[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]





              A NEW PERSPECTIVE ON THREATS TO THE HOMELAND

=======================================================================

                                HEARING

                               before the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           FEBRUARY 13, 2013

                               __________

                            Serial No. 113-1

                               __________

       Printed for the use of the Committee on Homeland Security


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                                     

      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________


                  U.S. GOVERNMENT PRINTING OFFICE

81-461 PDF                WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2250  Mail: Stop SSOP, Washington, DC 
20402-0001





                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Paul C. Broun, Georgia               Yvette D. Clarke, New York
Candice S. Miller, Michigan, Vice    Brian Higgins, New York
    Chair                            Cedric L. Richmond, Louisiana
Patrick Meehan, Pennsylvania         William R. Keating, Massachusetts
Jeff Duncan, South Carolina          Ron Barber, Arizona
Tom Marino, Pennsylvania             Dondald M. Payne, Jr., New Jersey
Jason Chaffetz, Utah                 Beto O'Rourke, Texas
Steven M. Palazzo, Mississippi       Tulsi Gabbard, Hawaii
Lou Barletta, Pennsylvania           Filemon Vela, Texas
Chris Stewart, Utah                  Steven A. Horsford, Nevada
Keith J. Rothfus, Pennsylvania       Eric Swalwell, California
Richard Hudson, North Carolina
Steve Daines, Montana
Susan W. Brooks, Indiana
Scott Perry, Pennsylvania
                       Greg Hill, Chief of Staff
          Michael Geffroy, Deputy Chief of Staff/Chief Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director















                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas, and Chairman, Committee on Homeland 
  Security:
  Oral Statement.................................................     1
  Prepared Statement.............................................     4
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Oral Statement.................................................     6
  Prepared Statement.............................................     7

                               Witnesses

Admiral Thad W. Allen (Ret.), Senior Vice President, Booz Allen 
  Hamilton:
  Oral Statement.................................................     9
  Prepared Statement.............................................    11
Mr. Shawn Henry, President, Crowdstrike Services:
  Oral Statement.................................................    16
  Prepared Statement.............................................    18
Mr. Michael E. Leiter, Former Director of the National 
  Counterterrorism Center:
  Oral Statement.................................................    20
  Prepared Statement.............................................    22
Mr. David M. Walker, Founder and CEO, The Comeback America 
  Initiative:
  Oral Statement.................................................    26
  Prepared Statement.............................................    28
Mr. Clark Kent Ervin, Partner, Patton Boggs, LLP:
  Oral Statement.................................................    30
  Prepared Statement.............................................    32

                             For the Record

The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Letter From Hon. Janet Napolitano to Ranking Member Bennie G. 
    Thompson.....................................................    36
The Honorable Beto O'Rourke, a Representative in Congress From 
  the State of Texas:
  Article........................................................    51
  Politico Article...............................................    52

 
              A NEW PERSPECTIVE ON THREATS TO THE HOMELAND

                              ----------                              


                      Wednesday, February 13, 2013

             U.S. House of Representatives,
                    Committee on Homeland Security,
                                            Washington, DC.
    The committee met, pursuant to call, at 10:09 a.m., in Room 
311, Cannon House Office Building, Hon. Michael T. McCaul 
[Chairman of the committee] presiding.
    Present: Representatives McCaul, King, Miller, Meehan, 
Duncan, Marino, Palazzo, Barletta, Stewart, Rothfus, Hudson, 
Daines, Brooks, Perry, Thompson, Jackson Lee, Keating, Payne, 
O'Rourke, Gabbard, Vela, Horsford, and Swalwell.
    Chairman McCaul. The Committee on Homeland Security will 
come to order. The committee is meeting today to hear testimony 
on the evolving homeland threat landscape. I now recognize 
myself for an opening statement.
    Let me first say what an honor it is to be elected by my 
peers to serve as the Chairman of this powerful committee, and 
at the same time, would like to recognize the man who sat in 
this chair for 7 years, Peter King, who--just let me thank you 
for your great service and dedication to the cause of 
protecting the American people. I sure do appreciate that.
    Mr. King. Thank you, Chairman.
    Chairman McCaul. Also, as I look at the pictures on the 
wall of New York, your hometown, Mr. Chairman, I know we plan 
to visit there the following week. We are kind of reminded of 
the unfortunate catalyst for the creation of this committee. 
They will remain on the wall to remind us constantly that our 
promise is ``never again.''
    After 9/11, President Bush declared, ``We are fighting a 
new kind of war against determined enemies. And public servants 
long into the future will bear the responsibility to defend 
Americans against terror.''
    Over a decade later, we now know these words remain true. 
The threats we face have adapted and the Department of Homeland 
Security's mission and capability have yet to be solidified. 
The Members of this committee are some of the public servants 
the President spoke about. It is our duty to continue to 
improve DHS and defend our freedom, security, and way of life.
    Essential to defending our homeland is securing our 
borders. Coming from Texas, I am particularly concerned with 
conditions on our Southwest Border. We are and will remain a 
Nation of immigrants and no one denies our immigration system 
is broken and needs to be reformed.
    However, as immigration reform takes center stage, we 
cannot repeat the mistakes of the past. The 1986 immigration 
reform did not stop the flow of illegal immigrants and we 
cannot support reforms today unless they hinge on gaining 
effective control of our borders.
    Until the administration creates a comprehensive National 
strategy to secure our borders that includes a reasonable 
definition of operational control that we can measure, then we 
cannot quantify success or failure. My overriding goal is to 
prevent repeating this debate 10 years from now.
    All Americans, whether an immigrant or citizen born here, 
require a secure border that prevents drugs, weapons, and 
violence from damaging our communities.
    Drug cartels fight for primacy on our Southern Border, 
sending narcotics into our homes. Smugglers weaken our economic 
competitiveness at our ports of entry while terrorists still 
seek entry into the United States undetected.
    Increasingly, DHS has the opportunity to use existing 
technologies returning from the theaters of war that make 
securing our border cheaper and easier than ever before. 
Consequently, as we embark on an immigration reform debate, we 
must be mindful that the first step is to control our border, 
and I will be introducing legislation soon to accomplish that 
goal.
    I have developed a framework for legislation to compel the 
Department and its components to create and implement a 
strategy to control our borders that includes measurable 
progress. I am working with outside groups and my colleagues on 
both sides of the aisle and in both chambers to be sure the 
strategy is workable and has the support that it needs.
    If fully implemented, the ability exists to gain effective 
control of our borders within 3 years. The strategy must meet 
three key criteria. It must ascertain situational awareness of 
our borders, it must create metrics to measure progress based 
on outcomes, and it must integrate the Department of Homeland 
Security components that presently overlap or contradict.
    This task is long overdue and the time to achieve this goal 
is now. As the committee moves forward, we build upon the 
success of the vice chair of this committee, Mrs. Miller, who 
is Chair of the Subcommittee on Border and Maritime Security.
    She has been a real leader on these issues not only for 
this committee but for the entire House, and I am glad to have 
her as a partner, and this committee appreciates the path that 
she has paved in pushing for a stronger, smarter, border 
security strategy.
    Other threats to our Nation do not cross our physical 
borders. They instead invade our digital networks. DHS is 
tasked with securing our civilian Federal networks and equally 
important, protecting our critical infrastructures.
    DHS is responsible for coordinating the National 
protection, prevention, mitigation of, and recovery from cyber 
incidents. DHS is also charged with disseminating domestic 
cyber threat and vulnerability analysis and investigating cyber 
crimes within their jurisdiction.
    As these threats increase, and they are, it is essential 
that the Federal Government has the capability and capacity to 
defend against a cyber attack that could have devastating 
consequences on our economy and our way of life.
    I do not need to stress the importance of this mission 
because China is hacking into major American publications and 
to military secrets, and Iran allegedly targeted our financial 
institutions in Aramco and the Saudi peninsula just recently.
    These are just some of the latest in a series of 
increasingly regular attacks against the homeland and reports 
this week also claim that China is currently targeting U.S. 
trade secrets valued at tens of billions of dollars.
    My visit to the NSA and with General Alexander, the 
director of NSA, was sobering to say the least. DHS has been 
building its capability to protect us from cyber attacks and it 
will be the priority of this committee to help them improve 
their efforts through legislation. A whole-of-Government cyber 
strategy that is responsive to the threat landscape is 
necessary and will require insight into the most dangerous 
cyber actors.
    This committee has a major role in crafting such a 
strategy. In the next hearing before this committee we will 
focus on the President's Executive Order on cybersecurity.
    As we work to meet these challenges, we will never forget 
the present threat of terrorism. While our military efforts 
have scattered and disseminated the core of al-Qaeda's 
operations and leadership, terrorist franchises such as those 
that attacked the BP facility in Algeria last month have found 
new safe havens allowing them to reconstitute.
    One of my constituents, Fred Buttaccio from Katy, Texas was 
killed during this terrorist takeover of the facility. I 
attended his funeral and presented an American flag to his 
widow.
    Scattered across the map are increasing numbers of 
organizations sympathetic to al-Qaeda's message reaching out to 
al-Qaeda operatives in joining their global jihad. Iran 
continues to expand its sphere of influence, strategically 
advancing its position in the Western Hemisphere.
    To face these challenges, DHS must improve. Unorganized 
financial management drains resources from necessary work while 
structural waste and duplication shut down solutions.
    To take a recent example, the Department decided to remove 
174 full-body scanners from airports across the country because 
they cannot adapt to new imaging requirements, and one report 
alleges these scanners cost $150,000 for each unit. This faulty 
procurement process has set our travel security back while also 
angering ordinary passengers.
    This committee will work towards building a better 
Department so that it can rise to meet a new decade and 
evolving threats head-on. Looking on to the 113th Congress, we 
will not turn our back on that goal, and I appreciate these 
witnesses coming here today to help us better understand the 
threats against us and what needs to be done to meet them.
    In closing, I would like to reiterate what we said at our 
last organizational meeting that Mr. Thompson, the Ranking 
Member, we look forward to working with you in a bipartisan way 
to accomplish our shared goal of protecting the homeland.
    [The statement of Chairman McCaul follows:]
                Statement of Chairman Michael T. McCaul
                           February 13, 2013
    In the years I have sat in this hearing room, upon the walls have 
hung a series of pictures taken on that day, almost 12 years ago, which 
served as the unfortunate catalyst for the creation of this committee. 
Today those images remain to remind us of the purpose we serve here--to 
remind us of our promise, ``never again.''
    After 9/11 President Bush declared:

``We're fighting a new kind of war against determined enemies. And 
public servants long into the future will bear the responsibility to 
defend Americans against terror.''

Over a decade later, we now know those words remain true. The threats 
we face have adapted, and the Department of Homeland Security's mission 
and capability have yet to be solidified. The Members of this committee 
are some of the ``public servants'' the President spoke about. It is 
our duty to continue to improve DHS, and defend our ``freedom, 
security, and way of life.''
    Essential to defending our homeland is securing our borders. Coming 
from Texas, I am particularly concerned with conditions on our 
Southwest Border. We are, and will remain, a nation of immigrants, and 
no one denies that our immigration system is broken. However, as 
immigration reform takes center stage, we cannot repeat the mistakes of 
the past. The 1986 immigration reform did not stop the flow of illegal 
immigrants and we cannot support reforms today unless they hinge on 
gaining effective control of our borders. Until the administration 
creates a comprehensive National strategy to secure our borders--that 
includes a reasonable definition of operational control we can 
measure--we cannot quantify success or failure. My overriding goal is 
to prevent repeating this debate 10 years from now.
    All Americans--whether an immigrant or citizen born here--require a 
secure border that prevents drugs, weapons, and violence from damaging 
our communities. Drug cartels fight for primacy on our Southern Border, 
sending narcotics into our homes; smugglers weaken our economic 
competitiveness at our ports of entry; while terrorists still seek 
entry into the United States undetected. Increasingly, DHS has the 
opportunity to use existing technologies returning from theaters of war 
that make securing our border cheaper and easier than ever before. 
Consequently, as we embark on immigration reform we must be mindful 
that the first step is to control our border--and I will be introducing 
legislation to accomplish that goal.
    I have developed a framework for legislation to compel the 
Department, and its components, to create and implement a strategy to 
control our borders that includes measurable progress, and I am working 
with outside groups and my colleagues on both sides of the aisle and in 
both chambers to be sure the strategy is workable and has the support 
it needs.
    If fully implemented, the ability exists to gain effective control 
of our borders within 3 years. The strategy must meet three key 
criteria. It must ascertain situational awareness of our borders. It 
must create metrics to measure progress based on outcomes. It must 
integrate Department of Homeland Security components that presently 
overlap or contradict.
    Other threats to our Nation do not cross our physical borders--they 
instead invade our digital networks. DHS is tasked with securing our 
civilian Federal networks and--equally important--protecting our 
critical infrastructure. DHS is responsible for coordinating the 
National protection, prevention, mitigation of, and recovery from cyber 
incidents. DHS is also charged with disseminating domestic cyber threat 
and vulnerability analysis and investigating cyber crimes within their 
jurisdiction. As these threats increase, it is essential the Federal 
Government has the capability and capacity to defend against a cyber 
attack that could have devastating consequences on our economy and way 
of life.
    I do not need to stress the importance of this mission because 
China is hacking major American publications and military secrets, and 
Iran is allegedly targeting our major financial institutions. These are 
just the latest in a series of increasingly regular attacks against the 
homeland. Reports this week also claim that China is currently 
targeting U.S. trade secrets valued at tens of billions of dollars.
    DHS has been building its capability to protect us from cyber 
attacks, and it will be a priority of this committee to help them 
improve their efforts through legislation. A whole-of-Government cyber-
strategy that is responsive to the threat landscape is necessary, and 
will require insight into the most dangerous cyber actors. This 
committee has a major role in crafting such a strategy, and the next 
hearing before this committee will focus on the President's Executive 
Order 13636* on cybersecurity.
---------------------------------------------------------------------------
    * Executive Order 13636, Improving Critical Infrastructure 
Cybersecurity.
---------------------------------------------------------------------------
    As we work to meet these challenges, we will not forget the present 
threat of terrorism. While our military efforts have scattered and 
decimated the core of al-Qaeda's operations and leadership, terrorist 
franchises such as those that attacked the BP facility in Algeria last 
month have found new safe havens allowing them to reconstitute. One of 
my constituents, Frederick Buttaccio, from Katy, Texas was killed 
during the terrorist takeover of this facility.
    Scattered across the map are an increasing number of organizations 
sympathetic to al-Qaeda's message, reaching out to al-Qaeda operatives, 
and joining their global jihad. Iran continues to expand its sphere of 
influence, strategically advancing its position in the Western 
hemisphere.
    To face these challenges, DHS must improve. Unorganized financial 
management drains resources from necessary work, while structural waste 
and duplication slow down solutions. To take a recent example, the 
Department has decided to remove 174 full-body scanners from airports 
across the country because they cannot adapt to new imaging 
requirements. One report alleges these scanners cost $150,000 for each 
unit. This faulty procurement has set our travel security back, while 
also angering passengers.
    This committee will work toward building a better Department, so 
that it can rise to meet a new decade, and evolving threats, head-on. 
Looking ahead to the 113th Congress, we will not turn our back on that 
goal, and I appreciate these witnesses coming here today to help us 
better understand the threats against us--and what needs to be done to 
meet them.
    Before closing, I would again like to reiterate what I said at our 
organizational meeting last month--Mr. Thompson, we look forward to 
working with you to accomplish our shared goal of protecting the 
homeland.
                                 ______
                                 
  Attachment.--Framework for Operational Control of America's Borders
    We cannot repeat the mistakes of the past by failing to ensure 
border security is a primary component to reforming our immigration 
system. The committee is currently consulting with outside policy and 
operations experts to introduce legislation to compel DHS to establish 
a comprehensive National Strategy to secure our borders. We can no 
longer supply resources on an ad-hoc basis and expect to make lasting 
progress. The committee will hold a series of hearings to examine the 
current border landscape, and what must be done to achieve full 
awareness of who and what is crossing our borders. I look forward to 
working with my colleagues on both sides of the aisle in both chambers, 
and with the Department, to ensure the development and implementation 
of a National Strategy is achieved.
    There are myriad National and departmental policies addressing 
counternarcotics, terrorism, and transnational criminal organizations, 
all of which touch on border security, yet still there is no clearly 
articulated, centralized National strategy with a sole focus on 
securing the border. DHS must create a holistic strategy that looks at 
the overall picture of the border and applies resources based on threat 
levels and anticipated changes in migration.
    Four Guiding Principles for Legislation Establishing a National 
Strategy.--Gain situational awareness using advanced technologies, to 
formulate useable metrics, while eliminating agency overlap (SAFE).
    1. Situational Awareness.--In order to allocate resources 
        appropriately, we must have situational awareness--an overall 
        idea of what must go where. We cannot continue to throw scarce 
        resources at isolated problems, only to see them shift. DHS 
        must present to Congress a long-term analysis of where the 
        United States is vulnerable based off of a holistic picture of 
        our borders.
    2. Advanced Technologies.--The administration must work to 
        incorporate existing technology such as Department of Defense 
        Sensor Surveillance equipment used in Iraq and Afghanistan in 
        order to gain comprehensive visibility of the border landscape. 
        Using proven, effective technologies to enhance our border 
        security efforts will save taxpayer dollars and make our 
        citizens safer.
    3. Formulate Metrics.--In 2010, Secretary Napolitano stopped using 
        the metric of ``operational control.'' At that time, DHS 
        claimed to have only 44% of the border under operational 
        control. We can no longer base our security solely on only 
        apprehensions, without knowing the total number of individuals 
        who cross undetected. Nor can we base success on the number of 
        resources allocated to different sectors or components. Gaining 
        situational awareness will allow DHS to create a new metric to 
        define progress--based off of the number of apprehensions 
        relative to the total number of illegal crossings. Only when we 
        have the full picture can we gauge our own progress, and we 
        must base progress on outcomes, instead of resources.
    4. Eliminate Overlap.--The Department of Homeland Security must 
        present to Congress its plan to better integrate its agencies 
        to combat all of the threats we face on our borders. DHS's 
        subordinate components should not unnecessarily duplicate each 
        other's efforts--they should instead work in complementary 
        fashion to ensure our National security.

    Mr. McCaul. The Chairman now recognizes the Ranking Member, 
Mr. Thompson from Mississippi.
    Mr. Thompson. Thank you very much, Chairman McCaul, for 
holding this hearing today. Likewise, I look forward to working 
with you on many of the items you outlined in your opening 
statement.
    However, today we will hear from witnesses who will provide 
an overview of some of the areas you have identified as 
priorities. I look forward to their testimony and thank each of 
them before appearing today.
    Before we hear their testimony, I think it is important to 
point out that as Members of Congress, each of us has a 
responsibility to ensure that the Department is able to 
adequately perform its mission of protecting the Nation from 
and responding to terrorist attacks, man-made catastrophes, and 
natural disasters.
    As Members of this committee, each of us has a 
responsibility to assure the success of the homeland security 
mission. That mission cannot be achieved without appropriate 
funding, vigorous oversight, and targeted legislation.
    We cannot play our part in ensuring the success of the 
homeland security mission if we are not willing to use the full 
weight of the committee structure, both subcommittee and the 
full committee, to pursue a well-crafted agenda.
    That agenda should result in bringing our bills to the 
floor and assuring that our oversight yields effective 
outcomes. Our energies will be wasted and our opportunities 
will be squandered if we do not work towards the goal of making 
the people of this Nation safer.
    Therefore, Mr. Chairman, I commend you for issuing a 
statement of priorities in the hope that the work of this 
committee and each of its subcommittees will remain focused on 
those objectives and our mission during this session of 
Congress.
    One of your priorities is border security. Since 2004, we 
have doubled the number of Border Patrol agents and more than 
doubled the number of unauthorized aliens removed from this 
country. In our examination of border security, we cannot be 
limited by calling for more of the same.
    DHS currently lacks a border security strategy that 
coordinates CBP, ICE, and the Coast Guard. We must continue to 
press DHS for such a strategy. Without it, we cannot be certain 
that our border control resources are strategic and well-
coordinated.
    Another priority is cybersecurity. As you know, today the 
administration released an Executive Order on cybersecurity. It 
is my understanding that the strategy calls for strong privacy 
and civil liberties protection and recognizes the necessity and 
necessary leadership of the Department of Homeland Security in 
establishing a volunteer program to promote the adoption of a 
cybersecurity framework.
    This strategy sounds a great deal like the PRECISE Act, a 
bill this committee marked up last Congress but was prevented 
from moving to the floor by the Majority leadership. As we 
review cybersecurity, I hope we can try once again to take the 
PRECISE Act to the floor of the House.
    Third, I appreciate your identification of the management 
and administrative functions of the Department as one of your 
priorities. As you may know, since the inception of the 
Department, I have worked to bring accountability and 
transparency to the personnel in contracting practices.
    The Department cannot succeed unless every component is 
brought into an organizational structure that gives 
headquarters command and control over the most basic personnel 
rules and contracting procedures. Without centralized authority 
and accountability, we should not be surprised by stories of 
waste, fraud, and abuse.
    Fourth, I look forward to working with you to explore the 
terrorist threat, no matter where that threat originates. We 
must not take a myopic approach. We must protect this country 
from all enemies, foreign and domestic. Our view of the 
terrorist threat must include domestic terrorism. The focus on 
domestic terrorism was noticeably absent in the last Congress.
    Finally, I noticed that disaster response and recovery was 
not included in your list of priorities. I would urge you to 
add this important area.
    No corner of this Nation is safe from the devastation of a 
natural disaster. Our people must know that we will not forget 
them and are committed to improving the systems that must serve 
them in their most dire moment whether it is Hattiesburg, 
Mississippi, or New York City, New York.
    Again, Mr. Chairman, I look forward to working with you and 
thank you for holding this hearing.
    With that, I yield back.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
    Today we will hear from witnesses who will provide an overview of 
some the areas you have identified as priorities. I look forward to 
their testimony and thank each of them for appearing today. Before we 
hear the testimony, it is important to point out that as Members of 
Congress, each of us has a responsibility to ensure that the Department 
is able to adequately perform its mission of protecting this Nation 
from and responding to terrorist attacks, man-made catastrophes, and 
natural disasters.
    As Members of this committee, each of us has a responsibility to 
assure the success of the homeland security mission. That mission 
cannot be achieved without appropriate funding, vigorous oversight, and 
targeted legislation. We cannot play our part in assuring the success 
of the homeland security mission if we are not willing to use the full 
weight of the committee structure--both subcommittees and the full 
committee--to pursue a well-crafted agenda. That agenda should result 
in bringing our bills to the floor and assuring that our oversight 
yields effective outcomes. Our energies will be wasted and our 
opportunities will be squandered if we do not work toward the goal of 
making the people of this Nation safer.
    Therefore, Mr. Chairman, I commend you, for issuing a statement of 
priorities and hope that the work of this committee and each of its 
subcommittees will remain focused on those objectives and our mission 
during this session of Congress.
    One of your priorities is border security. Since 2004, we have 
doubled the number of Border Patrol agents and more than doubled the 
number of unauthorized aliens removed from this country. In our 
examination of border security, we cannot be limited by calling for 
more of the same. DHS currently lacks a border security strategy that 
coordinates CPB, ICE, and Coast Guard. We must continue to press DHS 
for such a strategy. Without it, we cannot be certain that our border 
control resources are strategic and well-coordinated.
    Another priority is cybersecurity. As you know, today, the 
administration released an Executive Order on cybersecurity. It is my 
understanding that the strategy calls for strong privacy and civil 
liberties protections and recognizes the necessary leadership of the 
Department of Homeland Security in establishing a voluntary program to 
promote the adoption of a Cybersecurity Framework. This strategy sounds 
a great deal like the PRECISE Act, a bill this committee marked up last 
Congress but was prevented from moving to the Floor by the Majority 
leadership. As we review cybersecurity, I hope we can try once again to 
take the PRECISE Act to the floor of the House.
    Third, I appreciate your identification of the management and 
administrative functions of the Department as one of your priorities. 
As you may know, since the inception of the Department, I have worked 
to bring accountability and transparency to their personnel and 
contracting practices. The Department cannot succeed unless every 
component is brought into an organizational structure that gives 
headquarters command and control over the most basic personnel rules 
and contracting procedures. Without such centralized authority and 
accountability, we should not be surprised by stories of waste, fraud, 
and abuse.
    Fourth, I look forward to working with you to explore the terrorist 
threat, no matter where that threat originates. We must not take a 
myopic approach. We must protect this country from all enemies--foreign 
and domestic. Our view of the terrorist threat must include domestic 
terrorism. The focus on domestic terrorism was notably absent in the 
last Congress.
    Finally, I noticed that disaster response and recovery was not 
included in your list of priorities. I would urge you to add this 
important area. No corner of this Nation is safe from the devastation 
of a natural disaster. Our people must know that we will not forget 
them and are committed to improving the systems that must serve them in 
their most dire moment--whether in Hattiesburg, Mississippi, or New 
York City, New York.

    Chairman McCaul. I thank you the Ranking Member. Let me 
just comment, us both being from Gulf Coast States that I join 
with you in your commitment to disaster response, and I look 
forward to a Congress where I believe we can work in a 
bipartisan way to get things done.
    I have met with Senator Carper and Coburn who Chair and the 
Ranking Member of the Homeland Security Committee in the 
Senate. Hopefully we can work in a bicameral way to get 
something done and passed and signed into one.
    So with that, I am pleased to have five distinguished 
witnesses before us today on this important topic. The first--
and actually, all of you are no strangers to this committee.
    Admiral Thad Allen is the senior vice president at Booz 
Allen Hamilton. He completed his distinguished career in the 
United States Coast Guard as its 23rd Commandant. In 2010, 
President Obama selected Admiral Allen to serve as the national 
incident commander for the unified response to the Deepwater 
Horizon oil spill in the Gulf Coast of Mexico. Prior to his 
assignment as Commandant, Admiral Allen served as Coast Guard 
chief of staff.
    Mr. Shawn Henry is a retired executive assistant director 
of the FBI's Cyber Division. He is credited with boosting the 
FBI's computer crime and cybersecurity investigative 
capabilities. He oversaw computer crime investigation spanning 
the globe including denial-of-service attacks, bank and 
corporate breaches, and state-sponsored intrusions. He is 
currently the president of CrowdStrike Services.
    The Honorable Michael Leiter served under two presidents as 
the director of the National Counterterrorism Center until--
from June 2008 to July 2011. He remains a highly respected 
voice on terrorism threats and National security.
    Currently, Mr. Leiter is the senior counsel to the chief 
executive officer of Palantir Technologies. In addition, he 
serves as the national security and counterterrorism analyst 
for NBC news.
    The Honorable David Walker is the founder and CEO of the 
Comeback America Initiative. In this capacity, he leads CAI's 
efforts to promote fiscal responsibility. Prior to assuming his 
current position, Mr. Walker served as the 7th comptroller 
general of the United States and head of the U.S. Government 
Accountability Office for nearly 10 years.
    I must commend you, you were one of the first to identify 
really that the debt problem that we have in the United States 
is truly a National security issue, and for that, we are very 
grateful.
    Mr. Clarke Kent Ervin; no stranger to this committee; no 
stranger to me. We worked together under attorney general, now 
Senator John Cornyn. He is a member of the Homeland Security 
Defense Technology Transfer and International Practice Groups 
at Patton Boggs Law Firm in Washington, DC.
    He previously served as first inspector general for the 
Department of Homeland Security under President Bush. He has 
been a member of the Homeland Security Secretary Janet 
Napolitano's Homeland Security Advisory Council since 2009.
    The witnesses' full written statements will appear in the 
record. The Chairman now recognizes Admiral Allen for 5 minutes 
for an opening statement.

    STATEMENT OF ADMIRAL THAD W. ALLEN (RET.), SENIOR VICE 
                 PRESIDENT, BOOZ ALLEN HAMILTON

    Admiral Allen. Thank you, Mr. Chairman, for the opportunity 
to be here this morning.
    Mr. Thompson, it is good to see you again.
    It is good to appear before the committee.
    This morning I would like to talk about one specific aspect 
of homeland security understanding there is a broad set of 
challenges as you have articulated. We have got a distinguished 
panel that is going to address things like cybersecurity, which 
is a very important issue for all of us to think about.
    I would like to talk a little bit about the borders and 
maybe take a different approach on how we think about the 
borders in advance considering strategy and also the upcoming 
second Quadrennial Homeland Security Review.
    Being from Tucson, Arizona and being raised in the 
Southwest and having operated for 39 years in the Coast Guard 
and as part of the Department of Homeland Security since its 
inception, I think it is important to understand that when we 
talk about the border we tend to think about the border from 
where we see it and where we sit.
    It is much different at a port of entry and between ports 
of entry. The maritime domain is a band of various bands of 
jurisdiction. We have air and space and obviously cyber as 
well.
    I think as we move forward, know that we have passed the 
10-year mark of homeland security, we need to stop thinking 
about border function as an aggregation of the authorities and 
the jurisdictions of the components that were brought into the 
Department whether it was the former INS inspection function or 
the customs inspection function and start to think about it as 
a system of responsibilities that we as a sovereign nation 
carry out.
    There are geographical and physical aspects to the border 
and we understand those very, very well and they are drawn on 
maps, but a lot of the trade and security practices in and 
around the border actually take place without any human 
intervention.
    You can have cargo leave Europe, pass into the United 
States, the documentation associated with that and the shippers 
are evaluated, algorithms are checked, and if there is any 
suspect cargo, that is pulled aside and is checked.
    Absent that, the fees are transferred, tariffs are paid, 
and you have a light bulb moved from Romania to Omaha. I think 
looking forward in the Department we need to start thinking 
about the virtual aspects of the border together with the 
geographical and physical aspects and not take it as a 
collection of authorities and jurisdictions of the components.
    We need to understand what it is we want to do as a Nation 
at the border, how to carry out our sovereign responsibility to 
manage borders in a global commons and understand the 
interaction of what happens with trade and security.
    Operational control of the border is something that has 
been discussed for a number of years. The fact of the matter 
is, that varies on where you are at on the border.
    Operational control of the border is a very different at 
Otay Mesa and Juarez than it is in Ojinaga and the big, big 
bang country of Texas and I think we need to understand that 
any particular stretch of the border there are different ways 
to look at what constitutes border security and what is the 
best way to establish operational control, and I think we need 
a consensus on how to move forward.
    As we transition from the air domains, the sea domains, and 
the land domains, there needs to be better integration between 
TSA, the Coast Guard, CBP, and within CBP between the field 
operations inspection function and the Border Patrol function 
between the ports of entry.
    This includes increased data sharing. You mentioned 
situational awareness. We need to create a common operating 
picture that can be shared across those domains and increase 
the interoperability between the agencies that have authorities 
and jurisdictions out there.
    We need to look at things like preclearance for TSA and CBP 
and expand that wherever we can. It is better to address those 
threats before they even get near the United States. That is 
part of managing the borders as well.
    I think if we can come up with a system of systems that 
constitutes what our strategy and our strategic intent is, our 
vision for the future of the country in carrying out to those 
sovereign responsibilities, we should pull ourselves towards 
that future and not try and incrementally change what was put 
together in 2003 under the exigencies of the Homeland Security 
Act passage, which 10 years later we have not materially 
changed either organizationally in terms of authorities and 
jurisdictions or capabilities.
    My recommendation to the committee would be to pursue 
strategic change in the context of the Quadrennial Homeland 
Security Review that will be conducted in the next year and the 
better we can integrate the development of strategy and 
implementation of change in homeland security through that 
vehicle, it will be consistent with the Homeland Security Act 
and in my view, should drive resource and budget allocation 
decisions.
    I would be happy to answer any questions, sir.
    [The prepared statement of Admiral Allen follows:]
                  Prepared Statement of Thad W. Allen
                            13 February 2013
    Mr. Chairman, Ranking Member Thompson, and Members of the 
committee, I am pleased to have been invited to testify on this 
important topic and I thank you for the opportunity.
A Retrospective
    Mr. Chairman, the 1st of March will mark the Tenth Anniversary of 
stand-up of the Department of Homeland Security. The Department was 
officially created on the 24th of January 2003, but the operating 
components from other departments were not moved to DHS until 1 March 
2003 when the Department became operational. From the signing of the 
Homeland Security Act on 25 November 2012 to the actual operation of 
the Department on 1 March barely 3 months passed. I am not here to 
dwell on the past but it is important to understand the circumstances 
under which the Department was created.
    While this could be considered Government at light speed, little 
time was available for deliberate planning and thoughtful consideration 
of available alternatives. The situation was complicated by the fact 
that the law was passed between legislative sessions and in the middle 
of a fiscal year. Other than Secretary Ridge, early leadership 
positions were filled by senior officials serving in Government. 
Confirmation was not required to be ``acting.'' Funding was provided 
through the reprogramming of current funds from across Government for 
Departmental elements that did not have existing appropriations from 
their legacy departments.
    Operating funds for components that were transferred were 
identified quickly and shifted to new accounts in the Department to 
meet the deadline. Because of the wide range of transparency and 
accuracy of the appropriation structure and funds management systems of 
the legacy departments some of the new operational components faced a 
number of immediate challenges. Estimating the cost of salaries for 
Customs and Border Protection (CBP) or Immigration and Customs 
Enforcement (ICE) required the combination of different work forces, 
with different grade structures, different career ladders, and 
different work rules.
    Basic mission support functions of the Department such as financial 
accounting, human resource management, real property management, 
information resource management, procurement, and logistics were 
retained largely at the component level in legacy systems that varied 
widely. Funding for those functions was retained at the component level 
as well. In those cases where new entities were created (i.e. 
Departmental-level management and operations, the Under Secretary for 
Science and Technology, the Under Secretary for Intelligence and 
Analysis, the Domestic Nuclear Detection Office) support systems had to 
be created rapidly to meet immediate demands of mission execution. 
Finally, components and Departmental offices that did not preexist the 
legislation were located in available space around the Washington, DC 
area and the Secretary and number of new functions were located at the 
Nebraska Avenue Complex in Northwest Washington.
    At the time of this transition I was serving as the Coast Guard 
Chief of Staff and was assigned as the Coast Guard executive to 
overseas the Service's relocation from the Department of Transportation 
to the new Department. We began planning for eventual relocation as 
soon as the administration submitted legislation to the Congress. I 
also assigned personnel to the Transition Planning Office (TPO) that 
was created in the Office of Management and Budget by Executive Order 
to prepare for the transition. A considerable challenge during this 
period was the fact that the TPO was part of the Executive Office of 
the President and there were legal limitations on how much of their 
work could be shared externally. As a result much of that effort was 
redone or duplicated when the Department was created.
    As I noted earlier, my intent is not to dwell on the past but to 
frame the degree of difficulty facing the leaders attempting to stand 
up the Department from the outset. Many of these issues persist today, 
10 years later. Despite several attempts to centralize and consolidate 
functions such as financial accounting and human resource management, 
most support functions remain located in Departmental components and 
the funding to support those functions remains in their appropriations. 
Because of dissimilarities between appropriations structures of 
components transferred from legacy departments there is a lack of 
uniformity, comparability, and transparency in budget presentations 
across the Department. As a result it is difficult to clearly 
differentiate, for example, between personnel costs, operations and 
maintenance costs, information technology costs, and capital 
investment. Finally, the 5-year Future Years Homeland Security Plan 
(FYHSP) required by the Homeland Security Act has never been 
effectively implemented as a long-rang planning, programming, and 
budgeting framework inhibiting effective planning and execution of 
multi-year acquisitions and investments.
    In the Washington Area the Department remains a disjointed 
collection of facilities and the future of the relocation to the St. 
Elizabeth's campus remains in serious doubt. As the Chief of Staff of 
the Coast Guard and Commandant I committed the Coast Guard to the move 
to St. Elizabeth and only asked that we be collocated with our 
Secretary and not be there alone. The Coast Guard will move to St. 
Elizabeth's this year . . . alone. One of the great opportunity costs 
that will occur if colocation does not happen will be the failure to 
create a fully functioning National Operations Center for the 
Department that could serve at the integrating node for Departmental-
wide operations and establish the competency and credibility of the 
Department to coordinate homeland security-related events and responses 
across Government as envisioned by the Homeland Security Act. As with 
the mission support functions discussed earlier, the Department has 
struggled to evolve an operational planning and mission execution 
coordination capability. As a result, the most robust command-and-
control functions and capabilities in the Department reside at the 
component level with the current NOC serving as a collator of 
information and reporting conduit for the Secretary.
    The combination of these factors, in my view, has severely 
constrained the ability of the Department to mature as an enterprise. 
And while there is significant potential for increased efficiencies and 
effectiveness, the real cause for action remains the creation of unity 
of effort that enables better mission performance. In this regard there 
is no higher priority than removing barriers to information sharing 
within the Department and improved operational planning and execution. 
Effective internal management and effective mission execution require 
the same commitment to shared services, information systems 
consolidation, the reduction in proprietary technologies and software, 
and the employment of emerging cloud technologies.
    Mr. Chairman, this summary represents my personal views of the more 
important factors that influenced the creation and the first 10 years 
of the Department's operations. It is not all-inclusive but is intended 
to be thematic and provide a basis for discussion regarding the future. 
Looking to the future the discussion should begin with the Department's 
mission and the need to create unity of effort internally and across 
the homeland security enterprise. I made similar comments before the 
Senate Committee on Homeland Security and Government Affairs last year.
The Future
    The Quadrennial Homeland Security Review was envisioned as a 
vehicle to consider the Department's future. The first review completed 
in 2010 described the following DHS missions:
   Preventing Terrorism and Enhancing Security;
   Securing and Managing Our Borders;
   Enforcing and Administering our Immigration Laws;
   Safeguarding and Securing Cyberspace;
   Insuring Resiliency to Disasters.
    An additional area of specific focus was the maturation of the 
homeland security ``enterprise'' which extends beyond the Department 
itself to all elements of society that participate in and contribute to 
the security of the homeland.
    The QHSR outcomes were consistent with the fiscal year 2010 budget 
that was submitted in early 2009 following the change of 
administrations. That request laid out the following mission priorities 
for the Department:
   Guarding Against Terrorism;
   Securing Our Borders;
   Smart and Tough Enforcement of Immigration Laws and 
        Improving Immigration Services;
   Preparing For, Responding To, and Recovering From Natural 
        Disasters;
   Unifying and Maturing DHS.
    The fiscal year 2010 budget priorities and the follow-on QHSR 
mission priorities have served as the basis for annual appropriations 
requests for 4 consecutive fiscal years.
    I participated in the first review prior to my retirement and we 
are approaching the second review mandated by the Homeland Security 
Act. This review presents an opportunity to assess the past 10 years 
and rethink assumptions related to how the broad spectrum of DHS 
authorities, jurisdictions, capabilities, and competencies should be 
applied most effectively and efficiently against the risks we are 
likely to encounter . . . and how to adapt to those that cannot be 
predicted. This will require a rethinking of what have become 
traditional concepts associated with homeland security over the last 10 
years.
Confronting Complexity and Leading Unity of Effort
    Last year in an issue of Public Administration Review (PAR), the 
journal of the American Society for Public Administration (ASPA), I 
wrote an editorial piece entitled ``Confronting Complexity and Leading 
Unity of Effort.'' I proposed that the major emerging challenge of 
public administration and governing is the increased level of 
complexity we confront in mission operations, execution of Government 
programs, and managing non-routine and crisis events. Driving this 
complexity are rapid changes in technology, the emergence of a global 
community, and the ever-expanding human-built environment that 
intersects with the natural environment in new, more extreme ways.
    The results are more vexing issues or wicked problems we must 
contend with and a greater frequency of high-consequence events. On the 
other hand advances in computation make it possible to know more and 
understand more. At the same time structural changes in our economy 
associated with the transition from a rural agrarian society to a post-
industrial service/information economy has changed how public programs 
and services are delivered. No single Department, agency, or bureau has 
the authorizing legislation, appropriation, capability, competency, or 
capacity to address this complexity alone. The result is that most 
Government programs or services are ``co-produced'' by multiple 
agencies. Many involve the private/non-governmental sector, and, in 
some cases, international partners. Collaboration, cooperation, the 
ability to build networks, and partner are emerging as critical 
organizational and leadership skills. Homeland security is a complex 
``system of systems'' that interrelates and interacts with virtually 
every department of Government at all levels and the private sector as 
well. It is integral to the larger National security system. We need 
the capabilities, capacities, and competency to create unity of effort 
within the Department and across the homeland security enterprise.
                 mission execution and mission support
    As we look forward to the next decade I would propose we consider 
two basic simple concepts: Mission execution and mission support. 
Mission execution is deciding what to do and how to do it. Mission 
support enables mission execution.
Mission Execution . . . Doing the Right Things Right
    As a precursor to the next QHSR there should be a baseline 
assessment of the current legal authorities, regulatory 
responsibilities, treaty obligations, and current policy direction 
(i.e. HSPD/NSPD). I do not believe there has been sufficient visibility 
provided on the broad spectrum of authorities and responsibilities that 
moved to the Department with the components in 2003, many of which are 
non-discretionary. Given the rush to enact the legislation in 2002 it 
makes sense to conduct a comprehensive review to validate the current 
mission sets as established in law.
    The next step, in my view, would be to examine the aggregated 
mission set in the context of the threat environment without regard to 
current stove-piped component activities . . . to see the Department's 
mission space as a system of systems. In the case of border security/
management, for example, a system-of-systems approach would allow a 
more expansive description of the activities required to meet our 
sovereign responsibilities.
    Instead of narrowly focusing on specific activities such as 
``operational control of the border'' we need to shift our thinking to 
the broader concept of the management of border functions in a global 
commons. The border has a physical and geographical dimension related 
to the air, land, and sea domains. It also has a virtual, information-
based dimension related to the processing of advance notice of 
arrivals, analysis data related to cargoes, passengers, and 
conveyances, and the facilitation of trade. These latter functions do 
not occur at a physical border but are a requirement of managing the 
border in the current global economic system.
    The air and maritime domains are different as well. We prescreen 
passengers at foreign airports and the maritime domain is a collection 
of jurisdictional bands that extend from the territorial sea to the 
limits of the exclusive economic zone and beyond.
    The key concept here is to envision the border as an aggregation of 
functions across physical and virtual domains instead of the isolated 
and separate authorities, jurisdictions, capabilities, and competencies 
of individual components. Further, there are other Governmental 
stakeholders whose interests are represented at the border by DHS 
components (i.e. Department of Agriculture, DOT/Federal Motor Carriers 
regarding trucking regulations, NOAA/National Marine Fisheries Service 
regarding the regulation of commercial fishing).
    A natural outcome of this process is a cause for action to remove 
organizational barriers to unity of effort, the consolidation of 
information systems to improve situational awareness and queuing of 
resources, and integrated/unified operational planning and coordination 
among components. The additional benefits accrued in increased 
efficiency and effectiveness become essential in the constrained budget 
environment. The overarching goal should always be to act with 
strategic intent through unity of effort.
    A similar approach could be taken in considering the other missions 
described in the QHSR. Instead of focusing on ``insuring resiliency to 
disasters'' we should focus on the creation and sustainment of National 
resiliency that is informed by the collective threat/risks presented by 
both the natural and human-built environments. The latter is a more 
expansive concept than ``infrastructure'' and the overall concept 
subsumes the term ``disaster'' into larger problem set that we will 
face. This strategic approach would allow integration of activities and 
synergies between activities that are currently stovepiped within FEMA, 
NPPD, and other components. It also allows cybersecurity to be seen as 
an activity that touches virtually every player in the homeland 
security enterprise.
    In regard to terrorism and law enforcement operations we should 
understand that terrorism is, in effect, political criminality and as a 
continuing criminal enterprise it requires financial resources 
generated largely through illicit means. All terrorists have to 
communicate, travel, and spend money, as do all individuals and groups 
engaged in criminal activities. To be effective in a rapidly-changing 
threat environment where our adversaries can quickly adapt, we must 
look at cross-cutting capabilities that allow enterprise-wide success 
against transnational organized criminal organizations, illicit 
trafficking, and the movement of funds gained through these activities. 
As with the ``border'' we must challenge our existing paradigm 
regarding ``case-based'' investigative activities. In my view, the 
concept of a law enforcement case has been overtaken by the need to 
understand criminal and terrorist networks as the target. It takes a 
network to defeat a network. That in turn demands even greater 
information sharing and exploitation of advances in computation and 
cloud-based analytics. The traditional concerns of the law enforcement 
community regarding confidentiality of sources, attribution, and 
prosecution can and must be addressed, but these are not technology 
issues . . . they are cultural, leadership, and policy issues.
    Mr. Chairman, this is not an exhaustive list of proposed missions 
or changes to missions for the Department. It is an illustrative way to 
rethink the missions of the Department given the experience gained in 
the last 10 years. It presumes the first principals of: (1) A clear, 
collective strategic intent communicated through the QHSR, budget, 
policy decisions, and daily activities, and (2) an unyielding 
commitment to unity of effort that is supported by an integrated 
planning and execution process based on transparency and exploitation 
of information to execute the mission.
Mission Support . . . Enabling Mission Execution
    Mr. Chairman, in my first 2 years as Commandant I conducted an 
exhaustive series of visits to my field commands to explain my cause 
for action to transform our Service. In those field visits I explained 
that when you go to work in the Coast Guard every day you do one of two 
things: You either execute the mission or you support the mission. I 
then said if you cannot explain which one of these jobs you are doing, 
then we have done one of two things wrong . . . we haven't explained 
your job properly or we don't need your job. This obviously got a lot 
of attention.
    In the rush to establish the Department and in the inelegant way 
the legacy funding and support structures were thrown together in 2003, 
it was difficult to link mission execution and mission support across 
the Department. To this day, most resources and program management of 
support functions rest in the components. As a result normal mission 
support functions such as shared services, working capital funds, core 
financial accounting, human resources, property management, and 
integrated life cycle-based capital investment have been vexing 
challenges.
    There has been hesitancy by components to relinquish control and 
resources to a Department that appears to be still a work in progress. 
The structure of Department and component appropriations does not 
provide any easy mechanism for Departmental integration of support 
functions. As a result information sharing is not optimized and 
potential efficiencies and effectiveness in service delivery are not 
being realized. As I noted earlier, a huge barrier to breaking this 
deadlock is the lack of uniformity in appropriations structures and 
budget presentation. This problem has been compounded by the failure to 
implement a 5-year Future Years Homeland Security Plan and associated 
Capital Investment Plan to allow predictability and consistency across 
fiscal years.
    Mr. Chairman, having laid out this problem, I see three possible 
ways forward. The desirable course of action would be to build the 
trust and transparency necessary for the Department and components to 
collective agree to rationalize the mission support structure and come 
to agreements on shared services. The existing barriers are 
considerable but the first principals of mission execution apply here 
as well . . . unambiguous, clearly communicated strategic intent and 
unity of effort supported by transparency and knowledge-based 
decisions. A less palatable course of action is top-down directed 
action that is enforced through the budget process. The least desirable 
course of action is externally-mandated change. Unfortunately, the 
current fiscal impasse and the need to potentially meet sequester 
targets while facing the very real prospect of operating under a 
continuing resolution for the entire fiscal year 2013 represents the 
confluence of all of these factors and a fiscal perfect storm. There is 
a case to act now. We should understand that a required first step that 
lies within the capability of the Department would be to require 
standardized budget presentations that can serve as the basis for 
proposed appropriations restructuring to clearly identify the sources 
and uses of funds and to separate at a minimum personnel costs, 
operating and maintenance costs, information technology costs, capital 
investment, and facility costs.
Creating and Acting with Strategic Intent
    Mr. Chairman, I have attempted to keep this testimony at a 
strategic level and focus on thinking about the challenges in terms 
that transcend individual components, programs, or even the Department 
itself. I have spoken in the last year to the Department of Homeland 
Security Fellows and the first DHS Capstone course for new executives. 
I have shared many of the thoughts provided today over the last 10 
years to many similar groups. Recently, I have changed my message. 
After going over the conditions under which the Department was formed 
and the many challenges that still remain after 10 years, I was very 
frank with both groups. Regardless of the conditions under which the 
Department was created and notwithstanding the barriers that have 
existed for 10 years, at some point the public has a right to expect 
that the Department will act on its own to address these issues. 
Something has to give. In my view, it is the responsibility of the 
career employees and leaders in the Department to collectively 
recognize and act to meet the promise of the Homeland Security Act. 
That is done through a shared vision translated into strategic intent 
that is implemented in daily activities from the NAC to the border 
through the trust and shared values that undergird unity of effort. It 
is that simple; it is that complex.
    I understand the committee is considering whether the Department 
should develop a comprehensive border strategy that would encompass all 
components and entities with border equities, including State and local 
law enforcement. I also understand there is concern about performance 
metrics associated with carrying out such a strategy. There are also 
potential opportunities related to the equipment being returned from 
military operations in Iraq and Afghanistan. Finally, we are witnessing 
a transition of leadership in Mexico as we continue to jointly address 
the threat of drug and other illicit trafficking as a major hemispheric 
threat.
    In considering the strategic course of action going forward 
regarding the management of the border in a global commons or any of 
the diverse missions of the Department of Homeland Security, we should 
remember then General Eisenhower's admonition that ``Plans are nothing; 
planning is everything.'' I have been involved in strategic planning 
for decades I can attest to their value. Done correctly that value is 
derived from a planning process that forces critical thinking, 
challenges existing assumptions, creates shared knowledge and 
understanding, and promotes a shared vision. Accordingly, I would be 
more concerned about the process of developing a strategy than the 
strategy itself. It is far more important to agree on the basic terms 
of reference that describe the current and likely future operating 
environment and to understand the collective capabilities, 
competencies, authorities, and jurisdictions that reside in the 
Department as they relate to that environment and the threats 
presented.
    I believe the Homeland Security Act envisioned that process to be 
the Quadrennial Homeland Security Review. Accordingly, the committee 
may want to consider how that process that is already mandated in law 
might become the vehicle to create strategic intent. Intent that 
unifies Departmental action, drives resource allocation, integrates 
mission support activities, removes barriers to information sharing and 
creates knowledge.
Strategic Intent and the Border
    I am often asked, in the wake of the Deepwater Horizon oil spill, 
``Is it safe to drill offshore?'' My answer to that question is 
relevant to any consideration of how we carry out the sovereign 
responsibilities of a Nation in managing our border. My answer is that 
there is no risk-free way to extract hydrocarbons from the earth. The 
real question is: ``What is the acceptable level of risk associated 
with those activities in light of the fact that it will take a 
generation to develop alternate fuels?'' Likewise, there is no risk-
free way to manage a border short of shutting it down. Discussions 
about operational control of the border and border security too often 
focus on specific geographical and physical challenges related to 
managing the land border. While those challenges exist, they cannot 
become the sole focus of a strategy that does not account of all 
domains (air, land, sea, space, and cyber) and the risks and 
opportunities that the border represents. As I mentioned earlier we 
need to think of the border as a set of functions. We need to think 
about what is the acceptable level of risk associated with those 
functions. We cannot neglect trade and become fixated on driving risk 
to zero; it cannot be done.
    Whether it is TSA considering options for passenger and cargo 
screening, the Coast Guard considering the trade-offs between fisheries 
and drug enforcement, ICE considering resource allocation to protect 
intellectual property or remove dangerous aliens, NPPD considering how 
to deal with cyber threats to infrastructure, or USCIS deciding how 
immigration reform would drive demand for their services, the real 
issue is the identification and management of risk. Those decision are 
made daily now from the Port of Entry at Nogales to the Bering Sea, 
from TSA and CBP pre-clearance operations in Dublin to Secret Service 
protection of the President, and from a disaster declaration following 
a tornado in Mississippi to the detection of malware in our networks. 
The question is: How are they linked? Are those actions based on a 
shared vision that make it clear to every individual in the Department 
what their role is in executing or supporting the mission?
    A strategy for the border or any DHS mission ideally would merely 
be the codification of strategic intent for record purposes to support 
enterprise decisions. The creation of self-directed employees that 
understand their role in Departmental outcomes on a daily basis in a 
way that drives their behavior should be the goal. If a border strategy 
is desired, I believe it must be preceded by a far deeper introspective 
process that addresses how the Department understands itself and its 
missions as a unified, single enterprise.

    Chairman McCaul. Thank you, Admiral Allen.
    Mr. Henry, you are now recognized for 5 minutes.

   STATEMENT OF SHAWN HENRY, PRESIDENT, CROWDSTRIKE SERVICES

    Mr. Henry. Good morning Chairman McCaul, Ranking Member 
Thompson, and Members of the committee.
    I appreciate the opportunity to be here with you this 
morning to talk to you about the cyber threat that we face as a 
Nation and some of the significant economic and National 
security challenges that we are at risk against. I appreciate 
the level of attention that the committee is affording this 
issue.
    I know I have spoken of cyber threat for so long, but I 
think it is just so important and it can't be overemphasized. 
So I need to state it again emphatically that there are foreign 
adversaries that have targeted every major organization in this 
country. In each of your districts, major companies that have 
been breached and there has been a tremendous impact on the 
economy there and on their ability to be competitive in a 
global society.
    They have stolen untold billions of dollars of intellectual 
property, research and development, and corporate strategies 
and secrets and the volume and sophistication of these cyber 
threats is only increasing and I don't see that that is going 
to change in the current environment.
    Over time, a cyber adversary with motivation, time, and 
resources will breach every network that is connected or every 
computer system that is directly accessible to the internet.
    I stated publicly that it is necessary for network 
administrators to assume they have already been breached rather 
than waiting for the intrusion detection systems to tell them.
    Many have absolutely no knowledge that this is occurring 
and they don't know that adversaries remain resident on their 
network many times for months or even years before they are 
ever identified, if at all.
    While I was executive assistant director at the FBI, my 
agents went out routinely, dozens of times every month, and 
told companies that they had been breached and they had no idea 
that that had occurred meaning that all of their proprietary 
data, their communications, their financial statements had been 
completely accessible to the adversary with unfettered access 
on that network.
    Organizations therefore, must aggressively, constantly look 
on their network for the adversary and hunt for those 
adversaries. Alarmingly and increasingly, attackers are moving 
beyond mere theft of information and they are moving into the 
actual manipulation or the destruction of data and with the 
depth and breadth of access that they have that is not a hard 
or difficult task to accomplish.
    Those with malicious intent can take devastating actions, 
and it is difficult to say with confidence that our critical 
infrastructure will be available when we most need it.
    There needs to be a paradigm shift in the way we address 
these issues. Vulnerability mitigation is the current 
cybersecurity approach in the private sector, and it has been 
the focus for more than 20 years. We continuously focus on 
hardening the networks through ``Defense-in-Depth'', using 
firewalls and anti-virus, looking at patching vulnerabilities, 
and employing intrusion detection systems.
    This approach generally stops those actors who do not care 
who they are trying to breach, like the opportunistic burglar 
who goes from house to house shaking the doorknob.
    One mistake, however, is that we are using the same 
approach against the most sophisticated state-funded actors who 
actually have specific targets in mind. They have got 
intelligence requirements and they are looking for very 
specific information and they will get that information. Again, 
over time, they will breach those networks.
    Unlike the thief of opportunity, they are seeking the Hope 
Diamond, something very, very specific, and those advanced and 
well-funded adversaries will make sure that they achieve their 
goal.
    While we must continue to improve our defenses, we must 
continue to build and have defense-in-depth. We need to focus 
our efforts on the threat. Employing a threat mitigation 
strategy requires an increased ability to detect and identify 
our adversaries and penalize them, not merely defend against 
them.
    It is the identical strategy that we use and employ in the 
physical world every single day to thwart criminals, 
terrorists, and spies.
    Achieving these goals in the cyber environment will require 
unprecedented coordination between private industry--which as a 
whole has network ownership and the ability to achieve these 
goals--and the Government, which is primarily authorized to 
investigate and penalize them.
    Inevitably we must bring the private sector and the 
Government together to achieve the goal of threat deterrence. 
The vast majority of the intelligence that will lead to 
information and identification of the adversaries resides on 
private-sector networks; they are, in essence, ``crime 
scenes,'' and the evidence and artifacts are resident on those 
networks.
    That intelligence can't be shared periodically through 
human interaction, but it needs to be shared among all victims 
immediately at network speed.
    The Department of Homeland Security may be able to share 
with vulnerability reduction strategies and guidelines with the 
private sector and likewise they are responsible for 
consequence management after a breach.
    Additionally, though, under a threat mitigation model, DHS 
is a potential intermediary between other Government agencies 
and the private sector where they can collect intelligence 
which leads to identification and attribution of the adversary.
    Likewise, the Government has intelligence collection that 
will make the private sector infinitely more resilient and they 
need to share that information aggressively.
    I know how the intelligence is collected and I recognize 
there needs to be a protection of sources and methods, but 
there is a lot more that the Government is able to do.
    Any intelligence sharing between Government and private 
sector must be done in a way that is respectful of and 
consistent with privacy of our citizens, and we must start by 
opening the debate on the limitations of the existing 
defensive-only security model and the necessity of a threat 
deterrence model.
    I look forward to working with the committee and Congress 
as a whole to determine a successful course forward for the 
Nation that allows us to reap the positive benefits and the 
economic benefits of the internet while minimizing the risk 
posed by those who seek to do us irreparable harm, and I 
encourage our further collaboration.
    I am happy to answer any questions.
    [The prepared statement of Mr. Henry follows:]
                   Prepared Statement of Shawn Henry
                           February 13, 2013
    Good afternoon Chairman McCaul, Ranking Member Thompson, and 
Members of the committee. Thank you for having me here today to discuss 
the cyber threats facing our Nation, how these threats impact our 
Government and private-sector networks, and the significant risk posed 
to our economic and National security. I sincerely believe this is one 
of the most critical issues facing our Nation, and I appreciate the 
level of attention this committee is affording it.
                        the cybersecurity threat
    We have spoken of the cyber threats for far too long, but it is too 
important and cannot be overemphasized. So I'll state it again, 
emphatically . . . foreign adversaries have targeted every major 
organization in this country, and have stolen untold billions of 
dollars of intellectual property, research and development, and 
corporate strategies and secrets. The volume and sophistication of 
cyber attacks has increased dramatically over the past 5 years, and in 
the current environment it will continue to grow.
    Given enough time, motivation, and funding, a determined adversary 
will penetrate any system that is accessible directly from the 
internet. Even systems not touching the network are susceptible to 
attack via means other than remote access, including the trusted 
insider using devices such as USB thumb drives, and the supply chain.
    I have stated publicly that it is necessary for network 
administrators to assume they have already been breached rather than 
waiting for their intrusion detection systems to alert them to an 
infiltration. Many have absolutely no knowledge that an adversary was, 
or remains resident on, their network, often times for weeks, months, 
or even years. While I was EAD at the FBI, our agents regularly knocked 
on the door of victim companies and told them their network had been 
intruded upon and their corporate secrets stolen, because we found 
their proprietary data resident on a server in the course of another 
investigation. We were routinely telling organizations they were 
victims, and these victims ranged in size and industry, and cut across 
all critical sectors. Organizations must, therefore, actively and 
constantly hunt for the adversary on their network.
    Alarmingly and increasingly, attackers are moving beyond mere 
exfiltration or theft of data. With the breadth and depth of access 
they have, adversaries can and have manipulated, disrupted, or 
destroyed data and infrastructure. Those with malicious intent can take 
devastating actions, and it is difficult to say with confidence that 
our critical infrastructure--the backbone of our country's economic 
prosperity, National security, and public health--will remain unscathed 
and always be available when needed.
                      a paradigm shift in strategy
    My colleagues at CrowdStrike, George Kurtz and Dmitri Alperovitch, 
have talked about the deterrence of threat actors for years. Steven 
Chabinsky, my colleague at the FBI for 17 years, and currently with me 
at CrowdStrike as SVP of Legal Affairs, also discusses the paradigm 
shift necessary in cybersecurity strategy.
    Vulnerability mitigation is the current cybersecurity approach in 
the private sector, and has been for the past 20 years. We continuously 
focus on hardening our networks by ``Defense-in-Depth'', using 
firewalls, anti-virus software, patching vulnerabilities, and employing 
intrusion prevention systems. This approach generally stops those 
actors who do not care who their specific targets are, but are simply 
like burglars who are willing to rob anybody's house and take anybody's 
jewelry.
    Our mistake, however, is that we are using the same approach 
against Advanced Persistent Threat actors who actually have specific 
targets in mind, and are not going to stop until they have reached 
their goals. These modern-day cyber burglars are targeting the 
equivalent of the Hope Diamond, quite specifically, not fungible 
engagement rings. For our most advanced and well-funded adversaries, 
there are no substitutes for their targets, regardless of how many, and 
they will continue their onslaught until they achieve success.
    Ironically, our own defensive efforts have actually made the 
problem worse, by encouraging our adversaries to outperform us, while 
we outspend them. Although many are not prepared to consider this 
possibility, the result of our failure to distinguish between the 
novice and the professional adversary has been a proliferation of more 
capable malware, created by nation-state adversaries and organized 
crime groups, and an escalation of their activities in order to defeat 
our defenses.
                          what does this mean?
    Employing a threat mitigation strategy requires an increased 
ability to detect and identify our adversaries, and to penalize them. 
This is the identical strategy we employ in the physical world every 
single day to thwart criminals, spies, and terrorists.
    Achieving these goals in the cyber environment, however, will 
require unprecedented coordination between private industry--which as a 
whole has the ownership and ability to achieve these goals, and 
governments, which are primarily authorized to investigate and penalize 
them.
    Inevitably we must bring the private sector and the Government 
together to achieve the goal of threat deterrence. The vast majority of 
the intelligence that will lead to identification of the adversaries 
resides on private-sector networks; they are, in essence, ``crime 
scenes'', and the evidence and artifacts of the breach are resident on 
those networks. That threat intelligence, too, can't be shared 
periodically via e-mail at human speed; it needs to be shared among all 
victims, in real-time, at network speed. The private sector, then, can 
fill tactical gaps that the Government is blind to. This can be done 
while respecting privacy, a critical and absolutely necessary element 
of intelligence sharing.
    The Department of Homeland Security (DHS) naturally has the 
responsibility for developing and promulgating necessary vulnerability 
reduction strategies and guidelines. Likewise, they are responsible for 
consequence management after a breach. Additionally, though, with a 
threat mitigation model, DHS is a potential intermediary between other 
Government agencies and the private sector to facilitate the analysis 
and dissemination of ``big data''--collected intelligence--leading to 
identification and attribution of adversaries.
    Likewise, the Government has intelligence collection on the threat 
actors that is different from, and additive to, that collected by the 
private sector. Knowing what I do about that intelligence, and how it's 
collected, I am certain the Government can share much more data with 
industry than is currently shared today. That intelligence will add 
infinite value, and it can be packaged and shared with the private 
sector without threatening the integrity of the sources and methods 
through which it's collected. Again, privacy is and must remain a key 
tenet of any intelligence sharing strategy.
    When the adversary is identified, the Government can then use its 
resources and actions--whether it's law enforcement, the intelligence 
community, diplomatic, or financial--to mitigate the threat posed by 
these sophisticated opponents. The consistent threat posed by 
adversaries will subside only when the cost to operate outweighs any 
potential gain.
                               conclusion
    We face significant challenges in our efforts to combat the cyber 
threat. I am optimistic that by strengthening partnerships, effectively 
sharing intelligence, and successfully identifying our adversaries, we 
can best protect businesses and critical infrastructure from grave 
damage.
    We must start, however, by opening the debate on the limitations of 
the existing defensive-only security model and the necessity of a 
threat deterrence model. Further, we need a public discussion of how 
Government and industry can jointly work together to achieve a safer 
cyber environment by shining a light on our adversaries instead of 
consistently telling victims to ``just do more.''
    I look forward to assisting the committee, and Congress as a whole, 
to determine a successful course forward for the Nation that allows us 
to reap the positive economic and social benefits of the internet while 
minimizing the risk posed by those who seek to do us irreparable harm.
    I encourage our further collaboration, and I'm happy to answer any 
questions.

    Chairman McCaul. Thank you, Mr. Henry.
    Mr. Leiter is now recognized.

STATEMENT OF MICHAEL E. LEITER, FORMER DIRECTOR OF THE NATIONAL 
                    COUNTERTERRORISM CENTER

    Mr. Leiter. Chairman McCaul, Ranking Member Thompson, it is 
a pleasure to be back in front of the committee and I will take 
the liberty of speaking on behalf of all of my co-witnesses; it 
is especially nice to be up here as a former Government 
official.
    I am extremely happy that this committee is looking at all 
homeland threats because I think with that change in the 
counterterrorism threat or terror threats that we have seen 
over the past several years and the very stark fiscal landscape 
we face, this is a very appropriate time to do so.
    With the death of Osama bin Laden and the weakness of al-
Qaeda in Pakistan, we see the lowest level of sophisticated 
threat to the homeland from Pakistan that we have seen since 
2001, and that is a very, very good news story thanks to the 
work of the men and women of the U.S. Government and our 
allies.
    That being said, as the Chairman noted, the splintering of 
al-Qaeda into a more distributed group with rising dangers in 
Yemen, North Africa, East Africa, Europe, and the homeland does 
pose new challenges.
    In my view, the al-Qaeda affiliate in Yemen, AQAP, still 
continues to pose the most serious, sophisticated threat that 
we face. As we saw in 2009, 2010, and 2012, the organization 
remains committed to sophisticated IED attacks against the 
United States and the homeland.
    East Africa is surprisingly a brighter spot, something I 
thought I might never say about Somalia, but in fact, U.S. 
efforts and Kenyan partnership has reduced that threat and most 
importantly to this committee, fewer Americans traveling to the 
region to fight in the jihad than we have seen for years.
    On the other hand, North Africa of course is proven some 
serious darkness over the past several months especially, but I 
do want to say this carefully, but while the attacks in 
Benghazi and the BP oil facility are absolutely tragic, in my 
view, the major change in the region is not a massive increase 
in the popularity of AQIM, but rather the huge shift that 
occurred in the region with the fall of the government in 
Libya, the availability of weapons, the loss of partner 
security services in the region, and the coup d'etat in Mali.
    All of that have combined to create a safe haven which is 
in fact dangerous but I think still does not rise to the level 
of seriousness that that we have previously seen in Pakistan or 
we see today in Yemen.
    I especially commend the committee for looking into the 
threat of Hezbollah and Iran, which has often been overlooked 
over the past 10 years. I think with growing tension between 
the United States, Israel, and Iran, Hezbollah has proved 
increasingly active over the past several years, most notably 
the Bulgarian recognition that Hezbollah targeted and killed 
six tourists last year and many other failed Hezbollah attacks.
    The Hezbollah's and the Iranian Quds Force growing presence 
in Venezuela and elsewhere in the world could prove a serious 
problem for the United States and our allies were there to be a 
conflict with Iran.
    I would also add that Iranian aggressive cyber attacks 
against Saudi Aramco and RasGas, destructive cyber attacks, 
could also portend for a combined physical and cyber attack by 
Iran, were certain red lines crossed.
    With that as a threat landscape and looking ahead, let me 
offer some quick views as to things that we have to guard 
against now 12 years after 9/11.
    The first is what I term terrorism fatigue and although 
this committee does not experience it, many in the United 
States, and I fear many in Congress do. After hearing about 
terrorism for 10 or 12 years, people simply don't want to talk 
about it anymore and there are two specific threats associated 
with this.
    First, with all of our counterterrorism successes that we 
have had over the past 12 years, which really are incredible, I 
fear that any small attack, no matter how small can result in 
political finger-pointing and a real crucification of our 
counterterrorism professionals, and although we of course have 
to look at how we can do this job better, we have to guard 
against ex-poste investigations that lack a serious 
appreciation for the ex-ante difficulties of counterterrorism 
work.
    Second, I believe this terrorism fatigue can lead to 
dangerous lethargy within the Executive branch. I saw over and 
over again how hard and quickly the Executive branch could work 
immediately after an attack and then as the months, weeks and 
months passed by, I saw the impetus for rapid and important 
change start to drop away. So I hope this committee can hold 
the Executive branch's feet to the fire on these topics.
    Second, weapons of mass destruction. Although this remains 
a very low likelihood event and we have done very well in 
combating terrorist acquisition of WMD, the high consequences 
of such an attack especially biological or radiological or God 
forbid, improvised nuclear devices, cannot be forgotten and 
these require long-term investments.
    Third, our counterterrorism partnerships. I won't go into 
detail here but suffice to say with the Arab awakening we have 
lost some of our most critical partners in the counterterrorism 
fight and that has significantly increased the risk to the 
homeland in my view.
    Fourth, and this became a high-profile issue over the past 
several weeks, I believe we have to stay on the offense on all 
fronts. Perhaps unsurprisingly given my service in the Obama 
and Bush administrations, I am quite supportive of the policy 
outlined in the Department of Justice white paper. I am equally 
supportive of the President's call for greater transparency, 
and I would urge this committee to work with the intelligence 
committee to make sure you have the transparency into these 
programs.
    But ultimately I believe that these offensive measures 
combined with other measures, because this is only one tool, 
are absolutely critical to homeland security.
    Last but not least, and a good transition to the good 
Honorable David Walker. We have spent close to $100 billion a 
year on counterterrorism. This is the time to rationalize that 
and figure out how we can get the most bang for our buck to 
make sure that the American people are safe.
    I think the committee and look forward to working with the 
Congress in the future.
    [The statement of Mr. Leiter follows:]
                Prepared Statement of Michael E. Leiter
                           February 13, 2013
                                overview
    Chairman McCaul, Ranking Member Thompson, and Members of the 
committee, thank you for inviting me to testify on my perspectives--
which I hope are at least partially ``new''--on threats to homeland 
security. Although the membership on this committee has changed over 
the years, this body has always been at the forefront of understanding 
threats and shaping our Government's response to them. On behalf of 
those who continue to serve in homeland security and intelligence 
organizations, I want to thank the committee for its continuing 
oversight and support.
    As the 113th Congress considers the current threat landscape, I 
believe you are correct to reevaluate broadly the state of terrorism 
and our associated response. Although the growing presence of al-Qaeda-
associated elements in North Africa and Syria highlight how the threat 
of terrorism continues, we have made remarkable strides against the 
threat of catastrophic attacks like what we experienced on 9/11. 
Combined with a fiscal reality that precludes the sort of spending we 
have maintained since that tragic event, this is a historic moment to 
rationalize and calibrate our response to terrorism, cyber threats, and 
other related threats to the homeland.
                          the threat landscape
    Today al-Qaeda and its allies in Pakistan are at their weakest 
point since 9/11. The death of Osama bin Ladin and the continued 
decimation of senior ranks has made the organization a shadow of its 
former self. Ayman al Zawahiri is not bin Ladin and although the 
organization still attempts to provide strategic guidance and global 
propaganda, its influence continues to wane. Whether this trajectory 
can be maintained with a significant decrease of the U.S. presence in 
Afghanistan in the coming years will be, in my view, the single biggest 
determinant of al-Qaeda Core's relevance for the coming decade.
    The degradation of al-Qaeda's ``higher headquarters'' and 
relatively well-coordinated command and control has allowed its 
affiliates and its message to splinter, posing new dangers and 
challenges. Al-Qaeda affiliates or those inspired by its message have 
worrisome presences in Yemen, East Africa, North Africa, Syria, Western 
Europe, and of course to a lesser degree the United States.
    Beginning with Yemen, in my view al-Qaeda in the Arabian Peninsula 
(AQAP)--as I stated 2 years ago--continues to pose the most 
sophisticated and deadly threat to the U.S. homeland from an overseas 
affiliate. The death of operational commander Anwar al-Awlaki 
significantly reduced AQAP's ability to attract and motivate English 
speakers, but its operational efforts continue with lesser abatement. 
As we saw in 2009, 2010, and 2012, AQAP has remained committed--and 
able--to pursue complex attacks involving innovative improvised 
explosives devices. Although some of the organization's safe haven has 
been diminished because of Yemeni and U.S. efforts, the inability of 
the government of Yemen to bring true control to wide swaths of the 
country suggests that the group will pose a threat for the foreseeable 
future and (unlike many other affiliates) it clearly remains focused on 
transnational attacks.
    East Africa, surprisingly to many, is a brighter spot in our 
efforts. Although al-Shabaab remains a force and poses significant 
risks in the region--most especially in Kenya and to the fledgling 
government in Somalia--its risk to the homeland is markedly less today 
than just 2 years ago. Kenya's offensive in the region shattered much 
of al-Shabaab's power base and most importantly for this committee the 
attractiveness of Somalia to Americans and other Westerners is 
radically less than was the case. The relative flood of Americans has 
turned into a trickle, thus significantly reducing the threat of 
trained terrorists returning to our shores.
    As the world witnessed over the past 6 months, however, al-Qaeda in 
the Islamic Maghreb (AQIM) has shifted the focus in Africa as the 
organization has made gains in Mali, Libya, and the rural areas of 
Algeria. But while the attacks in Benghazi and on the Algerian oil 
facility are of course tragic, in my view the major change to the 
region is not a massive increase in AQIM's attractiveness, but rather 
the huge shift that occurred with the virtual elimination of Libya's 
security services, the associated flood of weapons in the region, and 
the coup d'etat in Mali.
    AQIM has thus far proven a less tactically proficient and more 
regionally-focused criminal organization than other al-Qaeda 
affiliates. Although we cannot blindly hope this remains the case, we 
should also not read too much into recent events. Regional capacity-
building, targeted offensive measures, and forceful engagement with 
governments like France, Algeria, and Libya that have a huge vested 
interest in the region should remain at the forefront of our strategy. 
And we must roundly condemn those who against every lesson of the past 
several years might be willing to pay ransoms to AQIM and its 
affiliates.
    One notable area of concern that we must forcefully combat in the 
region--and one which the United States is uniquely able to address 
given our global footprint--is the cross-fertilization across the 
African continent that has recently accelerated. Coordination amongst 
al-Shabaab, AQIM, Boko Haram, and others is particularly problematic as 
it allows each organization to leverage the others' strengths. We must 
use our intelligence capabilities to define these networks and then 
assist in disrupting them. And our screening of travelers to the United 
States must recognize the dangers associated with these networks.
    The most troubling of emerging fronts in my view is Syria, where 
Jabhat al-Nusra has emerged as the most radical of groups within the 
opposition. Given the enormous instability in Syria, which has to some 
degree already spread to Iraq and elsewhere in the Levant, Jabhat al-
Nusra has become a magnet for al-Qaeda-inspired fighters from around 
the globe. With little likelihood of rapid improvements in Syria, the 
al-Nusra front will almost certainly continue to arm, obtain real-world 
combat experience, and attract additional recruits--and potentially 
state assistance that is flowing to the FSA. Moreover, Jabhat al-
Nusra's ideology not only contributes to the threat of terrorism, but 
more broadly it is contributing significantly to the regional Sunni-
Shia tension that poses enormous risks. The rapid removal of Bashar al-
Assad would not solve these problems, but an on-going civil war does in 
my view worsen the situation.
    Without declaring victory, we should also have some optimism about 
al-Qaeda-inspired terrorism in Western Europe and especially the 
homeland. As recent studies have shown, there has been a continuing 
decline in numbers of significant homeland plots that have not been 
closely controlled by the FBI since 2009. In addition, the relative 
sophistication of homeland terrorists has not increased. Combined with 
successful counterterrorism efforts in Western Europe--most 
particularly huge strides in the United Kingdom--the picture faced 
today is far brighter than just 3 years ago.
    Similar optimism cannot be applied to the threat posed by Lebanese 
Hezbollah, especially given its successful and foiled attacks over the 
past 2 years. Most notably, Hezbollah attack in Bulgaria killed six 
tourists and highlights the extent to which the group (and its patrons 
in Iran) continue to see themselves as being in an on-going 
unconventional war with Israel and the United States. Predicting 
Hezbollah and Iranian ``redlines'' is a notoriously challenging 
endeavor--as illustrated by the surprising 2011 plot to kill the Saudi 
Ambassador to the United States--but both organizations almost 
certainly would launch attacks at least outside the United States were 
there a strike on Iranian nuclear facilities.
    There is little doubt that both Hezbollah and the IRGC Qods Force 
maintain a network of operatives that could be used for such strikes. 
In this regard the heavy Iranian presence in Latin America and Iranian 
cooperation with Venezuelan President Hugo Chavez is of particular 
concern. Although not every Hezbollah member and Iranian diplomat is a 
trained operative, a significant number could in the case of 
hostilities enable other operatives to launch attacks against Israeli 
or U.S. diplomatic facilities, Jewish cultural institutions, or high-
profile individuals. In addition, and generally unlike al-Qaeda 
affiliates, the specter of Hezbollah or Iranian-sponsored cyber attacks 
is disturbingly real. Recent Distributed Denial-of-Service (DDOS) 
attacks on major U.S. financial institutions, as well as even more 
destructive Iranian-sponsored attacks on Saudi Aramco and Qatar-based 
RasGas, have highlighted the extent to which physical attacks might be 
combined with cyber attacks.
                             looking ahead
    This threat picture, although complex and dynamic, is in many ways 
more heartening than that which we faced from 2001 until at least 2010. 
Numerous organizations continue to threaten terrorist attacks, but as a 
very general matter the threats are away from the homeland and the 
scale of the attacks is markedly less than what we saw in September 
2001 or even 2006, when al-Qaeda came dangerously close to attacking up 
to ten transatlantic airliners. It is not that events like Benghazi are 
not tragic. But threats to U.S. diplomatic facilities in Libya are of a 
radically different type than planes flying into civilian facilities in 
New York and Washington. In this regard, this is an appropriate 
juncture to look at a few of our biggest risks and challenges.
    Terrorism Fatigue.--After 10-plus years of near-constant public 
discussion of terrorism--in our politics, the media, and through public 
messaging--many have simply had enough. This is not all bad as an 
unhealthy obsession with the threat of terrorism at the expense of 
countless other societal woes, such as cyber threats and drug violence 
on the Southwest Border, would in many ways hand our enemy a victory. 
On the other hand, there is real value in public discussion of 
terrorism: It can build resilience in the population and it can lead to 
the tackling of tough public policy questions like targeted killings 
and domestic intelligence. With terrorism fatigue we run a real risk of 
not addressing these issues in a way that provides a lasting 
counterterrorism framework. In this regard I actually see the current 
discussion around the use of drones as quite a heartening sign.
    Terrorism fatigue poses at least two additional challenges. First, 
with all of our counterterrorism success such victories have become 
expected and any failure--no matter how small--can result in political 
finger-pointing and excoriation of our counterterrorism professionals. 
In effect we have become victims of our own success and unlike in 2001, 
perfection has become a political expectation. Although we should 
continuously examine how we can improve our capabilities, we must guard 
against ex poste investigations that lack a serious appreciation for 
the ex ante difficulties of counterterrorism.
    Second, terrorism fatigue can cause dangerous lethargy within the 
Executive branch on issues that do not appear to require immediate 
attention but which can do longer-term damage to counterterrorism 
efforts. I have repeatedly seen urgency morph into bureaucratic 
sluggishness as time passes since the last attack on issues like 
information sharing and interagency cooperation. Whether it is 
countering violent extremism programs or information access for the 
intelligence community, we must not take our foot off the gas pedal.
    Weapons of Mass Destruction.--There is no doubt that smallish 
terrorist attacks or at least attempts will continue to occur at home 
and abroad. Such attacks can cause enormous pain and suffering to 
victims and their families, but they are clearly of a scale--at least 
with respect to absolute numbers killed--that is dwarfed by other 
societal ills such as routine criminal activity. The same cannot be 
said of terrorists' use of weapons of mass destruction--and more 
specifically biological weapons or an improvised nuclear device (IND).
    Although we have also made progress in reducing the likelihood of 
terrorists obtaining WMD, for the foreseeable future we are faced with 
the possibility that a terrorist organization will successfully acquire 
these weapons. In this case, technology is not yet our friend as the 
ease with which these weapons can be obtained and hidden continues to 
exceed our ability to detect them.
    Weapons of mass destruction pose a unique challenge as they are the 
prototypical low-likelihood, high-consequence event and thus 
determining the proper allocation of resources to combat them is 
particular contentious. That being said, we must continue to protect 
against the most dangerous of materials (e.g., HEU) being obtained by 
terrorists, secure weapons in the most dangerous places (e.g., 
Pakistan), and pursue research and development that will assist in 
detecting chemical and biological weapons in places where they would do 
the most harm.
    Counterterrorism Partnerships.--Counterterrorism has always been 
and continues to be a ``team sport.'' Although the United States can do 
much alone, we have always been incredibly reliant on a vast network of 
friendly nations that have extended massively our intelligence, law 
enforcement, military, and homeland security reach. Even before the 
Arab Awakening we witnessed some weakening of these partnerships. 
Whether it was fatigue on our partners' part, their own resource 
challenges, or differing views on the proper scope of counterterrorist 
efforts (e.g., fights over data sharing between the United States and 
the European Union), these partnerships have been under some pressure. 
Post-Arab Awakening we face an exponentially more daunting task, having 
lost some of our most valuable partners in the very places we need them 
most.
    Again, part of the challenge is that we have been a victim of our 
own success. Al-Qaeda is simply not viewed as the same existential 
threat that it was in 2001. But without robust partnerships it will be 
increasingly difficult for us to detect and disrupt rising al-Qaeda (or 
other groups') cells, thus making it more likely that they will 
metastasize and embed themselves in ways that makes them more dangerous 
and more difficult to displace.
    To maintain our partnerships we must carefully preserve funding for 
programs that provide critical capabilities--and potentially more 
important, a positive U.S. presence--for our allies. The increase in 
funding for special operations forces is a good step, but relatively 
tiny investments in Department of State and Justice programs can also 
deliver real results in this realm. In addition, we will have to 
approach new governments in the Middle East with sophistication and 
ensure they continue to view terrorism as a mutual threat.
    Staying on the Offense--on all Fronts.--Over the past week an 
enormous amount has been said about targeted killings, especially of 
U.S. persons. In my view, having served under both Presidents George W. 
Bush and Obama, such targeted killings are a vital tool in the 
counterterrorism toolbox. And regrettably, in some cases that tool must 
also be used against U.S. persons like Anwar al-Awlaki who was a senior 
al-Qaeda operational commander who was continuing to plot attacks 
against the United States.
    Perhaps unsurprisingly, I am supportive of the legal outline 
contained in the released Department of Justice white paper. From my 
perspective, the memorandum and administration practice (contrary to 
claims by some) appropriately constrains the President's authority, has 
provided extensive Congressional oversight and the opportunity to limit 
the program, and provides realistic standards given the inherent 
challenges of intelligence and counterterrorism. As I have previously 
implied, however, I am equally supportive of the current public debate 
on the issue. In fact, I believe bringing greater visibility to some 
programs could be useful not only to build U.S. support, but also to 
build greater international understanding if not support--a key element 
in our ideological efforts.
    As supportive as I am of targeted killings in appropriate 
circumstances, I am equally supportive of ensuring that these are not 
our only counterterrorism tools employed. I do believe that our 
reliance on kinetic strikes has in some cases allowed other efforts to 
atrophy or at least pale in comparison. This is enormously dangerous, 
as we cannot strike everywhere nor can we lethally target an ideology. 
As we increase targeted killings we must double-down on our soft power 
and ideological efforts--building capacity in civilian security forces, 
increasing the rule of law to diminish under-governed or ungoverned 
safe havens, and the like--lest we win a few battles and lose a global 
war.
    Resources.--Finally, and not entirely inappropriately, 
counterterrorism resources at the Federal, State, and local levels will 
undoubtedly decline significantly in the coming years. It is difficult 
to estimate accurately how much has been spent on counterterrorism over 
the past 11 years, but the amount certainly comes close if not exceeds 
$100 billion a year. Some of this was undoubtedly well spent, but it is 
folly to think that inefficiencies and redundancies do not exist 
widely. In this sense, a bit of frugality is likely a very good thing.
    The question, however, is whether we will be willing or able to 
make smart reductions to preserve critical capabilities. Our historic 
ability to direct funds where the threat is greatest--as opposed to 
where the political forces are strongest--have not been good. Perhaps 
the declining threat will mean that we can continue to spend 
imperfectly, but this is surely a dangerous bet to make.
    We should use this imposed frugality to do serious mission-based--
as opposed to Department- and agency-specific-based--budgeting in the 
Federal Government. This approach will require enormous changes within 
the Executive and Congressional branches, but looking across the 
counterterrorism budget, identifying the critical capabilities we must 
preserve, and then figuring out how that matches Department-specific 
budgets can be done. And if we are serious about maintaining these 
capabilities we have little choice.
                               conclusion
    More than a decade after 9/11, combatting terrorism isn't over. No 
one should be surprised by this fact. Nor should anyone be surprised 
that we are fighting in different places and, although some approaches 
are the same as they were in 2001, many of our tools must evolve with 
the evolving threat. Moreover, having the benefit of almost 12 years of 
National effort we are in a better place today to balance our 
counterterrorism efforts with other significant threats to our 
homeland, most notably state-sponsored cyber intrusions, theft, and 
attacks, and cross-border violence and instability due to 
counternarcotic efforts in Mexico. To the extent we have built up 
robust counterterrorist capabilities and we must maintain them, but we 
must also--to the extent possible--make sure these tools are applied 
effectively to other homeland security missions.
    This committee has been central to much of what has been 
accomplished over the past 10 years. I very much hope--and expect--that 
it will be central to an inevitable transition, while never forgetting 
the tragedy that was the impetus for its creation. I hope that I have 
been helpful in giving a new perspective on these issues to help 
address these evolving challenges. Thank you for inviting me to 
testify, and for this committee's leadership on these critical issues.

    Chairman McCaul. Thank you Mr. Leiter. We appreciate your 
testimony and certainly miss your briefings in a classified 
setting.
    Now, Mr. Walker, you are recognized for 5 minutes.

  STATEMENT OF DAVID M. WALKER, FOUNDER AND CEO, THE COMEBACK 
                       AMERICA INITIATIVE

    Mr. Walker. Chairman McCaul, Ranking Member Thompson, 
distinguished Members of the committee, thank you for the 
opportunity to testify.
    The perspective I will bring is primarily more on 
management issues facing DHS. I have got over 40 years of 
leadership experience in all three sectors of the economy 
including 10 years as comptroller general of the United States 
and head of the GAO. In fact, I testified on numerous occasions 
at the onset of creating the Department of Homeland Security.
    First picking up on something the Chairman said earlier, 
from a macro perspective as has been stated by Admiral Mike 
Mullen, former chairman of the Joint Chiefs of Staff, myself, 
and others, the single greatest threat to our Nation's security 
is our own fiscal irresponsibility and mounting debt burdens.
    Absent a change in course, our Nation's debt level will 
become unsustainable. This will threaten our future position in 
the world, our economy at home, our National security, our 
homeland security, and even our domestic tranquility over time.
    While legislation in recent years including the Budget 
Control Act, the American Taxpayer Relief Act of 2012, was 
intended to help address this challenge. They have not 
addressed the three key drivers of our structural deficits; 
known demographic trends, rising health care costs, and an 
outdated and inadequate tax system.
    As a result, we still face mounting deficit and debt 
burdens and the portion of the Federal budget that is on 
autopilot is scheduled to increase from the current 67 percent 
and go up.
    Ladies and gentlemen, the Congress had control of 97 
percent of the budget 100 years ago. Now it controls 33 and 
going down. That must change.
    Therefore, a critical step to securing our Nation's future 
and our homeland is to reach a grand fiscal bargain that 
restores fiscal sanity, recaptures control of the budget, and 
ensures adequate financing for the departments and agencies 
that fall under the expressed and enumerated responsibilities 
as envisioned by our Nation's founders including homeland 
security.
    Given the inevitability that the Federal Government will 
have to do more with less it is important more than ever that 
Federal agencies, including DHS, have a comprehensive and 
integrated strategic plan that is future-focused, results-
oriented, resource-constrained, and that considers customers, 
employees, and other key stakeholders.
    In my experience, there are three key elements that any 
organization must have to be successful. It has to have a plan, 
it has to have a reasonable budget, and it has to have outcome-
based performance measures.
    Unfortunately, over 200 years after our creation, the U.S. 
Government still doesn't have any one of these three. The DHS 
has done a better job, but there is still room for improvement.
    From the DHS perspective, this past November marked the 
10th anniversary of the formation. It is appropriate to look 
back. There are several areas I think that improvement is 
needed.
    First, it must improve its strategic planning process. GAO 
and others have noted this need. DHS relies on partners to 
achieve a lot of its mission. There has to be a lot more 
consultation and coordination with those partners in order to 
achieve an effective plan and execution of that plan.
    It needs to improve its financial management practices 
although it has made real progress, and in particular, it needs 
to improve its information technology and acquisition and 
contracting practices; some of the issues were mentioned 
previously and the waste that has occurred in that regard.
    Third, there is a clear and compelling need to address 
human capital challenges at DHS. It is a major organization; 
the third-largest in Government. It is only as successful as 
its people and yet it has one of the lowest morales of any 
Federal agency with regard to its employees.
    I would add two more items that aren't in my testimony but 
I think they are important. As I testified when I was 
comptroller general, there are certain large, complex, and 
high-risk agencies that should have a chief operating officer, 
a level two executive, which is a Presidential appointment, 
Senate confirmation, with statutory qualification requirements, 
with a 5- to 7-year tenure, and with a performance contract. We 
need that in large, high-risk agencies in order to deal with 
these challenges efficiently and effectively and in a timely 
manner.
    Last, but not least, it is not in my testimony, but I will 
mention it; look, we are going to have serious budget 
constraints. We are going to have to do more with less. I think 
you have to also look at the possibility of user fees or other 
types of fees to be able to fund some of the costs of services 
associated with DHS that relate to individuals or goods, and I 
will leave that to your good judgment.
    Last, but not least, there are a lot of things that need to 
be done in Government some of which have not been able to get 
done through the normal process. I would commend to your 
consideration of forming a Government transformation task force 
that would be able to make recommendations to the Congress that 
would be guaranteed hearings and guaranteed a vote focusing on 
economy, efficiency, effectiveness, and credibility to Federal 
Government.
    I am happy to answer questions about this if you would 
like.
    Thank you, Mr. Chairman, Ranking Member, happy to answer 
any questions.
    [The prepared statement of Mr. Walker follows:]
                 Prepared Statement of David M. Walker
                           February 13, 2013
    Good morning Chairman McCaul, Ranking Member Thompson, and 
distinguished Members of the committee. I am honored to be here to 
offer my perspective on the current state of the Department of Homeland 
Security and how it can best achieve its important mission, that of 
helping to secure our country and its citizens.
    The perspective I bring to this issue is based on my almost 40 
years of experience across multiple sectors of the economy, spanning 
over 20 years of private sector experience, over 15 years of total 
Federal Government service, including almost 10 years as comptroller 
general of the United States and head of the U.S. Government 
Accountability Office (GAO), and almost 5 years in the non-profit 
sector. During my tenure as U.S. Comptroller General, I gained 
extensive knowledge of homeland security issues, and I testified before 
Congress on numerous occasions about this topic, including during the 
planning and formation of the Department of Homeland Security (DHS) in 
2002. I am currently the founder and CEO of the Comeback America 
Initiative, which educates and engages the public about the threat 
posed by our Nation's structural deficits and mounting debt burdens, 
and possible ways to address them.
    As has been stated by Admiral Mike Mullen, myself, and others, the 
single greatest threat to our Nation's security is our own fiscal 
irresponsibility and mounting debt burdens. Absent a change in course, 
our Nation's debt levels will become unsustainable. This will threaten 
our position in the world, economy at home, our National security, and 
even our domestic tranquility over time.
    While legislation in recent years, including the Budget Control Act 
and the American Taxpayer Relief Act of 2012, was intended to help 
address our fiscal challenge, they have not addressed the three key 
drivers of our structural deficits: Known demographic trends, rising 
health care costs, and an outdated and inadequate tax system. As a 
result, the portion of the Federal budget that is on autopilot is set 
to increase from its current 67%, and the Nation's longer-term deficits 
will grow over time. According to last week's updated budget 
projections from the Congressional Budget Office, under current law, 
mandatory spending, including interest, will consume 76% of the Federal 
budget in 2023. Discretionary spending will be squeezed to roughly 24% 
of total spending, with non-defense discretionary spending being about 
12% of total spending. As a percent of GDP, non-defense discretionary 
spending will decrease to 2.7%, well below the historical average of 
the past 40 years (4%). Therefore, a critical step to securing our 
Nation's future is to reach a ``grand bargain'' that restores fiscal 
sanity, recaptures control of the budget, and ensures adequate 
financing for the departments and agencies that fall under the express 
and enumerated Constitutional roles and responsibilities of the Federal 
Government, including homeland security.
    Given the inevitability of our Federal Government having to do more 
with less, it is more important than ever for all Federal agencies, 
including DHS, to have a comprehensive and integrated strategic plan 
that is future-focused, results-oriented, resource-constrained, and 
that considers customers, employees, and other key stakeholders. In my 
experience, there are three key elements any organization must have to 
be successful: (1) It must have a plan; (2) it must have a budget; and 
(3) it must have outcome-based performance metrics. Unfortunately our 
Federal Government as a whole fails on all three of these. DHS has done 
a better job, but there is still plenty of room for improvement.
    This past November marked the 10th anniversary of the formation of 
DHS, and the Department has made meaningful strides during that time to 
improve its performance, during some trying times, when it comes to 
homeland security threats. I recall during my testimony before Congress 
in 2002, when Congress was considering the creation of the Department, 
pointing out that a consolidation of 22 separate agencies was one of 
the biggest transformational changes the Federal Government had ever 
undertaken. In fact, at the time I stated that ``the experiences of 
organizations that have undertaken transformational change efforts 
along the lines that will be necessary for the new department to be 
fully effective suggest that this process can take up to 5 to 10 years 
to provide meaningful and sustainable results''. Now that 10 years have 
passed, it is appropriate to explore areas that DHS can focus on to 
more effectively achieve its critically important mission.
    First, I believe DHS must improve its strategic planning processes. 
It is vitally important for any organization to have a strategic plan 
to guide its actions, allocate resources, and measure results. Unlike 
the Federal Government as a whole, DHS has made real progress in its 
Department-wide planning. However, GAO and others have recommended that 
DHS provide more opportunity for stakeholder participation in its 
planning process. Given DHS's reliance on partners to achieve its 
mission, in both the public and private sector, it is vitally important 
for those stakeholders to be meaningfully engaged in the planning 
process. In addition, DHS must do a better job of integrating risk 
management into its planning process, especially given the nature of 
its mission. Integrating risk management practices as a key element of 
its planning process is also critical to achieving sustainable success 
in an atmosphere of constrained resources. DHS planning must also 
involve the development of more outcome-based performance measures to 
guide allocation of limited resources.
    Second, DHS must improve its financial management practices. While 
DHS has made progress in improving its financial management practices 
since its inception, a lot more work needs to be done. For example, 
failure to fully integrate its financial management system, and various 
internal control weaknesses, have resulted in DHS not being able to 
achieve an unqualified audit opinion on its financial statements since 
the Department's creation. DHS also has a number of material internal 
control weaknesses that need to be addressed.
    In addition to integrating its financial management systems, DHS 
must make further strides in modernizing and integrating other 
management practices and systems. DHS faces serious challenges in 
integrating its IT, financial, human capital, and acquisition systems. 
These challenges have contributed to cost overruns, schedule delays, 
and an inability to achieve stated Departmental goals and objectives. 
Furthermore, with regard to acquisition management, DHS should 
implement more strategic and portfolio-based investment practices, and 
execute existing acquisition policy more effectively.
    GAO has stated that ``DHS culture has emphasized the need to 
rapidly execute missions more than sound acquisition management 
practices. Most major programs lack reliable cost estimates, realistic 
schedules, and agreed-upon baseline objectives . . . '' DHS must 
improve these practices if it is to effectively fulfill its mission.
    Third, there are clear and compelling human capital challenges that 
DHS must address if it is to effectively achieve its mission in a 
sustainable manner. Any organization is only as successful as its 
people, and based on recent analysis employee morale at DHS is amongst 
the lowest at all Federal agencies. Furthermore, given the demographic 
trends facing Government at all levels, it is vitally important that 
DHS employ strategic workforce planning that focuses on acquiring, 
developing, and retaining a workforce capable of achieving its mission. 
This includes appropriate succession planning and recruiting practices.
    The issues I have highlighted are areas where Congress can employ 
its oversight responsibilities to ensure DHS is best able to fulfill 
its mission in the future, especially in an era of serious fiscal 
challenges. However, I also encourage the Congress to consider creating 
a Government Transformation Task Force, similar to that being advocated 
by the Government Transformation Initiative (GTI), for which I serve as 
chairman of the board. Under GTI's proposed approach, an independent 
body, authorized by statute, would be created to recommend ways the 
Federal Government can operate more economically, efficiently, and 
effectively. The task force would be made up of non-conflicted leaders 
with proven track records of transforming organizations in the public, 
private, and/or non-profit sectors. It would issue reports and 
recommendations outlining ways to help Government focus on results, 
plan strategically, streamline operations, leverage technology, adopt 
best practices, and otherwise improve performance. Congress should be 
required to consider the task force recommendations in a timely 
fashion.
    Our Nation's poor financial condition and mounting debt burdens 
require that Congress think outside the box and develop new ways to 
make Government more future-focused and results-oriented. The creation 
of such a task force could help restructure our Government to meet the 
needs of the 21st Century, while achieving efficiencies that allow it 
to live within the resource-constrained reality that our current fiscal 
path will require.
    When testifying before the creation of DHS I said that, ``Strong 
and visionary leadership will be vital to creating a unified, focused 
organization, as opposed to a group of separate units under a single 
roof.'' DHS has made real progress in this regard, but more action is 
required. At the same time, greater vision and leadership is required 
to help ensure that the Federal Government as a whole can effectively 
address the many sustainability challenges that we face. This is 
essential if we want to effectively discharge our stewardship 
obligation to our children, grandchildren, and future generations of 
Americans.
    I thank you again for the opportunity to testify before your 
distinguished committee, and I would be happy to answer any questions 
you may have.

    Chairman McCaul. Thank you Mr. Walker, and as I mentioned 
in my opening statement, management reform and applying more of 
a business model to the Department to identify waste and 
inefficiencies will also be a top priority, and I appreciate 
your testimony.
    Mr. Ervin, you are now recognized.

   STATEMENT OF CLARK KENT ERVIN, PARTNER, PATTON BOGGS, LLP

    Mr. Ervin. Thank you very much, Mr. Chairman.
    Chairman McCaul, Ranking Member Thompson, Chairman King, 
and Members, thank you very much for this opportunity to 
testify today.
    Let me start by joining my colleagues, Mr. Chairman, in 
congratulating you on your ascension to the Chairmanship. It is 
not every day that one gets to testify before a dear, personal 
friend, and a former colleague.
    I have worked very closely with both Ranking Member 
Thompson and you, Chairman King, over the years and look 
forward to continuing to do so.
    It seems not so long ago that the Nation was beginning to 
turn its attention away from the threat of terrorism. With the 
end of the war in Iraq, the beginning of the end of the war in 
Afghanistan, the killing of Osama bin Laden and that of his 
would-be rival for that dubious title, public enemy No. 1, 
Anwar al-Awlaki, as well as the devastatingly successful drone 
campaign against various and sundry al-Qaeda lieutenants and 
foot soldiers in Pakistan, Yemen, and Somalia, the absence, 
thankfully, of successful terror attacks, and the absence for 
some time of even significant aborted terror plots, even some 
sophisticated analysts and observers had come to think that 
terrorism had returned to the status of a second-order concern 
for policymakers and war fighters.
    If anything good has come out of the crises in Mali, 
Benghazi, and Syria and out of the renewed and intensified 
controversy, occasioned by a recent movie and recent 
confirmation hearings over drone strikes and enhanced 
interrogation techniques, it is the understanding of the 
sobering fact that, our signal victories and wholly 
understandable war-weariness notwithstanding, terrorists of one 
stripe or another continue to pose a grave threat to the world 
in general and to our homeland in particular.
    If anything, the terror threat today is more complicated 
than it was a decade ago because, as Mr. Leiter noted, the 
threat is more diffuse, with ``al-Qaeda Core'' having 
metastasized, cancer-like, into various virulent regional cells 
throughout most of the world.
    We face today's terrorism threat in a severely constrained 
fiscal environment, with huge defense cuts looming like a 
proverbial Sword of Damocles, limiting policymakers' and war 
fighters' options to a degree unprecedented in recent history.
    For all these reasons, in this tenth anniversary year of 
DHS, I would argue for placing ``security'' back at the front 
and center of ``Department of Homeland Security.''
    By that I mean that the rightful acknowledgement that the 
Department has multiple important missions to carry out: 
Preparing for and responding to natural disasters; dealing with 
the issue of immigration; patrolling our coast line, et cetera, 
to name just a few. Its chief role is to do its part to detect, 
deter, and defend the Nation from terror attacks.
    Now I would be remiss if I did not acknowledge the progress 
that DHS, working with its partners at the Federal, State, and 
local governmental level, the private sector, and the American 
people, has made, through two administrations now; one 
Republican, in which I served, and one Democratic, in helping 
to secure the Nation.
    Our aviation sector in particular, on which terrorists 
understandably, remain fixated, is far more secure than it was 
on September 10, 2011. But, I remain concerned about various 
aspects of even our aviation system even, like, for example, 
the continued vulnerability of air cargo on passenger planes, 
and our use of devices at airport passenger checkpoints that 
are really anomaly detectors, as opposed to what we really 
need, namely, explosives detectors.
    I worry, too, about our relative lack of focus over the 
years on securing our mass transit sector. The successful 
attacks over the years in London, Madrid, and Moscow, and the 
aborted terror plots in New York City all show that mass 
transit is also in terrorists' cross hairs, and sooner or 
later, they will attempt to strike here again, and if we are 
not careful, one day they will succeed.
    I worry also about our maritime sectors, specifically, the 
smuggling of radioactive material in containers and hope that 
we will redouble our efforts to try to find a way to scan not 
just cargo about which we have suspicions, but all cargo if 
possible in an effective, efficient, and economical manner, 
without bringing global commerce to a halt.
    Call me a worry wart, but I don't trust terrorists to 
complete a shipping manifest accurately or to do business only 
with unknown shippers, and so a risk-based automated target 
system largely based on such trust gives me pause. As President 
Reagan would say, ``Trust, but verify.''
    Finally, cyber-threats. I look forward to learning more 
about the President's Executive Order later today, but we all I 
think would agree that it is no substitute for legislation and 
hope very much that the administration and the Congress will 
work together in a bipartisan way to enact a law this year that 
will further secure our Nation against this potentially 
catastrophic threat.
    Finally, the success of the Department on all of these 
fronts will require adroit leadership on the part of Secretary 
Napolitano, working with the Congress in general, and with this 
committee and your Senate counterpart in particular.
    Given the grave threats and our severe fiscal constraints, 
there is no time to waste and not a single dollar to waste. I 
would applaud Secretary Napolitano for taking steps like 
pulling the plug on costly and inefficient and ineffective 
procurements like SBInet and DNDO's ASP program, and I also 
hope that this year that using the fiscal crisis in which we 
are in, we can ensure that going forward we direct 
counterterrorism grants only to those localities most at risk 
of terror attack.
    With that, Mr. Chairman, again, thank you very much for 
having me here today to testify and like others, I look forward 
very much to your questions.
    [The prepared statement of Mr. Ervin follows:]
                 Prepared Statement of Clark Kent Ervin
                           February 13, 2013
    Chairman McCaul, Ranking Member Thompson, and Members, thank you 
very much for inviting me to testify before you today at this important 
hearing. It is a great joy for me to testify before you, Mr. Chairman, 
recalling as I do with delight our years together as fellow deputy 
attorneys general to then-Texas Attorney John Cornyn. It is not every 
day that one gets to testify before a Chairman who happens to be a dear 
personal friend dating back many years. Congratulations on your 
ascension to the Chairmanship, and I look forward to working with you 
going forward. And, of course, though we were not colleagues likewise 
in a prior life, I count you, too, as a friend, Ranking Member 
Thompson, and am delighted to be working with you again in your key 
role on this key committee.
    It seems not so long ago that the Nation was beginning to turn its 
attention away from the threat of terrorism. With the end of the war in 
Iraq; the beginning of the end of the war in Afghanistan; the killing 
of Public Enemy No. 1, Osama bin Laden, and that of his would-be rival 
for that dubious title, Anwar al-Awlaki, as well as the devastatingly 
successful drone campaign against various and sundry al-Qaeda 
lieutenants and foot soldiers in Pakistan, Yemen, and Somalia; the 
absence, thankfully, of successful terror attacks, and the absence for 
some time of even significant aborted terror plots, even some 
sophisticated analysts and observers had come to think that terrorism 
had returned to the status of a second-order concern for policymakers 
and war fighters.
    If anything good has come out of the crises in Mali, Benghazi, and 
Syria, and out of the renewed and intensified controversy, occasioned 
by a recent movie and recent confirmation hearings, over drone strikes 
and enhanced interrogation techniques, it is the underscoring of the 
sobering fact that, our signal victories and wholly understandable war 
weariness notwithstanding, terrorists of one stripe or another continue 
to pose a grave threat to the world in general and to our homeland in 
particular. And, if anything, the terror threat today is more 
complicated than it was a decade ago because the threat is more 
diffuse, with ``al-Qaeda Core'' having metastasized, cancer-like, into 
various virulent regional cells throughout most of the world. And, we 
face today's terrorism threat in a severely constrained fiscal 
environment, with huge defense cuts looming like a proverbial Sword of 
Damocles, limiting policymakers' and war fighters' options to a degree 
unprecedented in recent history.
    For all these reasons, in this tenth anniversary year of DHS, I 
would argue for placing ``security'' back at the front and center of 
``Department of Homeland Security.'' By that I mean that the rightful 
acknowledgement that the Department has multiple important missions to 
carry out--preparing for and responding to natural disasters; extending 
the benefits of and enforcing the penalties in our existing immigration 
laws and working with the rest of the administration and Congress to 
reform our immigration system; patrolling our coastline and rescuing 
mariners in distress; and protecting the President and other senior 
administration officials and visiting foreign diplomats, to name a 
few--its chief role is to do its part to detect, deter, and defend the 
Nation from terror attacks.
    I would be remiss if I did not acknowledge the huge progress that 
DHS, working with its partners in Federal, State, and local 
governments, the private sector, and among the American people, has 
made, through two administrations now, one Republican and one 
Democratic, in helping to secure the Nation. Our aviation sector in 
particular, on which terrorists, understandably, remain fixated, is far 
more secure than it was on September 10, 2011.
    But, I remain concerned about certain aspects of even our aviation 
system, like, for example, the continued vulnerability of air cargo on 
passenger planes, and our use of devices at airport passenger 
checkpoints that are, really, anomaly detectors, as opposed to what we 
really need, namely, explosives detectors.
    I worry, too, about our relative lack of focus over the years on 
securing our mass transit sector. The threat to mass transit is not 
merely theoretical. The successful attacks in London, Madrid, and 
Moscow, and the aborted plots against mass transit in New York City, 
all show that mass transit is also in terrorists' crosshairs, and 
sooner or later, they will attempt to strike here again. If we are not 
careful, one day they will succeed.
    I worry also about our maritime sector, specifically, the smuggling 
of radioactive material in containers, and hope that we will redouble 
our efforts to try to find a way to scan not just cargo about which we 
have suspicions, but all cargo in an effective, efficient, and 
economical manner, without bringing global commerce to a halt. Call me 
a ``worry wart,'' but I don't trust terrorists to complete a shipping 
manifest accurately or to do business with only ``unknown shippers,'' 
and so a ``risk-based'' automated target system largely based on such 
trust gives me pause. As President Reagan would say, ``Trust, but 
verify.''
    And, finally, cyber-threats. Every passing day shows that cyber-
crime and cyber-terrorism are clear and present dangers to our Nation. 
We will either do everything in our power to prevent a devastating 
cyber-attack on our Nation now, or sit here (if we are lucky enough 
still to be around) 5 years from now, or 10 years from now, or 20, and 
lament the fact that we did not. It is imperative that both the 
administration and Congress put partisanship and ideology aside to 
devise and enact, this year, a law to make our Nation more secure from 
this potentially cataclysmic threat.
    To conclude, making progress on all these fronts will require 
adroit leadership on the part of Secretary Napolitano and her 
leadership team, working in concert with the Congress, with your 
committee and your Senate counterpart in particular. Given the grave 
threats, and our severe fiscal constraints, there is no time to waste, 
and not a single dollar to waste. I would applaud her for to taking 
steps like pulling the plug on costly and ineffective procurements like 
SBInet and DNDO's ASP program, and, I hope that this year, and in the 
many lean years likely still to be ahead, that she will have 
Congressional support for directing counterterrorism grants to only 
those localities most at risk of terror attacks.
    Again, Mr. Chairman, Mr. Ranking Member, and Members, thank you for 
inviting me to appear before you today and I look forward to responding 
to your questions.

    Chairman McCaul. Thank you, Mr. Ervin. Your comments on the 
necessity for cyber legislation is a good segue into my 5 
minutes of questions. I recognize myself for 5 minutes.
    Mr. Henry, as I mentioned my trip to the NSA yesterday, my 
briefings with General Alexander highlight the sobering reality 
that we are under attack as a Nation and our interests are 
under attack overseas.
    The enormous amount of intellectual property stolen as you 
mentioned, the espionage, and the cyber warfare primarily, 
China, Russia, Iran, and Iran's latest attacks on Aramco in the 
Saudi peninsula and our own financial institutions, which is 
probably occurring, as I speak cause me great harm.
    I think we need to move quickly on this so I wanted to ask 
you real quickly, what is your assessment on the role of DHS? 
In addition, if you have had a chance to read the draft 
Executive Order, what is your assessment of that as well?
    Mr. Henry. Thank you, Chairman.
    As far as DHS, I think that one of the critical areas in 
everything that we do as it relates to cyber is the collection 
and dissemination of intelligence.
    As I mentioned in my statement, we have been focusing on 
reducing the vulnerabilities for so long, but it is really 
critical for us to identify who the adversaries are and to take 
steps as a Nation to thwart their efforts and to mitigate that 
threat.
    I think as it relates to intelligence sharing, DHS has a 
role in collecting perhaps or deconflicting across multiple 
agencies--the FBI, NSA, DOD, and others--who collect 
intelligence related to the threat and how do we take that very 
critical information and intelligence and synthesize it so that 
it can be shared effectively in a manner that best helps the 
private sector prepare to defend their networks and also to 
help take the intelligence that is collected off of the network 
every single day by the private sector and to get that into the 
hands of the right people who can take actions to thwart the 
threat; to help do the attribution to identify there is a 
particular nation and we know this particular nation is taking 
this action against U.S. interests.
    It is impacting our economic and National security, and as 
a Government there are steps that we can take whether they be 
economic, some type of trade sanctions, law enforcement 
actions, some intelligence community actions. There are steps 
that we can take but it can only happen if that intelligence is 
synthesized and shared both ways. I think that DHS can play a 
role in the critical area.
    Chairman McCaul. On the Executive Order?
    Mr. Henry. So the Executive Order I just had a moment to 
look at it this morning. I think it talks about that. It talks 
about how intelligence is shared, information is shared between 
the private sector and the U.S. Government. So I think 
elaborating on that, the devil's in the details of course how 
we actually build that out.
    I also agree with the statement that somebody made about 
the comprehensive whole-of-Government response here, and I 
think the Executive Order also talks about that. It has to be a 
comprehensive plan and it has to work across all sectors. There 
is not an agency or an organization that this doesn't touch and 
everybody has got to have a piece of that response.
    Chairman McCaul. I agree with that. Moving on to the 
border, I just visited the L.A. port. There is a threat to our 
West Coast with these boats coming up from South America. There 
is a threat to the Caribbean, the Southwest Border we focus 
quite a bit on, and of course the Northern Border as well.
    The Southwest Border particularly, Admiral Allen, we are 
going to come up with a bill, an authorization bill. What would 
you recommend that we focus on for a comprehensive strategy?
    Admiral Allen. Mr. Chairman, I think it is important to 
take a risk-based approach. Given the resource constraints we 
are dealing with, the budget environment, and the physical 
realities of the border, and I mentioned some of them earlier. 
I think we need to understand the risk that is presented by the 
border. We don't want to drive that risk to zero because we 
will shut down trade.
    In my view, the best thing we can do is increase 
situational awareness. In the maritime environment, that would 
be maritime building awareness, our ability to understand what 
is out there through a combination of information sharing, 
sensor information, and a collection of information on the 
movement of vessels that is available through positioning 
systems that are there right now.
    That needs to be centrally known, shared, and coordinated 
with the various databases that are resident in the other 
components to create a comprehensive common operating picture 
and a common intelligence picture that allows us to queue our 
resources.
    Specifically in relation to the Southwest Border maritime 
environment that you are talking about, there is extraordinary 
cooperation between the CBP and the Coast Guard there an 
actually with the Navy fleet commander down there that makes 
resources available.
    What we need to do is refine our ability to understand what 
is happening in the maritime environment, to be able to 
identify legitimate flows from illegitimate flows, and be able 
to focus those resources.
    That needs to be done in my view by coordinating and 
consolidating command centers where we can, information, 
sharing where we can, and then queuing those resources in a 
collective manner.
    Chairman McCaul. I think the technology piece is a piece 
that has not been finalized down there, and I think that is 
where we are going to be focusing quite a bit on getting 
technology down there to better secure it.
    Last, and it has to be very quickly, Mr. Walker, what was 
it--you had mentioned a management restructuring and some 
specific positions that you would recommend. Can you----
    Mr. Walker. One, Government is a large, complex, and very 
expensive enterprise and as it has been mentioned, we have 
limited resources. We need to allocate those based upon risk.
    My view is when you look at the Department of Homeland 
Security, which is a combination, an amalgamation of many other 
departments and agencies in the past, there is a need for a 
chief operating officer; a level two official that would be 
responsible for the management process that would be based upon 
statutory qualification requirements, would have a term 
appointment, and a performance contract.
    We look to other countries, we see that this exists. I 
mean, you know, the United States is not an island. We need to 
learn from history. We need to learn from others, and I think 
it is a concept that makes sense in certain agencies such as 
DHS and DOD, for example.
    Last thing is there is a lot of great recommendations that 
are made by the GAL, by inspectors general, by, you know, even 
good work that is done by these committees as well as OMB, but 
a lot of these recommendations never get implemented. You know, 
whether it is duplicated programs, whether it is best practices 
problems, you know, crossing many different functions in 
Government.
    I think there is a need for a capable, credible, and non-
conflicted statutory group that would end up being able to look 
at a number of areas, make recommendations to the Congress with 
guaranteed hearings and a guaranteed vote building off of like 
a Hoover Commission approach if you will because the simple 
fact of the matter is whether it is Simpson Bowles, and 
Domenici to Weber, or anything else, they are dealing with the 
big-ticket items.
    On the other hand, there are billions and billions and 
billions of dollars the grow every year that we are not coming 
to grips with that, that we are gonna have an extraordinary 
mechanism to deal with that are not being dealt with.
    Chairman McCaul. I think that the outside reading group 
really kind of encapsulates the DHS Accountability Act that was 
introduced last Congress, passed the House, unfortunately not 
the Senate. I hope I can, in working with the Ranking Member, 
we can reintroduce that legislation.
    With that, I now recognize the Ranking Member.
    Mr. Thompson. Thank you very much, Mr. Chairman. I would 
like to enter into the record a letter from Secretary 
Napolitano kind of highlighting concerns around sequestration 
and what that would possibly do to adversely impact----
    Chairman McCaul. Without objection, that is so ordered.
    [The information follows:]
 Letter From Hon. Janet Napolitano to Ranking Member Bennie G. Thompson
                                 February 13, 2013.
The Honorable Bennie G. Thompson,
Ranking Member, Committee on Homeland Security, U.S. House of 
        Representatives, Washington, DC 20515.
    Dear Representative Thompson: Thank you for your letter regarding 
the potential impacts of the March 1st sequestration. The Department of 
Homeland Security (DHS) shares your deep concerns about the effects 
this unprecedented budget reduction to Fiscal Year (FY) 2013 funding 
will have on DHS, its missions, and our Nation's security and economy.
    Reductions mandated by sequestration would undermine the 
significant progress the Department has made over the past 10 years and 
would negatively affect our ability to carry out our vital missions. 
Sequestration would roll back border security, increase wait times at 
our Nation's land ports of entry and airports, affect aviation and 
maritime safety and security, leave critical infrastructure vulnerable 
to attacks, hamper disaster response time and our Surge Force 
capabilities, and significantly scale back cybersecurity infrastructure 
protections that have been developed in recent years. In addition, 
sequestration would necessitate furloughs of up to 14 days for a 
significant portion of our front-line law enforcement personnel, and 
could potentially result in reductions in force at the Department. The 
following provides specific examples of the potential impacts of 
Sequestration on the Department:
   U.S. Customs and Border Protection (CBP) would not be able 
        to maintain current staffing levels of Border Patrol Agents and 
        CBP Officers as mandated by Congress. Funding and staffing 
        reductions will increase wait times at airports, affect 
        security between land ports of entry, affect CBP's ability to 
        collect revenue owed to the Federal Government, and slow 
        screening and entry programs for those traveling into the 
        United States.
   U.S. Immigration and Customs Enforcement (ICE) would not be 
        able to sustain current detention and removal operations or 
        maintain the 34,000 detention beds mandated by Congress. This 
        would significantly roll back progress that resulted in record-
        high removals of illegal criminal aliens this past year, and 
        would reduce ICE Homeland Security Investigations' activities, 
        including human smuggling, counter-proliferation, and 
        commercial trade fraud investigations.
   The Transportation Security Administration would reduce its 
        front-line workforce, which would substantially increase 
        passenger wait times at airport security checkpoints.
   The U.S. Coast Guard (USCG) would have to curtail air and 
        surface operations by nearly 25 percent, adversely affecting 
        maritime safety and security across nearly all missions areas. 
        A reduction of this magnitude will substantially reduce drug 
        interdiction, migrant interdiction, fisheries law enforcement, 
        aids to navigation, and other law enforcement operations as 
        well as the safe flow of commerce along U.S. waterways.
   Furloughs and reductions in overtime would adversely affect 
        the availability of the U.S. Secret Service workforce, and 
        hinder on-going criminal investigations.
   Reductions in funding for operations, maintenance, and 
        analytical contracts supporting the National Cybersecurity 
        Protection System (NCPS) would impact our ability to detect and 
        analyze emerging cyber threats and protect civilian Federal 
        computer networks.
   The Federal Emergency Management Agency's Disaster Relief 
        Fund would be reduced by over a billion dollars, with an impact 
        on survivors recovering from future severe weather events, and 
        affecting the economic recoveries of local economies in those 
        regions. State and local homeland security grants funding would 
        also be reduced, potentially leading to layoffs of emergency 
        personnel and first responders.
   The Science and Technology Directorate would have to stop 
        on-going research and development including: Countermeasures 
        for bio-threats, improvements to aviation security and 
        cybersecurity technologies, and projects that support first 
        responders.
   The Department would be unable to move forward with 
        necessary management integration efforts such as modernizing 
        critical financial systems. This would hinder the Department's 
        ability to provide accurate and timely financial reporting, 
        facilitate clean audit opinions, address systems security 
        issues, and remediate financial control and financial system 
        weaknesses.
    Hurricane Sandy, recent threats surrounding aviation and the 
continued threat of homegrown terrorism demonstrate how we must remain 
vigilant and prepared. Threats from terrorism and response-and-recovery 
efforts associated with natural disasters will not diminish because of 
budget cuts to DHS. Even in this current fiscal climate, we do not have 
the luxury of making significant reductions to our capabilities without 
placing our Nation at risk. Rather, we must continue to prepare for, 
respond to, and recover from evolving threats and disasters--and we 
require sufficient resources to sustain and adapt our capabilities 
accordingly. We simply cannot absorb the additional reduction posed by 
Sequestration without significantly negatively affecting front-line 
operations and our Nation's previous investments in the homeland 
security enterprise.
    The Department appreciates the strong support it has received from 
Congress over the past 10 years. As we approach March 1, Congress is 
urged to act to prevent Sequestration and ensure that DHS can continue 
to meet evolving threats and maintain the security of our Nation and 
citizens. Should you have any questions or concerns at any time, please 
do not hesitate to contact me[.]
            Yours very truly,
                                          Janet Napolitano.

    Mr. Thompson. Thank you.
    Mr. Ervin, let us look at TSA as a point of conversation. 
Most of us here go through airports every week. The assumption 
is that the screening technology that we all go through is 
good.
    What has been your concern about TSA's approach to 
technology and whether we are really identifying all the 
vulnerabilities or are we just--just tell me what your concerns 
are.
    Mr. Ervin. Right. Well, thank you for that Mr. Thompson. I 
guess I would say several things. First of all, as I mention 
just briefly in my testimony, it seems to me that the chief 
problem with the current technology that we deploy at 
checkpoints, advanced imaging technology, to use the technical 
term, which encompasses millimeter wave machines and also 
backscatter machines, and it is the backscatter machines that 
the Chairman talked about in his opening statement that we are 
not able to meet the privacy concerns and as a result have been 
pulled back.
    Both of them--while one could argue that one is more 
effective than the other--both of them are anomaly detectors as 
opposed to explosives detectors.
    By that I mean that all those machines do is show that 
there is something on the person of the passenger that is out 
of the ordinary and it is therefore incumbent upon the screener 
observing that image to determine that there is in fact anomaly 
and then to inquire further as to whether that anomaly isn't in 
fact an explosive and therefore should be of concern.
    Instead, as I say, I think what we need to do is to skip a 
step, take out a step, and instead to deploy machines that are 
automated explosive detectors, which is to say immediately 
without any human intervention determine that there is in fact 
or is not which of course is usually the case an explosive and 
I think that would be a huge advantage.
    There are certain companies that have such technology. That 
technology is being tested by TSA to be fair, but I think we 
need to redouble our efforts to deploy it. I guess----
    Mr. Thompson. My point, to support what the Chairman has 
said, one of the things we will look at is how we do 
procurement and contracting with the Department. We know all of 
these vulnerabilities are out there, but we can't get the 
through-put to the point of reality.
    So, Mr. Chairman, I look forward to--as we go forward.
    Admiral Allen, Congress passed some legislation long time 
ago saying that we should screen in-bound cargo coming in to 
this country from foreign areas, and we are woefully beyond the 
point of the Congressional mandate.
    Do you see that also as a vulnerability from a security 
standpoint to this country not knowing what is coming in the 
containers to this country?
    Admiral Allen. Mr. Thompson, there is always going to be a 
risk in any cargo entering the country and any inspection 
regime associated with that.
    As I stated earlier, we need to understand the risk that is 
inherent in these flows in trades and then try and attack it 
where we best get the return on our resources.
    I know that 100 percent container inspection has been 
discussed for many, many years. I myself think that that is a 
little bit of a bridge too far in terms of resources and the 
technology available to accomplish that and make that actually 
an effective way to secure cargo.
    I think we need to look at emerging technologies. Some of 
the other Members here have alluded to different types of 
sensing equipment that could actually interrogate these 
containers while they were being moved themselves.
    I think in the long run, it has to do with evaluating data 
intelligence and sharing information is the way to go. I know 
there is a desire to see 100 percent screening of containers. I 
don't think it is realistically achievable in the near-term, 
sir.
    Mr. Thompson. What is realistic in your opinion?
    Admiral Allen. Well, considering the technology challenges 
and the costs associated with it, sir, I think that it would be 
very, very difficult to achieve that goal in the current budget 
environment and current technology environment.
    Mr. Thompson. Good answer.
    Mr. Walker, you talked about creating a commission or a 
individual who has some responsibility for certain challenges 
within DHS. Can you go a little farther in how you see that----
    Mr. Walker. Sure.
    Mr. Thompson [continuing]. Individual operating?
    Mr. Walker. Sure. There is two issues. One is a micro-issue 
for the Department of Homeland Security and the other is a 
macro-issue that deals with the Government at large.
    The Department of Homeland Security is the third-largest 
Federal agency. It is accumulation, amalgamation of a bunch of 
different, you know, previous organizations. It has got a very 
important mission. It has got very limited resources, and it 
has got a number of fundamental management challenges that 
exist and will continue to exist.
    We need to have somebody focused full-time on management 
transformation and execution; economy, efficiency, 
effectiveness, credibility.
    We need to focus, have somebody focus full-time on the 
issue of risk assessment. There is no such thing as zero risk. 
You have to be able to allocate limited resources to mitigate 
as much risk as possible.
    In my view, while deputy secretaries typically try to do 
some of this job and to differing degrees of success and this 
has nothing to do about the current incumbent or prior 
individuals that were there, it is just a big darn job and that 
we need to recognize that we need to have people in those jobs 
that have appropriate qualification requirements who will be 
there for enough time to be able to get things done.
    That is why say 5- to 7-year term with a performance 
contract focused on results so that we are in effect 
professionalizing part of the management and execution of 
Government. I think----
    Mr. Thompson. If the Chairman will indulge me, are you 
saying that individual will also have the authority to fix 
whatever they encounter?
    Mr. Walker. Well, there is two things. One of which is they 
will identify to the extent that they have the authority under 
current law then they would fix it.
    The second is the macro issue I am talking about. If you 
look at duplicate programs, if you look at problems with 
procurement, human capital, whatever, there are a number of 
things that exist throughout Government and that have not been 
effectively addressed for a variety of reasons in the normal 
course.
    I believe there is a need to create some type of a 
statutory task force where the Congress would buy in and the 
President would buy in that would be comprised of individuals 
who are capable, credible, with proven transformational change 
experience in the private sector, public sector, and/or not-
for-profit who don't have conflicts, who would oversee a 
process to review different functions or programs that would 
make recommendations focused on economy, efficiency, 
effectiveness, and credibility that would be guaranteed 
hearings and guaranteed a vote.
    If you look at, you know, whether it is the Grace 
Commission or the good work that Vice President Gore did, you 
know, on reinventing Government, there is a lot of things that 
come out that frankly never get acted on and I think we have to 
recognize that given our current and projected financial 
condition and the fact that the agencies that are discretionary 
spending including this Department that is envisioned by the 
Constitution, but nonetheless is getting squeezed--not--didn't 
say homeland security but domestic tranquility and I would 
argue that this is part of domestic tranquility, then, you 
know, we have got to figure out a new way to try to be able to 
address these long-standing problems to free up more resources 
to mitigate the risk and to execute on mission.
    Mr. Thompson. Thank you very much.
    I appreciate the Chairman's indulgence.
    Chairman McCaul. I thank the Ranking Member. I plan to 
recognize Members who are in accordance with the committee 
rules, those who were present at the start of the hearing, by 
seniority, and those coming in after the hearing will be 
recognized in the order of arrival.
    With that, Chairman King is now recognized.
    Mr. King. Thank you, Mr. Chairman.
    Let me thank all of the witnesses for their Government 
service over the years. It is greatly appreciated.
    Director Leiter, let me just focus on a few things in your 
statement. You mentioned the concern about terrorism fatigue 
both in the Government and among the general public.
    You also referenced the concern about improvised nuclear 
devices. I know in New York we are very concerned about dirty 
bombs, the impact that would have whether it was in lower 
Manhattan, Wall Street, Times Square area. Both, you know, the 
loss of human life, which would be significant enough, but also 
the economic impact it would have on the country perhaps 
costing billions of dollars in the economy making it 
uninhabitable for 6 to 8 months.
    In response to that, we set up the Secure the Cities 
Program, which was intended to be not just for the New York 
area and this includes Long Island, Connecticut, and New 
Jersey, but also to serve as a template for the country for 
other urban areas around the country.
    When you were with MCTC, did you have an opportunity to 
observe Secure the Cities or discuss with Commissioner Kelly 
all?
    Mr. Leiter. I did not, Congressman, but I spent an 
extensive amount of time with the NYPD counterterrorism 
officials throughout the region in New York, New Jersey, and 
Connecticut.
    In my regard, I think this is a very good program. I would 
associate myself with previous comments that a risk-based 
approach on these topics is absolutely critical.
    If we simply slice the salami and try to get all of the 
funding everywhere in the country to defend against low-
likelihood but high-consequence events like an improvised 
nuclear device, we will not cover the places that are most 
likely to be hit and we have to take some risk there.
    Certainly major metropolitan areas, New York, Chicago, Los 
Angeles--this is not to say that other parts of the country are 
not important--but we have to prioritize because if we try to 
spend the money everywhere, we either will run out of money or 
we won't be able to protect anything effectively.
    Mr. King. Thank you.
    Mr. Ervin, if anyone was literally present at the creation 
of the Department it has been you, and you have been involved 
in many capacities ever since the Department was created, both 
as a Government official and as a private citizen.
    As Director Leiter said, you mention the importance of 
risk-based funding in your statement. You also pointed to mass 
transit and that has been--again it is perhaps a parochial 
concern of mine since we have 5 million passengers every day 
whether it is the subway system, Long Island Railroad, Path 
subways. We have had six attempted plots against the mass 
transit system in New York.
    What though would you suggest that we do since to me it is 
much easier to secure an airport, much easier to make airliners 
secure. I think in New York we have over 1,000 entrances and 
exits just on the subway system. How you can possibly secure 
that? Is it technology? Is it personnel? Is it intelligence 
gathering?
    Mr. Ervin. Well, thank you for that, Mr. Chairman. I am 
glad you underscored that because as I said in my statement, 
just briefly, I really worry about that and think that we have, 
relatively speaking, underprepared for it.
    I think you put your finger on it. We certainly cannot 
secure the mass transit sector in the same way or attempt to 
secure it in the same way that we secure the aviation sector 
for all of the reasons you cite.
    I think what we need to do going forward is what New York 
City does very well, but I think we need to see that model 
replicated in other cities around the country that don't have 
the same degree of threat that New York has.
    I think New York is unique in that regard, but are likewise 
in terrorist crosshairs--Washington, DC; Los Angeles; Chicago; 
and by that I mean, it is what you said. It is a combination of 
personnel and technology.
    The good news is, after every scare, mass transit scare, in 
around the world and in this country we see--not just in New 
York City but in the cities that I mentioned--an increased 
police presence, the greater deployment of technology, but what 
tends to happen is that that is just time-limited.
    When the issue fades from the headlines, those resources 
are taken away and that is understandable to some degree given 
the budget constraint we are in and the fact that to a very 
large degree, mass transit, unlike aviation security, is 
financed at the State and local level.
    Given our fiscal environment and given this threat, I think 
we need to redirect our resources so that a greater percentage 
of TSA's budget in particular and the overall DHS budget is 
directed to mass transit sector given, as I say, the threat 
that the mass transit sector poses to our country.
    Mr. King. I would suggest also, and the question, of 
course, though, that we factor in--I think you agree with 
this--the financial impact a successful attack on any of our 
urban centers would have, whether it is in New York, Los 
Angeles, Chicago, Boston, Philadelphia--go down the line, and 
that would impact billions and billions of dollars.
    Mr. Ervin. No question about it, sir. You know, mass 
transit is called mass for reason. There are huge numbers of 
people, as you note, who are affected by mass transit, and we 
know that terrorists' intention is to maximize the number of 
people killed and maximize the number of people injured, to 
maximize the psychic impact of it, and to maximize the economic 
impact.
    We certainly saw that in 9/11 with regard to the aviation 
sector. We would see that with regard to the mass transit 
sector if God forbid there were successful attacks.
    Mr. King. Thank you, Mr. Ervin.
    My final statement will be to Mr. Leiter. You testified 
before our committee in January 2011, and you said that al-
Awlaki was the most dangerous person in the world followed by 
bin Laden.
    Within 8 months, they were both gone. Anybody else you want 
to mention today?
    [Laughter.]
    Mr. Leiter. Mr. Chairman, Mr. King, that is a dangerous 
question and my answer is even more dangerous, but what I would 
say is it shows that focused or prioritizing where our most 
deadly enemies are and doing so with greater transparency, so 
our elected officials have an opportunity to weigh-in with the 
Executive branch and make their views known about whether or 
not someone should or should not be legitimately targeted, is 
an important role for this committee, the intelligence 
committee, the armed services committee.
    In my view, the fact that someone is an American citizen, 
although tragic and a weighty decision for the President, 
clearly cannot immunize that person from being stopped from 
launching attacks, and sometimes we have to do that using 
deadly force.
    Mr. King. Thank you, Mr. Leiter.
    Thank you, Mr. Chairman.
    Chairman McCaul. The Chairman now recognizes the gentleman 
from Massachusetts, Mr. Keating.
    Mr. Keating. Thank you, Mr. Chairman.
    I am gonna just drill down on one issue that I brought up 
in the past but still remains a problem. Since 2001, there's 
been over 1,300 perimeter security breaches at airports.
    So even though we have an easier job at airports, I don't 
think that job is being done frankly, and as history has shown 
us, one unsafe airport compromises every airport in the entire 
country.
    In October 2011, I introduced an amendment in the 
authorization bill for this committee that seeks to protect 
U.S. travelers and threats resulting from airport perimeter 
breaches by asking TSA to map out a plan to conduct security 
vulnerability assessments at airports throughout the United 
States--not just the 17 percent that they had checked at that 
point of the airports.
    So going forward, what is the best way to address perimeter 
security at the airports? We have that the public going through 
gates and radiation and screening and doing all kinds of things 
as they approach the gate yet we are wide-open in my opinion; 
pretty darn close to wide-open around our perimeters.
    Could any of you comment on that? Because I continually see 
no action going forward with the Department in this respect.
    Mr. Ervin. Can I say a word about that, Mr. King? I am 
really glad you raised it. Perimeter security at airports is an 
issue that is not often talked about, but like you I worry 
about that as a vulnerability. I guess I would say a couple of 
things.
    One is I would commend to you and I am sure you are aware 
of it and others, the work that Los Angeles has done in this 
regard. There is a forward appointment of police officers, 
which can serve as a deterrent effect--obviously nothing is 
perfect--but can serve as a deterrent effect.
    There are random searches of cars before they approach the 
airport. I think we need to see the wider deployment of this in 
airports around the country.
    We all should recall the incident in Edinborough I believe 
back in 2010 or something like that where an airport was 
breached and there were--I believe there--certainly there were 
injuries, I think there were deaths as well, within the pre-
checkpoint area of the airport.
    There is no screening whatsoever that happens and so in the 
same way, and Admiral Allen can talk about this, in the same 
way that we successfully since 9/11 have pushed the borders out 
as far as border security is concerned, likewise, I think we 
need to push airport security out past the checkpoint and long 
before a passenger approaches the airport.
    Mr. Keating. Yes, I am reminded when I was the district 
attorney there was a case just before I entered Congress where 
a 16-year-old boy just pierced through all the security that is 
there or wasn't there. He stowed away on a commercial airline 
and tragically ended up being killed as the airplane elevated 
and his body dropped in our district.
    They went back through all of the video and all of the 
security and had no trace of him. So can you imagine if 
somebody was doing a bank robbery and you knew the bank was 
going to be robbed and you are gonna go back and find out how 
they did it that you never even had a trace of the person?
    This is how wide open it is and the other thing that--if 
anyone wants to comment--it is a big problem with homeland 
security, the pointing of the finger of the local--oh, this is 
the local airport municipality or the ownership of the airport 
or this is the local police and TSA is just saying it is not 
our job. Well, it is their job.
    Mr. Leiter. Congressman, I would say not to minimize your 
concern at all, I think it is very appropriate. I think we have 
similar challenges along the perimeter of much of our critical 
infrastructure in this country whether it is oil and gas, 
electrical facilities, and the like.
    Going to Mr. Henry's area of expertise, but one in which I 
also work, we should accept that we have adversaries from 
around the world who are already inside the perimeter of all of 
these institutions. It just happens to be in the cyber world.
    If we don't look at the combined cyber and physical world 
together we will undoubtedly be burned by one or both.
    Mr. Keating. We are still recovering from the Wall Street 
meltdown yet if there is a cyber breach in one of the big five 
financial institutions, for even several hours, they go 
bankrupt and can you imagine the effect on our economy.
    So you are absolutely right. I yield back my time, Mr. 
Chairman.
    Mr. Walker. Can I mention one other thing, Mr. Keating?
    Mr. Keating. Yes.
    Mr. Walker. First, I guess I would say to what extent are 
we using the same technologies that we use on the border of the 
United States for the perimeter of airports? I don't know the 
answer to that, but there are technologies that are used to 
provide border security. So you could argue that this is 
another potential application of those technologies.
    Mr. Keating. That airport--just to clarify a point--where 
that young man breached security I believe was the eighth-
biggest hub of the country. So this isn't just small airports 
that this becomes a problem with.
    I yield back, Mr. Chairman.
    Chairman McCaul. Thank you, and point of personal 
privilege, I enjoyed sharing the Chair with Chairman King for a 
couple of minutes.
    [Laughter.]
    Chairman McCaul. The Chairman now recognizes the Vice Chair 
of the full committee, Mrs. Miller.
    Mrs. Miller. Thank you very much, Mr. Chairman. First I 
want to thank you for this great panel, for all of these great 
patriots, great Americans coming to testify before the 
committee.
    Sort of a broad range of I think the vision of this 
committee; where we are going, whether it is border security or 
cybersecurity or terrorism. Mr. Walker talking about how the 
National debt is going to impact our ability to secure the 
homeland, so I say it is a very interesting panel and I am very 
appreciative of that.
    As you mentioned, I am and again, I am very appreciative 
again to be the Chairperson in the 113th Congress of the 
Subcommittee on Border and Maritime Security and so I am going 
to be focusing most of my questions for Admiral Allen and I 
appreciated your testimony. I will also say I do want to 
recognize again your service to the Nation, particularly with 
the Deepwater.
    The country has moved past that but we are never forgetting 
when you were tasked with that mission and when you arrived on-
site and started pulling everybody together and just by the 
very--your presence and your determination, you really--that 
was a remarkable mission that accomplished so well. Thank you 
so much for that.
    Admiral, you have talked about, you know, all of the 
various components that might go into operational control of a 
border; what that might look like. You know, I was interested 
in a report that came out a couple of years ago from the GAO 
that talked about the percentage of operational control that we 
currently have at the Southern Border which is about, in the 
40, low 40 percentile and the Northern Border in its single 
digits, 1-digit numerals and, you know, this is not the best 
position to be in, I think.
    Whether or not Secretary Napolitano has mentioned that 
operational control is an antiquated term, but we have to have 
some sort of metrics. How do you actually measure that?
    Our committee is actually going to be--our subcommittee is 
actually going to be having a hearing just asking the 
Department: ``What does a secure border look like to you, at 
the Department?'' I would ask you, sir, if you were sitting 
there, what does a secure border actually look like?
    Admiral Allen. Thank you for the question, ma'am. If I 
could start off with a metaphor related to the oil spill. I get 
asked all the time if there is any way to safely extract 
hydrocarbons in deep water drilling I tell everybody there is 
no risk-free way to extract hydrocarbons and we are going to go 
to another generation of energy development before we are going 
to have to move away from dependence on that.
    So the question is: What is an acceptable level of risk to 
carry out those activities? I would tell you just the same as 
in deep water drilling, it depends on where you are at, the 
local region, the particular characteristics related to that, 
and frankly, the political sensitivities and some of the 
political perspectives and culture in the region.
    The reason operational control of the border is such a 
vexing term is some cases you can effectively control the 
border with a 1-mile offense in a downtown municipal area like 
Juarez or Otay Mesa.
    In other areas, sensors, integrated fixed towers can give 
you enough situational awareness where you can react if 
something does occur before it becomes a threat inside the 
United States.
    In other places, they are such a remote area in the big 
bang country of Texas where it is going to take you an hour or 
2 hours to get to the nearest crossroad. So the question is: 
What is deployed there that can respond to the threat?
    I think what is needed is an integrated assessment of the 
areas of the border focusing on regional risk and 
vulnerabilities and what constitutes the greatest threat. There 
were conversations earlier about improvised explosive devices 
and nuclear devices in relation to high-population areas.
    I think we need to look at the vulnerabilities that are out 
there and where we best mitigate risk, understanding that there 
are places where we will have to respond in some period of 
time.
    That is the reason when people say operational control of 
the border or border security, I kind of cringe because I used 
to tell people if you can explain what that is, you have just 
proved you don't know it.
    I think what we have to have is a comprehensive assessment 
and what happens in one port or one area of the border needs to 
be specifically--criteria that is equally applied in each area 
that will produce a different outcome on the type of resources, 
personnel, sensors that you need, but ultimately, all of that 
needs to come back someplace to create common operating picture 
to direct responses from.
    Mrs. Miller. Well, I appreciate that and just one other 
question then. Following up on that, talking about the Southern 
Border, the Northern Border, if you think about the Maritime 
Border as well and with your background, the Ranking Member 
asked a question about the percentage of scanning, you know, 
the Congress saying we are going to have 100 percent scanning.
    I would agree with your assessment that that is not 
possible. We are really only right now at 3 or 4 percent, 
scanning 3 or 4 percent of all the cargo that is coming.
    So as we look at the outer ring of border security 
particularly from a maritime environment at our ports, et 
cetera--excuse me--what again, what kinds of things, you know, 
we talk about some of the--looking at our partners at some of 
the point of debarkation for some of the cargo, et cetera.
    How could we do a better job and again how do you even 
measure those kinds of things?
    Admiral Allen. Well, if I could just reiterate on the 
container situation, I think the best way to reduce that risk 
as low as we can is to look at technologies that actually allow 
those containers to be interrogated with sensors while they are 
being moved and the devices that lift them and that is a 
technology that has not matured, but I think that is where we 
ought to be looking there because we are never gonna be able to 
drive that risk to zero.
    We made tremendous strides in the last 10 years in maritime 
domain awareness in terms of automated identification systems, 
devices that are required to be carried and transmitted by 
vessels of a certain length, and long-range tracking devices 
that are required by the International Maritime Organization 
when vessels have declared their intent to enter into a 
country.
    It is not 100 percent. We need to continue to evolve this 
because the more we can identify the traffic that is out there 
and separate legitimate from illegitimate or dark traffic that 
is not identifying themselves, then we can funnel those 
resources where they can best be used to address those threats.
    I think building out a robust National automated 
identification system for the country, which has struggled to 
get funding and support over the years, and create that 
maritime domain awareness is the best thing we can do in the 
maritime domain and that is consistent with international 
treaties and sharing agreements on trying to track and 
basically create more transparency out there on the ships that 
are moving on the ocean.
    Mrs. Miller. Thank you.
    Thank you, Mr. Chairman.
    Chairman McCaul. Admiral, I appreciate your reference to 
Texas as a ``big country.''
    [Laughter.]
    Chairman McCaul. The Chairman now recognizes the Ranking 
Member of the Emergency Preparedness Response Committee, Mr. 
Payne.
    Mr. Payne. Thank you, Mr. Chairman.
    Mr. Ervin, following up on what Mr. King asked about mass 
transit, and as you know I am in Newark, New Jersey right 
across the river from New York and a lot of our mass transit 
systems are shared.
    Could you be more specific about what security measures 
should be taken? Does it look like airport security, the 
screening of the bags, passengers? Does it involve more 
targeted screening through human observation?
    Mr. Ervin. Thank you for that, Mr. Payne. Well, I think it 
is really all those things and as I mentioned, New York City I 
think is a very good incubator in this regard for other 
relevant cities in the country to emulate. It is a combination 
of personnel.
    In New York you have these Viper teams for example, which 
are, you know, for want of a better word, multidisciplinary 
teams of police officers who have a variety of skills who 
deploy en masse occasionally unprovoked at mass transit 
stations.
    It serves to deter terrorists who are casing mass transit 
facilities to see what the vulnerabilities are. I think there 
should be greater deployment of cameras for example. There are 
smart cameras that can spot anomalies and call those anomalies 
to the attention of those who are monitoring those cameras at 
police headquarters and otherwise.
    There are sensors that can be deployed that detect the 
presence of chemical agents in the air and there are also 
random bag searches. In New York City there was a lawsuit, I 
think, is correct that the ACLU brought and the city won that 
lawsuit.
    So I would urge the adoption of measures like that in 
cities across the country and I recognize as I said that 
financing is a problem especially now at the Federal level and 
at the State and local level, but this is a major threat and 
eventually the threat is going to catch up to us if we don't do 
something to address it not just at the time of the headline 
but on an on-going basis.
    Mr. Payne. Just a follow-up on that. What would you think 
would be an appropriate time line for this transit security 
that is needed?
    Mr. Ervin. Well, you know, that is difficult to say. I 
think of the fierce urgency of now, to use that phrase.
    I really don't think we have a moment to waste. You know, 
the principal point of my testimony, and I think Mr. Leiter 
made the same point, is that we cannot allow ourselves to think 
that the terrorism threat has receded.
    In part I think we are a potential victim of our own 
success because we have done such a good job over the years in 
securing the aviation sector. I think that opens up terrorists' 
eyes to the vulnerabilities that remain with regard to mass 
transit, with regard to maritime, and also with regard to soft 
targets.
    We haven't talked about soft targets today during the 
course of the hearing, and I think that you know as devastating 
as an attack was on the aviation sector, as devastating as an 
attack would be on the mass transit sector, an attack on a 
movie theater, on a shopping mall, and not just in New York 
City or Washington, DC, but in Clute, Texas or in, you know, 
Nebraska or Idaho would have a huge psychological, political 
impact in this country. So we have got a huge job to do and 
fewer resources than ever with which to do it.
    Mr. Leiter. Congressman, if I may just add to that. I agree 
with everything that Clarke has said, but I think it is a 
mistake to try to only think about this in defensive measures, 
because we can't defend all of the sites, whether it is mass 
transit or City Hall or whatever it is. It is simply 
impossible.
    In my view, intelligence is the key here and we have to 
understand these networks and find the people before they go 
out and actually launch the attacks. Now, we are not going to 
be perfect there either; that is critical
    From this committee's perspective, I think one of the areas 
where we have to find efficiencies and improve our capabilities 
simultaneously is a greater rationalization of responsibilities 
between DHS-funded State and local fusion centers and FBI joint 
terrorism task forces.
    We have spent a lot of money on this over the past 12 
years. They do serve different purposes, but in my view we 
could rationalize a relationship between those organizations, 
have just as much safety, and save money.
    Mr. Payne. Thank you.
    I yield back.
    Chairman McCaul. The Chairman now recognizes the Chairman 
of the Subcommittee on Cybersecurity, Intelligence, and 
Security Technologies, Mr. Meehan.
    Mr. Meehan. Thank you, Mr. Chairman, and I want to express 
my appreciation to the Chairman for his confidence in allowing 
me the distinct honor of chairing the Subcommittee on 
Cybersecurity, Intelligence, and Security Technologies coming 
into this new Congress here on this committee.
    I also want to express my deep appreciation to this very 
distinguished panel not just for your presence here today, but 
for your long record of service and attention to the multiple 
issues before us. We watch this morph, but a couple of times 
this issue has been raised, the word ``fatigue'' has been 
identified.
    Mr. Leiter, I think you spoke to it quite eloquently and 
now an aspect of that fatigue includes sort of a sense of 
complacency and built because of the successes that have been 
realized by many of the people who have worked alongside of you 
and your colleagues.
    One of the challenges that I face as I look at this and I 
just left a week of visits throughout New York with many 
members of the banking community and others that have been most 
recently victimized by the scope of the attacks. Cyber--how 
real is this threat, Mr. Leiter?
    Mr. Leiter. I think this is far more real than almost 
anyone understands. We have state-sponsored threats, 
principally China and Iran and Russia.
    In the case of China, stealing absolutely billions of 
dollars and targeting not just traditional government, not just 
traditional military, but targeting every sector of our 
economy; agriculture, advanced manufacturing, clean energy, the 
law firms that support these worlds, our information service 
providers, all of them are being penetrated.
    The best organizations at this, organizations like BAE who 
sell cyber defenses, have had these intruders in their networks 
for 18 months before they even know it.
    In the case of Iran, we have seen destructive Iranian cyber 
attacks on Saudi Aramco and RasGas and if anyone thinks that 
you can't go from stealing data to destroying data and 
disrupting critical infrastructure, they simply don't 
understand the technology.
    It is changing a few zeros and ones and that intrusion 
becomes an attack. So in my view, the scope of economic loss 
and the potential for physical destruction is very, very real.
    Mr. Meehan. Well thank you. I think you framed it well.
    Mr. Henry, we had the good privilege of working together 
during your days in the FBI and I appreciated your expertise, 
but you are one who works exclusively in this area of 
cybersecurity and I was struck--I mentioned I was in New York 
and I had been preceded just a few weeks earlier by Mr. Panetta 
and he used the word a ``Cyber Pearl Harbor'' talking about 
trains being diverted off of tracks with chemical weapons and 
the shutdown of our electrical grid.
    But at the same time, how does the average American 
appreciate that they are affected by what is going on today in 
the cyber world, they have got a role, and that we have got to 
be responsive to this threat?
    Mr. Henry. I think that your recognition of that is key 
here. It is very, very difficult for the average American to 
see this because it is, to some of them, many of them it is 
very amorphous.
    You can't actually see many of the impacts of this and I 
think that it may take unfortunately the digital equivalent of 
planes flying into buildings for people to take this seriously, 
until they can actually see it.
    I have used an example before. If I were to say that there 
was a bomb under this table, everybody here would get up and 
run out of the room because everybody knows what it looks like 
when that bomb goes off. We have seen the news footage. We have 
seen the movies. We know what that means if there is a bomb 
under the table.
    But if I say to that same audience that there is a foreign 
adversary in your computer network right now, they are stealing 
your most sensitive information, your most important research 
and development, that same group of people looks back at me and 
smiles like I am telling a joke because it doesn't resonate 
with them. It is not real to them, and that is very 
unfortunate.
    I think the way we do that is through hearings like this, 
through committees, through some of the media attention to some 
of the real impacts.
    When Mr. Leiter talks about some of the critical 
infrastructure that has been damaged, that needs to be 
highlighted for people for them to understand what the real 
risk is to their organizations, to our society as a whole going 
forward.
    Mr. Meehan. I appreciate your framing it that way as well. 
One of the recognitions, 90 percent of this internet in which 
all of our commerce really today is built around, is in the 
hands of private entities.
    Now we have got a real challenge tying together the 
intelligence resources that we are able to generate but working 
simultaneously with the private sector and information sharing.
    It includes a variety of things, not only how we move that 
information, but how we protect privacy and other things too. 
How do we get people comfortable with the idea that we need to 
be working together while simultaneously being able to protect 
the individuals concerned about intrusions on thier privacy?
    Mr. Henry. Well, the, again is very, very critical. I think 
that for people to understand what the risk is that they are 
willing to accept certain inconveniences that may be critical 
to securing the networks.
    If on September 10, 2001, somebody came from, a Government 
official, and said from now on September 10, 2001, from now on, 
we recognize that there as a terrorism threat and we are going 
to ask everybody to take their shoes off when they come 
through, take your laptop out of the bag, take your jacket off, 
you can't carry any shampoo, people would be outraged.
    We can't do this. This is an inconvenience. It infringes on 
people's privacy. But then the next day the world changed and 
all of a sudden everybody understands how significant the risk 
is and they are willing to accept the inconvenience.
    I don't particularly care to do it, but I get it. I 
understand what the risk is, what the adversaries are trying to 
do to us, and I am willing to make those concessions.
    I think in the cyberspace it is very, very similar. People 
need to understand the risk. I think we can balance privacy 
with security. That is gonna take some work and some effort and 
I think the committee has a huge role to play in that.
    Voice. Mr. Chairman----
    Mr. Walker. Very quickly I think there are three elements 
that you have to be able to make real to people, okay.
    No. 1, self-preservation. That is the most fundamental in 
hierarchy of needs. So how can a cyber have an impact that 
could end up having loss of life?
    Second, economic security. How might cyber affect their 
assets, their resources, their accounts, all right?
    Third, personal privacy. Those are the three big elements, 
I think, and you have to make that real to people to help them 
understand it and appreciate it and then they will be, I think, 
more aware and concerned about it.
    Mr. Leiter. Congressman, privacy considerations here are 
really enormous and I would offer at least two ways in which 
this committee can be of assistance on that.
    One is making sure there is transparency about how when 
this information is shared with the U.S. Government and vice 
versa, how it is used. Narrowing the scope of how it is used is 
critical in my view.
    Second, currently today, as much as the Department of 
Homeland Security has done to increase the skill of its 
workforce technically, it is still pale by comparison to the 
National Security Agency and the Department of Defense.
    They don't have the people they need to do this job well. 
Hence we talk a lot about giving the National Security Agency 
and the Department of Defense a larger role in this than we 
might otherwise do.
    In my view, we might have to do that at the beginning, but 
this committee is critical in providing DHS the management 
flexibility and personnel authority to bring in people that 
they won't normally get so they can actually build up that 
expertise.
    Hiring and firing people in the Federal Government is 
impossible. If you give DHS flexibility to bring in people 
through private sector for short-term tours at DHS they can 
build up that capacity much, much faster and then there is less 
of an operational impetus to share all of the staff all the 
time with the National Security Agency and Department of 
Defense.
    Mr. Meehan. Well, thank you. My time's expired, but I look 
forward to working with each of you as we move forward in the 
year on this very challenging issue.
    Chairman McCaul. Yes, and thank you for your testimony, Mr. 
Leiter, in terms of, I think, building the capability and 
credibility--excuse me--of the cyber workforce within DHS will 
be a priority as well.
    The gentleman from Texas, Mr. O'Rourke, is recognized.
    Mr. O'Rourke. Thank you, Mr. Chairman.
    I would ask for unanimous consent to submit two articles 
both published this week--one by our county judge in El Paso, 
Veronica Escobar, the other by Eric Olsen and Chris Wilson of 
the Wilson Institute--both dealing with the dynamic on the 
U.S.-Mexico border and the need to secure our border without 
sacrificing our way of life, trade, mobility, and our economy.
    Chairman McCaul. Without objection, so ordered.
    [The information follows:]
         Article Submitted for the Record by Hon. Beto O'Rourke
                           February 10, 2013
                       gridlock on the rio grande
By Veronica Escobar, El Paso.
    Talk of comprehensive immigration reform is welcome news--
especially because it could offer a possible path for citizenship for 
undocumented immigrants and more visas for highly-skilled workers.
    But the debate's focus on enforcement is ill-advised and its 
approach is still too narrow. By emphasizing enforcement, Federal 
resources won't go where they are truly needed: America's international 
ports of entry, where millions of dollars in goods enter and leave the 
country each day.
    These ports are overburdened and underfinanced. While billions are 
spent on walls and drones, the movement of people and goods is choked. 
Instead of further militarization of our Southern Border, we need to 
invest in the movement of people and goods through our land ports. The 
El Paso area's five ports of entry handle tremendous traffic: In the 
2011 fiscal year, they had 6.8 million pedestrian crossings, 811,000 
truck crossings, and almost 11 million car crossings, which translated 
into $80 billion in trade.
    Much of that trade arrives in the form of trucks that go on to 
points deep inside the country. But a substantial amount stays in El 
Paso: Some 350,000 visitors walk across the Paso del Norte bridge into 
downtown every month.
    But these ports haven't received significant Federal investment in 
personnel or technology for years. Facilities are outdated and 
understaffed. A Texas Department of Transportation assessment found 
that two were already at ``operational failure,'' with average peak 
wait times of more than an hour for commercial traffic and 2 hours for 
passenger traffic.
    One has only to view the rush hour between El Paso and Ciudad 
Juarez, its Mexican counterpart: Long lines of idling vehicles and 
exasperated pedestrians, infuriating at best, hazardous--during 
sweltering summer months--at worst.
    Last year Steve Ortega, an El Paso City Council member, frustrated 
by the lack of meaningful response to the long wait times, drove 
repeatedly across the border to experience the process himself. Each 
morning he waited at least twice as long as what was being reported, 
mainly because most of the available lanes were closed for lack of 
staff.
    El Paso isn't alone; ports of entry all along the border need 
investment. But for too long, policy makers, including the Obama 
administration, have fixated on security and enforcement to the 
exclusion of all else.
    The result is a significant and chronic loss of jobs and trade on 
both sides of the border. But long waits could be eliminated if the 
Federal Government would aggressively invest in personnel, port 
infrastructure, and technology.
    El Paso County is building a new port of entry, but the Federal 
Government has to pay for its personnel. Will it be another clogged 
artery in a country that fails to recognize the enormous benefits of 
cross-border movement, or will it be adequately staffed through more 
rational immigration reform?
    When Government prioritizes enforcement and minimizes the benefits 
of the people and goods flowing through those ports, it does so at its 
own peril. Just as a path to citizenship for the undocumented would 
create millions of new taxpayers, a smoother path through our ports 
would create stronger economies.
    Veronica Escobar, a Democrat, is the county judge in El Paso.
                                 ______
                                 
    Politico Article Submitted for the Record by Hon. Beto O'Rourke
                        Defining border security
By: Eric Olson and Christopher Wilson
February 10, 2013, 08:48 PM EST.
    The recent announcements by President Barack Obama and a bipartisan 
group of senators outlining broad principles for immigration reform are 
very welcome. While the specifics of any reform will be hotly debated, 
a major advance has been made with the emergence of a broad political 
consensus, from left to right, that the current system is broken and in 
need of major repair.
    It would be troubling, then, if this golden opportunity to fix a 
broken system falls victim to the very same trap that has ensnared 
other reform efforts. By conditioning reforms on achieving a poorly 
defined and much misunderstood notion of ``securing the border,'' the 
whole effort is at risk of unraveling.
    It has never been clear what precisely is meant by the term, but 
billions have nevertheless been spent on fences and sophisticated 
technology, and the Border Patrol is now more than five times larger 
than it was two decades ago. Has the border been secured? Hard to say 
since there is no agreement on the metrics for measuring border 
security.
    In the post-Sept. 11 era, border security has largely been thought 
of in terms of terrorist threats, ``spillover'' violence from drug-
trafficking organizations operating in Mexico, and the risks associated 
with undocumented migrants. The top priority for border law enforcement 
has been denying entry into the United States to would-be terrorists. 
To this end, enforcement has been quite effective: There are no 
reported cases of a terrorist attack in the United States that involved 
passage over our Southern Border.
    While drug-trafficking-related violence in Mexico has increased 
dramatically in recent years, violence has largely stayed in Mexico. 
Illegal drugs continue to flow in significant amounts, but crime data 
suggest that it has not contributed to a significant increase in crime 
or violence in the United States. There are exceptions to this, such as 
the 2009 kidnapping of a suspected drug trafficker in West Texas, but 
these are exceptional cases, not a trend, and communities near the 
border have, on average, rates of murder and violent crime that are 
lower than the rest of the Nation. San Diego and El Paso, the two 
largest cities on the border, are among the safest in the country.
    Protecting the United States from the unauthorized entry of 
migrants often becomes the default criterion for establishing border 
security. Counting illegal crossings is inherently difficult, but we do 
know that unauthorized crossings are at their lowest point in 40 years, 
and the Pew Hispanic Center believes there are now as many Mexicans 
leaving the United States as entering. Studies have also dispelled the 
myth that immigration and crime are linked; in fact, the presence of a 
large immigrant population appears to actually help make a city safer.
    All of this is to say that defining border security is actually 
quite complicated. The Department of Homeland Security has been 
wrestling with this concept for some time, and is currently working to 
revise its definition and measures of success.
    In the absence of a clear definition and diagnostic of border 
security to help focus their strategy, Congress and the past two 
administrations have responded to border security concerns by 
dramatically increasing spending on technology and personnel on the 
border. The focus of these efforts has been the vast empty areas 
between the official ports of entry. Yet nearly half of all 
unauthorized immigrants in the United States entered through our ports 
of entry with legitimate visas but failed to leave when their visas 
expired, and most hard drugs like cocaine and methamphetamine likewise 
enter via official crossing points. While the Border Patrol does appear 
to be apprehending more unauthorized crossers, migrants are taking 
ever-greater risks by heading farther into the desert, with hundreds 
dying each year as a result.
    The relative lack of attention on the official crossing points is 
also getting in the way of business. Wait times at the border for cargo 
and individuals have increased, resulting in new costs to manufacturers 
and shrinking the number of customers who enter the United States each 
day to shop. This same congestion can actually facilitate illegal 
crossing and trafficking rather than decrease it.
    So before Congress and the Obama administration fall into the 
reflexive pattern of conditioning immigration reform on border security 
and spending additional money to further beef up the Border Patrol, we 
suggest they take a close look at what has already been done and 
whether more of the same is really the answer. As Homeland Security 
Secretary Janet Napolitano recently said at the Wilson Center, ``We're 
getting to the point of diminishing marginal returns. What would really 
help us is if we could improve the legal migration system so that 
people come through our ports of entry.''
    Instead of making another border buildup a pre-condition for 
immigration reform, border security should be addressed in a way 
complementary to immigration reform. To do so, two things are needed. 
First, clearer metrics for border security must be established so we 
can ensure limited resources are directed to where they can best 
protect the Nation. Second, rather than more border security, we need 
better border management. Creating more legal avenues for workers to 
enter and depart the United States in an orderly fashion also serves as 
a disincentive to illegal immigration and allows law enforcement to 
focus its energy on more dangerous traffic. Similarly, at official 
border crossings, techniques to expedite known, safe travelers and 
shipments can free up resources to search for and deny entry to 
criminals and contraband.
    Eric Olson is associate director of the Latin American Program at 
the Wilson Center and an expert on regional security and organized 
crime. Christopher Wilson is an associate with the Wilson Center's 
Mexico Institute and an expert on U.S.-Mexico trade and border 
management.

    Mr. O'Rourke. For Mr. Walker, you know, in your testimony I 
was, I was very pleased to hear you talk about doing more with 
less and for your request that we adopt efficiency, 
effectiveness, economy, and credibility as the watchwords for 
DHS going forward.
    For a little bit of context for my question, I represent 
most of El Paso, Texas, which with Ciudad Juarez forms one of 
the largest binational communities in the world. We have five 
land crossings connecting the two communities and two countries 
over which pass $80 billion in trade every year.
    In addition to that, there are millions of pedestrians and 
auto crossings every year in El Paso and those crossing north 
spend upwards of $2 billion in our economy, and the trade and 
retail activities alone support about 50,000 jobs in my 
community.
    At the same time, we have 2-, 3-, even 4-hour wait times to 
cross those bridges--up to 9 hours for trade--and so with the 
over doubling of the Border Patrol force that we have seen in 
the last 10 years, billions of dollars spent on border walls, 
and the adoption of new technologies like drones to man the 
border, how do we do more with less?
    How do we prioritize our ports of entry and the legitimate 
legal crossings taking place there and not sacrifice the 
economies of communities like El Paso, the economies of the 
State of Texas--Mexico is our largest trading partner--and the 
economy of the United States; 6 million jobs are dependent on 
U.S.-Mexico trade?
    Mr. Walker. Well, first, I have been to El Paso several 
times so I know exactly what you are talking about. Look, I 
think we are all recognizing that the threats are real and they 
are diverse. I think we are also recognizing that the resources 
are constrained and are likely to get more constrained as time 
goes on.
    There is no such thing as zero risk and therefore I think 
what it means is that we not only have to develop a 
comprehensive integrated strategy but we have to work with our 
partners, in this case, Mexico and if we are talking about 
freight that is coming from Europe, or Asia or whatever, we 
have to work more productively with our partners to be able to 
figure out what can be done elsewhere but before you get to the 
border, to keep able to use technology to a greater extent, and 
to, you know, have human intervention on a more limited basis 
in circumstances where we think there may be a credible threat 
or there is something unusual, alright?
    So there is clearly an opportunity to make more progress 
there. Quite frankly, we are going to have to make more 
progress there given that we can't mitigate all the risk and 
given that we want the flow of people and we want the flow of 
goods and given that resources are going to become more 
constrained as time goes on.
    Admiral Allen. Sir, could I make a comment?
    Mr. O'Rourke. Please.
    Admiral Allen. When I was commandant I served as the 
chairman of the interdiction committee for 4 years and made 
several trips to El Paso, and in the middle of 1970s I was one 
of the people that set up the maritime program with the El Paso 
Intelligence Ccenter. So I am familiar with El Paso.
    I would like to focus a little on some of the challenges 
the CBP has related to border operations and I think it is 
really important to understand this. The inspections that take 
place at ports of entry are done by the Office of Field 
Operations and the Border Patrol's mission is between ports of 
entry.
    When you are looking at how to effectively--and I am really 
cognizant of the trade issue down there. I recently did a panel 
with Nelson Balido of the Border Trade Alliance looking at how 
we could do this better and also Mr. Winkowski who is the 
acting Customs Commissioner.
    We need to look at the actual organic operation of the 
ports of entry, how they are staffed, how they are resourced, 
and we also need to look at how CBP is resourced to carry out 
these missions.
    They are still dealing with a legacy appropriation 
structure that looks at fees that go back to when agriculture, 
customs, and INS were actually separate inspections.
    They have problems with their human resource structure over 
time, how they handle their workforce, and it really restricts 
their agility and flexibility on how they apply inspection 
operations at ports of entry.
    Likewise, I think we need to look at queuing on the Mexican 
side of the border, how we handle truck traffic, which you know 
there is a large amount of, agricultural products that come 
across. Most of the offloads by trucks on the Southwest Border 
are done for agricultural purposes.
    I think, I try to bring all of these things together and 
look at them as a system, and I look at the resource structure 
that supports those in terms of the human resource practices 
that are going on inside of CBP and how they have to fund their 
personnel overtime and so forth is something that desperately 
needs to be looked at.
    Mr. O'Rourke. Very quickly, Admiral Allen, I was pleased to 
hear you talk about the consequences of zero risk; one of which 
would be zero trade to paraphrase what you said. I want to 
commend and thank the Chairman and many others for their 
remarks about the need to set defined goals, metrics that will 
chart our progress towards those goals because right now, 
border security can mean many different things to many 
different people, and I am afraid that any more border security 
in areas like El Paso will crush our economy, our way of life, 
and threaten the National economy as well. So I appreciate your 
testimony.
    Chairman McCaul. The Chairman now recognizes the Chairman 
of the Oversight and Management Efficiency Subcommittee, Mr. 
Duncan.
    Mr. Duncan. Thank you, Mr. Chairman, and thanks for your 
confidence in me to handle the committee that you led so well 
in the last Congress.
    I want to thank the members of the panel for your service 
to our great Nation in your various roles.
    Specifically, Mr. Walker, and continuing, I will raise 
awareness about the Nation's debt and our fiscal situation and 
its threat to our National security.
    If you followed the last Congress, you will understand that 
one of the areas of emphasis that I had was Iran and the threat 
that Iran and its proxies posed to the security of the United 
States.
    Mr. Leitner, if you could provide, I am gonna ask you to 
provide in writing to the committee and myself, your thoughts 
on Iran and specifically the Caracas-Tehran nexus in a post-
Chavez Venezuela.
    That is an in-depth issue I know and so for my oversight 
role, what I would like to ask you guys independent of that, 
given the fact that the Department of Homeland Security has a 
$59 billion budget, 225,000-plus employees--and I will start 
with Mr. Walker--if you were named Secretary of the Department, 
where would you direct the resources to meet your mission or 
the mission of the Department?
    Mr. Walker. Well, that is getting down to the detail. I 
guess what I would say is I would come back to what I said. I 
think that you have to have three things to effectively manage 
any entity. You have to have a strategic and integrated plan 
that is forward-looking, threat/risk/opportunity-oriented, 
resource-constrained.
    Second, you have to define specific goals and objectives. 
What are you trying to achieve? How do you measure success?
    Third, you have to have outcome-based performance metrics. 
How can you end up measuring whether or not you are being 
successful? Are you getting better or worse? How do you compare 
to others on an outcome basis?
    Third, you have to allocate your limited resources to be 
able to maximize value, mitigate risk within current and 
available resource levels.
    That means: Do they have all of those? They don't have all 
of that to the extent that they need to. Second: Who is going 
to execute on this? Who is going to make sure that the systems 
and the processes are in place and that you have continuous 
improvement in order to be able to execute on these things? I 
am talking about the--I am not talking about the operators, but 
I am talking about the management aspects and support 
mechanisms.
    That is why I come back to a chief operating officer who is 
focused full-time on these types of things because the fact is, 
is that we have too much turnover in those critical roles that, 
you know, very good political appointees are appointed, but 
they don't necessarily have the right background. They don't 
necessarily stay there long enough in order to effectively do 
what needs to be done.
    So, I mean, I would give you--that is what I think needs to 
be done rather than saying I would give more money in this 
particular area versus another because it would be, I think, I 
don't have that data to be able to give you an intelligent 
answer there.
    Mr. Duncan. Okay. I am going to ask the admiral to comment 
on that and then I am gonna come back to Mr. Ervin. How would 
you allocate those resources to meet the mission?
    Admiral Allen. Frankly, sir, I would go with the current 
financial structure of the Department and start there. You need 
to be able to enable mission execution with a mission support 
organization and that is not completely integrated in the 
Department now.
    There have been great strides that have been made in the 
last 10 years, but attempts to establish a core financial 
accounting system and a standard human resource system have not 
been successful.
    One of the problems I think exists if you want to get right 
to the bottom of it is that the appropriations structures for 
each of the components is not the same.
    It is not possible to compare personnel costs, operating 
costs, and capital expenditures across the components. Because 
of that, it is not possible to come up with future-years 
homeland security plan very similar to the future-year defense 
plan that allows consistency in planning, especially in capital 
investment.
    I believe that the first step towards getting our arms 
around this would be to standardize the appropriation 
structure--and this gets back to the comments I made about 
CBP's having a legacy structure of fees that date back to their 
legacy departments that have never been rationalized--so it 
makes it almost impossible to estimate personnel costs.
    This is like blocking and tackling of management. Without 
that structure below you it is going to be very hard to do 
that. I would start with the financial management structure of 
the Department.
    Mr. Duncan. Okay.
    Mr. Ervin, how would you allocate the resources?
    Mr. Ervin. Well, sir, I guess I would make a--one quick 
overarching comment and then give a couple of items of detail.
    I guess my overarching comment is I think the bulk of the 
DHS' resources should be deployed on the counterterrorism given 
the importance of that mission to the Department and the 
genesis of the Department.
    To be a bit more detailed about that, given this budget 
environment, I think the DHS should look hard and I think this 
committee can be helpful in this regard and I think, to be 
fair, DHS is beginning to look hard. It needs to look harder.
    Among the missions it performs, even within the 
counterterrorism space: What is it that DHS can perform 
uniquely that other agencies either literally cannot perform or 
can't perform as well as DHS? I will give you two examples.
    One is the Intelligence and Analysis, I&A unit, at DHS. 
There are lots of other intelligence agencies, some 15 others 
within the United States Government, but of all the multiple 
intelligence missions out there, the one it seems to me that 
DHS uniquely can play is to take the intelligence that the rest 
of the community collects and analyze this and then make sure 
that that intelligence is then shared with the private sector 
that owns and operates the bulk of critical infrastructure and 
State and local governments in a non-classified way, but in an 
actionable way, in enough detail such that action can be taken 
on it when action needs to be taken, and I don't know that DHS 
has focused on that enough.
    The second area that I would highlight is S&T. There are 
lots of other S&T R&D components elsewhere in the United States 
Government; DOD comes immediately to mind and that is the case 
as well in the intelligence community.
    It seems to me that S&T should do a better job of 
piggybacking onto those research and development advances that 
other agencies have developed and deployed, and then focus on 
what it is uniquely that either DHS should develop or should 
adapt for the unique purposes of the homeland security mission.
    I think if that mindset is brought to bear we can see huge 
economies, huge efficiencies, and a more effective security for 
the Nation.
    Mr. Duncan. Okay.
    Thank you, gentlemen.
    I yield back.
    Chairman McCaul. The Chairman now recognizes the gentleman 
from Texas, Mr. Vela.
    Mr. Vela. Thank you, Mr. Chairman.
    I, like Mr. O'Rourke, represent a border region in Texas. I 
represent the most southern border region beginning in 
Brownsville, and I just have a few questions.
    Mr. Walker, you have on a few occasions mentioned the 
difficulty in mitigation of risk, and I was curious if you 
could expound on that.
    Mr. Walker. I think my point is that we are never going to 
fully protect the border. We are never going to fully protect 
the air system. Just recognize reality. That is not going to be 
the case.
    It is an impossible task and therefore we also have to 
recognize that we have got limited resources that are going to 
become more limited and that is why it is so important to be 
able to create this comprehensive integrative plan that focuses 
on risk. There are certain areas of the country that are higher 
risk than others.
    There are certain modes of transportation that are higher 
risk than others. There are certain areas of the country that 
quite frankly where you don't have, you know, a large 
population and you can use technology to be able to help scan 
the border, but if somebody crosses the border, which they 
easily can, you are going to have to have a system to be able 
to get them within 100 miles or something of that nature in 
order to be able to deal with it.
    So we have to recognize there is no such thing as zero 
risk. We have to mitigate risk. It will never be zero and we 
need to mitigate it in an intelligent way where we are trying 
to protect as many people as possible and as much assets as 
possible given the resources we have.
    Mr. Vela. Of course like Mr. O'Rourke, we have a 
significant interest in our Texas border on the facilitation of 
trade, so I share many of the same concerns that he has.
    Admiral Allen, one of the questions I have for you is, I 
was curious as to your thoughts on the significance and impact 
of security in Mexico on the safety of citizens on our side of 
the border.
    Admiral Allen. Let me start with an overarching statement. 
I believe the most significant security issue that Mexico has 
to deal with is their southern border and their ability to 
control illicit trafficking, movement of people.
    Once either people or contraband moves into Mexico, we are 
dealing with our own ports of entry. So I think as a general 
statement, working with Mexico to enable them to do a better 
job on their southern border is in everybody's best interest.
    They have had tremendous challenges there; the new 
administration coming into place has some ideas about what to 
do with the national gendarme, if you will. They have been 
effective in the past by using their naval forces and their 
Marines as a special operation forces, if you will, to be 
effective against the drug cartels.
    We exchange information with Mexico. We are improving daily 
on that. I think there has to be a shared common purpose on the 
border related to exchange of information. There are some 
barriers. Those barriers are starting to be dropped down, but I 
think in the long run it is in our best interest to enable our 
Mexican partners to deal with their southern border first and 
then look at the art of the possible in dealing with our 
borders as far as managing risk.
    That includes things like taking advantage of high-
performance computing and data analysis to look at license 
plate reader data, and other things out there that we can't put 
into a data link or data cloud and do analytics on them to look 
at trends and anomalies that would allow us to be able to 
attack the areas of highest risk.
    Mr. Vela. What is the state of affairs, so to say, of 
Mexico's efforts on their southern border?
    Admiral Allen. I might defer to other panel members here if 
they have any information on that because I am a little time 
late being out of the Coast Guard at this point.
    I do know initiatives like the America Initiative may have 
been put in place to give them resources and create capability 
and capacity to allow them to manage those issues on their 
southern border.
    I believe that this is a regional issue. It is not just a 
Mexican issue. The Central American countries that are 
suffering the corrosive effects of drug movements that are now 
moved into the littoral areas in mainland because of our 
successes offshore are producing a regional risk down there.
    I think the more that we can encourage regional approaches 
to their southern border the better off we will be, but I think 
anything that empowers them to have a better situational 
awareness, to be able to move resources, and attack those 
threat vectors that are crossing the southern border should be 
our goal.
    Mr. Vela. So do any of the other witnesses have that 
information with respect to the current state of affairs of 
Mexico's efforts on the southern border or is that something 
left for maybe another witness?
    Admiral Allen. I would defer to our current colleagues that 
are in Government right now and potentially probably a 
classified briefing.
    Mr. Vela. Okay.
    Thank you, Mr. Chairman.
    Chairman McCaul. Thank you. The Chairman now recognizes the 
gentleman from Utah, Mr. Stewart.
    Mr. Stewart. Thank you, Mr. Chairman.
    To the witnesses, thank you for being here today and thank 
you, each of you, for a lifetime of service to your Nation.
    This committee has broad responsibilities. We have touched 
on some of those responsibilities today even if only briefly--
border security, anti-terrorism training and efforts, WMDs, 
cybersecurity--I mean, the list is long.
    I am a former Air Force pilot. Many years we were trained 
to be effective; we had to analyze the threat. We had to 
prioritize the threat in order to effectively defeat that and I 
would ask you to kind of take a--you know--again an Air Force 
analogy; a 30,000-foot view here.
    Is there, with your various backgrounds and your areas of 
expertise, is there a consensus at all about what our priority 
should be? Our No. 1 priority?
    If there is not a consensus, would you individually answer 
the question? If you were king for the day, what would you do? 
What would be the one thing that you would do in order to, you 
know, most greatly enhance our security; the thing were all 
striving to do?
    Admiral, we will start with you if you don't mind.
    Admiral Allen. Let me echo what was said earlier and I 
quote my very good friend, Mike Mullen, past chairman of the 
Joint Chiefs of Staff. I don't think it can be overstated 
enough the current risk that the current budgeting situation, 
continuing resolution, sequestration, and the uncertainty 
associated with that has on National security.
    Moving to actual threats themselves, I would place 
cybersecurity at the top.
    Mr. Stewart. Okay.
    Admiral Allen. I think one of the challenges associated 
with cybersecurity is that it manifests itself differently; the 
different infrastructure sectors and with privacy. I think 
somewhere we need to divide that out and then talk about what 
an inherent Governmental role is within the regulatory 
frameworks of each of those sectors, and find out where that 
places where we can exchange the information that was alluded 
to moving forward.
    I think after that, we need to look at how we functionally 
manage our borders--not just at a port of entry or between or 
Border Patrol or field operations or Coast Guard does. We need 
to look at the border as a holistic framework and how we are 
going to minimize risk by, in my view what is underutilized 
right now is bringing the various sets of data that are 
resident in the components and taking advantage of high-
performance computing and data analytics to be more aware of 
anomalies and where we ought to be putting our forces.
    Mr. Stewart. So Admiral, just making sure I understand, 
your No. 1 would be, focus would be, cybersecurity then?
    Admiral Allen. Right now, yes.
    Mr. Stewart. Okay. Yes.
    Mr. Henry.
    Mr. Henry. Well, I will follow on then on the admiral and 
concur as well on cybersecurity. Although as a taxpayer and a 
former Government employee working in the budget, certainly our 
budget deficit is a significant concern to me for a lot of 
different reasons that have been articulated here.
    I think from the cybersecurity perspective, what we need to 
do, king for a day, what is the one thing you need to do, I 
think it really is defining the red lines and communicating 
those red lines to our adversaries, so they know very clearly 
what the repercussions are for attacking the United States of 
America whether it be stealing intellectual property or 
impacting our critical infrastructure.
    That has got to be key, and again, we cannot just merely 
try to reduce the vulnerabilities. That is important, but we 
have to thwart the adversary. They have to know that they 
cannot attack us.
    There are so many comments that have been made here today 
by each of the distinguished witnesses regarding 
counterterrorism and protecting the border, all of those things 
that they said absolutely apply right here to this space, to 
cyber, it is a direct parallel.
    Mr. Leiter talked about----
    Mr. Stewart. Mr. Henry, could I, could I just add, follow-
on before you move on? It seems to me that they don't pay a 
great price right now that to some degree they work with some 
impunity towards us. Would you agree with that?
    Mr. Henry. There is no risk to the adversary. The return on 
their investment is tremendous.
    Mr. Stewart. Yes.
    Mr. Henry. They are stealing billions of dollars, and there 
is no risk because nobody is telling then, ``Stop.''
    Mr. Stewart. Yes.
    Mr. Henry. Nobody--there is no penalty and until the 
penalty and the threat to them, the risks to them, outweighs 
the game, you are absolutely right, Congressman, there will be 
no stopping this threat.
    Mr. Stewart. Okay.
    Admiral Allen. There is no barrier to entry.
    Mr. Stewart. Yes.
    Mr. Leiter. Congressman, with the caveat that I am a formal 
naval aviator, so you might choose to dismiss everything I say.
    Mr. Stewart. You are a bigger man than I am, if you have 
landed on a carrier.
    Mr. Leiter. Just close your eyes and pray. Congressman, I 
would say two mission areas that I simply can't say one is more 
important than the other; counterterrorism and cyber.
    But on counterterrorism I am going to caveat that with we 
can not aim to stop every small attack and we have to really 
defend and prioritize the catastrophic event.
    But there is a different priority that I would take which 
is not mission-focused, it is following on what Mr. Walker and 
Admiral Allen said. If I was king for a day, I would spend 75 
percent of my time striving for true coordination and 
cohesiveness across the Department, and then making sure that 
the Department is really only doing those things that other 
departments and agencies can't do in the rest of the Federal 
Government.
    By doing that, I am going to have a lot more capability and 
resources to cover all of my other mission-focused priorities.
    Mr. Stewart. Okay, thank you.
    Mr. Walker. If you don't put your finances in order, 
everybody will suffer to differing degrees over time and every 
function of Government will suffer to differing degrees over 
time.
    Second, I do agree that we need to focus on, you know, a 
more comprehensive and integrated approach, a more risk 
management approach, focus on core competencies and comparative 
advantage, which is I think what is being said. What can they 
do uniquely?
    Then last, cyber and border. I think, my personal view is 
we are wasting a hell of a lot of money on what TSA is doing 
domestically with regard to airport security.
    You know what TSA stands for, right? The acronym? Yes, 
okay.
    Mr. Ervin. I associate myself with everything my colleagues 
said. I particularly agree with Mr. Leiter. He said exactly 
what I would say about where to focus.
    You know, I think it is very tough to distinguish between 
the degree of threat posed by cyber and terrorism. I think they 
are essentially equal within terrorism.
    I would agree with Mr. Leiter what he said earlier that we 
need to focus most on events that are low-probability but high-
consequence, namely the threat of terrorists with the weapons 
of mass destruction.
    In terms of what to do about it, again I agree with my 
colleagues. One thing that hasn't been said that I think is 
important is that, you know, I think the figure of $100 billion 
was used by Mr. Leiter earlier as the total amount of money 
that has been spent since 
9/11 to secure our country against the threat of terrorism. It 
is something like that--yearly, annually. So it is a huge 
amount of money needless to say.
    But we don't have an integrated approach, a strategic 
approach to the expenditure of that money. There is a lot of 
duplication within DHS across agencies with regard to that and 
I don't think--for example, part of the strategy is how much of 
the total money spent is focused on preventing terrorism? 
Countering violent extremism?
    To what degree is that integrated across governments? So I 
think greater attention needs to be paid to that and I think it 
would yield outsize dividends if we were to.
    Mr. Stewart. Thank you, all.
    Mr. Chairman, I yield back.
    Chairman McCaul. Thank you.
    The Chairman recognizes the gentleman from Nevada, Mr. 
Horsford.
    Mr. Horsford. Thank you, Mr. Chairman.
    I look forward to working with my colleagues on this 
committee.
    My district includes a portion of Las Vegas and our airport 
there, the McCarran Airport, is the fifth-busiest airport in 
the country; nearly 40 million people fly through that airport 
on an annualized basis.
    So listening to the testimony today, clearly security, 
technology, innovation is at the forefront and I appreciate the 
explanation while also balancing the interests of civil 
liberties and protecting the privacy of individuals.
    My question is: What are the processes in place to share 
the best practices that we have learned over the last few years 
in airport security, particularly in large airports like 
McCarran, and how do we share that with other airports that 
aren't yet at that level? And for airports that are at the 
cutting edge, how do we make sure that they are staying at the 
cutting edge?
    Mr. Ervin. Well, I guess I will start there--start with it. 
I think it is a very good question. I don't know frankly the 
extent of which TSA focuses on best practices among airports. 
You know, there certainly is a degree of variation among them.
    There are differing degrees of effectiveness, differing 
degrees of efficiency, differing degrees of innovation as you 
said. I don't know that there is an organized way to do that, 
but there certainly should be. I agree with that.
    Mr. Walker. I fly multiple times every week all over the 
country. I have been to all 50 States. I have been to 100 
countries. I think that is a great question to ask the 
administrator at TSA because it is a very clear to me they are 
not consistent. They are not consistent and there are clearly 
opportunities to share best practices and lessons learned, if 
you will.
    Mr. Leiter. Congressman, I am not sure of the best 
practices, but I would say one thing for this committee to 
consider how TSA and the Department of Homeland Security can 
accelerate those programs that we all know work well, which are 
real risk-based approaches, in particular global entry and TSA 
PreCheck.
    These are ways of focusing on the people you have to focus 
on and not focusing on the people that you have already done 
background investigations as a matter of intelligence are far 
lesser threats.
    Admiral Allen. Just to follow up, if you look at the risk-
based, screening is probably what you want to do. I don't think 
there is any legal requirement to run people through scanners. 
That is the technology or that is the process that is being 
used right now even with the new advanced imaging technology.
    I think the more you can understand about people and the 
threat posed by that and the more you understand about them in 
advance related to prescreening, the better off you are going 
to be, but I would encourage TSA very much to go to risk-based 
screening, to look at other areas other than just--and Clarke 
already mentioned this--you know, just screening for anomalies 
is not going to reduce risk to zero.
    But to allow them to understand more about passengers, to 
understand about behaviors, behavioral detection officers is 
being deployed, and things that don't negatively impact the 
queues.
    Mr. Horsford. Mr. Chairman, just a follow-up briefly.
    On the counterterror-attack funding--I think one of you 
mentioned that earlier--I know that there have been issues in 
the past where communities like ours that have a higher tourism 
base aren't always taken into account in that methodology. Can 
one of you touch on the need for that in various areas?
    Mr. Ervin. Yes sir, I think I am the one who mentioned it, 
but I am sure we would all agree with that. As you know, over 
the course of the, you know, decade or so of post-9/11, DHS's 
history, there has been a constant struggle over how 
counterterrorism--scarce even then and even scarcer now--
counterterrorism dollars should be allocated.
    You know, my argument is that, you know, perhaps there is a 
role for pork barrel programs, one can argue about that, but if 
there is, there certainly isn't a role for pork with regard to 
counterterrorism dollars in particular in this time.
    So I think on a bipartisan, bicameral basis, there needs to 
be a consensus about the obvious that certain--the larger a 
city is, the more iconic it is, like Los Angeles being a 
tourism mecca, Las Vegas and--and I believe that there was some 
interaction with the 9/11 hijackers in Las Vegas as a matter of 
fact--the more likely it is that they continue, those cities 
continued to--localities generally speaking--continue to be in 
terrorists' crosshairs. So we have got to direct those 
counterterrorism dollars to cities and localities most at risk.
    Chairman McCaul. Thank you.
    The Chairman now recognizes the gentleman from 
Pennsylvania, Mr. Rothfus.
    Mr. Rothfus. Thank you, Mr. Chairman.
    Admiral Allen, I appreciated the interchange with 
Representative Miller about the operational control of the 
border issue.
    You know, we are going to be taking a look at immigration 
and one of the measures that they are going to be looking at is 
securing the border and I think part of the discussion was 
there is going to be maybe a commission that would certify that 
the border is secure.
    You know, what are going to be the criteria? Are there 
objective criteria by which we can judge whether the border is 
secure? What would we be looking for?
    Admiral Allen. Well, it gets back to the comments I made 
about the oil spill. These are sometimes subjective evaluation 
of what is acceptable risk because the risk can never be driven 
to zero.
    But what it needs to be is an acceptance of risk that is 
openly arrived at, transparent, and the criteria that is 
supplied in the discussion needs to be universally understood, 
recognized, and accepted.
    That will be different in different parts of the border. It 
is a far different border in Ciudad Juarez and El Paso than it 
is in Detroit where you have got an international border there 
with Canada.
    I think what we need to strive for are criteria that we can 
apply to a certain area that will produce different outcomes 
depending on the geography and everything else.
    Mr. Rothfus. What kind of criteria would we be looking for?
    Admiral Allen. Well, the physical nature of the border 
itself. Is there a land border? Is there a water border? The 
type of access, the terrain.
    The population density, the amount of cargo in traffic that 
moves through it. How much of that is related to trade? How 
much is foot traffic?
    All of those are different dimensions----
    Mr. Rothfus. So if it is a land border for example, are we 
looking at a fencing issue, I mean looking at, you know, 
remoteness----
    Admiral Allen. Well, I think you----
    Mr. Rothfus [continuing]. If it is a water border, are we 
looking at certain either drones or cameras or something 
watching?
    Admiral Allen. If you look at a highly densely-populated 
area, you can extend fencing out several miles either way and 
you have not reduced the risk to zero but you have channeled 
the threat to places where it can be more adequately dealt 
with.
    There are places where fences aren't going to do you any 
good, out in the middle of nowhere. Where you have a river or 
some other natural barrier, that needs to be considered.
    I guess what I am saying is we need to come up with a 
universally recognized and accepted set of criteria that will 
allow us to make it the best assessment of risk and then accept 
that in terms of what constitutes adequate border security 
knowing that it will never be driven to zero and if we wait for 
that we will never--if we drive it to zero, we will have no 
trade in this country and you will never see immigration 
reform.
    Mr. Rothfus. As far as establishing those criteria, I guess 
it is to policymakers in this House and looking to the people 
in the administration who would be suggesting things also?
    Admiral Allen. I believe, and this gets back to my 
experience in environmental issues and the oil spill, there is 
a much different view of what constitutes an acceptable level 
of risk in the Gulf of Mexico say than there might be off 
southern California or off the North Slope of the Arctic.
    These are local issues that that need to be--that need to 
be taken into account the concerns and the equities of those 
communities, but I think from a National standpoint, we have to 
come up with a set of criteria where we equally apply those to 
areas knowing they will be different outcomes because as one of 
my predecessors said, ``If you have seen one port, you have 
seen one port.''
    That doesn't mean you can't apply criteria to each port. It 
might produce a different outcome, but then you have a standard 
way to assess risk and know what kind of risk you are 
accepting.
    Mr. Rothfus. Thank you.
    Mr. Henry, on cybersecurity, you know, taking a look at the 
organization of the Department, we have an office in the 
National preparedness--it used to be preparedness--the programs 
and--NPPD directorate. There is an office of cybersecurity 
there.
    We also have cybersecurity elements in other components of 
the Department. Is this the optimal organization for 
cybersecurity issues at the Department? Should we be--we are 
two levels down from the Secretary that I can see anyway on 
handling cybersecurity issues.
    Can you comment on the how the assets of the Department are 
deployed with respect to cybersecurity?
    Mr. Henry. Yes, let me first say that when we are talking 
about cyber, we are talking about espionage, we are talking 
about terrorism, we are talking about criminality. Cyber is 
actually the tool.
    So that is why so many of the things that we have talked 
about here and other areas, border protection, 
counterterrorism, et cetera are absolutely relevant in this 
space. That is important to get out.
    As it relates to DHS, I think that you need to have 
visibility into this at the senior levels. I think that 
executives have to be part and parcel of this. This is a whole-
of-Government response and a whole-of-agency response, and 
there is a lot of overlap and many gaps and not enough 
comprehensive review of this at the and in the departments and 
agencies and writ large, the Government writ large, so I think 
that that has got to be considered and look across the agency 
and bring it, consolidate it into one particular area with the 
leadership of the executives directly involved.
    Admiral Allen. I might suggest there are three roles inside 
the DHS related to cyber, and I am going to go functional not 
related to the threat that Mr. Henry talked about.
    The first is the Department has to protect its own network. 
The second: There is a role right now for the Department in 
coordinating across the dot-gov domain, in terms of continuous 
diagnostics and monitoring, to bring them in compliance with 
the administrative directive regarding how the entire 
Government will defend its networks.
    Third is the external requirement that we have discussed 
here today to interact with the private sector, especially 
regarding infrastructure protection and how those sectors will 
be protected, and that is a work in progress impacted by the 
Executive Order that was signed by the President yesterday and 
hopefully will be codified and have legal ambiguities removed 
through legislation that is passed by Congress.
    So if you look at those tiering, it is easy to kind of 
break out who in the Department is doing what. For internal 
network security you are talking about the CIO. When you are 
talking about their role in relation to the dot-gov domain and 
the private sector, then you are talking about NPPD, but there 
also is a role for Intelligence and Analysis that are related 
to how they are dealing with the State and local governments in 
the critical infrastructure sectors as well.
    Mr. Rothfus. Thank you.
    Thank you, Mr. Chairman.
    Chairman McCaul. The Chairman now recognizes the gentlelady 
from New York, Ms. Clarke.
    Ms. Clarke. Thank you, Mr. Chairman.
    I thank the Ranking Member.
    I thank all of you who have testified before us today, and 
I am going to be a little bit more provocative than some of my 
other colleagues because I truly believe that while we all have 
good intentions when it comes to homeland security, we are 
really playing at homeland security, we are not doing homeland 
security.
    I say that in the light of the fact that when you look at 
our armed services and the role that they play in securing our 
Nation, if we treated our armed services the way we treat 
homeland security, other nations would be eating our lunch. 
Other nations would be eating our lunch.
    The title of today's hearing was ``A New Perspective on the 
Threats to Homeland,'' and as a New Yorker I am extremely 
sensitized to it having lived and currently living in New York 
City; I am extremely sensitized to it.
    But when I have CBP officers or, come to my office to tell 
me how at any moment in time something really bad can happen 
because they are doing double, triple shifts because assets 
have been moved to the Southern Border and we are not looking 
at the whole matrix of what needs to be done to actually have 
the FTEs in place to protect our Nation, I get concerned.
    I get extremely concerned, and when we talk about 
cybersecurity for instance, we know what the vulnerabilities 
are. It is not a matter of, you know, how it is going to 
happen, it is--it is like, when is it going to happen, at this 
stage.
    So my concern is that while yes we are trying to do more 
with less, why are we playing with homeland security? Why is it 
that everyone is so ambivalent to talk about what is really 
required to secure the homeland?
    I am really intrigued at the fact that were this the 
Marines, the Air Force, the Navy, the Coast Guard, that we 
would not have the same posture about it.
    So I want to raise a question because we are talking about 
threats to the homeland and when you have a situation where 
ports of entry for instance like JFK Airport has far fewer 
workers, CBP officers, than they had prior to 9/11 working on a 
given shift. You have hundreds if not thousands of people 
coming through customs. They are waiting in a very--about the 
size of this room, maybe a little bit bigger, to go through and 
be documented and be screened.
    You have people waiting there for 2 and 3 hours and mayhem 
breaks out and you have got like four guys sitting there. Is 
that not a threat? Does not that--something like that--pose a 
problem for us as a Nation and how do we bring efficiency, how 
do we bring balance to what we are looking at?
    When people are able to walk around a CBP officer and leave 
undetected the airport and then we find out that, you know, 
there is a superhighway within our communities of drug flow, of 
gun flow.
    Isn't there some connection that we should be looking at in 
terms of threats to the homeland? I am raising this because I 
am a bit concerned--I have heard all of you speak to the threat 
of terrorism but terrorism is one aspect of homeland security 
and we are so fixed on it as we should--listen--well, I have 
been through two terrorist attacks.
    My father worked for the Port Authority, so I am not 
looking at this as someone who doesn't understand what 
terrorism is, but I have also been in City Hall when my 
colleague was gunned down. So I know what illegal handguns can 
do.
    How do we look at this comprehensively and how do we raise, 
stand up this agency, so that it does what it needs to do 
without excuse, without equivocation?
    Because what I am hearing here today is that well we are 
going to do more with less. Well, you know what, we invested in 
IC about one, two, three, four, five, six technology 
deployments for the Southern Border at the cost of billions of 
dollars that never worked, that never worked.
    Yet my airport is a powder keg ready to explode. I am 
putting this out there just a little frustration. I wanted to 
raise it with you because I wanted to get a sense from you of, 
you know, what do we really see as the role of CBP?
    If they are not the first line of defense than who is? That 
is one question. I will have you answer that and then I will 
come back with my next.
    Admiral Allen. I will take a stab----
    Ms. Clarke. But if you can just share with me your----
    Admiral Allen. If I could maybe provide a little context. 
What you are talking about, terrorism, drug trafficking, 
trafficking human beings, trafficking and guns, what you are 
really talking about is illicit trafficking that produces 
financial resources that perpetuate criminal activity. Now I 
would classify terrorists as political criminals.
    All of these networks require money to continue to operate 
and I didn't discuss it specifically, but I think one of the 
challenges facing the Department and the country right now is 
how to deal with these criminal networks by attacking a network 
with a network.
    When we talk about cyber, we talk about defending a network 
with a network. I think we need to understand that these 
threats start to pass organizational boundaries that a lot of 
our traditional law enforcement agencies are created for one 
specific threat; DEA in drugs; ATF in guns, and so forth.
    What we need to understand is moving ahead in this country 
and dealing with either criminal activity, terrorist activity--
we have got to start breaking down the barriers between 
agencies that are being constructed to attack one problem, put 
the information together, and attack a network with a network.
    Ms. Clarke. Isn't that what DHS does? Isn't that their 
role?
    Admiral Allen. That gets back to the high-performance 
computing data analysis, information sharing, breaking down IT 
stovepipes, coming up with a common operating, common 
intelligence picture. I think it is a major challenge for the 
Department.
    Mr. Leiter. Congresswoman, I will be a bit provocative 
back. Without disagreeing with you that you of course have to 
have adequate staffing to deal with whatever threat you see, 
first of all, we shouldn't be looking at the Department as 
having counterterrorism resources. I agree with you. They have 
border protection and security resources and those should be 
applied equally across different missions.
    In most cases, not many things are actually specialized and 
cut down one mission area. You can work all of these security 
threats, but the place where I will be a bit more provocative 
is I think you have very little sense of whether or not 
security at Kennedy Airport has been increased because there 
are four people or eight people there at the border.
    What we learned in the case of Umar Farouk Abdulmutallab on 
Christmas day in 2009, is that if we are waiting to screen 
these people once they get to JFK, we have probably already 
lost the fight.
    So I would go to Admiral Allen's point. The question is: 
How is the National Targeting Center for CBP doing in screening 
these travelers before they even get there, either stopping 
them from getting on a plane and arriving at JFK or knowing 
which ones they have to screen additionally?
    So I do think it is more than a uni-dimensional look at the 
number of people that are at that airport.
    Mr. Walker. Yes. I would say don't focus on how many people 
they have and how big the budget is because that is not 
necessarily indicative of outcome-based results. I will give 
you some examples.
    We spent two-and-a-half times per person for health care. 
We spent two-and-a-half times per person for K-12 education, 
and we get poor results. We are not top 25 in the world, okay.
    If you look at the Defense Department, I can assure you 
that the Defense Department has a huge amount of waste, a huge 
amount of waste, and they are going to have to be cut too.
    But it comes back to what a lot of us have been saying. You 
need a plan, you need a comprehensive and integrated plan. You 
need to define risk and measure risk. You need to determine 
what are you trying to accomplish and how do you measure 
success in that regard, and you have to allocate your limited 
resources, whatever they are, to try to accomplish the most 
with what you have; focus on outcomes. I think there is clearly 
room for improvement there.
    Ms. Clarke. Thank you, Mr. Chairman.
    Chairman McCaul. I thank the witnesses for their valuable 
testimony.
    The record will stay open for 10 days pursuant to the rule.
    Without objection, this committee stands adjourned.
    [Whereupon, at 12:27 p.m., the committee was adjourned.]

                                 
