threats, that 
is something you should probably look at as you try and look at 
your own capabilities and competencies.
    The Coast Guard is on its third or fourth iteration. We 
termed it the ``Evergreen process'' because our goal was to 
regenerate it about every 4 years. It has been extremely 
helpful to us. When I became chief of staff of the Coast Guard 
after 9/11, I actually graded our performance on 9/11 against 
what we thought was going to happen when we did not know the 
events in New York were going to occur, and there were 10 
things that we said we should do. We did six or seven of them. 
The three that we did not do would have helped us had we done 
them. And my response was from that old management book, ``Who 
Stole My Cheese?'' What would you do if you were not afraid? 
And we thought it was very insightful.
    Regarding the larger question, what I said in my written 
testimony--and I will try and summarize it succinctly here--you 
cannot stand at a port of entry and view homeland security and 
say, ``What is it I should do?'' You cannot stand at a 
screening line either in the country or in Dublin and say, 
``What should I do regarding airline passengers?'' I think we 
need to understand that we have both a physical and a virtual 
dimension of our borders where we need to carry out sovereign 
responsibilities. And for ease of explanation, what I usually 
say is we have air, land, sea, and actually a space domain, and 
they are all surrounded by cyber. And through those domains we 
have flows of things we need to be concerned about.
    Deputy Secretary Lute has a good way of saying it. We need 
to interrupt the supply chain of trouble. And the things that 
flow through those domains are things like people, cargo, 
conveyances, but it is also weather, germs, electrons, and 
money.
    I think what we need to start understanding is, 
notwithstanding the components and their individual authorities 
and jurisdictions, as I alluded to earlier, at the departmental 
level, in both principle as well as policy and operational 
planning and coordination, how do we sense those domains and 
those environments? What is passing through them? What 
represents the threats in those domains? You can almost look at 
a portfolio and you can start making tradeoffs based on risk of 
where you need to put resources, including redeploying 
workforces on the Southwest Border, redeploying maritime 
forces, heightening threat levels in advance of a national 
security event, and so forth. It requires, in my view, to step 
back and view the homeland security enterprise radically 
different than the collection of the authorities and 
jurisdictions of the components.
    Chairman Lieberman. Thank you for that. You give us a lot 
to think about. Mr. Skinner, do you have a reaction to the 
question?
    Mr. Skinner. It would be hard to add to what he just said.
    Chairman Lieberman. That was a pretty good answer.
    Mr. Skinner. It certainly was. As the IG, I do recall doing 
some reviews with the Department, particularly in TSA and CBP. 
We were always looking for emerging threats because they knew 
if they shut down one lane, they would find other avenues to 
smuggle contraband or illegal items onto airplanes or through 
our borders. So I know that from a stovepipe perspective we 
were always looking at what are they going to do next now that 
we have identified this technique.
    As far as strategic planning and strategic assessments of 
what our threats are, I am not aware of that occurring within 
the Department, but that does not mean that it is not 
occurring.
    Finally, I would just like to make the point that when we 
talk about evolving threats, this is not just a DHS 
responsibility. This is a governmentwide responsibility.
    Chairman Lieberman. Right.
    Mr. Skinner. And we have to rely heavily within the 
Department on what is going on outside government, and I think 
Admiral Allen put it very well. It is the intelligence that we 
garner, dealing with what is going through our systems or what 
is happening inside that cyber circle. So people who have those 
expectations saying this is solely a DHS responsibility--I 
think it would be misleading or a big mistake just to focus on 
DHS.
    Chairman Lieberman. Yes, I agree. I just want to come back 
and ask you a final question, Admiral Allen, about that 
exercise you went through with the Coast Guard. I assume you 
were looking at a lot of factors that might not to the 
immediate observer seem like they were relevant to the Coast 
Guard function. In other words, it seems to me that one of the 
things I would hope that DHS does is look at worldwide 
demographic trends. I also mean, of course, with regard to 
natural disasters, environmental, or meteorological trends. But 
I also hope they think about the terrorism threat, what is 
happening out in the world that we may not be thinking about 
now that, nonetheless, could--or what is happening in the 
technological world that may be converted to a weapon against 
us, as you know, planes and cyberspace have been.
    Admiral Allen. That is what we try to do, sir. One of the 
scenarios was you try and drive at the polar extremes. One is 
globalization where financial markets drive to the point where 
it starts to question the value of nation-states. The other one 
is a pandemic that basically goes global and redefines socio-
political boundaries and implications related to that, or 
natural disasters. And what you do is you try and bring your 
leaders in and try to understand which one of those are most 
consequential or impactful or provide the greatest risk. And 
you can talk about it from an agency standpoint.
    There was a project called Project Horizon where the State 
Department tried to do this on an interagency basis about 10 
years ago.
    Chairman Lieberman. Yes.
    Admiral Allen. But it really never got the traction inside 
the government. It is a useful project. It requires some 
investment in time. It requires some championship at the 
leadership level. But it also allows you to learn about some 
junior and mid-grade people that take part in these things as a 
leadership grooming process. There are current admirals in the 
Coast Guard that I first met as lieutenants in these work 
groups talking about what they thought might happen in a port 
after a weapon of mass destruction event. You were able to see 
these people being very thoughtful and very resourceful in how 
they bring their thinking to the problems.
    Ms. Harman. Senator Lieberman, could I just add one thing?
    Chairman Lieberman. Yes, ma'am.
    Ms. Harman. As we think about these big, huge threats or 
potential catastrophic threats, it is still important to drill 
down on the smaller threats. Senator Collins mentioned the 
underwear bomber who was unable to detonate--good news--a bomb 
that was external to his body. Now the worry is that tradecraft 
has evolved so that there can be internal bombs. Much like 
human mules carrying drugs, that will evade some of our 
detection systems. And at that level, I think we need very 
sharp focus because I think that things of that kind are going 
to continue to happen. There is one particular bomb maker in 
Yemen--who seems to be the ace bomb maker of all time--who 
still is alive and well and doing this. Maybe there will be 
others, and maybe there will be others in this country. So it 
is not just a question of borders. It is a question of very 
smart, focused thinking about what these people could do next.
    Chairman Lieberman. Good point.
    Admiral Allen. You mentioned technology, Mr. Chairman. I 
think when you look at the advances in nanotechnology, mass 
computation in smaller areas, battery technology, and things 
like that, you start creating the art of the possible and ways 
where threats can be applied in different ways. So I think 
there is a technological thing that we have to keep our eye on.
    Chairman Lieberman. Yes, I agree. This is a tall order, but 
investing a little bit in this kind of future thinking out of 
the box for right now probably would save us a lot in the years 
ahead. Thank you very much. Senator Collins.
    Senator Collins. Thank you, Mr. Chairman.
    Admiral Allen, it was very helpful to hear from you some of 
the problems that existed prior to the Department of Homeland 
Security's creation to remind us that it is not as if all these 
agencies were working cooperatively before they were brought 
together and somehow bringing them together made them not work 
as well.
    Nevertheless, as I was reading your testimony, I could 
sense a certain frustration with how the Department could be 
functioning better. For example, you talk about a lack of 
uniformity, comparability, and transparency in budget 
presentations across the Department. You say that the 
Department has struggled to evolve in operational planning and 
mission execution coordination capability. And you say in your 
conclusion, ``Something has to give.''
    What do you believe needs to be done to solve some of the 
problems that you illustrated in your written testimony?
    Admiral Allen. If I could, as I did in my written 
testimony, I would like to divide it into two answers. One 
involves mission execution, and one involves mission support. I 
used to tell the people that worked for me in the Coast Guard, 
``If you go to work every day, you either execute the mission 
or you support the mission. And if you cannot explain what you 
are doing, we made one of two mistakes. Either we have not 
explained your job or we do not need your job.'' So I would 
like to give you two answers.
    On the mission support side, let us go to appropriations, 
because I think you hit the place where there is discretion to 
do something.
    We moved components into the Department with different 
appropriations structures from the legacy departments. And you 
are all familiar with this. I am talking about the 
appropriations level, the project, program, and activity levels 
that create the firewalls which you need to reprogram between 
and how you represent personnel costs, operating costs, capital 
investment costs, IT costs, and so forth.
    Right now, because of the way the budgets were formed in 
the legacy departments, you cannot put the budgets side by side 
and look at comparability on personnel costs, salaries, 
operations and maintenance, and capital investment. There are 
two sides to this. The Administration needs to put forward a 
budget that has comparability in the way the numbers are 
presented, and the Appropriations Committees are going to have 
to understand that there is going to have to be some 
flexibility to put this together where we have a comprehensive 
and understandable basis by which to us how we are funding the 
Department and the costs associated with that.
    That is something that does not need any legislation. That 
is a management activity both in the Department, at OMB, which 
plays a big part in this, and on the Hill.
    One key thing regarding this is the requirement in the 
Homeland Security Act to have a Future Years Homeland Security 
Plan like the Future Years Defense Plan. We have never realized 
that. There are a lot of forces inside the Office of Management 
and Budget that do not want to commit to a 5-year projection, 
but this really kills capital investment and acquisitions 
management. We have breaches in acquisition programs that are 
budget-induced, but you do not see that because there is never 
an open discussion about having a sustained, consistent 5-year 
capital budgeting plan.
    On the mission execution side, it has everything to do with 
unity of effort, which is undergirded by operational 
coordination and planning. If you talk about the threat 
environment that I discussed and all the different domains, 
that is hard to do at a component level. But we need to create 
the capacity and the competency at the departmental level to be 
able to look at this thing as a portfolio and to talk about 
future cases, to look at how do you trade off what can pass 
through those domains--germs, electrons, money, people, 
conveyances, and so forth.
    We have to create the capacity to be able to discern the 
important few from the many that are out there that they have 
to deal with every day. And we have to create the capacity and 
the capability to do that close to the Secretary so the 
Secretary can be consequential in the planning and the 
execution of ongoing operations, then export that competency 
with credibility across government.
    Senator Collins. Thank you.
    Mr. Skinner, you talked about how the Department initially 
had, I think it was 2,000 different IT programs and that had 
been narrowed down, but there are still many different IT 
programs operating within the Department. And I was thinking 
when Senator Johnson was talking about the tension between 
being part of a great big organization versus a smaller 
organization, which can be more efficient and effective, that a 
fundamental issue that has never really been answered about the 
Department has to do with the amount of authority at the 
Department level, the Chief Information Officer (CIO), the 
Chief Financial Officer (CFO), Chief Acquisition Officer, all 
of those positions should have.
    What is your view on that? Should the Secretary-level 
positions have authority over the component agencies in the 
area of information technology, for example?
    Mr. Skinner. If you go back and look at some of the work 
that we have done over the years, we have always had concerns, 
first, that the CFO did not have the appropriate authorities to 
compel the components to follow certain guidelines or to 
perform in a manner in which the Department or the Secretary 
had envisioned. Second, I had reported and made recommendations 
that the CIO did not have sufficient resources in the Office of 
the CIO. And the same holds true with the Chief Financial 
Officer. We have studied and made recommendations that the 
Chief Financial Officer as well be given additional resources 
and authority to ensure compliance at the component level.
    One of the things I would like to add is that because when 
we stood up and the components were brought together, they 
retained their authority, oftentimes because it was the 
environment in which we were living, and it was a very 
emotional environment--expectations were too high. We thought 
now that we have the Homeland Security Department, all of our 
problems are going to be solved. Well, we knew that was not 
going to happen, but the public did not know that, and the 
media took advantage of that. And, second, it was that the 
mission demands that were put on us at that point in time in 
our history trumped good business practice, because we were 
hearing we expect this to happen, we expect to secure our 
borders, stop illegal immigration--everything had to be done 
yesterday, and that trumped good practice. We made a lot of 
mistakes, and I think we have learned from that. The dust has 
settled. Now we are able to analyze exactly what we have done, 
what lessons were learned, and where we want to go. Now it is 
just a matter of getting the resources and authorities to get 
it done.
    Senator Collins. Thank you. Admiral Allen.
    Admiral Allen. Coming back to Senator Johnson, because your 
analogy to the business world, and I understand it, you have 
every right to ask that question. This was probably done 
without due diligence.
    Chairman Lieberman. Thanks, Senator Collins.
    I want to give Senator Johnson and Senator Akaka a chance 
to ask questions if they have more. Congresswoman Harman, I 
understand you may have to leave soon. If you do, we will 
understand--and still love you.
    Ms. Harman. Is that a hint?
    Chairman Lieberman. No. I do not think I have ever said 
that to a witness before. [Laughter.]
    Ms. Harman. Well, thank you, Mr. Chairman. I love you, too.
    Chairman Lieberman. Thank you.
    Ms. Harman. If it is one more round of questions by two 
people?
    Chairman Lieberman. Just Senator Johnson and Senator Akaka.
    Ms. Harman. Yes, I would be happy to stay.
    Senator Johnson. Just a quick one. When we were talking 
about cybersecurity yesterday, I was asking about, again, the 
priorities of what needed to be done, and I really came away 
from that as the first thing is we have to set the standards. 
So I just want to quickly ask all three of you: Who do you 
believe is best capable of setting the standard on 
cybersecurity?
    Ms. Harman. I think the technical expertise on 
cybersecurity is in the NSA and should remain there. They are 
best at it.
    In terms of being the public face to do the cybersecurity 
work that is especially not in the dot-mil and dot-gov space, I 
think the Homeland Security Department has to do it, implement 
it. But I do not think it should try to re-create the technical 
expertise of the NSA.
    Admiral Allen. I think there is a role for government in 
oversight of the standards. If I could give you an analogy, the 
blowout preventer that failed in the Deepwater Horizon spill 2 
years ago was built to industry standards, but was not subject 
to independent third-party inspection mandated by the 
government. It is now. So I think we need to understand what 
the role of government is and how we produce the effect. I 
think there should be oversight. I think it is logical it 
should be in the Department of Homeland Security. How you 
evolve the standards can be part of how the legislation is put 
together, but that has to be affirmed, there has to be 
accountability, and somebody has to be able to act on behalf of 
the American people.
    Senator Johnson. Thank you. Mr. Skinner.
    Mr. Skinner. I believe it is going to be a collaborative 
effort. I think NSA plays a major role. I also believe the 
National Institute of Standards and Technology (NIST) plays a 
role, and the Department of Homeland Security plays a role as 
far as establishing standards. And those standards are not 
going to be set in stone. They are going to evolve over time 
because cybersecurity is evolving over time.
    And as far as providing the oversight at least on the 
domestic side of the house, I believe that should rest within 
the Department of Homeland Security. That is a logical home for 
it.
    Senator Johnson. Those were very government-centric 
answers. Is there any role outside in terms of the private 
sector in terms of the service providers and that type of 
thing?
    Admiral Allen. If I could just add, I think that is a 
performance outcome. My basic training in public administration 
is in executive, legislative, and regulatory management. I 
worked in the regulatory field for a couple of decades. One of 
the things we have to watch out for is we do not get this into 
a rulemaking process that takes 10 years. That just cannot 
work. So whatever we do that involves government has to break 
the paradigm to bring the best of the private sector and get to 
a conclusion. What we want is a violent attack of sanity. The 
question is how to do it.
    Ms. Harman. And if I could just add, as Senator Collins 
said, 85 percent, I think, of our capacity is in the private 
sector, and the private sector in this area is much more agile 
than the government sector. So this has to be a collaborative 
effort. I thought you were asking about the standard setting. 
Yes, the legislation should set the standards or set up the 
process to set the standards. The point I was making is that 
inside government, our technical competence on this is at the 
NSA.
    Senator Johnson. Thank you. Thank you, Mr. Chairman.
    Chairman Lieberman. Thank you, Senator Johnson. Senator 
Akaka?
    Senator Akaka. Thank you very much, Mr. Chairman. I know 
time is valuable to the Congresswoman, and I just want to say I 
do not have any more questions for you if I am the last here, 
meaning you can leave if you need to.
    Mr. Skinner, I want to say that we have a great panel of 
leaders and experts here today, and we are fortunate to have 
you. Mr. Skinner, as you noted in your written testimony, DHS 
has relied heavily on contractors since its inception, in 
particular in service contractors working side by side with 
Federal workers. I have worked closely with the Department on 
its efforts to right-size its Federal employee-to-contractor 
mix.
    Does the Department currently have the right Federal 
employee-to-contractor balance to achieve its mission in the 
future?
    Mr. Skinner. I can only say at the time of my retirement, 
no, it did not. But at the same time, I was aware of the 
initiatives to bring that right balance, and I have been 
reading reports and observing what is going on within the 
Department. I am still emotionally attached, even though I am 
retired. And I see that there is progress being made there.
    But, nevertheless, there is still an imbalance. I know 
recently the Coast Guard has made tremendous progress in 
bringing in in-house employees to do what was inherently 
governmental jobs instead of relying on contractors. But at the 
same time, they still do not have--and this is as recently as 
maybe 2 to 3 months ago that I read this--sufficient resources 
to complete their mission. So they are still relying on 
contractors to do what they would like to be doing themselves. 
But there is a very concerted effort, and I think this has been 
at all the components as a result of the leadership that I have 
seen Secretary Napolitano and Deputy Secretary Lute bring to 
the acquisition management process.
    Senator Akaka. Admiral Allen, as you know, the Department 
has worked very hard to improve its strategic human capital 
functions. However, DHS still faces challenges in implementing 
its department-wide workforce objectives and goals, such as 
improving employee morale and retention.
    What are the most pressing challenges facing the DHS 
workforce? And how do we address them going forward with DHS?
    Admiral Allen. Thank you for the question, Senator. I have 
provided the staff with a statement I made, and they can 
provide it for the record.\1\ In March, I testified before 
Representative McCaul's subcommittee, the House Homeland 
Subcommittee on the Partnership for Public Service rankings and 
morale at the Department. There is a more extensive discussion 
on that there. I will try and highlight some of the issues 
here.
---------------------------------------------------------------------------
    \1\ The testimony referenced by Admiral Allen appears in the 
Appendix on page 186.
---------------------------------------------------------------------------
    Some of the issues derive from the nature by which the 
Department was formed that I have talked about. Let me hit 
those real quick because they are technical, and then I will 
get to the other ones, which I think are equally important.
    I will give you a good example. When the Immigration and 
Naturalization Service went away and we formed Immigration and 
Customs Enforcement (ICE) and the CBP, we recombined two 
different workforces that came from two different departments 
with different appropriations structures, different pay/benefit 
structures, different work rules, and different grade 
structures. The ability to try and estimate salaries in that 
environment continues to be a problem today in CBP, plus a lot 
of their salaries are funded by, I think, five or six different 
fees that are legacy fees from Agriculture, Immigration, and 
Land Border Entry. That is a pretty difficult environment to 
try and manage and create a human resource program and 
adequately address and estimate salaries.
    The implications of that is there is not enough money, they 
have to do things in the middle of the year, employees know 
that, and it affects morale. So I think fixing some of these 
structural issues will have a salutary effect on the workforce, 
in my view.
    Now, separate from that, on the discussion of morale of the 
Department, what I said in my previous testimony was morale is 
not something that you mandate or set out as a goal and 
achieve. Morale is a by-product of performance in the 
workplace, where employees feel they are empowered and have the 
right tools and understand that their leadership are doing the 
things that are going to enable them to be successful. When you 
have that, you have morale. And so I think what the Department 
needs to do is put the conditions in place which improve the 
performance that we have talked about here today, and I think 
morale becomes a natural by-product of that.
    I think we need to understand people do not leave 
organizations. They usually leave bad bosses. So I think there 
is an imperative on leadership training in the Department. 
There is a DHS fellows program. They have just established a 
Department of Homeland Security capstone program for senior 
executives. We now have a leading edge program for executives 
across the Federal Government.
    I believe there ought to be some leadership development 
programs that are created, fenced off in the budget to become 
programs of record that do not require the people that are 
managing these programs to go hand to hand every year and try 
to deal with reprogrammed funds or what is left over at the end 
of the year.
    Senator Akaka. Well, thank you very much for that.
    I would like to finally ask Mr. Skinner, in particular, it 
seems as though we have had morale problems, for instance, in 
TSA. The turnover there is great and has been, and it seems as 
though it is a part of DHS where the workers have problems.
    Can you make any expressions on that and the problem and 
the challenges that we face in particular in TSA?
    Mr. Skinner. Senator, this is something I have never 
studied with regards to TSA. I was well aware of the turnover 
issues there, and we did discuss this with the TSA 
administrators when I was there in private meetings.
    One of the problems that we have observed with regards to 
TSA is just the pure nature of its work. It is very tedious, 
hard work, and people's expectations when they take these jobs 
are not always met.
    Second, when you talk about the leadership, this is the 
leadership up and down the chain of command. At the individual 
airports themselves there was oftentimes a lack of leadership, 
and people's expectations of their leaders were not being met. 
But to actually come up with empirical information or a 
conclusion as to why there is a high turnover rate, at least 
when I was the IG, we had never completed a study in that area.
    Senator Akaka. Thank you. Thank you very much, Mr. 
Chairman.
    Chairman Lieberman. Thanks, Senator Akaka.
    This has been a very productive morning. I want to thank 
the three witnesses. Each of you in different ways has given 
great service to our country, and if I may say so, I think you 
added another step in that direction by both your prepared 
testimony, which was very thoughtful and will be part of the 
permanent record, and by your testimony this morning. You have 
given the Committee a lot to think about. I think you will give 
the new Committee leadership in the next session a lot to think 
about. And, frankly, I think you will give both the current and 
new leadership of the Department an agenda for action to 
continue what has been a first decade of real progress, but 
obviously a lot of work to be done.
    Senator Collins, do you want to add anything?
    Senator Collins. I just want to add my thanks to those of 
the Chairman. I have enjoyed working with all three of our 
witnesses over the years, and it is terrific to have them back 
today to share their extraordinary experience and insights with 
our Committee. So thank you all.
    Chairman Lieberman. Thank you.
    So the record of the hearing will remain open for 15 days 
for any additional statements or questions. Again, thank you 
very much.
    The hearing is adjourned.
    [Whereupon, at 12:17 p.m., the Committee was adjourned.]


                            A P P E N D I X

                              ----------                              

[GRAPHIC] [TIFF OMITTED] T6059.001

[GRAPHIC] [TIFF OMITTED] T6059.002

[GRAPHIC] [TIFF OMITTED] T6059.003

[GRAPHIC] [TIFF OMITTED] T6059.004

[GRAPHIC] [TIFF OMITTED] T6059.005

[GRAPHIC] [TIFF OMITTED] T6059.006

[GRAPHIC] [TIFF OMITTED] T6059.007

[GRAPHIC] [TIFF OMITTED] T6059.008

[GRAPHIC] [TIFF OMITTED] T6059.009

[GRAPHIC] [TIFF OMITTED] T6059.010

[GRAPHIC] [TIFF OMITTED] T6059.011

[GRAPHIC] [TIFF OMITTED] T6059.012

[GRAPHIC] [TIFF OMITTED] T6059.013

[GRAPHIC] [TIFF OMITTED] T6059.014

[GRAPHIC] [TIFF OMITTED] T6059.015

[GRAPHIC] [TIFF OMITTED] T6059.016

[GRAPHIC] [TIFF OMITTED] T6059.017

[GRAPHIC] [TIFF OMITTED] T6059.018

[GRAPHIC] [TIFF OMITTED] T6059.019

[GRAPHIC] [TIFF OMITTED] T6059.020

[GRAPHIC] [TIFF OMITTED] T6059.021

[GRAPHIC] [TIFF OMITTED] T6059.022

[GRAPHIC] [TIFF OMITTED] T6059.023

[GRAPHIC] [TIFF OMITTED] T6059.024

[GRAPHIC] [TIFF OMITTED] T6059.025

[GRAPHIC] [TIFF OMITTED] T6059.026

[GRAPHIC] [TIFF OMITTED] T6059.027

[GRAPHIC] [TIFF OMITTED] T6059.028

[GRAPHIC] [TIFF OMITTED] T6059.029

[GRAPHIC] [TIFF OMITTED] T6059.030

[GRAPHIC] [TIFF OMITTED] T6059.031

[GRAPHIC] [TIFF OMITTED] T6059.032

[GRAPHIC] [TIFF OMITTED] T6059.033

[GRAPHIC] [TIFF OMITTED] T6059.034

[GRAPHIC] [TIFF OMITTED] T6059.035

[GRAPHIC] [TIFF OMITTED] T6059.036

[GRAPHIC] [TIFF OMITTED] T6059.037

[GRAPHIC] [TIFF OMITTED] T6059.038

[GRAPHIC] [TIFF OMITTED] T6059.039

[GRAPHIC] [TIFF OMITTED] T6059.040

[GRAPHIC] [TIFF OMITTED] T6059.041

[GRAPHIC] [TIFF OMITTED] T6059.042

[GRAPHIC] [TIFF OMITTED] T6059.043

[GRAPHIC] [TIFF OMITTED] T6059.044

[GRAPHIC] [TIFF OMITTED] T6059.045

[GRAPHIC] [TIFF OMITTED] T6059.046

[GRAPHIC] [TIFF OMITTED] T6059.125

[GRAPHIC] [TIFF OMITTED] T6059.126

[GRAPHIC] [TIFF OMITTED] T6059.047

[GRAPHIC] [TIFF OMITTED] T6059.048

[GRAPHIC] [TIFF OMITTED] T6059.049

[GRAPHIC] [TIFF OMITTED] T6059.050

[GRAPHIC] [TIFF OMITTED] T6059.051

[GRAPHIC] [TIFF OMITTED] T6059.052

[GRAPHIC] [TIFF OMITTED] T6059.053

[GRAPHIC] [TIFF OMITTED] T6059.054

[GRAPHIC] [TIFF OMITTED] T6059.055

[GRAPHIC] [TIFF OMITTED] T6059.056

[GRAPHIC] [TIFF OMITTED] T6059.057

[GRAPHIC] [TIFF OMITTED] T6059.058

[GRAPHIC] [TIFF OMITTED] T6059.059

[GRAPHIC] [TIFF OMITTED] T6059.060

[GRAPHIC] [TIFF OMITTED] T6059.061

[GRAPHIC] [TIFF OMITTED] T6059.119

[GRAPHIC] [TIFF OMITTED] T6059.120

[GRAPHIC] [TIFF OMITTED] T6059.121

[GRAPHIC] [TIFF OMITTED] T6059.122

[GRAPHIC] [TIFF OMITTED] T6059.123

[GRAPHIC] [TIFF OMITTED] T6059.124

[GRAPHIC] [TIFF OMITTED] T6059.062

[GRAPHIC] [TIFF OMITTED] T6059.063

[GRAPHIC] [TIFF OMITTED] T6059.064

[GRAPHIC] [TIFF OMITTED] T6059.065

[GRAPHIC] [TIFF OMITTED] T6059.066

[GRAPHIC] [TIFF OMITTED] T6059.067

[GRAPHIC] [TIFF OMITTED] T6059.068

[GRAPHIC] [TIFF OMITTED] T6059.069

[GRAPHIC] [TIFF OMITTED] T6059.070

[GRAPHIC] [TIFF OMITTED] T6059.071

[GRAPHIC] [TIFF OMITTED] T6059.072

[GRAPHIC] [TIFF OMITTED] T6059.073

[GRAPHIC] [TIFF OMITTED] T6059.074

[GRAPHIC] [TIFF OMITTED] T6059.075

[GRAPHIC] [TIFF OMITTED] T6059.076

[GRAPHIC] [TIFF OMITTED] T6059.077

[GRAPHIC] [TIFF OMITTED] T6059.078

[GRAPHIC] [TIFF OMITTED] T6059.079

[GRAPHIC] [TIFF OMITTED] T6059.080

[GRAPHIC] [TIFF OMITTED] T6059.081

[GRAPHIC] [TIFF OMITTED] T6059.082

[GRAPHIC] [TIFF OMITTED] T6059.083

[GRAPHIC] [TIFF OMITTED] T6059.084

[GRAPHIC] [TIFF OMITTED] T6059.085

[GRAPHIC] [TIFF OMITTED] T6059.086

[GRAPHIC] [TIFF OMITTED] T6059.087

[GRAPHIC] [TIFF OMITTED] T6059.088

[GRAPHIC] [TIFF OMITTED] T6059.089

[GRAPHIC] [TIFF OMITTED] T6059.090

[GRAPHIC] [TIFF OMITTED] T6059.091

[GRAPHIC] [TIFF OMITTED] T6059.092

[GRAPHIC] [TIFF OMITTED] T6059.093

[GRAPHIC] [TIFF OMITTED] T6059.094

[GRAPHIC] [TIFF OMITTED] T6059.095

[GRAPHIC] [TIFF OMITTED] T6059.096

[GRAPHIC] [TIFF OMITTED] T6059.097

[GRAPHIC] [TIFF OMITTED] T6059.098

[GRAPHIC] [TIFF OMITTED] T6059.099

[GRAPHIC] [TIFF OMITTED] T6059.100

[GRAPHIC] [TIFF OMITTED] T6059.101

[GRAPHIC] [TIFF OMITTED] T6059.102

[GRAPHIC] [TIFF OMITTED] T6059.103

[GRAPHIC] [TIFF OMITTED] T6059.104

[GRAPHIC] [TIFF OMITTED] T6059.105

[GRAPHIC] [TIFF OMITTED] T6059.106

[GRAPHIC] [TIFF OMITTED] T6059.107

[GRAPHIC] [TIFF OMITTED] T6059.108

[GRAPHIC] [TIFF OMITTED] T6059.109

[GRAPHIC] [TIFF OMITTED] T6059.110

[GRAPHIC] [TIFF OMITTED] T6059.111

[GRAPHIC] [TIFF OMITTED] T6059.112

[GRAPHIC] [TIFF OMITTED] T6059.113

[GRAPHIC] [TIFF OMITTED] T6059.114

[GRAPHIC] [TIFF OMITTED] T6059.115

[GRAPHIC] [TIFF OMITTED] T6059.116

[GRAPHIC] [TIFF OMITTED] T6059.117

[GRAPHIC] [TIFF OMITTED] T6059.118