[Senate Hearing 113-296]
[From the U.S. Government Publishing Office]




                                                        S. Hrg. 113-296
 
            THE DEPARTMENT OF HOMELAND SECURITY AT 10 YEARS

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                    ONE HUNDRED THIRTEENTH CONGRESS


                             FIRST SESSION

                               ----------                              

            A PROGRESS REPORT ON MANAGEMENT, MARCH 21, 2013

  HARNESSING SCIENCE AND TECHNOLOGY TO PROTECT NATIONAL SECURITY AND 
              ENHANCE GOVERNMENT EFFICIENCY, JULY 17, 2013

EXAMINING CHALLENGES AND ACHIEVEMENTS AND ADDRESSING EMERGING THREATS, 
                           SEPTEMBER 11, 2013

                               ----------                              

        Available via the World Wide Web: http://www.fdsys.gov/

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs





[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


















                                                        S. Hrg. 113-296

            THE DEPARTMENT OF HOMELAND SECURITY AT 10 YEARS

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                    ONE HUNDRED THIRTEENTH CONGRESS


                             FIRST SESSION

                               __________

            A PROGRESS REPORT ON MANAGEMENT, MARCH 21, 2013

  HARNESSING SCIENCE AND TECHNOLOGY TO PROTECT NATIONAL SECURITY AND 
              ENHANCE GOVERNMENT EFFICIENCY, JULY 17, 2013

EXAMINING CHALLENGES AND ACHIEVEMENTS AND ADDRESSING EMERGING THREATS, 
                           SEPTEMBER 11, 2013

                               __________

        Available via the World Wide Web: http://www.fdsys.gov/

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs




[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]






                         U.S. GOVERNMENT PRINTING OFFICE 

80-224 PDF                     WASHINGTON : 2014 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Printing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001





        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                  THOMAS R. CARPER, Delaware Chairman
CARL LEVIN, Michigan                 TOM COBURN, Oklahoma
MARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana          RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri           ROB PORTMAN, Ohio
JON TESTER, Montana                  RAND PAUL, Kentucky
MARK BEGICH, Alaska                  MICHAEL B. ENZI, Wyoming
TAMMY BALDWIN, Wisconsin             KELLY AYOTTE, New Hampshire
HEIDI HEITKAMP, North Dakota         JEFF CHIESA, New Jersey

                   Richard J. Kessler, Staff Director
               John P. Kilvington, Deputy Staff Director
         Mary Beth Schultz, Chief Counsel for Homeland Security
         Troy H. Cribb, Chief Counsel for Governmental Affairs
                     Susan B. Corbin, DHS Detailee
                Carly Covieo, Professional Staff Member
                      Kaylee M. Myhre, AAAS Fellow
                Carla D. Cotwight-Williams, AAAS Fellow
           Jason M. Yanussi, Senior Professional Staff Member
            Harlan C. Geer, Senior Professional Staff Member
           Blas Nunez-Neto, Senior Professional Staff Member
               Keith B. Ashdown, Minority Staff Director
         Christopher J. Barkley, Minority Deputy Staff Director
        Daniel P. Lips, Minority Director for Homeland Security
               Monica C. Sanders, Minority Senior Counsel
            Kathryn M. Edelman, Minority Senior Investigator
              William H. W. McKenna, Investigative Counsel
           Mark K. Harris, Minority U.S. Coast Guard Detailee
                     Laura W. Kilbride, Chief Clerk
                   Lauren M. Corcoran, Hearing Clerk




















                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Carper..........................................1, 265, 437
    Senator Coburn..........................................4, 276, 440
    Senator Johnson..............................................     5
    Senator Heitkamp.............................................    20
    Senator Ayotte...............................................    22
    Senator Baldwin..............................................    25
    Senator Chiesa...............................................   462
Prepared statements:
    Senator Carper.........................................45, 307, 483
    Senator Coburn..............................................48, 486
    Senator Chiesa...............................................   490
Closing statement:
    Senator Carper...............................................   485

                               WITNESSES
                        Thursday, March 21, 2013

Hon. Eugene L. Dodaro, Comptroller General of the United States, 
  U.S. Government Accountability Office; accompanied by Cathleen 
  A. Berrick, Managing Director, Homeland Security and Justice...     7
Hon. Jane Holl Lute, Deputy Secretary, U.S. Department of 
  Homeland Security..............................................    10
Hon. Elaine C. Duke, Former Under Secretary for Management, U.S. 
  Department of Homeland Security................................    34
Hon. Richard L. Skinner, Former Inspector General, U.S. 
  Department of Homeland Security................................    35
Shawn Reese, Analyst in Emergency Management and Homeland 
  Security Policy, Congressional Research Service, Library of 
  Congress.......................................................    38

                     Alphabetical List of Witnesses

Dodaro, Hon. Eugene L.:
    Testimony....................................................     7
    Prepared statement...........................................    50
Duke, Hon. Elaine C.:
    Testimony....................................................    34
    Prepared statement...........................................   113
Lute, Hon. Jane Holl:
    Testimony....................................................    10
    Prepared statement...........................................    99
Reese, Shawn:
    Testimony....................................................    38
    Prepared statement...........................................   127
Skinner, Hon. Richard L.:
    Testimony....................................................    35
    Prepared statement...........................................   119

                                APPENDIX

Responses for post-hearing questions for the Record from:
    Mr. Dodaro...................................................   136
    Ms. Lute.....................................................   142
    Ms. Duke.....................................................   260
    Mr. Skinner..................................................   262

                        Wednesday, July 17, 2013

Hon. Tara J. O'Toole, M.D., MPH, Under Secretary for Science and 
  Technology, U.S. Department of Homeland Security...............   268
David C. Maurer, Director, Homeland Security and Justice Issues, 
  U.S. Government Accountability Office..........................   273

                     Alphabetical List of Witnesses

Maurer, David C.:
    Testimony....................................................   273
    Prepared statement...........................................   326
O'Toole, Hon. Tara J.:
    Testimony....................................................   268
    Prepared statement...........................................   309

                                APPENDIX

Responses for post-hearing questions for the Record from:
    Ms. O'Toole..................................................   337

                     Wednesday, September 11, 2013

Hon. Tom Ridge, President and Chief Executive Officer, Ridge 
  Global, and Former Secretary, U.S. Department of Homeland 
  Security.......................................................   442
Hon. Jane Harman, A Former Representative in Congress from the 
  State of California............................................   445
Thad W. Allen, Admiral, U.S. Coast Guard (Retired), and Former 
  Commandant, U.S. Coast Guard...................................   448
Hon. Stewart A. Baker, Former Assistant Secretary for Policy, 
  U.S. Department of Homeland Security...........................   451

                     Alphabetical List of Witnesses

Allen, Thad W.:
    Testimony....................................................   448
    Prepared statement...........................................   505
Baker, Hon. Stewart A.:
    Testimony....................................................   451
    Prepared statement...........................................   515
Harman, Hon. Jane:
    Testimony....................................................   445
    Prepared statement...........................................   501
Ridge, Hon. Tom:
    Testimony....................................................   442
    Prepared statement...........................................   492

                                APPENDIX

Additional information from Mr. Allen............................   523
Responses for post-hearing questions for the Record from:
    Mr. Ridge....................................................   553


                       THE DEPARTMENT OF HOMELAND
         SECURITY AT TEN YEARS: A PROGRESS REPORT ON MANAGEMENT

                              ----------                              


                        THURSDAY, MARCH 21, 2013

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:05 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Thomas R. 
Carper, presiding.
    Present: Senators Carper, Baldwin, Heitkamp, Coburn, 
Johnson, and Ayotte.

              OPENING STATEMENT OF CHAIRMAN CARPER

    Chairman Carper. The hearing will come to order. To all of 
our guests and our witnesses, welcome. It is good to see you 
all.
    At the beginning of each Congress, as we all know, the 
Government Accountability Office (GAO) issues something called 
a list of High-Risk Government Operations that leave our 
government and our taxpayers exposed to waste, fraud, or abuse, 
or which pose management challenges that threaten crucial 
government services. I have always considered this list as a 
to-do list for Congress, particularly for this Committee, and 
GAO's updated high-risk list will heavily influence our 
Committee's governmental affairs agenda for this Congress.
    We also just marked, as you know, the 10th anniversary of 
the date on which the Department of Homeland Security (DHS) 
officially opened its doors. We plan to mark this milestone 
throughout the year by holding a series of hearings intended to 
take stock of how far the Department has come in maturing, how 
well it is doing in executing its core missions, and how we can 
help them do even better.
    Our goal here, and this is one suggested by Senator Coburn, 
is we do a series of hearings from top to bottom, A to Z, after 
which we would work on reauthorization for the department. We 
have never done that in 10 years. It is time.
    This hearing fits into both of those categories: One, our 
DHS oversight responsibilities; and second, the high-risk list.
    From a government affairs perspective, the Department of 
Homeland Security's management challenges appear, again, on 
GAO's high-risk list, although GAO readily acknowledges that 
progress is being made. Like other agencies across the Federal 
Government, the Department has grappled in recent years with a 
number of issues related to acquisition, to financial 
management, and to human capital, among others. Unlike some of 
those other agencies, though, DHS is moving the needle.
    As we all know, sound and effective management practices 
are, of course, critical to the Department's ability to carry 
out all of its Homeland Security responsibilities, whether we 
are talking about cybersecurity, border protection, disaster 
response, or any of its other many missions. As we look back on 
the past decade, I think it is important to remember the 
circumstances in which the Department was stood up. The 
Homeland Security Act passed by Congress to create the 
Department was signed into law November 25, 2002. The 
Department opened its doors on March 1, 2003. So in just over 4 
months, some 22 different agencies from across the government, 
with different cultures and different management practices and 
philosophies, were merged into a brand new department.
    In those early days at the Department, the focus of both 
the Administration and Congress was on moving quickly to 
prevent another 9/11-type attack on our homeland. Management 
took a back seat to those efforts. Former Department of 
Homeland Security Inspector General Richard Skinner, who is 
here today again as a witness, confirmed this fact when he 
testified before our Committee last year. The management 
foundation of the Department really got shortchanged in those 
early days. It has taken years to dig out of the hole that the 
initial lack of a strong management foundation left.
    That said, I want to give credit where credit is due. GAO's 
most recent report confirms that there has been considerable 
progress at the Department in integrating the components that 
were folded into it and in strengthening the Department-level 
management that overlays those components. The latest high-risk 
report includes a fair amount of good news because GAO 
acknowledges this progress and has narrowed the areas that 
remain on the high-risk list.
    The Department also deserves credit for its detailed, 
aggressive plan to address all of GAO's concerns in its high-
risk report, which I believe is unique among all the agencies 
on the high-risk list. I want to briefly review some of the 
major improvements to management at the Department of Homeland 
Security, and in doing so, I would agree with GAO that 
committed leadership at DHS has been critical to driving 
progress in these areas.
    The Department is on the doorstep of having a clean 
financial audit for the first time. Last year, the Department 
was able to get its financial systems in good enough order to 
attempt a full financial audit. That was a major milestone. 
That leaves the important goal of now passing a financial 
audit. And I know that the Secretary, the Deputy Secretary, and 
their team are prepared to make the final push to earn a 
completely clean audit. If they are successful, it will be a 
major achievement.
    Some of you heard me talk about a friend of mine. You would 
ask him how he is doing and he says, ``Compared to what? '' 
Well, compared to the Department of Defense (DOD)--we love 
them, but they were stood up, what, 65 years ago and they are 
not auditable. They have not passed a clean financial audit. 
And here we are, an agency 10 years, also very complex, 
knocking on the door. So it will set a good example if you can 
get this done for our brothers and sisters over at DOD. Now, I 
know they are committed, especially the Secretary is committed 
to getting this done for them, too.
    When the Department was stood up 10 years ago, there was no 
framework for accountability. There was also no guidance on 
which responsibilities lay with headquarters, and which 
responsibilities lay with the various components that make up 
the Department. Whenever that kind of Wild West environment 
exists in government, there is sure to be a lot of wasteful 
spending and inefficiency, and there was.
    Now, the Department has made clear who is in charge of 
what. This new, more disciplined environment will better enable 
the Department to control costs at the various components and 
better ensure that all of them operate as a more cohesive, 
effective, and accountable agency.
    The Department used to have an abysmal record when it came 
to awarding contracts without competition, but the Departmental 
leadership has been aggressive in turning that record around. 
Just last month, the report from the Office of Inspector 
General (OIG) showed that the spending on non-competitive 
contracts in fiscal year 2012 fell by almost 89 percent from 
fiscal year 2008 levels. That means about $3 billion in 
contract dollars that were previously spent without competition 
are now being spent in a manner that gets better value for 
taxpayers' dollars. And the Department, as the governmentwide 
procurement data shows, actually has a better record on 
competing contracts now than most other major Federal agencies.
    The Department has also revamped its process for 
identifying technological solutions at the border. The 
Department has moved away from the SBInet model, which was a 
mega-contract to a single company to build a virtual fence 
across the Southern border. It was an effort that went forward 
without the necessary work to identify what the Border Patrol 
really needed. As a result, it quickly became cost prohibitive 
and did not ever deliver the capabilities that were promised. 
The Department now is implementing a more rigorous process to 
identify needs, sector by sector across the border, and where 
possible, use commercially available technology off the shelf 
to drive down costs and enable our Border Patrol agents to 
become ever more effective.
    In the area of information technology, the Department is 
now at the forefront of the Federal Government's efforts to 
consolidate data centers and move services to the cloud. These 
efforts save money and enable the Department and its employees 
to achieve better results.
    Finally, there is no doubt that the response to Superstorm 
Sandy--we had a hearing here just yesterday on this--but that 
response to Superstorm Sandy shows how much the Federal 
Emergency Management Agency (FEMA) has improved since Hurricane 
Katrina struck the Gulf region in 2005. Simply put, this 
improvement would not have been possible without better 
management. For example, when Hurricane Katrina hit, FEMA did 
not have the necessary contracts in place to get needed 
assistance to victims in a timely manner. When Hurricane Sandy 
hit 7 years later, FEMA was prepared, and as a result, there is 
a dramatic reduction in no-bid contracts compared to the 
Hurricane Katrina response.
    These are all significant achievements and our witnesses 
will discuss for us today other examples. But I do not want to 
whitewash the serious remaining challenges with DHS management 
that remain on the high-risk list. The Department still has 
work to do--we know that--as both the Comptroller General and 
Deputy Secretary Lute will discuss. As I like to say, the road 
to improvement is always under construction, and my colleagues 
have heard me say a million times, everything I do, I know I 
could do better. The same is true for all of us. The same is 
true for this Department.
    For example, this Department still does not have a 
comprehensive financial management system that gives the 
Secretary real-time visibility over the spending of 22 
department components. Workforce morale at DHS remains the 
lowest of all major departments. I do not think that is going 
to be the case for much longer, though. Many major acquisitions 
have exceeded cost estimates or fall short of promised 
performance.
    This hearing also provides a timely opportunity to discuss 
the possible impact of the fiscal year 2013 full-year 
Continuing Resolution (CR) on the Department. I am concerned 
about the $20 million cut that DHS management and the 
Secretary's office would take under the bill and I want to hear 
from our witnesses today about the likely impact of those cuts. 
I am also concerned that the level of funding for consolidation 
of the Department at St. Elizabeths is insufficient to support 
the next phase, which could bring the leadership and operations 
center to one location and realize efficiency and 
effectiveness.
    Both the Administration and Congress need to work together 
to resolve these remaining high-risk areas, and we will. I 
welcome our witnesses today. We look forward to working with 
you and the dedicated people that you lead so that in 2 years, 
when GAO releases its high-risk list, and we are sitting here 
talking about GAO's high-risk list and the management 
challenges facing the Department of Homeland Security, we hope 
they are off that list, making our Nation more secure, and 
putting our finances in better shape, as well.
    And now, Dr. Coburn, the floor is yours, and then I am 
going to call on Senator Johnson. He has to leave here. He is 
not going to be here to ask any questions, but I want him to 
just make a brief statement. He is so good about attending our 
hearings, so I am going to ask you to say something before you 
leave. Thank you.

              OPENING STATEMENT OF SENATOR COBURN

    Senator Coburn. First of all, Mr. Chairman, I would like 
for my opening statement to be made part of the record, the 
written one.
    Chairman Carper. Without objection.
    Senator Coburn. The Congressional Research Service (CRS) 
recently put out a memo by Shawn Reese about the definition of 
what homeland security is, and any organization that does not 
know what it is really all about is going to flounder in 
certain areas. The concern I have had is that we have taken 
what was intended to be Homeland Security and made it an all-
hazards risk prevention agency, which is an impossibility. You 
cannot eliminate all risk, nor even if we could, we could not 
afford to. So I look forward to all of your comments today and 
a frank discussion.
    Senator Carper and I, over the next 4 years, will oversee 
every nook and corner of Homeland Security for the transparency 
that needs to be there and also to see the improvement, and I 
appreciate his cooperation and his leadership in doing so. I 
think it is healthy for you all. It is certainly healthy for 
the Congress. We make a lot of decisions a lot of times without 
the input that we need to have from the agencies, and getting 
to know what you do and how you do it and to understand that 
better can help us as we direct funds.
    So I am thankful for your work and I am thankful for your 
dedicated service and look forward to hearing your comments.
    Chairman Carper. Thank you, sir. Senator Johnson.

              OPENING STATEMENT OF SENATOR JOHNSON

    Senator Johnson. Mr. Chairman, I was not prepared, but I 
will take the opportunity, first of all, to certainly voice my 
gratitude for both the Chairman and Senator Coburn in terms of 
the way you are going to be conducting this Committee in the 
future.
    I think it is a really good sign that we are going to try 
and reauthorize this Department. The Department of Homeland 
Security should be playing a pretty vital role in the security 
of this Nation. We are facing incredibly serious threats.
    I have always been concerned since I came here a couple 
years ago, was it really the right move? I mean, you take, what 
is it, 22 different agencies and try and combine them into one 
with the added layer of bureaucracy. I am not sure that is 
really the most efficient business model.
    If I had time to ask questions, the one question I have 
always had is, it is about a $50 billion a year agency. The 
Defense Department is about a $600 billion a year agency. Wal-
Mart and ExxonMobil are about $450 billion a year companies. 
They get audited every year. A $50 billion company, it starts 
up, it gets audited every year. It does not seem to have much 
of a problem doing so. So I have always been scratching my head 
wondering why cannot the Department of Defense, why cannot the 
Department of Homeland Security pass an audit?
    So I guess I would look to private business practices and 
take a look at what is different in government that prevents 
that type of accountability, because the only way that the 
Department of Homeland Security is going to be able to fulfill 
its very important mission is through a very accountable, a 
very efficient, a very effective management style. And I do not 
know how you can obtain that accountability if you cannot pass 
a basic audit that private industry businesses that size do all 
the time.
    And, by the way, if the management of those companies do 
not pass an audit now under Sarbanes-Oxley, I mean, they go to 
jail or they certainly face criminal charges. So I think we 
need to bring that type of dedication, those types of private 
sector disciplines to government to make sure that we are 
auditable, that we are efficient, and that we are effective.
    Thank you, Mr. Chairman.
    Chairman Carper. That is a great point. When you jammed 
together 22 different agencies 10 years ago, different 
cultures, different financial systems, different accounting 
systems, it is not easy. And 65 years later, the Department of 
Defense is still struggling with it.
    I think there are really two keys, and one of those we will 
talk about here today, is leadership. It is leadership from the 
Department of Defense and Leon Panetta, now Chuck Hagel, 
saying, we have to get this done. We are going to make this a 
priority. And in this case, Secretary Napolitano and Deputy 
Secretary Lute.
    And the other thing is our responsibility. We are working 
with GAO, saying, this is a priority. And we are going to keep 
holding these hearings. We are going to do our job on oversight 
until we finally achieve this.
    And to their credit in this Department, they are coming 
along and it is good. It is like turning an aircraft carrier, 
but they are coming. That aircraft carrier is a big one over at 
DOD. They are turning that one, too, and in a couple of years, 
hopefully we will be singing their praises, as well.
    Senator Johnson. Again, my point was not to be critical----
    Chairman Carper. I understand.
    Senator Johnson [continuing]. But, again, just really being 
encouraging in the direction we have to go. Again, I am highly 
encouraged with what this Committee has set out to do here and 
I think this is the right path that we are on. So, again, I 
just want to be encouraging.
    Chairman Carper. Senator Johnson here comes out of the 
private sector, as Tom does, who has done any number of things 
in his life, but he understands full well the value of being 
able to measure things. What we cannot measure, we cannot 
manage. And thank you for the role that you play on this 
Committee. You are just a very good addition to this Committee.
    All right. Having said that, let me just briefly introduce 
our witnesses. The first panel includes not two but three very 
impressive public servants: Jane Holl Lute, who is Deputy 
Secretary of the Department of Homeland Security, and Gene 
Dodaro, Comptroller General. Accompanying Mr. Dodaro is 
Cathleen Berrick of GAO. She is not here to testify, but she is 
here to field the really tough questions so that when he is 
stymied and does not know what to say--which has never happened 
before in my time here--she can jump in and help out. We 
appreciate both of you taking the time to be with us to talk 
about GAO's high-risk update and the progress made by the 
Department, and we look forward to continuing to work with both 
of you and your folks.
    I think, Deputy Secretary Lute, ordinarily, as a matter of 
protocol, the Committee would ask you to be our lead-off 
hitter, but if you are willing to do this, I think it might 
make sense for Mr. Dodaro to set the stage for us by providing 
us with a little bit of a broad overview and some context of 
the high-risk series and the summary of how the High-Risk List 
relates to the specific subject of our hearing, the management 
of the Department of Homeland Security.
    If you are comfortable with that, we will just ask him to 
lead off and you can try to move him around the bases, all 
right. Mr. Dodaro, you are recognized. Thank you. Thank you 
all.

  TESTIMONY OF HON. EUGENE L. DODARO,\1\ COMPTROLLER GENERAL, 
U.S. GOVERNMENT ACCOUNTABILITY OFFICE; ACCOMPANIED BY CATHLEEN 
 A. BERRICK, MANAGING DIRECTOR, HOMELAND SECURITY AND JUSTICE, 
             U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Dodaro. Thank you very much, Mr. Chairman, Ranking 
Member Dr. Coburn, Senator Johnson. It is a pleasure to be here 
today to talk about GAO's high-risk update.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Dodaro appears in the Appendix on 
page 50.
---------------------------------------------------------------------------
    As you point out, we have been doing this the beginning of 
each new Congress since 1990. This past year, we provided the 
update just recently. I am very pleased that this Committee has 
already held hearings on two areas under the high-risk list, on 
the Postal Service financial condition and on the cybersecurity 
area, and is considering legislation which is necessary to get 
those items off the list. In many cases, it is the agency's 
actions that are required, but in a number of areas that are 
high risk, it is really also up to the Congress to pass 
legislation.
    Now, we have reported this year notable progress in most of 
the areas--there are 30 of them--on the high-risk list, and 
this is a very good 2-year interim report by historical 
standards. So there is a lot of effort going into these areas.
    And I would credit this because the Congress has passed 
several pieces of legislation that are important to getting 
areas off that list. The agencies have worked hard. And the 
Office of Management and Budget (OMB) has worked with GAO and 
the agencies to convene meetings to focus on the high-risk 
areas.
    In two of the areas, we noted enough progress that we 
removed them from the list. One is interagency contracting. We 
put it on in 2005, and this is a good practice for agencies if 
implemented properly. But we found they were doing it, not 
within scope. The roles and responsibilities were not clear. 
Probably the most notable example is when interrogators were 
hired for Iraq off of a General Services Administration (GSA) 
information technology (IT) contract. And so there clearly 
needed to be some changes.
    Now, at congressional direction, the Federal Acquisition 
Regulation (FAR) was changed and improved to require a best 
procurement approach, which required documentation of the 
decision, and written agreements on spelling out roles and 
responsibilities. Also at Congress' urging and direction, there 
was a requirement added for a business case to be developed and 
approved at senior levels within the Department before new 
interagency contracts could be put in place. And then Congress 
also asked for a series of audits by the Department of Defense 
IG, and that Inspector General found less problems over time.
    So we are satisfied that the mechanisms are in place. There 
is demonstrated progress. And we have removed them from the 
list.
    The other area is the Internal Revenue Service (IRS) 
Business Systems Modernization (BSM). We put that on the list 
in 1995. IRS was mired in technical and management weaknesses 
with that system. Over the years, they have made steady 
improvement. Congress has required an annual expenditure plan 
from IRS, which GAO was required to review.
    And IRS finally has made measurable progress. They have 
installed the first module of their new system, which allows 
for daily updating of taxpayer accounts. This is a huge change. 
It enables refunds to get out faster. It enables them to send 
notices faster and to field questions and helps in enforcement 
areas.
    They also have instituted about 80 percent of all the best 
practices for IT investment management and 100 percent of those 
best practices for project management, which is a notable 
achievement. They have also been rated, their Software 
Acquisition Department, at a Computer Maturity Model 3 Level by 
the Software Engineering Institute Standards, which by industry 
standards is a very good mark.
    Now, for both of these areas, a point that you made, Mr. 
Chairman, in your opening statements, Senator Coburn, Senator 
Johnson, all of you touched upon the importance of 
congressional oversight. These two areas have had sustained 
congressional oversight over that period of time and good 
leadership by the agencies, which are the two key ingredients. 
Virtually every area we have taken off the list, and we have 
taken a third of them off over the years, have been 
attributable to those two key ingredients being in place.
    Now, while they are off the list, they are not out of 
sight. We continue to monitor what is going on to make sure 
that the progress is sustained.
    We also evolved one of the areas this year, which is 
modernizing the financial regulatory system for the United 
States to include the financial management problems at the 
Federal Housing Administration. They are below the capital 
requirement needed. They took on a lot more risky loans during 
the recessionary period where the private sector backed out of 
the mortgage market. So we wanted to highlight those changes.
    But also, as Congress resolves the conservatorships of 
Fannie Mae and Freddie Mac, you need to take into account the 
implications for the Federal Housing Administration and it 
really needs to be an integrated decision as those efforts are 
resolved as to what the proper Federal role should be in the 
Federal housing mortgage market.
    Now, we added two new areas to the list this year, as well. 
The first was limiting the Federal Government's fiscal exposure 
by better managing climate change risk. I am very concerned 
about this area and the financial risk. The Federal Government 
owns hundreds of thousands of properties, many Defense 
installations along the coastal areas. The Federal Government 
owns 29 percent of the land in the United States in terms of 
managing it and dealing with erosion and other issues.
    The Federal Government runs two of the largest insurance 
programs. One is the Flood Insurance Program, and the Flood 
Insurance Program already owes the Treasury Department over $20 
billion, and has not made a principal payment back on that debt 
since 2010. The levels have just been raised to allow them to 
borrow additional money to help out in Hurricane Sandy. 
Congress has passed some legislation recently, but it needs to 
be implemented effectively.
    And also the disaster aid that is provided. The criteria 
for providing disaster aid really has not been changed since it 
was established in 1980. Right now, it is $1.35 per person per 
State. It was not adjusted for inflation for a 13-year period 
of time. We estimated if it had been adjusted for inflation, 
the Federal Government would not have been involved in 25 
percent of the disaster declarations put in place over time.
    We also do not budget for major disasters, which is a real 
problem, particularly given our precarious financial situation 
right now. The only thing that is budgeted for are 5-year 
historical averages of disasters under $500 million. So 
virtually, of the tens of billions of dollars that have been 
appropriated over the years, in the last decade over about $140 
billion, well over 80 percent of that, almost 89 percent of it, 
has come through supplemental appropriations which were not 
budgeted for.
    So we have many ideas for improvements in these areas. It 
is very important.
    It is also related to the last area that we added to the 
high-risk list, which is a gap in environmental satellites. The 
polar orbiting satellites, in particular, provide global 
coverage of the surface of the earth twice a day, morning, 
afternoon and evening orbits, and this data feeds the weather 
prediction models for 3-, 4-, and 7-day forecasts. Because of 
procurement and management problems over the years, there is a 
gap that could be anywhere from 17 to 53 months where we may 
not have this information. It is critical. If we had not had 
the satellite data in Superstorm Sandy, one credible 
organization predicted that storm to go out to sea and not hit 
New Jersey. So there would not have been adequate warnings for 
the residents.
    So we have encouraged National Oceanic and Atmospheric 
Administration (NOAA) and DOD to put contingency plans in 
place, but they need to be properly executed and this is an 
area for congressional oversight, to make sure that these gaps 
do not create real problems that could lead to loss of life, 
property, and other economic damages over time.
    Now, we also narrowed the areas for three of the high-risk 
areas, including the Department of Homeland Security. We found 
that, over the years, the department has made good progress in 
its initial implementation. For example, they have created the 
National Response Framework for addressing disaster assistance. 
They have hired, produced, and have in place workforces. They 
have stood up new agencies, like the National Cybersecurity 
Communications Integration Center. So we felt comfortable 
narrowing them to the management challenges that they have.
    And for most of the management challenges--you have 
highlighted some of the major progress that has been made, so 
there has been some progress, but there really needs to be 
additional progress. DHS needs to get a clean audit opinion for 
2 years to get off the high-risk list. They need to have 
financial systems in place. Major acquisitions are still 
overrunning costs and are not being delivered on time with the 
expected type of product that is needed to execute the mission. 
And there are many other areas.
    Now, we identified 31 specific actions that needed to be 
addressed to come off the list. The Department has fully 
addressed six; two, mostly addressed; 16, partially; and seven, 
they have initiated action. So that provides a scorecard. They 
have an excellent roadmap now. They just need to execute it.
    And we are committed--I think we have had a very good, 
constructive dialogue and partnership with DHS to provide 
clarity. They have stepped up, have plans in place, know how to 
do it, and if they execute those plans, I think they will 
continue to make excellent progress.
    So I thank you for the opportunity to be here today. I will 
be happy to answer questions once the Deputy Secretary provides 
her statement.
    Chairman Carper. Thanks very much for that overview and for 
some of the specifics on the Department and for being, really, 
a good partner with us as we try to help DHS do the work that 
they already do even better.
    All right. Secretary Lute, you are on. Welcome. Glad to see 
you.

  TESTIMONY OF HON. JANE HOLL LUTE,\1\ DEPUTY SECRETARY, U.S. 
                DEPARTMENT OF HOMELAND SECURITY

    Ms. Lute. Thank you very much, Chairman Carper, Ranking 
Member Coburn--good to see you again--distinguished Members of 
the Committee. I am grateful for the opportunity to appear 
before you today to discuss the Department of Homeland Security 
and our progress over the past 10 years.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Lute appears in the Appendix on 
page 99.
---------------------------------------------------------------------------
    Our 10-year anniversary provides an important opportunity 
to consider how DHS has evolved to fulfill its original 
purposes and reflect on further work that has to be done to 
realize full potential.
    Now, I do not know, Dr. Coburn, Shawn Reese, but if he were 
sitting here, I would tell him he is behind in his reading. I 
am not a politician. I am not a diplomat. I spent a long time 
as a soldier and I am an operator. I run things. And I describe 
the mission of Homeland Security in simple terms. Our job is--
as part of the Federal Government--to help create a safe, 
secure, resilient place where the American way of life can 
thrive.
    And in order to meet that job, in order to fulfill that 
mission, we focus on five main things: Preventing terrorism and 
enhancing security; securing and managing our borders; 
administering and enforcing our immigration laws; ensuring the 
Nation's cybersecurity; and building national resilience.
    We do not do any of this alone. While DHS plays an 
important role, we view homeland security as a whole community 
effort and, therefore, rely heavily on many partners throughout 
the homeland security enterprise, at the State, local, Tribal, 
Territorial level, across the rest of the Federal Government, 
in the private sector, and among the American people.
    In turn, our partners, and including Congress and this 
Committee, which we have appreciated over the course of our 
lifetime. It is the reason the Department is 10 years old and 
not 1 year old for the tenth time. There is a big difference. 
We have made progress over the course of these past 10 years 
and we intend to continue making progress.
    But this Committee, in fact, the American people, have a 
right to expect that we can do three things. They have a right 
to expect that we can execute the missions that I just outlined 
for you. They have a right to expect that we can run ourselves. 
And they have a right to expect that we can account for the 
resources that have been entrusted to us, and we expect no less 
of ourselves.
    DHS is, in its nature, composition, and purpose, an 
operational department. Yes, we have policymaking 
responsibilities. Yes, we have regulatory responsibilities. But 
we have operational responsibilities, as well. Every single 
day, tens of thousands of Homeland Security professionals 
provide essential services to the American public, from 
securing our borders, to processing immigration benefits, 
responding to disasters, patrolling the Nation's waters, 
safeguarding our air travel, and in countless other ways.
    To carry out this mission, we must be able to recruit, 
hire, and retain qualified staff; budget, account, and oversee 
billions in financial resources; procure complex systems and 
services; collect, sort, and share data; maintain 24-hour 
communications and situational awareness; ensure appropriate 
security and safety for these operations; and effectively 
manage the hundreds of facilities and locations where our 
personnel are deployed.
    We do these things in Homeland Security every day and we do 
it for the American public. To do these things, we know we have 
to be well staffed, well trained, and well led.
    And to meet these requirements, we have worked constantly 
to improve our hiring processes, our acquisition and 
procurement processes, data management and financial systems. 
As a result, for example, of the effort we have made to improve 
our management operations across the board, for the first time 
since the creation of the Department in 2003, DHS has earned a 
qualified audit opinion on all five of its balance sheets. And 
I project this year, Mr. Chairman, that we will have a clean 
audit opinion. Perhaps we will be able to achieve a clean audit 
opinion for 2 years, for 2012 and for 2013. That is our aim.
    I do not need to tell this Committee what an----
    Chairman Carper. I want to repeat myself. From your lips to 
God's ears. That would be great.
    Ms. Lute. Thank you. I do not need to tell you what an 
extraordinary achievement this has been, but I would like to 
acknowledge my colleagues from across the Department who have 
worked tirelessly to make this a reality under the leadership 
of Rafael Borras, our Under Secretary for Management, and Peggy 
Sherry, our Chief Financial Officer (CFO).
    The lights are on in many buildings around Washington, DC, 
and across the country very late into the night so that this 
can be achieved, and we are proud of our people who have done 
this. We will continue our fierce commitment to sound 
management practices and expect that DHS will receive that 
unqualified audit opinion.
    We know that Congress and GAO understand the importance of 
effective management. When GAO placed the implementation and 
transformation of DHS on its high-risk list in 2003, it cited 
three principal reasons for doing so. First, the sheer size of 
the task with respect to numbers and the complexity of 
transforming 22 agencies into one coherent Department. Second, 
the fact that many of these agencies were coming to DHS with 
preexisting conditions, preexisting GAO findings and other 
challenges to overcome. And third, because of the potential for 
catastrophic consequences should this effort to strengthen the 
security and safety of this country fail.
    The undertaking has been massive and there have been many 
challenges, but there have also been many advantages, beginning 
with the men and women of the Department and their unwavering 
professionalism and commitment to the mission of homeland 
security. Similarly, in the early years, the leadership of DHS 
worked to build a sensible foundation from which to grow, and 
Congress has been indispensable to our progress, as has our 
important partnership with GAO, with whom we tend on nearly all 
matters to find overwhelming agreement.
    With this help, we have made considerable progress in all 
key areas of management and take some measurement of 
satisfaction in the significant narrowing of the high-risk area 
in GAO's recent report. The close working relationship we have 
built with GAO is founded on principles of engagement, 
responsiveness, and mutual respect, and we are grateful for the 
level of coordination and professionalism that GAO displays to 
us in our work together. We know that their partnership has 
been important to the achievements we have made.
    Today, we are more integrated and unified as a Department 
and we are able to leverage both expertise and experience to 
achieve our mission. There are things that are done today that 
were not possible before the Department was created. Two 
examples will illustrate this point and are indicative of the 
kind of Department we have become with your help.
    First, the Homeland Security Surge Capacity Force was 
created legislatively in 2006, requiring the creation of a 
volunteer force made up of DHS employees who could deploy in 
the event of a catastrophic disaster to support survivors. On 
November 1, 2012, in the immediate aftermath of Hurricane 
Sandy, we activated the Surge Capacity Force for the first 
time. Within just a few days, nearly 1,200 employees from 
Homeland Security from across the Department--the 
Transportation Security Administration (TSA), Citizenship and 
Immigration Services (CIS), Customs and Border Protection 
(CBP), Coast Guard, U.S. Immigration and Customs Enforcement 
(ICE), Secret Service, and DHS headquarters--deployed to New 
York and New Jersey in support of FEMA's response and recovery 
effort.
    These individuals communicated directly with disaster 
survivors regarding power restoration, emergency services, food 
and shelter options, and how to register for disaster 
assistance. They slept on ships docked offshore so that they 
would be close to the people they serve and not take up limited 
hotel space. They empowered those who had been disempowered by 
the storm. They were at their best for people who had been 
through the worst.
    The second example of the things that we can do today in 
the Department that we could not do 10 years ago is 
cybersecurity. People did not even talk about it in the terms 
they talk about it now. But by bringing the components and 
offices of Homeland Security together, we have been able to 
formulate a coherent strategy to defend the Federal networks in 
dot-gov, engage a broad community of expertise, from law 
enforcement to the private sector, the intelligence community, 
as well, to strengthen the protection and resilience of the 
Nation's critical infrastructure, both cyber and physical.
    The point of these two anecdotes is not just that we have 
helped communities bounce back from disaster or that we have 
architected from the ground up a responsible approach to 
cybersecurity. The point is that the very best of what this 
Department is about comes from the work that we do together and 
from the individuals who have transformed the Department from 
22 separate agencies into one cohesive and mission-driven unit 
whose purpose is to help create a safe, secure, resilient place 
where our way of life can thrive.
    From a management perspective, as well, we continue to 
streamline and strengthen ourselves. The Secretary's efficiency 
reviews, begun 4 years ago, have led to DHS employees 
identifying 45 specific projects and initiatives that have 
yielded more than $4 billion in savings and cost avoidances, 
savings that have been reinvested into our critical missions.
    Elsewhere, as you have noted, Mr. Chairman, we have 
consolidated data centers, overhauled our procurement and 
acquisition systems, written the Federal Government's first 
ever guidelines on financial assistance, created clear and 
measurable performance objectives, have built a statistical 
compendium of all of our operations in Homeland Security to 
give us visibility into the kinds of indicators and metrics 
that indicate successful performance, and we have become 
auditable.
    We know our work is not done. We know that nothing stands 
still. Threats continue to evolve. Technology will continue to 
advance. And operational demands will continue to grow. We are 
deeply connected to this dynamic world and we are committed to 
doing our very best to ensure that this country remains a safe, 
secure, resilient place where the American way of life can 
thrive. We count on our continued partnership with Congress to 
help us hit the mark the American people expect and deserve.
    And I thank you again, Mr. Chairman, for the opportunity to 
appear before you today and I look forward to your questions.
    Chairman Carper. We have all heard the old saying, that is 
my story and I am sticking with it. That is a good story to 
tell and it is a great story to build on.
    We have been joined by Senator Ayotte and Senator Heitkamp 
and Senator Baldwin, all new to this Committee, Senator Ayotte 
not new to the Senate. But we are delighted that you are here 
today to hear this testimony and to join us in asking 
questions.
    I have prevailed on Senator Johnson just to wait for a 
couple minutes. He needs to go someplace else. But he asked a 
very good question sort of earlier. I do not know if you want 
to ask the same question or something else before you head out, 
that would be great.
    Senator Johnson. Maybe two quick questions. This one is 
pretty broad.
    Deputy Secretary Lute, how long have you been with the 
agency?
    Ms. Lute. Four years.
    Senator Johnson. Four years. Having been there now and 
understanding the complexity of having 22 different agencies--
again, this is all hindsight, Monday morning quarterbacking--
are there any of those agencies that you think might have been 
restructured better someplace else and maybe should not be part 
of the Department? Is there any restructuring that you would, 
again, just in hindsight, or do you think things are pretty 
well comprised here?
    Ms. Lute. Thank you, Senator. I have been running 
organizations for a long time. I do not have too many 
organizational theologies. You can always do things differently 
and make improvements. But I think if you ask any of the 22 
agencies, the legacies and the offices that have come together, 
can they find themselves in that mission statement of creating 
a safe, secure, resilient place, yes, they can. Can they find 
themselves in any of the five missions--preventing terrorism, 
borders, immigration, cybersecurity, and building national 
resilience? Yes, they can. So, largely, for the most part, they 
are in the right place.
    Senator Johnson. OK. Then just getting back to the audit, 
can you just describe the major reason why that has not been 
achievable in the last 10 years? I mean, is it the 
incompatibility of accounting systems between 22 different 
agencies? I mean, what has prevented just a complete audit?
    Ms. Lute. Well, we have made progress over every year. I 
mean, I would tell you at the moment, we are focused on 
property. I think we will be able to resolve it for 2012 and 
certainly going forward.
    Senator Johnson. So it is really just the complexity of 
individual issues as opposed--and being able to account for 
that 29 percent of all land that the Federal Government 
operates and that is now under your jurisdiction?
    Ms. Lute. It is a tremendous challenge. It is not that we 
do not know what to do. It is not that we do not have the tools 
to do it. It is a tremendous challenge. And it is not that we 
lack the commitment or the help and support of our partners. We 
have all of those things. We will get this done.
    Senator Johnson. So it is just the number of things you 
have to account for and trying to get it all----
    Ms. Lute. It is a big job.
    Senator Johnson. OK. Thank you very much. Thank you, Mr. 
Chairman.
    Chairman Carper. Senator Johnson, thanks for sticking with 
us to ask those questions. Good questions.
    Let me just start off with a question, if I could, for the 
Deputy Secretary. Let me focus for a couple of minutes on the 
next steps the Department is going to be taking to improve the 
management of the Department. GAO recommends that the 
Department track and independently validate the effectiveness 
and sustainability of the management improvements that have 
already been made. Let me just ask, how will you do that, and 
also, what type of reports will be available to this Committee 
so that we can monitor the progress that is occurring and meet 
our responsibilities for providing good oversight?
    Ms. Lute. Thank you, Chairman. So, we have done several 
things. One is to launch the Management Health Initiative, 
which is really designed to create a dashboard for that at-a-
glance look at critical systems and performances.
    In addition, as I mentioned, we have for the first time 
begun to compile a statistical compendium to give us visibility 
into all of the resources that we have in the Department and 
how they are applied against those mission sets. So building 
this kind of business intelligence and understanding of our 
operation is fundamental to be able to report in a cogent and 
authoritative way on the accomplishments and the achievements 
that we have made. So we look forward to working with this 
Committee to get that right and to establish regularized 
reporting to give you the visibility we have.
    Chairman Carper. All right. Good.
    We all know that management matters and good management is 
the platform on which agencies, frankly, businesses, execute 
their missions. I hope that is one of the missions that comes 
out of this hearing, that good management matters, and I am 
convinced that we have good management.
    I also am encouraged we have some continuity in that 
management, and with, I think, Secretary Napolitano--nobody is 
perfect. She is not. God knows, I am not. But I think she is a 
very good administrator and very committed. I think you are, 
too. I think the fact that she is going to be staying around 
for, hopefully, four more years, my hope is you are going to be 
staying around for at least that long, and that leaves in place 
a very good management team.
    I think over your right shoulder is Rafael Borras. Is that 
the man? Rafael is the Under Secretary of Management, and a lot 
of what we are talking about here is actually an effort that he 
has led. You mentioned that and we want to acknowledge him and 
the team that he works with, so thanks so much.
    But, Deputy Secretary Lute, would you provide us with just 
a couple of maybe concrete examples of in the past where weak 
management has really undermined the performance of the 
Department, and conversely, where good management has enabled 
the Department to better carry out its mission. So a couple of 
good examples of where bad management undermined the Department 
and its mission and maybe one or two where it is just the 
opposite has been true.
    Ms. Lute. Thank you, Mr. Chairman. First, if you will allow 
me, you will not hear me say the Secretary is not perfect. 
[Laughter.]
    She is a terrific boss and a terrific leader for the----
    Chairman Carper. Well, I will say the Chairman here is not 
perfect, though.
    Ms. Lute. But I will----
    Chairman Carper. And I have known the Secretary for a long 
time.
    Ms. Lute. I know.
    Chairman Carper. As good as she is, she is not perfect, 
either. You can always do better. Tell her I said that.
    Ms. Lute. And I will accept her imperfections.
    Leadership and management are things that I have paid a lot 
of attention to over the course of nearly 35 years of working 
in the public sector, in the military, in the international 
civil service, and in the not-for-profit sector, as well. What 
management needs to do very clearly is provide people purpose 
and pride. You do not run organizations through derogation and 
putting people down. You have to say very clearly, what is our 
job here.
    And what we have tried to do in the Department of Homeland 
Security--four years ago, I stood in a door jamb of one of my 
colleagues and said, we need to narrate the purpose of this 
Department in very clear terms. We need to conduct a bottom-up 
review of what we are doing and balance that examination 
against what we said is important to do. We need to get off the 
GAO high-risk list and we need to become auditable. So those 
are the kinds of examples, I think, and we have made progress 
in every single one of those, in every single one of those 
areas, if I can be allowed.
    When you are creating a new department and a new 
enterprise--I have done this several times now in the public 
sector--this narration of purpose is really essential so people 
understand how what they have been doing now contributes to the 
purpose that they are being asked to perform. It is easy 
sometimes, particularly at the operational level, to be 
absorbed in the day to day. It takes a great deal of effort to 
sit back, develop perspective and a strategic understanding of 
how those discrete individual operational efforts add up to an 
overarching purpose.
    So narrating that purpose of Homeland Security, clarifying 
the five mission areas, as we have done, orienting people in 
the direction of, are you performing these missions? Are you 
contributing to running ourselves? Are you contributing to our 
public accountability? If whatever you are doing is not in one 
of those three buckets, stop doing it.
    So it is a particular leadership challenge when you are 
doing startups, one that I think that we have met, together 
with those who have gone before us, in establishing this 
Department.
    Chairman Carper. One more for you, if I could. Secretary 
Lute, we are in a tough fiscal environment. We are working on 
it. We passed a Continuing Resolution to fund the government 
for the rest of the fiscal year, not perfect, but it is better 
than stop and go, the fiscal cliff, lurching from emergency to 
emergency. But it is still a tough environment that we are 
going to be operating in for the foreseeable future.
    Let me just ask, do you think you will be able to sustain 
and improve upon the vital management progress that has been 
made in the past 5 years? The Senate version of the Fiscal Year 
Continuing Resolution that we passed yesterday in the Senate 
cuts about $17 million from the Department's management 
functions. Tell us, what could be the practical impact of a 
reduction of that nature? For example, does this put in 
jeopardy the Department's ability to do rigorous reviews of the 
component's acquisitions that GAO recommends?
    Ms. Lute. Thank you, Chairman. You do not run an 
operational department without the ability to hire, retain, and 
manage people, without the ability to acquire and procure goods 
and services, without the ability to run your financial systems 
from an accountability point of view. All of those will be 
affected by cuts. Things may take longer. There may be aspects 
of things that we do not get to as thoroughly as we would like 
under other circumstances. Our job is to limit any negative 
effects and prioritize. That is part of the leadership job.
    Chairman Carper. All right. Dr. Coburn, please proceed.
    Senator Coburn. Secretary Lute, I know I appreciate your 
work. I hope you will have somebody stay around here to hear 
Mr. Reese's paper, and I think it is unfortunate you have not 
read it. It was published January 8. The fact is, there are 
some significant criticisms that you need to be aware of rather 
than to dismiss them, especially since it sounds like you or 
your staff have not read his scholarship. So I hope you will 
leave somebody here after you testify to hear his testimony 
about what his research shows and his fair criticisms and then 
give us an answer to it.
    Ms. Lute. I did read his paper.
    Senator Coburn. You did? And so you think it is totally off 
base?
    Ms. Lute. I disagree with what he finds. I do think we know 
what our purpose is. I do think we know how to orient our 
missions to that purpose.
    Senator Coburn. OK. That is fair.
    A number of recommendations were made by the 9/11 
Commission. That is a fairly remote Commission now. One is the 
status of TSA's effort on explosives. I would just like an 
update of where we are and where you are going to be on that 
requirement.
    The other requirement that they had is on the U.S. Visitor 
and Immigrant Status Indicator Technology (US-VISIT) program. 
GAO found that there were 825,000 pieces of data that are not 
matched to the correct fingerprints. They might be fraudulent, 
and right now, there is no way to determine whether or not they 
are fraudulent. So if you could--and you do not have to answer 
these now. I do not expect you to know that detail and 
understand that.
    But, to me, those represent two of the areas where we have 
had substantive recommendations by the 9/11 Commission that we 
have not achieved the goal, and both of them are significantly 
important to the missions of your organization. So I would hope 
that you would respond to me on that.
    Since 2004, your agency has disbursed $35 billion in 
grants. What do you know about the effectiveness and the 
accomplishments of those grants?
    Ms. Lute. Thank you, Dr. Coburn. We do not have the kind of 
granular visibility into the accomplishments that we want to 
have. We do know that we have created a great deal of 
capability across the country in those grants, and we do know 
that there is a need for a comprehensive approach to a 
financial assistance that the Federal Government, in our case 
DHS, provides.
    We have written that approach to financial assistance. We 
have taken a look at everything, from understanding 
requirements in the grant-making area, how to build and work 
with the communities at the State level and local level in 
constructing well-written grant proposals. We have looked at 
the accountability and our ratio of personnel to oversight. We 
have a lot to do, but we have begun to make progress through 
that financial assistance work under the direction of our CFO, 
Peggy Sherry.
    Senator Coburn. Do you think FEMA, at the very least, 
should track what grants are spent on?
    Ms. Lute. Yes, sir, I do.
    Senator Coburn. OK. And are you?
    Ms. Lute. Not as well as we would like, but we are 
improving.
    Senator Coburn. OK. GAO found that fewer than 10 percent of 
DHS's acquisition programs fully comply with the new 
acquisition policy. And I know this is a work in process, so I 
am not actually being critical when I make that note. I know 
that your intent and goal is to accomplish that. They also 
found that only one-third of the programs that should have had 
approved acquisition baselines actually do. The baselines 
actually are probably the most important tool for managing 
individual programs and conducting congressional oversight.
    Having said that, what steps are you taking to hold 
components accountable for complying with the DHS acquisition 
policy? I know you have made the policy. Now, where is the 
management accountability to make sure the agencies are holding 
within that acquisition policy?
    Ms. Lute. Well, as you noted, we have drawn all of our 
programs under Management Directive 102. Each of the programs 
submit to a regular review by the Acquisition Review Board 
(ARB). Decisions are taken. We will not progress if we are not 
satisfied the questions and accountability are in line. We have 
instituted a lifecycle management cost model, as well, which we 
are imposing. And we have shut programs down that were not 
performing.
    So we have begun to change the culture. I think we have 
gone a very long way. It is unthinkable that we would undertake 
a major acquisition without a careful review under our 
directives procedures of what our requirements are and exposing 
those requirements to regular oversight through the ARB 
process.
    Senator Coburn. How about the acquisitions that were 
started before you started?
    Ms. Lute. Some of them----
    Senator Coburn. What are you doing with those?
    Ms. Lute. Some of them have proven problematic, and all of 
them, we are incorporating into the new process.
    Senator Coburn. Would you submit to the Committee the ones 
that you have terminated and the ones that are problems?
    Ms. Lute. Yes.
    Senator Coburn. Thank you. My first training was as an 
accountant and as an auditor, and I can tell you, the 
experience when I talk to Marine captains and colonels today, 
they are so thankful that the Marine Corps is just about to 
pass an audit, because what it has actually done is made their 
job easier and their decisionmaking easier because they now 
have visibility on the key parameters which would judge the 
outcome of a decision or direct them to make a new decision.
    Are your people ready to use accounting information to make 
management decisions and all the way through all 22 agencies?
    Ms. Lute. That is a great question, Dr. Coburn. The answer 
is, absolutely. And if I can just call out the men and women of 
the Coast Guard as the first----
    Senator Coburn. Yes, I know.
    Ms. Lute [continuing]. As the first uniformed service----
    Senator Coburn. You bet, the first one to do it.
    Ms. Lute [continuing]. The first to achieve auditable 
status. This is something that we have and the Commandant has 
and the leadership across the Coast Guard has pushed down, you 
are exactly right, down to the lowest level possible. The 
American people have a right to expect that we can account for 
the resources that have been given to us, and when you can do 
it, it is very powerful from a leadership point of view.
    Senator Coburn. OK. Let me ask you one other question. You 
have accomplished and actually performed on about 60 percent of 
the GAO recommendations. I do not expect you to say they are 
right in every indication. I understand that sometimes they 
miss it. But there are 40 percent of their recommendations that 
you really have not acted on. What is the plan? Are some of 
those recommendations that you actually disagree with, or are 
they just ones that are harder to implement, and is there a 
push from senior management at DHS to actually accomplish and 
meet those recommended accomplishments?
    Ms. Lute. There absolutely is a push, I think as Mr. Dodaro 
mentioned. This is not the first time he and I and Cathy are 
sitting together at a table. We have known each other for 4 
years because we made a commitment early on to get this right.
    There are a few things we do not agree with, but we have an 
overwhelming bandwidth of agreement between us, what needs to 
be done. And also----
    Senator Coburn. Let me just interrupt. Will you send me and 
the Committee--what you do not agree with?
    Ms. Lute. Whatever material we have that we can share 
with----
    Senator Coburn. Yes, where you say, here are their 
recommendations. Here is where we think they are wrong. Send 
that to us, because we actually read GAO reports in my office, 
and----
    Ms. Lute. Mine, too.
    Senator Coburn [continuing]. And we would love to have the 
other side of the issue----
    Ms. Lute. OK.
    Senator Coburn [continuing]. Of where you think they 
disagree, since the final arbiter is the U.S. Congress in terms 
of making the judgment on some of these things and whether some 
mandate is going to be put in an appropriation bill to make you 
do something that you actually disagree with and have a good 
reason for saying, ``We think GAO got it wrong.'' So if you 
would send those to us, I would appreciate it. And I am sorry 
for interrupting you.
    Ms. Lute. No, sir. And as I was just going to conclude, he 
also mentioned that he has seen from us detailed plans for 
working through the findings that they have given us. And it is 
the only way I know as an operator. What do we need to do to 
know that we are done, and we will do it.
    Senator Coburn. Yes. OK. Thank you.
    I am over my time. Are we having a second round?
    Chairman Carper. I hope so. It may be abbreviated, but we 
will have one.
    What you just said about agreeing with most of the 
recommendations but not all, and Mike Enzi, a Member of this 
Committee, has shared with us any number of times something he 
calls the 80/20 rule, which describes how he and Ted Kennedy 
were able to get so much done when they were leading the 
Committee on Health, Education, Labor, and Pensions. The 80/20 
rule means this. He says, ``Ted and I agreed on 80 percent of 
the stuff. We disagreed on 20 percent of the issues. We decided 
to focus on the 80 percent that we agreed on, set the other 20 
percent aside to look at another day,'' and that is how they 
were able to get a lot done. And I think that maybe kind of 
describes what you are doing here, and whatever you are doing 
is, I think, working, and let us just keep it up.
    Senator Ayotte is next, and she stepped out for a moment. 
We are going to go to Senator Heitkamp, and if Senator Ayotte 
does not return immediately, then Senator Baldwin. Thank you. 
Senator Heitkamp, you are recognized.

             OPENING STATEMENT OF SENATOR HEITKAMP

    Senator Heitkamp. Thank you so much, Mr. Chairman, and 
thank you for appearing today.
    I actually do know Janet pretty well and she is not 
perfect. Tell her I said that. [Laughter.]
    We were Attorney Generals (AGs) together.
    During my time in public life, I have been a tax auditor, 
tax commissioner. I have been an Attorney General. So this is 
an area that I think I have kind of two perspectives on, how 
difficult it is to do security, how difficult it is to wake up 
every day and realize primarily your mission is to protect this 
country and protect people. But the only way we can do it is 
when we are held accountable for how we do it.
    And we are in a time of pretty tough budget questions, and 
when we have 10 years where we are not able to pass audits, it 
gets increasingly difficult to justify to the American public 
that we are doing the right thing here. Now, I am new to this 
and I can tell you--maybe if I sat through 10 hearings like 
this on a GAO audit--I would be a little tougher. But I want to 
give you an example of why the American public gets frustrated.
    Recently in North Dakota, TSA removed three scanners, full-
body scanners, to move to other locations to replace scanners 
that you had to replace because they did not pass privacy 
measures. Now, Minot, North Dakota, is a place of great 
economic growth. In fact, their airport is experiencing a 49 
percent increase in passengers. We have more airlines flying in 
there. The airport is understaffed. But yet you removed their 
scanner, causing the people of Minot to think, OK, here we go 
again. They cannot seem to get it right in Washington. They 
cannot seem to get procurement right. We see it every day.
    Obviously, we are extraordinarily grateful in North Dakota 
for all the help that we have received from FEMA. Minot is 
grateful for all the help, and, I think, all the true 
compassion and caring that the people experienced. But at the 
end of the day, yes, people can like the Federal employees who 
show up, and yes, you guys can sleep on ships and demonstrate 
your willingness to be accountable, but people want their 
dollars spent in an accountable and efficient manner, their tax 
dollars.
    And when we see repeated problems and a lack of what we 
have been hearing today. Sixty percent, you can agree with. You 
are moving on 60 percent. But, yet, there have been a lot of 
years to make this happen. And I can tell you as an agency 
head, if I had come back year after year with an audit and not 
having responded to concerns and questions, I probably would 
not have gotten an appropriation the next time and the 
legislature would have probably taken away my responsibility.
    And so I just have a couple questions about my scanners, 
and I know that it is, in the grand scheme of things, this is 
not the big issue, but it illustrates concerns that we have 
about defending and representing the Federal Government when we 
go home.
    And so I have been told by John Sanders that the agency is 
developing an acquisition program for the next generation of 
scanners that are going to replace the systems that were 
transferred out of our airports. This is a critical acquisition 
program which will impact the safety and the security of my 
constituents. What steps are DHS and TSA management taking to 
ensure that the acquisition problems identified by GAO, such as 
a lack of a plan to manage the risk and measure performance, 
are not repeated? And that we are not going to see--I have to 
tell you, I was pretty tough when I talked with John because I 
said, look, if the next thing is that you move those same 
scanners back into North Dakota, I will have 400 constituent 
letters about the waste of time. I said, you have to figure out 
how you can do this in a way that does not disrupt. And the 
notice was way too short, so there was not an ability to adapt.
    And so I use this as an illustration of the frustration, 
and want to be supportive and want to learn more about what the 
challenges are of meeting these acquisition policies. But I 
also want you to know that I am concerned deeply about 
irregularities. I am concerned deeply about inefficiencies and 
about a 10-year audit where the response is, ``We are working 
on it. We are hoping we will get there.''
    Ms. Lute. So, Senator, when I was in the Army, one of the 
Chief of Staffs of the Army, Gordon Sullivan--I am a great 
admirer of his--used to have a saying, ``Hope is not a 
method.''
    Senator Heitkamp. Yes.
    Ms. Lute. We are not hoping to get to a clean audit 
opinion. We were not hoping to get to a qualified audit 
opinion. We were going to get there, and we are there. We are 
at a qualified audit opinion. We are auditable in less than 10 
years of existence of a $60 billion agency with half-a-million 
people.
    So I share your determination that the accountability and 
the auditability and the answerability continues and has to 
improve. We will do that.
    Senator Heitkamp. But if I can just make a point, and it is 
not to be belligerent, but it illustrates, if a bank 
consistently told the bank regulator after 10 years, ``We are 
working on it. We have a strategy, we think,'' they would not 
have been given 10 years to hit the mark. They would not have 
been given 10 years.
    Ms. Lute. I worked in a bank when I was younger. I will not 
pretend to answer for it now. But what I can tell you is that 
we take a backseat to no one in our determination to achieve 
what we said we were going to do, which was a clean audit 
opinion, and sustain that, and I believe we will hit that mark. 
I know we will, because I know the effort that is going into 
this.
    In terms of the acquisition, I would be happy to share with 
you our detailed Management Directive covering the acquisition 
process to which now all programs must adhere, and it is a 
rigorous process that examines from requirements to ultimate 
disposition.
    Senator Heitkamp. And if I can just--not to belabor it--
every organization has a policy. The question is whether they 
have the will to implement the policy, and so we will wait and 
we will see. But these numbers at this point are not numbers 
that I can defend in North Dakota.
    Ms. Lute. What I could say, we also have a proven track 
record over the past 4 years of actually holding the meetings, 
canceling programs, improving the accountability and the 
understanding and the oversight within the Department of our 
acquisition programs, and we would be happy to lay all of this 
out for you in as much detail as you would find useful.
    Senator Heitkamp. Thank you.
    Chairman Carper. Senator Heitkamp, if you have not taken 
advantage of this, or any other Members of our Committee, I 
know Senator Coburn has, but Deputy Secretary Lute was good 
enough to spend a couple of hours with me and members of my 
team and it was just enormously helpful in understanding where 
they were when she started and where the Secretary started and 
how far they have come and what more they need to do. Hearings 
are good. Roundtables are good. But that is even better, and I 
would just urge you to take advantage of that. If we can be 
helpful in maybe pulling together a small group of Senators to 
have that kind of conversation with their staffs, I think 
everybody would be better for it, all right.

              OPENING STATEMENT OF SENATOR AYOTTE

    Senator Ayotte, thanks for being with us yesterday. Thanks 
for being back again today. You are recognized.
    Senator Ayotte. Thank you, Mr. Chairman.
    I want to thank the witnesses for being here today and 
wanted to followup on, I think, some questions that you were 
already asked by Senator Coburn and may have been touched on by 
Senator Heitkamp, as well, and that is the grant programs and 
acquisition programs.
    The December 2012 GAO report found that, in fact, there 
were--unfortunately, the major acquisition programs are 
continuing to cost more, take longer, deliver less capacity, 
and GAO identified 42 particular programs with cost growth or 
schedule problems, 16 of which saw increased costs, from $19.7 
billion in 2008 to $52 billion in 2011. And according to that 
December GAO report, this was due to the Department's lack of 
adherence to knowledge-based program management practices, and 
I know that Dr. Coburn touched on that, but where are we on 
this and how do we--basically, as Senator Coburn said, if we 
cannot measure effectiveness for these and we are continuing to 
see cost overgrowth in a challenging fiscal climate, how do we 
justify to our constituents that we should be spending money on 
these programs?
    So can you explain, where we are on that, and also, I would 
love to get some comment from you, Ms. Berrick, on that issue.
    Ms. Lute. Thank you, Senator. We agree that we can do 
better, and as Dr. Coburn and I discussed, this is something we 
are very seized with.
    One of the things that we did was put in place the National 
Preparedness Goals. What do communities need to do? How much of 
X, Y, or Z do they need to have? How do they know that from a 
set of judgments regarding what constitutes community 
preparedness that they are getting close to that? So 
articulating those preparedness goals was an important first 
step.
    Evaluating the capacity that has been created over the past 
10 years, with a sizable investment by the Federal Government 
in that capacity, is something that we are intending to do, as 
well.
    And then measuring performance objectives. And we have 
begun the performance objective process with ourselves. In 
2009, we had over 182 performance objectives, some of which, 
quite frankly, were impenetrable. They were really difficult to 
understand and they were not at all straightforward. We looked 
at every single one of them. We have broken them down. We have 
cut them by more than half. And we have put them in plain 
language so that we know if we do these things, these are 
recognizable steps in the direction of preparedness, safety, 
and security.
    Senator Ayotte. Can I share an experience I had when I was 
Attorney General? When the Homeland money first came in, to the 
State level, at least, the experience I had in our State, good 
intentioned people, but a lot of specific requirements on the 
Homeland money that maybe allowed a local agency to buy an All 
Terrain Vehicle (ATV) or a particular piece of equipment, but 
as I saw it, no connection to the overall plan to homeland 
security. Where are we on that with the State dollars that have 
flowed down and what I have seen sort of from a State 
perspective is a lot of piecemeal equipment here and there, but 
I could not connect it to the overall protection of either the 
State or the country.
    Ms. Lute. Again, that was part of the purpose of laying out 
these National Preparedness Goals, so that we could see not 
just what the States were doing, but that the States could, 
further on down, see what was going on at the local level.
    Senator Ayotte. And that it was all coordinated to some 
greater plan to protect the homeland?
    Ms. Lute. So that it would be better coordinated to address 
the risks in a prioritized way.
    Senator Ayotte. OK. Well, I appreciate that, and this is 
something that I--obviously, I am new to this Committee, but 
want to hear more about, and I would certainly like to hear 
your perspective, Ms. Berrick.
    Ms. Berrick. Sure. I think Senator Heitkamp really captured 
the State of DHS's acquisitions well, which is they have a good 
policy in place. The key is really execution moving forward.
    In addition to some of the statistics you mentioned, our 
review that we issued late in 2012 identified that most of 
DHS's major acquisition programs lack key documentation. That 
is really fundamental to managing those acquisition programs. 
And, in fact, half of the programs did not have any of that 
documentation, and that includes new programs and also older 
programs, as well, that predated the new Acquisition Directive.
    DHS has a number of really promising initiatives that they 
are pursuing right now that will strengthen their acquisition 
function. The status is they are in the very early stages, and 
I can give you a couple of examples.
    One is they have recently developed a requirements 
validation function which basically looks at the requirements 
for new systems and looks across the Department and coordinates 
that and makes sure that they are developing one DHS solution 
to meet all of their needs. We think that is very positive, but 
it is still in the very early stages. They are just starting to 
meet as they move forward. So we are going to be watching that 
moving forward.
    Another promising development is they developed a dashboard 
to oversee cost, schedule, and performance for their 
acquisitions, again, very promising. But that also is in the 
early stages. And, in fact, due to data issues, managers cannot 
really rely upon that system right now to make decisions.
    Regarding DHS's progress related to acquisitions, they are 
absolutely moving in the right direction. The key will be 
executing on their policy, which is a good policy, and then 
assessing the results as they move forward.
    Senator Ayotte. Thank you. I also wanted to ask about just 
looking at the 2013 high-risk list, where are the issues that 
fall under, really, primarily DHS that GAO issued? And, of 
course, I think the one that jumps out at me, as I am aware we 
have had a pretty lengthy hearing on the cyber challenges, but 
the establishing effective mechanisms for sharing and managing 
terrorism-related information to protect homeland security. I 
mean, this is the key issue post-9/11. Where are we? If it is 
still on the high-risk list, what have we done that is well 
that you can talk about here, and where are the major 
challenges that remain?
    Ms. Berrick. The first----
    Senator Ayotte. Obviously, if there are things you cannot 
share here, I understand that.
    Ms. Berrick. There has been significant progress in 
standing up the information sharing environment, which is 
really the government's structure to manage this issue because 
it goes beyond DHS. It affects a lot of Federal agencies that 
have key leadership roles in this area. So there have been good 
oversight structures. The White House has established a Policy 
Committee that oversees efforts in this area. They also 
established a strategy with pretty good metrics.
    The key, really, right now is for the five major 
departments that have key responsibilities in this area, 
including DHS, to execute their information sharing initiatives 
and to coordinate with one another. DHS has made very good 
progress in this area. They have prioritized their information 
sharing initiatives. A key challenge that they are facing is--
as other departments are, as well--is really resourcing those 
initiatives. We think they still have work to do in leveraging 
efforts of other departments and also identifying what their 
resource needs are for all of the various initiatives which are 
still underway.
    Another big challenge in the information sharing area is 
really the IT issue of connecting systems to enable departments 
to share information. There have been some frameworks put in 
place, but the agencies are really in the early stages of that. 
So very good progress in standing up a governance structure. 
The key right now will be for the departments that have key 
responsibilities to move forward and coordinate their 
initiatives, such as the IT initiatives, and work together to 
address these challenges.
    Senator Ayotte. Secretary.
    Ms. Lute. I would just add one thing to what Cathy has 
said, in addition to all of that. Maybe two things.
    One is, sorting through the rules of information sharing is 
an important aspect of this, as well--U.S. persons, non-U.S. 
persons, law enforcement sensitive information, et cetera. We 
have been working through that with all of our counterpart 
agencies and we think we are making progress, but it is 
something that we have to and do pay attention to.
    The other thing that we have begun to come to grips with, 
and I would say that this is a tremendous challenge, is the so-
called big data challenge. We have an initiative--we have 
several initiatives sort of, again, that are across the 
Department of Homeland Security. I call them the DHS Commons--
common vetting, common aviation, common redress and traveler 
assistance and customer service.
    In the common vetting, what we know is we interact daily 
with the global movement of people and goods. TSA moves two 
million people a day. A million people cross our borders. We 
have a tremendous amount of data. How can we minimize the 
collection of that data so as to not pose an undue burden on 
the traveling public, for example, and how do we share it in an 
expedited way, subject to rules, with appropriate limits of 
use, protections for privacy, civil rights, and civil liberties 
that people have a right to expect? We are making progress on 
all of those fronts, in addition to what Cathy said.
    Senator Ayotte. Thank you all. I know my time is over-
expired, so thank you for that latitude, Mr. Chairman.
    Chairman Carper. It was worth stretching it out. All right. 
Thank you very much. Thanks for being here again.

              OPENING STATEMENT OF SENATOR BALDWIN

    Senator Baldwin, welcome. Great to see you. Please proceed.
    Senator Baldwin. I want to also thank the Chairman and 
Ranking Member for holding this up and down review of the 
Department of Homeland Security. Clearly, what was accomplished 
back in 2003 was no easy task, and I certainly recognize the 
incredible progress made in the 10-years since the Department's 
creation. But since we are here today, I want to focus in on a 
couple of the areas in which the Department can improve or have 
been pointed out.
    Fortunately for me, Senator Ayotte's last question was the 
first question I was going to ask about in terms of the 
recommendations in the GAO High-Risk Report on information 
sharing across agencies, so I feel like you have tackled that.
    But I want to also look at another area. Mr. Dodaro, in 
your testimony, you discuss the inclusion of a new high-risk 
area in 2013, limiting the Federal Government's fiscal exposure 
by better managing climate change risks. And our country has 
certainly seen an increase in weather-related events that have 
contributed to significant loss of life and property, and it 
seems to me that each year, the weather-related events become 
more and more damaging and the level of involvement of the 
Federal Government has only increased.
    One of the recommendations in your testimony is for DHS to 
improve the criteria for assessing a jurisdiction's capability 
to respond to and recover from a disaster without Federal 
assistance and to better apply lessons from past experiences 
when developing disaster cost estimates.
    A few weeks ago, I was meeting with a county executive from 
one of the larger counties in the State of Wisconsin and we 
briefly discussed the need for FEMA and other Federal agencies 
to be more involved in ensuring that our local communities are 
prepared for the worst. And so I am wondering if both of you 
could comment on what DHS action items have occurred and will 
occur in the near future to assist local communities in 
preparing for the worst.
    Mr. Dodaro. First, the criteria issue is a very important 
one. The criteria was established, and it is qualitative 
criteria, but they use some quantitative measures. One is the 
per capita cost, per person in each State, and it started out 
as a dollar in the 1980s per person per State as sort of a 
threshold of whether or not the total costs of responding to 
the disaster would go over that. Then the Federal Government 
would get involved. That was not indexed for inflation for a 
13-year period of time, from 1986 to 1999. Our calculations 
show that if it had been indexed for inflation, the Federal 
Government would not have been involved in about 25 percent of 
the disasters that occurred during the time period we reviewed.
    And FEMA did agree with our recommendation to reassess the 
criteria and said that they were going to do that. It is a 
complicated task to be able to do it, but it is very important 
because of the incentives that it provides at the State and 
local level to make their own plans for preparedness and to 
identify where accountability lies. Particularly with State and 
local governments having zoning responsibilities, they have a 
lot to say in terms of where there infrastructure is located.
    Now, the other responsibility that FEMA has is to come up, 
ultimately, with criteria to determine readiness at the State 
and local level, and this goes to the grants question, as well, 
that was raised earlier. With all the grants that have been 
provided, at what point, even with what Jane mentioned 
regarding their goals that will be established, at what point 
are States capable of responding to these situations? FEMA is 
still working on that issue and has not really resolved that 
issue, as well.
    So there are two issues. One is the criteria for whether 
the Federal Government intervenes or not, and I think it needs 
to be reassessed. FEMA has agreed. But it will be a while 
before they come up with the criteria. But Congress should ask. 
And second is when FEMA comes up with a criteria for 
determining readiness of the capabilities at the State and 
local level. Both are needed to have good benchmarks in that 
area.
    Senator Coburn. Would the Senator yield for just a moment? 
Let me make a comment about Oklahoma. I think Oklahoma received 
11 disaster declarations based on the per capita damage ratio, 
and it is supposed to be a combination of overwhelming local 
resources and the per capita damage ratio. If you just looked 
at when we were overwhelmed, it was one of those.
    Now, we are happy to take the money. I know our Governor is 
and our State Legislature. But I will put us back into 
perspective. We are going to spend a trillion dollars more this 
year than we have and there comes a point in time where local 
responsibility has to take over and be responsible for their 
legitimate functions for a couple of reasons.
    One is, we can never solve all, have them totally prepared, 
even if we were the great benevolent figure that we are.
    And No. 2 is, financially, we cannot afford to do what we 
have said we are going to do now. And so we have to change this 
indicator, at least change it for inflation, because it is a 
tremendous advantage to a small State. We have less than four 
million people. It is not hard to get $4 million worth of 
damage from a tornado in Oklahoma. How much responsibility 
should Oklahomans bear for that? I would say the vast majority 
of it, not the Federal Government.
    So I think your point is well made, and I am sorry I 
interrupted you and we will add more time to you. But we have 
to start putting this into perspective.
    Mr. Dodaro. I agree with you, Senator. I think a good 
interim measure would be to index it for inflation for the 
entire period of time, because FEMA has indicated it is going 
to take time to come up with new criteria and go through a 
vetting process. But there could be some interim changes that 
they could consider.
    Chairman Carper. Senator Baldwin, would you just hold your 
thought for just a moment. None of this counts against your 
time. In fact, we will give you more time.
    My understanding, just correct me if I am wrong, is about 
the last dozen or so years, I think this number has been 
indexed to the rate of inflation, I think. But for the first 12 
or so years that it was in existence, it was not. And so I 
think that is the issue here, and the question is, what kind of 
catch-up do we do for those first dozen or so years.
    OK. Senator Baldwin, you are on. Thank you for bearing with 
us.
    Senator Baldwin. No problem.
    Deputy Secretary Lute, I do not know if you have any 
comments on this question also.
    Ms. Lute. So, I would only say two things. It is not 60/40. 
Gene and I agreed it is probably 95/5. We agree on most things 
that need to be done and improved, and it is really on that 
basis of common perspective that we proceed.
    And I guess the only thing I would add reflects a little 
bit on the point Dr. Coburn was making, which is in the tragic 
tornado that went through Joplin, Missouri, not long ago, it 
was an extraordinary demonstration of local capacity and mutual 
aid from the local community. No Federal search and rescue 
resources were deployed to that area. It is a small, teeny 
example, but exactly the kind of point, I think, that you are 
raising and making, and that is where we are headed.
    Senator Baldwin. The other question I had, my home State of 
Wisconsin has a number of ports of entry throughout the State 
that Customs and Border Protection oversees. And I am curious 
as to whether there are any major recommendations that directly 
involve Customs and Border Protection and whether such 
recommendations focus on security at ports of entry, if you 
could both comment on that and provide context to whether there 
are current issues with security at our ports of entry.
    Mr. Dodaro. Yes, Senator. I will ask Cathy to elaborate on 
it, but regarding maritime ports, the one I know of is the 
Transportation Worker Identification Card (TWIC) issue, which 
we have written about in a couple of reports, and the status of 
that card. Part of the problem was not having the card readers 
available yet. So that has been one problem. But I will ask 
Cathy to elaborate on others.
    Ms. Berrick. In addition, I would mention, as was already 
discussed, the US-VISIT exit system, which is a mandate that 
DHS has to develop a biometric exit capability to track foreign 
nationals leaving the United States. They have a biometric 
entry system. But that is a key area outstanding that they are 
working on.
    Also, another area is determining the appropriate mix of 
technology and infrastructure to secure different sectors along 
the Southwest border. As was mentioned, SBInet was canceled and 
DHS's new approach is to determine the appropriate mix across 
the sectors rather than have a one-size-fits-all solution, and 
that work is still in progress and GAO has ongoing work looking 
at it.
    We have also made recommendations related to training for 
CBP agents and the need to have recurring training and 
refresher training after agents have been hired.
    Those are some key ones, and we have a number of others 
that we would be happy to discuss with you.
    Ms. Lute. I think what I would just say in response, all of 
these are known to us and things that we are working on. As 
Cathy said, there is no one-size-fits-all for the ports of 
entry at the border and there is no single-point solution, just 
technology, or just more personnel, or just better process. You 
need to integrate all of these things in a sensible approach at 
the border, as we have been demonstrating.
    With respect to training, I could not agree more, and I am 
fond of saying sometimes that in the Federal Government, people 
talk about investment. Really, the only place you invest is in 
people. That is where you get the return. We spend a lot of 
money. We place some bets. Is this going to work or not? But 
the real investment is when you invest in people and that is in 
training.
    And we have taken steps, particularly on leadership 
training. We have created--it did not exist before--a 
comprehensive leadership training program for the Department of 
Homeland Security so young, entry-level professionals coming in 
as a Homeland Security person can see themselves all the way 
through and understand that as they progress in their career, 
there is a progression in expectations of the responsibilities 
they will assume. Certainly, this applies here, as well.
    Senator Baldwin. Thank you.
    Chairman Carper. One of the recurring themes of our hearing 
yesterday--on the oversight of the Hurricane Sandy response--
one of the recurring themes was shared responsibility. We are 
not in this by ourselves. It is not just the Federal 
Government. It is not just State or local government. It is 
just government. We are all in this together, so that is good.
    Mr. Dodaro, if you could, a question for you. I am going to 
try to keep this under 4 minutes. If you could help me with 
that, that would be good. But if you had to provide us with 
maybe the top two or three areas that you think would yield the 
greatest results in further improving the management of the 
Department of Homeland Security, what might those two or three 
areas be?
    Mr. Dodaro. I think the first area, the one area that I 
would focus on, is the acquisition management area, because----
    Chairman Carper. Is your microphone on? Just start over.
    Mr. Dodaro. I am sorry.
    Chairman Carper. We want to hear every word.
    Mr. Dodaro. OK. I will ask Cathy to provide input too. I 
will give the first one, and that is acquisition management. I 
think the acquisition management area is so critical to 
procuring the types of systems, whether it is scanners, IT 
solutions, or other solutions, that are critical to implement 
the Department's missions. And I think that is very important, 
whether you are talking about immigration, Customs and Border 
Patrol, or other areas. That is where I would focus. That is an 
area where we have seen well-established departments, long-
established departments--Defense, National Aeronautics and 
Space Administration (NASA), Department of Energy--with 
acquisition management still on the high-risk list. So that is 
a tough issue to resolve and it is all about implementation and 
having the proper discipline in place.
    Chairman Carper. Thank you.
    Ms. Berrick. And just to provide some context, GAO has 
issued over 1,300 products looking at different aspects of 
DHS's programs and operations and made over 1,800 
recommendations. A key theme we identified, looking across all 
those products that has impacted the Department's efforts trace 
back to the management of the Department, just to put this in 
context. So we have identified this as a cross-cutting issue.
    And while all the management areas are important, I agree 
that acquisition along with IT are the two areas that have the 
most direct effect on the Department's ability to implement 
their missions--secure the border, secure air travel. IT is 
very similar to acquisition.
    DHS's focus really needs to be on moving forward on the 
initiatives that they are pursuing, and ensure that they are 
following their existing policy, not just in acquisition and IT 
but across all the management functions. DHS has good policies 
in place. The key is really execution, moving forward on these 
initiatives that they are starting, and monitoring their 
progress moving forward.
    Chairman Carper. OK. Thanks.
    My last question. On our second panel today, Elaine Duke, 
who is here today already, served as the Under Secretary of 
Management at the Department, and former Inspector General 
Richard Skinner, are both going to caution us on this Committee 
that it is important not to be short-sighted with the budget 
for management. The Fiscal Year 2013 Continuing Resolution 
passed by the Senate yesterday would cut $17 billion from 
management at the Department of Homeland Security. What area or 
areas of progress in addressing management are the most at risk 
if there are funding reductions, and what will be the impact in 
the next 5 to 10 years?
    Mr. Dodaro. We have already received a request from the 
Congress to look at the impact of sequesters on Federal 
departments and agencies, so we will be looking at that issue, 
including in terms of how they have prepared for this issue, 
because a lot depends on what kind of decisions that they have 
made in terms of what impact it is going to have, and once we 
complete that work, we would be happy to provide it to this 
Committee.
    Chairman Carper. OK. Fair enough. Dr. Coburn.
    Senator Coburn. You said $17 billion?
    Senator Carper. I said $17 billion. I think I misspoke. It 
is $17 million.
    Senator Coburn. General Dodaro, the DHS employee morale 
survey this year went down. Why do you think it did?
    Mr. Dodaro. Well, I think there are two reasons. If you 
look at all the Federal departments and agencies, it went down, 
I mean, overall, with few exceptions.
    Senator Coburn. OK.
    Mr. Dodaro. So I think it is part of the environment and 
the uncertainty associated with the environment.
    Beyond that, I am really not sure, and one of the things 
that we have recommended to the Department is that they do a 
root cause analysis to try to figure out what is driving the 
decrease in scores.
    Senator Coburn. It is a pretty depressing place up here, is 
it not? [Laughter.]
    Mr. Dodaro. Well, this is a tough issue. I know from 
running the GAO, we have employee feedback surveys, too. 
Fortunately, we are one of the top-ranked ones, but we did not 
get there by accident. We worked on this over the years. It is 
very difficult to figure out what motivates people and what you 
really need to do to address their concerns. But you have to 
keep trying really hard to find out what some of the root 
causes are to be able to do that. We have made that 
recommendation to DHS. They have agreed to do that. And I think 
that will provide some insights as to the reasoning. You really 
have to study this.
    Senator Coburn. Yes.
    Mr. Dodaro. If you leap to conclusions about things, you 
can actually make things worse.
    Senator Coburn. Yes, right.
    Secretary Lute, do you think it is any worse in DHS than it 
is anywhere else in the government?
    Ms. Lute. I will not speak for anywhere else in the 
government, Dr. Coburn, but it is unacceptably low to me, 
certainly to the Secretary. I have been around a lot of 
workforces for a long time, and as Gene said, across the 
Federal Government, it is down. Across the country, the public 
mood ebbs and flows. There have been pay freezes. There have 
been other things going on.
    Senator Coburn. Tough times.
    Ms. Lute. But there also have--I think--and this Committee 
has been very helpful in this regard and helping the American 
public understand that their red, white, and blue-collar 
workforce shows up to work for them every single day. And you 
do not run an organization with denigration and derogation and 
dismissiveness. You run it with purposefulness and pride. And 
you run it most effectively when you put that purpose and that 
pride in the hands of your workforce and you lift them up. Our 
job is to lift them up.
    So one of the things that I also know is that your front-
line supervisor matters a lot to you. Do our front-line 
supervisors have the tools they need to do their job? We are 
trying to give them that with this emphasis on a leadership 
training program, and other things, as well.
    People want to show up. They want to connect to the meaning 
that brought them to public service. They want the tools they 
need to do their job. They want to add value and they want to 
feel valued. That is what we are going to do.
    Senator Coburn. Secretary Lute, let me ask you one last 
question. We will submit a lot of questions for the record, 
which we routinely do, and I appreciate you all being timely on 
the response.
    Homeland Security Permanent Subcommittee on Investigations 
(PSI) and my office did a study on urban area security 
initiatives this last year and published it, and we got a lot 
of blow-back, but it is $8 billion out of the $35 billion that 
you spent in the last few years on grants. And Senator Ayotte 
was here. New Hampshire spent hundreds of thousands of dollars 
on a BearCat for a pumpkin festival. What Senator Heitkamp 
said, it is pretty hard to explain to people why we are 
releasing people from detention who are undocumented aliens 
when we are spending two or three-hundred-thousand on a piece 
of equipment that is going to rarely, if ever, be used for its 
original intended purpose.
    What level of specificity are you putting into the grant 
requirements? We are spending American taxpayers' money to help 
them get prepared, and then they see all these areas where we 
are spending, whether it is snow cone machines or underwater 
robots for a city that does not have a lake or whatever it is? 
How are we changing that?
    Ms. Lute. And I agree with you, Dr. Coburn. That has to 
change. In part, we are changing that through the 
identification from FEMA of the National Preparedness Goals. 
What do you need to be able to do? What capabilities are 
required for that, and how do you measure your performance 
going forward?
    Senator Coburn. And how much of it is the State and local 
responsibility?
    Ms. Lute. It is. As you know, a great deal of it is. But 
also, this serves as guidelines for them as it further cascades 
down.
    In addition to that, we have written this financial 
assistance policy which now is comprehensive. It looks at 
requirements. It looks at grant writing. It looks at 
accountability. It looks at grant oversight over the course of 
time, disposition and ultimate reporting. We know we can do 
better on this and we are committed to doing it. And, again, 
the proof is in, not just writing the policy, but following 
through.
    Senator Coburn. All right. Thank you very much. Thank you 
all for being here. I appreciate your dedicated service.
    Chairman Carper. As do I.
    Before we release you, I just want to mention a couple of 
things. One--I think Tom has heard me say this before--people 
say to me from time to time in Delaware and across the country, 
I do not mind paying taxes. Some people say, I do not even mind 
paying more taxes. I just do not want you to waste my money. I 
just do not want you to waste our money.
    This Committee is dedicated, committed to--not just the two 
of us, but I think everybody on this Committee is determined to 
be a good partner, provide oversight, but be a good partner 
with you, both of you, the three of you, to making sure that we 
waste a whole lot less. Our goal is to be perfect, but the road 
to improvement is always under construction. I am encouraged 
that this road to improvement is under construction, for sure. 
We are making some progress.
    The other thing, on morale, it troubles me. I want people 
who work here with us on this Committee and our staffs, our 
colleagues, I want morale to be good. And one of the most 
interesting things I have heard lately about morale, what 
people like about their work, it is people like different 
things about their jobs. They like getting paid. They like 
having vacations. They like having benefits, pensions, so 
forth, health care. But what people most like about their work 
is that they feel that it is important and they feel like they 
are making progress. That is the most important thing. They 
feel the work, that their work is important, and they feel like 
they are making progress.
    Clearly, the work that you and the team that you and 
Secretary Napolitano do, the work you do is hugely important 
for our country. And not everybody knows this, but pretty soon 
it will be a secret no more. You are making progress. GAO, who 
we look to for enormous help on this, has verified that. Can 
more progress be made? Sure, it can. And I think with the 
attitude that you bring to it and the oversight we will provide 
and the help that hopefully we can provide, we will provide 
even more.
    We did not get into the issue in terms of management 
success and morale, as to whether or not it makes sense to try 
to put more resources behind consolidating your operations in 
one location. We did not talk at all about St. Elizabeths. We 
are going to have some follow-up questions. But I think that is 
an important issue and we are not doing a very good job. At 
this time of scarce resources, it is hard to come up with the 
money, but what we do come up with, it is important that you 
use it in a cost-effective way and help us in working with the 
appropriators to make sure that the dollars that are available 
for this are being put in the right place to help to better 
manage the Department, better do your work, and, really, in a 
sense, enhance morale.
    All right. Anything else, Tom?
    Senator Coburn. I do not think so. Thank you.
    Chairman Carper. OK. Thank you all very much.
    And I want to say, I do not know, Ms. Berrick, if you could 
stay with us and sit through--just remain at the table and we 
will add another nameplate if you could remain with us, just to 
be--I do not know that we will call on you, but we may, and it 
would just be helpful if you could be here.
    Ms. Berrick. Sure.
    Chairman Carper. Secretary Lute----
    Ms. Lute. Yes, sir.
    Chairman Carper. Good job.
    Mr. Dodaro, as always, thank you.
    Mr. Dodaro. Thank you. [Pause.]
    Chairman Carper. All right. Welcome. It is great to see all 
of you and have you join us at this witness table. You are not 
strangers to us and we are mindful of your years of service to 
our country, and your continued service. I am going to provide 
brief introductions and then we will turn you loose to testify 
and then respond to our questions.
    Our first witness on this panel is Elaine Duke. Ms. Duke 
had a 28-year career with the Federal Government culminating in 
2008 with her nomination by President Bush and Senate 
confirmation to be the Department of Homeland Security's Under 
Secretary for Management. She is the principal of Elaine Duke 
and Associates and provides acquisition and business consulting 
services. Welcome. In addition, I understand that you are an 
Adjunct Professor of Acquisition for American University and a 
Distinguished Visiting Fellow at Homeland Security Studies and 
Analysis Institute. Again, we are grateful for all your service 
and very grateful that you can be here today.
    Our second witness is Richard Skinner. After 42 years of 
Federal service, having started at the age of 12, Mr. Skinner 
retired in early 2011. He was the first Senate-confirmed 
Inspector General of the Department of Homeland Security. Prior 
to his July 28, 2005, confirmation, he held the position of 
Deputy Inspector General starting on March 1, 2003, the date 
the Department was created. Prior to his arrival at DHS, Mr. 
Skinner was with the Federal Emergency Management Agency, where 
he served as the Acting Inspector General and Deputy Inspector 
General. In 1998, he received the President's Meritorious 
Executive Rank Award for sustained superior accomplishment in 
the management of programs of the U.S. Government and for 
noteworthy achievement of quality and efficiency in the public 
service. That is a high honor.
    Our third witness is Shawn Reese, Analyst of Homeland 
Security Policy at the Congressional Research Service. Mr. 
Reese has written numerous reports to Congress on Federal, 
State, and local homeland security policy issues. He has 
testified numerous times on homeland security and 
counterterrorism issues before House Committees. Mr. Reese is a 
2011 graduate of the Department of Defense's National War 
College and a former U.S. Army officer. We are happy to welcome 
you. Thanks for joining us.
    And, Cathleen, thank you for sticking around.
    Ms. Duke, you are recognized. Your full statement will be 
made part of the record. You are welcome to summarize it. I 
will ask you to try to stick close to 5 minutes, if you could. 
If you go a little bit over, that is OK. If you go way over, I 
will have to rein you in. All right. Thanks. Please proceed.

TESTIMONY OF HON. ELAINE C. DUKE,\1\ FORMER UNDER SECRETARY FOR 
        MANAGEMENT, U.S. DEPARTMENT OF HOMELAND SECURITY

    Ms. Duke. Thank you, Chairman Carper, Ranking Member 
Coburn, and Members of the Committee. I am very pleased to be 
here today. Management integration at DHS and the GAO high-risk 
list was important to me when I was at the Department and it 
continues to be of importance to me even after I have retired 
from Federal service.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Duke appears in the Appendix on 
page 113.
---------------------------------------------------------------------------
    I would like to talk about three phases of DHS management 
integration briefly, the past, present, and future.
    In the past, first, we went through what I will call a 
building block stage. Some have the misperception that DHS was 
actually kind of formed as a blank slate, but really, it came 
together as 22 different agencies with many disparate and 
different systems, cultures, missions, all united by 
legislation. And each of the agencies brought with it both the 
good and the challenges of the legacy agencies. And so in 
bringing them together and achieving management integration, we 
had to start first by undoing to bring together in a more 
effective manner.
    For example, when DHS was formed, about 90 percent of the 
major programs, and those are over a billion dollars in 
acquisition costs, were not run by a program manager with the 
skills and experience to run it. Now--and one of the building 
blocks we put in place was to develop a certification program 
for program managers and other acquisition professionals to 
appropriately run this program. And as a result of that initial 
building block, now, over 75 percent of the major programs are 
currently run by a program manager.
    Now, I will briefly address some of the present initiatives 
to further enhance management integration, and these focus a 
lot on integrating some of the building blocks that were put 
together in the first 3 to 5 years of the Department. It has 
expanded and it is preparing to expand the Acquisition 
Certification Program to the other career fields that are 
critical for success, most notably cost estimating, logistics, 
test and evaluation.
    It has put in place Component Acquisition Executives (CAE). 
It is a position, but it is key to continued accountability and 
authority of driving good acquisition throughout the operating 
components. And it has also raised the level of acquisition 
oversight to direct report to the Under Secretary for 
Management, Mr. Rafael Borras, in the Program Accountability 
and Risk Management Office (PARM).
    DHS has made significant accomplishments toward management 
integration. It has strengthened the authorities of the six 
business chiefs, which was critical in driving integration 
through DHS. And it has strengthened the functional integration 
between those chiefs and the operating components. It has 
chartered two federally funded research and development centers 
to assist in driving these objectives through DHS, the Homeland 
Security Studies and Analysis Institute and MITRE.
    As a result of the continued efforts of DHS leadership and 
management personnel, we are beginning in the Department to 
show sustained and demonstrated improvements. It first started 
at the U.S. Coast Guard (USCG) as the Blueprint for Acquisition 
Reform. DHS has applied the best acquisition practices 
throughout the Department. It has taken back systems 
integration responsibilities in key programs such as Coast 
Guard Deepwater and CBP SBInet. It has used the acquisition 
review process to redirect programs that are breaching cost, 
schedule and performance measurements. It has made significant 
improvements on its financial audits, as was discussed in the 
first panel. Another example is the consolidation of data 
centers, closing 18 already with six more slotted for closure 
this fiscal year.
    Finally, I will give my recommendations for the future. DHS 
has developed an Integrated Investment Life Cycle Model 
(IILCM), and this model is critical and ideal for the next 
phase of management integration. It does two important things. 
First, it develops much needed management structure around 
policy and joint requirements. Second, it seeks to integrate 
and flow the decisionmaking of the various building blocks that 
were put in place in the first 10 years of the Department of 
Homeland Security. The integration of policy, joint 
capabilities and requirements, resources and acquisition under 
the Integrated Investment Life Cycle Model is critical for the 
continued maturation and integration of DHS management.
    I believe there are several key things that DHS, GAO, 
supported by this Committee and other Committees of Congress, 
must do to support DHS in its continued seek for management 
integration: focusing on effectiveness and efficiency, 
continuing to form the capital and resources necessary for the 
integration, supporting the IILCM, and appropriately 
recognizing the employees that have continued to make the 
results that have been accomplished to date, as Deputy 
Secretary Lute talked about a little earlier. We must not 
underestimate the recognition of these outside parties.
    I am looking forward to answering your questions this 
morning as we proceed with this panel. Thank you.
    Chairman Carper. Thank you, Ms. Duke.
    Mr. Skinner, please proceed.

   TESTIMONY OF HON. RICHARD L. SKINNER,\1\ FORMER INSPECTOR 
         GENERAL, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Skinner. Good morning. I believe it is still morning. 
[Laughter.]
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Skinner appears in the Appendix 
on page 119.
---------------------------------------------------------------------------
    Chairman Carper, Ranking Member Coburn, it is truly an 
honor to be here today and I appreciate this opportunity.
    The Department's management support function was, when I 
was the IG, and you said earlier, one of the major problems 
when the Department first came together. It had to dig itself 
out of a hole. It inherited billions and billions of dollars' 
worth of programs, all with material weaknesses and inherent 
weaknesses. Yet, the management support staff that was 
transferred to the Department was not sufficient to support 
those programs. They have been digging themselves out of a hole 
for years.
    Management support, and it has been repeated all morning, 
is in fact, the platform on which all of the DHS programs and 
operations are built, and they are critical to the success of 
the Homeland Security mission. And if the Homeland Security 
programs are in fact weak, so in turn, will be the programs 
which they are supporting.
    Elaine and others have already hit on this, but I think it 
is really important to understand that when the Department was 
stood up, that this was one of the largest reorganizations in 
the past 50, 60 years, since DOD. That, in and of itself, 
created problems. And the fact that the environment in which we 
were living in those days, right after 9/11, also I think, 
contributed to this oversight. Everyone was mission focused, 
not management support focused. And as a result, I think that 
has delayed the building of the management support operations 
that we are still grappling with today.
    The Department, and this goes back to all three 
Secretaries, Ridge, Chertoff, and now Napolitano, all 
recognized this as important. But I think the real progress 
that we are starting to see has occurred in the past 5 to 6 
years, and it is moving at a snail's pace, but it is moving. 
The barometer is going up, and I think that is a very healthy 
indication of where the Department is headed.
    Financial management, everyone has talked about that and 
everyone is very proud of the fact that DHS has received a 
qualified opinion on the balance sheet for fiscal year 2011 and 
reduced its material weaknesses. I would like to emphasize that 
obtaining an auditable financial statement is not the end goal. 
That is just one of the benefits that you receive from having a 
good, sound financial management system.
    The Department right now is operating--their systems are 
being operated with band-aids. In order to get that clean 
opinion, it takes a Herculean effort by staff burning midnight 
oil, and it is going to do that year-in and year-out until it 
modernizes its financial management systems. Yes, it can tell 
you where it is at a point in time, September 30, but can it 
tell you where it is at on a daily basis? That is what a good 
financial management system should be doing. We still need to 
invest in modernizing DHS' financial management system.
    The other area is information technology. That continues to 
be one of the Department's biggest challenges, in my opinion. 
We have to keep in mind, DHS inherited over 2,000 IT systems 
back in 2003. I think they have reduced that down to well below 
700. It took almost 2 years just to inventory the IT systems. 
When we did that, when the Department accomplished that, 
finished their inventory, we found that the systems were 
archaic, stovepiped, unreliable, and many simply had no real 
value. Things are starting to change now. Things are starting 
to meld. But DHS is still in a very delicate stage, early stage 
of creating a good integrated IT system.
    Acquisition management, this is the one area, and it is the 
one area everyone has been harping on for a long time and 
everyone has been highly critical of it, but during my tenure 
there and my observations over the last 2 years, it is the one 
area, in my opinion, that has improved the most, thanks in 
large part to my co-panelist right here, Elaine Duke, and the 
leadership that they have given to acquisition management. If 
you could understand how bad things were in 2003, I think we 
would appreciate how good things are today. As bad as they are, 
it is improving. We must stay on that task.
    And finally, grants management. That is something else that 
concerns me and continues to concern me as a citizen because of 
the waste that we are experiencing. I looked at the IG's semi-
annual report, or the past two semi-annual reports. The OIG 
conducted about 50 audits and identified well over $300 million 
in questioned costs. That is just unacceptable. There is 
something inherently wrong. We need to correct that.
    The other thing that bothers me, always, when I was the IG 
and when I was with FEMA, is our inability to measure the 
impact those grant funds are having on our Nation's security. 
It is something, I think, that needs to be addressed. We need 
to do a better job of monitoring. We need to do a better job of 
measuring our performance.
    In conclusion, I would just like to say that 10 years after 
its creation, the Department has in place the strongest 
management team imaginable. The Under Secretary for Management, 
the Chief Information Officer (CIO), the CFO, the Chief 
Procurement Officer (CPO), all have proven they possess the 
knowledge and skills to get the job done. Moreover, they have 
the support of the Secretary and Deputy Secretary. However, if 
DHS is going to progress, it is very important, I believe, that 
the Congress continue to support these initiatives. They are 
fragile--not only because they are in the early developmental 
stages, but because in today's budget environment. I understand 
that the first place you want to cut is the management support, 
not your operational or your mission objectives. We will be 
penny wise and pound foolish if we do not continue to invest in 
DHS' management support functions. We will be talking about 
this 5 years from now, 10 years from now, if we turn our back 
on the progress that has already been made.
    I realize my time is up. I am sorry. I will be happy to 
answer any questions, Mr. Chairman, that you or Senator Coburn 
may have.
    Chairman Carper. He will be right back.
    A lot of wisdom in what both of our first two witnesses 
have said, especially what you said there at the end. We have 
passed in the Senate and we expect the House to adopt today a 
budget resolution that carries through the end of September, 
for the next 6 months. It reduces for the balance of this year, 
I think, the management function at DHS by about $16 million. 
And that is not good. We know that. We know that is not good. 
As you said earlier, there are some choices that need to be 
made.
    We have the opportunity to take up today, tomorrow, maybe 
over the weekend, a budget resolution for the next 10 years and 
we will have an opportunity to revisit this particular issue, 
the kind of resources that we are putting toward the management 
function of DHS. My hope is that we will do a better job and 
maybe have some more resources and maybe be able to make some 
smarter decisions than we did in this instance.
    But having said that, let me just yield to our third 
witness, Shawn Reese. Mr. Reese, we welcome you. Thank you.

 TESTIMONY OF SHAWN REESE,\1\ ANALYST IN EMERGENCY MANAGEMENT 
 AND HOMELAND SECURITY POLICY, CONGRESSIONAL RESEARCH SERVICE, 
                      LIBRARY OF CONGRESS

    Mr. Reese. Chairman Carper, Ranking Member Coburn, Members 
of the Committee, on behalf of the Congressional Research 
Service, I would like to thank you for the opportunity to 
appear before you today.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Reese appears in the Appendix on 
page 127.
---------------------------------------------------------------------------
    When I wrote my report, the first edition, a year ago, I 
had no idea that it would be getting as much attention as it 
has in the past year, so I am glad to see that my work for 
Congress is paying off.
    I will discuss the absence of a national comprehensive 
homeland security concept and the lack of homeland security 
mission priorities, not just within the Department, but 
nationally as a whole, and how these issues may affect DHS's 
integration and management of its missions.
    Arguably, a comprehensive homeland security concept that 
prioritizes national homeland security missions is needed. This 
is more than an issue of what words describe homeland security. 
It is instead an issue of how policymakers understand or 
comprehend what homeland security is and how it is 
accomplished.
    My written statement addresses this in detail and discusses 
the absence of both a standard homeland security concept and a 
single national homeland security strategy. I will now briefly 
discuss these issues.
    In the past 10 years, Congress has appropriated 
approximately $710 billion for the Nation's homeland security. 
That includes entities, not just the Department of Homeland 
Security, and that is based on OMB's estimate. However, 
homeland security missions are not funded across the board 
using clearly defined national risk-based priorities. Funding 
allocations are most effective when priorities are set, clearly 
defined, and well understood.
    In August 2007, Congress required the DHS Secretary to 
conduct a Quadrennial Review of Homeland Security with the 
enactment of implementing the 9/11 Commission's Recommendations 
Act. This review was to be a comprehensive examination of the 
Nation's homeland security strategy, including recommendations 
regarding long-term strategy and the Nation's priorities and 
guidance on the programs, assets, capabilities, budgets, 
policies, and authorities of the Department. The 2010 
Quadrennial Homeland Security Review (QHSR) was criticized for 
not meeting these requirements. Given that DHS is in the midst 
of developing their 2014 Quadrennial Review, now might be an 
ideal time to review the concept of homeland security, its 
definition, and how that concept and definition affect DHS 
appropriations and the identification of priorities.
    Obviously, the concept of homeland security is evolving and 
national DHS-specific homeland security missions are being 
funded. However, the manner in which future Homeland Security 
appropriations will be allocated is still a point of potential 
contention if there continues to be no comprehensive concept or 
list of national homeland security priorities.
    Policy makers continue to debate and consider the evolving 
concept of homeland security. Today, DHS has issued several 
mission-specific strategies, such as the National Response 
Framework. There has not been a distinct National Homeland 
Security Strategy since 2007. It may even be argued that the 
concept of homeland security as a separate policy area from 
national security is waning. Evidence for this may be found in 
the current Administration's combining of the national and 
Homeland Security staffs and the inclusion of Homeland Security 
guidance in the 2010 National Security Strategy.
    Finally, OMB has questioned the value of requiring Federal 
departments and agencies to identify homeland security funding 
with their 2014 budget requests.
    To specifically address the issues of funding national and 
DHS homeland security missions in DHS management, Congress may 
wish to consider three options. First, Congress could require 
either DHS or the combined national and Homeland Security staff 
to develop and issue a distinct homeland security strategy. 
That would prioritize missions.
    Second, Congress could require refinement of national 
security strategy that would include not only national guidance 
on homeland security policy, but also include a prioritization 
of national homeland security missions.
    Finally, Congress may focus strictly on DHS's forthcoming 
Quadrennial Review and ensure that DHS prioritizes its homeland 
security responsibilities.
    In closing, it is important to note that Congress does 
appropriate funding for DHS missions. However, there is no 
single, comprehensive concept of homeland security and no 
single national homeland security strategy at this time. This 
may hamper the effectiveness of congressional authorizations, 
appropriation, and oversight functions. It may also hamper or 
restrict DHS and other Federal entities' ability to 
successfully execute homeland security missions.
    I will conclude my testimony here. Once again, thank you 
for the privilege to appear before you.
    Chairman Carper. Thank you. Thanks for the time and energy 
you have put into this and for being with us today.
    I want us to start off by asking each of you here for the--
I think each of you were here for the testimony of the first 
panel, is that correct?
    Ms. Duke. Yes.
    Chairman Carper. All right. And you heard what they had to 
say, and questions and answers and back and forth. Just reflect 
on what you heard. Maybe you think you should underline or 
emphasize something for us or you might want to question 
something, but just react to the first panel, what was said.
    Mr. Skinner. First, I think the first panel was on target 
and I agree, particularly with the Comptroller General Gene 
Dodaro, with regards to what is important. Acquisition 
management is very important. Over 40 percent of DHS's budget 
is being spent on contracts every year. I believe that will 
probably continue because it has to rely on the private sector 
and the technology that they can bring to the table in 
supporting DHS.
    DHS is going to continue to be wasteful if it does not have 
a strong acquisition management strategy in place that not only 
uses knowledge-based programs and theories, but also that holds 
people accountable, and that is, I think, the two things that 
were missing in the first panel, is accountability and 
transparency. We need to be able to show people on a real-time 
basis where our money is going. We cannot do that now with the 
financial management systems that we have in place. We can do 
it once a year, but we cannot do it on a continuing basis.
    The other thing that I heard today, especially from Deputy 
Secretary Lute, was the commitment and dedication to improving 
the department's management support functions. And I truly 
believe there is a dedication and a commitment there to move 
forward, to move that meter forward. To stop pedaling right 
now, we are just going to fall over. They need support. They 
need oversight. And that can come from Congress. And I think it 
is very important that Congress stay on top of not just the 
mission-related functions, but also DHS' management support 
functions and to support them.
    Now, I understand the budget situation, we all do, that we 
are facing today. It is going to take longer. We cannot do it 
all. Everyone expects it to be done tomorrow. It is not going 
to be done tomorrow. DHS needs to develop a strategic plan that 
clearly sets forth where it is going to be this time next year, 
where it is going to be 3 years from now.
    One of the things that distressed me this morning was the 
focus on having an auditable financial statement 3 years from 
now. That is fine, but that does not mean it will have a good 
financial management system, and that is what concerns me. The 
focus on obtaining a clean opinion now is the end game. Victory 
will be declared if it can get auditable financial statements. 
DHS should not stop there. IT should be focusing on improving 
its financial management capabilities, and as a result, it will 
get auditable financial statements.
    Chairman Carper. Good. I think they understand that. I 
think Secretary Lute understands that. It is an excellent 
point. It is actually just some good advice for us as well as 
for the folks who are sitting at the table today. Thanks.
    Ms. Duke, please.
    Ms. Duke. I would like to first of all, reiterate what 
Deputy Secretary Lute said at the end of her statement about 
the value of the employees. It seems to be a little in vogue 
right now to really criticize Federal employees----
    Chairman Carper. Not just right now. It has happened too 
often. Few things make me less happy than when I hear people 
describing Federal employees, or State employees, or local 
employees, as nameless, faceless bureaucrats. It demeans them. 
It demeans the importance of them as human beings and the work 
that they are doing. I find it very troubling.
    Ms. Duke. Thank you, Mr. Chairman. You made my point better 
than I would, so I will go on to No. 2.
    Sometimes we talk about management and mission as if they 
are two separate things, and mission is nothing more than the 
foundation enabler of mission, and we cannot deal with the two 
of them separately. And so I think it is important as we move 
forward, especially as we are in this fiscally constrained 
environment, to not talk about them separately, because 
management delivers the people, the resources, the budget to 
deliver a mission and you cannot separate the two.
    And the last thing I would like to point out is we really 
are driving toward a strategy. DHS is looking at management 
integration in a very strategic way. But it is important, I 
think, as we go along the way to not just measure the utopic 
State, the end State, but to measure tactical measures as we 
move along. What specifically are we doing to bring us toward 
that end goal? And I think that it is going to be important now 
to make sure we do take some of those tactical steps and not 
stop. And some of the innovations do require investments in 
capital investments to go forward, and I think we should be 
thinking collectively of how we can innovate to keep those 
going.
    One of the ideas that we might want to consider is a share-
in-savings type approach, which is where industry provides an 
infusion of capital and the Federal Government does not have to 
fund investment so that we can continue to move some of these 
management initiatives forward, like data center consolidation, 
like information sharing, like DHS headquarters.
    Chairman Carper. Thank you.
    Mr. Reese, just very briefly respond, if you would. Any, 
just, quick reactions to what you heard from the first panel?
    Mr. Reese. Sir, just I think that DHS has very much 
identified what its missions operationally are and it has 
identified the goals within each of those missions, and that is 
the word ``operation'' used so much this morning, I think that 
is----
    Chairman Carper. Excellent. Thank you for saying that.
    A quick point, if I could, for Mr. Skinner. I believe you 
are the first Senate-confirmed Inspector General at the 
Department of Homeland Security, if I am not mistaken. That is 
right, is it not?
    Mr. Skinner. That is correct.
    Chairman Carper. OK. Senator Coburn and I have been joined 
by every Member of this Committee in sending a letter to the 
President last month saying, Mr. President, there are about six 
or so departments that do not have a permanent, confirmed 
Inspector General. We have an obligation, I think. The 
President has an obligation to nominate, to vet, ensure that 
they vet good people, whether it is for IGs or cabinet 
secretaries or under cabinet secretaries. The Senate has an 
obligation to, in a timely way, make sure that those folks are 
well qualified and move those nominations. We are not doing our 
job. In fact, we have not done our job well there for a number 
of years.
    Talk to us just very briefly, and I will yield to Dr. 
Coburn, why is it important to have, in those half-dozen or so 
Federal agencies, why is it important to have Inspector 
Generals that are confirmed by the Senate? Nominated by the 
President, confirmed by the Senate? Why is it important?
    Mr. Skinner. I think it is extremely important, and I think 
we are seeing the results of not having the Senate-confirmed 
Inspector Generals in place right now across the board, not 
only at DHS but in other agencies.
    One, I think it has an impact on staff morale.
    Two, I think that serving in an acting capacity, you are 
not going to move the agency forward. I think oversight is 
extremely important, particularly in an organization such as 
DHS, but across the government, and it provides accountability. 
It helps provide transparency. It helps put funds to better 
use. And it helps identify where funds are being wasted or 
fraudulently spent.
    By having acting people in place, what you are doing is 
running in place. You are not moving the organization forward, 
and you are not taking those steps necessary, as a confirmed IG 
would, to provide the independent oversight, I think, that is 
absolutely critical to the success of any organization.
    Chairman Carper. Good. Thank you for those comments. Dr. 
Coburn.
    Senator Coburn. Sitting and thinking about our hearing 
today, the one word I had not heard, which should have been in 
everybody's testimony, is ``risk-based.'' I mean, Homeland 
Security has to be about where the risks are. Now, we did not 
hear it from the GAO and we did not hear it from Secretary 
Lute. And what we have seen, and Tom will disagree with this to 
a certain extent, but most of the grant programs come out of 
here as a honey pot based on parochial preference rather than 
risk. Some of them, we divide. Fifty percent of it goes to 
risk-based. But everybody else gets their cut and share.
    How important is it, that Homeland Security ought to be 
about risk? Everything ought to be about risk. Where are the 
risks? Where do we impact the risks? Where do we intercede in 
the risk? And how do we put resources where the greatest risk 
is? What are your thoughts about that?
    Ms. Duke. I agree with you, Dr. Coburn. I think DHS's 
recent move to move their Risk Office into the Office of Policy 
was critical, and I think that, in theory, that is to drive 
risk into the policymaking, and I think that is critical to 
going forward.
    I also think that some of the moves on, for instance, 
securing the border and transportation security and doing a 
risk-based multi-layer threat look is critical in moving 
forward, from both a mission effectiveness and an efficiency 
standpoint. And I think the Department is starting to take 
looks at that and needs to move quite a bit forward. And, 
hopefully, the second QHSR is another opportunity, a point in 
time, where that can be emphasized even more.
    Mr. Skinner. Maybe the term ``risk'' was not used in 
explicit terms, but I think it was implied, particularly with 
Deputy Secretary Lute and the way they are approaching their 
strategic plans. Yes. It is risk-based. And you see this in all 
of their programs. In our grant programs, instead of just 
sending out money across the board, we should be establishing 
standards for the recipients and the applicants for these 
funds. Identify your risk, identify your vulnerabilities, and 
identify your capabilities to address those risks? We are 
unable to do that right now, and I think we could do a much 
better job in guiding billions of dollars that we will probably 
continue to spend to support State and local governments' 
preparedness capabilities. Where are our risks?
    Mr. Reese. I would just take a quick look, and I would 
think also the gap exists between how the Federal Government as 
a whole looks at risk-based in homeland security and the nexus 
of where that mix is with national security, because the 
Department understands its missions, but those are missions 
that have either been inherent because of the organization or 
how the Department has developed since then, and risk-based 
evaluation, I am sure, goes into that. But I think we still 
have an imbalance, or there is a missing component between how 
we look at national homeland security risk and how we address 
it and what the Department does.
    Senator Coburn. Ms. Berrick.
    Ms. Berrick. If I could just add, Senator, risk-based 
decisionmaking and incorporating risk into planning, 
programming, and budgeting has been a key theme of GAO's work. 
In fact, the 1,300 reports I talked about that GAO has issued 
on DHS's programs and operations, the need for DHS to better 
incorporate risk into its decisionmaking, both at a strategic 
and a tactical level, really was a key theme throughout all of 
our work, right.
    And at the tactical level, for example, talking about the 
QHSR, DHS did not apply risk in prioritizing what its QHSR 
priorities were. At a more tactical level, just to give you an 
example, for a program, the Chemical Facility Anti-Terrorism 
Standards (CFATS) program, which I know you are very interested 
in, we recently testified that in identifying which facilities 
should be in the higher-risk tier, DHS did not consider all 
elements of risk in making that decision. They were not 
considering all elements of threat, consequence, or 
vulnerability.
    So it is extremely important, securing the border, aviation 
security, across DHS's range of missions, I think, overall, 
they have made the most progress in assessing risk. I think 
where they need to go is to build in----
    Senator Coburn. The application of that assessment.
    Ms. Berrick [continuing]. The application of the risk.
    Senator Coburn. Yes. Do not get me started on CFATS. So 
far, we have not accomplished much.
    I am going to have questions for each of you. I would 
appreciate very much if you would be prompt in the response.
    I would also note--my Chairman is not in here--that we have 
had key Homeland Security people and hearings in this Committee 
already at a level far faster than what we have seen in the 
past and we intend on continuing to do that. Learning from 
people who testify before us and critical management personnel 
in the government is what our job is. It is about oversight, 
asking the right questions, learning the right things, holding 
people accountable, just like we are talking about in DHS, 
having accountable results for a management plan.
    So I am proud that Senator Carper has held this hearing and 
the others that we have held and the hundreds that we are going 
to hold over the next couple of years. I appreciate you being 
here, and you will get the Questions for the Record (QFRs) from 
us in due time. Thank you.
    Chairman Carper. As Dr. Coburn says, I just do not hold 
hearings. We hold them. We try to work together to put together 
ideas for hearings. This was really his idea, this kind of top-
to-bottom review, and I think it is a good idea and this has 
been a very good hearing. We appreciate your being here.
    Cathleen, you were good enough to stay overtime. Anything 
else you want to add? We will give you the last word, if you 
want it. Is there anything else you want to say?
    Ms. Berrick. Just that it is my pleasure being here and GAO 
looks forward to supporting the Committee on its future 
oversight efforts. Thank you.
    Chairman Carper. Dr. Coburn had asked Jane Lute to have 
somebody stay from her team and I think we have somebody right 
behind Mr. Skinner waving his hand, and we thank you for being 
here. Please convey to her the relevant things that you heard 
here.
    The last thing I will say is this: on this management issue 
which we are really focused on today, somebody said, penny wise 
and pound foolish, and I really think that what we are doing 
with our short-term CR is that.
    I would like to say, leadership is key for any organization 
I have ever been a part of. I do not care if it was the 
military. I do not care if it was educational. I do not care if 
it was government or business. Leadership is the key to 
everything. And we have good leadership in this Department. Now 
we need to make sure they have the tools to build on the good 
track record that has been laid over the last 10 years, 
especially the last 5 years.
    You have helped us in your testimony today. You have helped 
us a whole lot in what you have done with your life before 
today. And I leave encouraged that--I am mixing metaphors here, 
but in terms of changing the course of the aircraft carrier, 
you can stay with it. You can turn an aircraft carrier. And I 
think we are turning this aircraft carrier in very good ways. 
We have a shared responsibility to make sure we continue to 
make progress. Dr. Coburn and I are determined that we are 
going to do what we can from our perches and my hope and 
expectation is everyone on this panel and the one that preceded 
it will do the same.
    Thank you all. And with that, this hearing is adjourned. 
But before I do that, the hearing record will remain open for 
15 days, until April 5, for the submission of statements and 
questions for the record. If you are asked questions, which you 
probably will be, if you would respond to those in a timely 
way, we would be most grateful.
    Thank you so much. That is it.
    [Whereupon, at 12:22 p.m., the Committee was adjourned.]







                            A P P E N D I X

                              ----------                              



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




   HARNESSING SCIENCE AND TECHNOLOGY TO PROTECT NATIONAL SECURITY AND
                     ENHANCE GOVERNMENT EFFICIENCY

                              ----------                              


                        WEDNESDAY, JULY 17, 2013

                                       U.S. Senate,
                             Committee on Homeland Security
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:10 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Thomas R. 
Carper, presiding.
    Present: Senators Carper, Pryor, McCaskill, and Coburn.

              OPENING STATEMENT OF CHAIRMAN CARPER

    Chairman Carper. Good morning, everyone. The hearing will 
come to order.
    Welcome, one and all. Secretary O'Toole, Mr. Maurer, happy 
to see you. Is there a baseball player in the American league, 
a catcher named Maurer?
    Mr. Maurer. Yes, there is, although he spells his last name 
incorrectly.
    Chairman Carper. Yes.
    Mr. Maurer. He drops that first ``r.''
    Chairman Carper. Yes, he only has one ``r.'' [Laughter.]
    Even without that second ``r,'' he still is a great player.
    Mr. Maurer. Oh, he is an amazing ballplayer, absolutely.
    Chairman Carper. Yes. What was the final score last night 
of the All-Star Game, do you have any idea?
    Mr. Maurer. It was three-nothing.
    Chairman Carper. Was it National League or American League?
    Mr. Maurer. American League.
    Chairman Carper. I thought it was the American. I was in a 
meeting this morning--I am an American League fan, a huge 
Tigers fan, and the Tigers had about six players last night 
plus the manager--and I think Rivera, the Yankees pitcher, was 
on the front page of the New York Times and won Most Valuable 
Player (MVP) at the age of 42, I think. Pretty amazing. It said 
under the picture--great picture of him coming out and taking 
the curtain call--that the American League won, three-to-
nothing.
    And I went to a meeting this morning and I was very proud 
as an American League fan to tell everybody how we had won, and 
even though a Yankee--I am not a big Yankees fan--had been the 
MVP, what a good night it was for baseball and for folks on our 
side of the aisle. And everybody said, no, the National League 
won. So thank you. [Laughter.]
    Thank you for setting the record straight. We worry here 
about nuclear options and trying to make sure the place does 
not have a meltdown, but the really important stuff is going on 
in baseball stadiums around the country, including guys named 
Mauer. So we welcome both of you.
    On a more serious note, earlier this year, as we all know, 
the Department of Homeland Security (DHS) turned 10 years old, 
not a baby anymore, not a toddler, not an infant, but a young 
strapping 10-year-old. To mark that anniversary, Dr. Coburn, 
and I announced that this Committee would hold a series of 
hearings examining whether the Department of Homeland Security 
is effectively and efficiently accomplishing its core missions.
    Today's hearing is the second in a series. Actually, it is, 
I think, more than the second in a series, but it is one of a 
series of hearings that is going to focus on the role of the 
Science and Technology (S&T) Directorate.
    The threats, as we all know, to our national security 
evolve constantly. So, too, then, must the strategies and 
technologies we use to combat them.
    I am an old Navy guy, about 23 years as a Naval Flight 
Officer (NFO), and I have often said, as have others before me, 
that the military are pretty good at fighting the last war. We 
are not as good at anticipating what the next one is. That is 
where the Science and Technology Directorate comes in, to help 
us to fight the next war and the next. The threat that we face 
today is a whole lot different than the one we faced when I was 
on active duty as a Reserve Naval Flight Officer.
    The work performed by the men and women at the Directorate 
cut across all the various components and missions of the 
Department, and that work involves the harnessing of cutting-
edge technology and research and development (R&D) projects 
from the private sector, from universities, national labs, to 
deploy what I call force multipliers that can make us more 
effective in the effort we have embarked on after September 11, 
2001, to prevent and respond to terrorist attacks and natural 
disasters.
    In essence, the Science and Technology Directorate 
functions as a problem solver when it is at its best. For 
example, the Science and Technology Directorate works closely 
with the Transportation Security Administration (TSA) and the 
Defense Advanced Research Projects Agency (DARPA), to develop a 
better x-ray system for checked baggage. As a result of that 
work, a 10-percent reduction in false alarms rate is expected. 
This is projected to save millions of dollars in efficiencies 
each year through the reallocation of staffing costs.
    As another example, the Directorate examined agent 
operations at two stations along the Southwestern border in 
Texas that processed, and apprehended illegal immigrants. They 
recommended improvements to their operations that enable the 
two border stations to significantly reduce their processing 
time, saving up to 2 hours per illegal immigrant processed. 
This enabled an additional officer to remain in the field 
rather than be stuck in the office processing paperwork.
    In its early days, the Directorate was the subject of 
criticism as it carved out its own role in the Department. It 
focused, then, on basic research, which in some instances could 
not be quickly put to use. Today, we are told that the 
Directorate has proven itself to be more effective, more often 
than it has been at least in the past, and it has a laser focus 
on development of critically needed products that can be used 
immediately.
    As we all know, the fiscal environment in our Federal 
Government has been very challenging over the past couple of 
years, and this underscores the urgent need for agencies across 
government to spend our taxpayer dollars more wisely. The 
Science and Technology Directorate can and has been a key part 
of the Department of Homeland Security's efforts in that 
regard. It is critical that it continue, that this Directorate 
continue to work aggressively and effectively with the 
components of the Department and with first responders to find 
solutions that allow the Department of Homeland Security and 
its partners across the country to operate more effectively and 
more efficiently.
    We thank the witnesses for coming today. We look forward to 
your testimony, especially about how we can continue to use the 
Science and Technology Directorate to get better results for 
less money. That is the recurring theme of this Committee and 
the oversight work that we do. It is something that I am 
determined to use my Chairmanship of this Committee, in 
partnership with Dr. Coburn and our colleagues here, to push 
throughout our Federal Government.
    And when Dr. Coburn arrives--we have a vote underway and I 
got there right at the beginning of the vote. He is probably 
voting and will come here and join us shortly, and when he 
does, he is welcome to make any comments that he wishes to do 
at that time.
    And with that having been done, let me just briefly 
introduce our witnesses. This is a small panel, so I will be 
fairly brief.
    Our first witness is Dr. Tara O'Toole, Under Secretary for 
Science and Technology at the Department of Homeland Security 
since November 2009. Prior to this appointment, Dr. O'Toole 
served as Chief Executive Officer (CEO) and Director of the 
Center for Biosecurity at the University of Pittsburgh Medical 
Center and was a Professor of Medicine and Public Health at the 
University--are they the Panthers? University of Pittsburgh 
Panthers. You did not go to school there. You were not a 
Panther in college, were you? Where did you go to school?
    Dr. O'Toole. I went to Vassar College.
    Chairman Carper. Vassar, OK. There we go. All right.
    In addition, Dr. O'Toole previously served as Assistant 
Secretary of Energy for Environment, Safety, and Health at the 
Department of Energy (DOE). When did you serve in that 
capacity?
    Dr. O'Toole. Ninety-three to 1997.
    Chairman Carper. OK. We thank you for joining us today and 
for your leadership at the Department. We look forward to your 
testimony.
    Our next witness is Mr. David Maurer, Director of the U.S. 
Government Accountability Office's (GAOs) Homeland Security and 
Justice Team. Mr. Maurer began his career with the Government 
Accountability Office in the 1990s and worked in several key 
areas, such as GAO's International Affairs and Trade Team, 
where he led the review of the United States' effort to combat 
several international issues, including terrorism and weapons 
of mass destruction.
    We thank you for joining us, Mr. Maurer. We really thank 
our friends at GAO, great partners with us, and we relish our 
partnership and hope we can continue to have it for a long 
time.
    Your full statements will be made part of the record. You 
are welcome to abbreviate if you like. Sometimes we say, use 
our guidelines. It should be about a 5-minute statement. If you 
go a little bit beyond that, that is OK. If you go way beyond 
that, we will have to rein you in, all right. If it is noon and 
you are still giving your opening statement, that is probably 
too long. [Laughter.]
    Welcome. We are glad you are all here. Please proceed.
    Dr. O'Toole. Shall I go first, Mr. Chairman?
    Chairman Carper. We had a flip of the coin earlier and you 
lost----
    Dr. O'Toole. I won?
    Chairman Carper [continuing]. So you get to go first.

    TESTIMONY OF HON. TARA J. O'TOOLE, M.D.,\1\ MPH, UNDER 
   SECRETARY FOR SCIENCE AND TECHNOLOGY, U.S. DEPARTMENT OF 
                       HOMELAND SECURITY

    Dr. O'Toole. OK. Well, first of all, thank you very much 
for this opportunity to talk about the Directorate of Science 
and Technology in the Department of Homeland Security and where 
we have come from and what we are doing now and how we make the 
operational missions of Homeland Security and the work of first 
responders more effective, more efficient, and safer.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. O'Toole appears in the Appendix 
on page 309.
---------------------------------------------------------------------------
    What I am going to do is give a very brief history of the 
Department and then talk about how we do our work today and 
illustrate that work with a few examples of projects that we 
have engaged in.
    From the beginning in 2003, Congress charged S&T with very 
broad and ambitious responsibilities for conducting R&D, for 
overseeing testing and evaluation of DHS missions in the first 
responder community. The Directorate is also responsible for 
assessing biological, chemical, and emerging threats to the 
United States and with operation of five National Laboratories. 
S&T also manages nine university-based Centers of Excellence 
(COEs), which collectively represent consortia of over 275----
    Chairman Carper. Let me just interrupt. I said earlier 
roughly 5 minutes for your opening statement. Feel free to go 
as long as 10 minutes, OK.
    Dr. O'Toole. Thank you very much.
    So, nine COEs, 275 colleges. We also have international 
agreements with 13 countries bilaterally, and all of this 
greatly augments our ability to engage out into the dynamic 
global R&D community.
    Senator. Shall I pause and let Senator Coburn make his 
remarks?
    Senator Coburn. I do not have any remarks.
    Dr. O'Toole. OK.
    Chairman Carper. Yes, he does. [Laughter.]
    And we will hear them later, I hope. All right. Please 
proceed. Thanks. Welcome, Tom.
    Dr. O'Toole. The first Under Secretary of Science and 
Technology, Dr. Charles McQueary, undertook the heroic task of 
standing up the Directorate even as the Department itself was 
getting underway. When he began, S&T was housed in another 
government building where meetings were held in the cafeteria 
and staff had to share chairs.
    Understandably, the R&D efforts of that era were less 
connected to the immediate operational needs of the Department, 
which was just getting underway, than is the case today, and 
there was a much stronger emphasis on basic scientific 
research.
    The second Under Secretary, Admiral James Cohen, did the 
country a great service by emphasizing the importance of 
linking S&T's research more directly to the customers, that is, 
the DHS operational components and first responders, and he 
moved the Directorate toward more applied research.
    As you said, I became Under Secretary in November 2009. 
Although only 6 years had passed since Congress created the 
Department and the Directorate, it was clear very quickly that 
the Homeland Security missions confront a constantly evolving 
landscape of adaptive adversaries, evolving threats, critical 
infrastructure vulnerabilities, and growing operational 
challenges.
    The wars in Iraq and Afghanistan have brought us Improvised 
Explosive Devices (IEDs) using homemade explosives, requiring 
different detection strategies. Cybersecurity has become a top 
concern, as has the need to cope with huge amounts of data in 
order to find and intercept the illicit cargo or discover 
would-be terrorists within the global airline system.
    My first year at DHS included the H1N1 influenza pandemic, 
the Haitian earthquake, the airline bombing by Abdulmutallab, 
and the Deepwater oil spill. We were also in the middle of the 
economic downturn.
    Moreover, the Department now faces the need to cope with 
inexorable increases in commerce and travel in a setting of 
flat or declining Federal budgets. So to maintain service and 
security and the flow of trade essential to our economic well-
being, we have to find better, more efficient ways of carrying 
out DHS missions.
    New technologies, better analytical approaches are critical 
to successfully countering new and enduring threats and to 
meeting these growing operational demands. Science, technology, 
and analytics are the keys to doing more with less.
    To better address such challenges, S&T has over the past 5 
years made significant changes in the way we do research and 
development. Let me briefly describe how S&T does its work 
today.
    To deliver new technologies or knowledge products to DHS 
components and the first responders with significant 
operational impact, that is, create new capabilities or 
improvements in effectiveness and efficiency or safety, S&T had 
to transition new products to use in the field over much 
shorter timeframes than the typical decade or more of R&D 
efforts. And because of the wide spectrum of Homeland Security 
missions and our limited budgets, we had to achieve a very high 
return on those R&D investments that we did make.
    To achieve these three goals--high operational impact, 
rapid transition to use, and high return on investment--we 
reshaped our R&D efforts in three major ways.
    First, we now focus the majority of our R&D work on late-
stage development and we actively seek technologies in which 
others have already invested and which S&T can adapt, evolve, 
or apply to DHS and first responder needs. This approach speeds 
transition and drives down cost to S&T. Every S&T project we do 
must undergo what we call technology foraging, which is a 
culture, not a thing, but involves a review of existing 
technologies or research that may be a full or partial solution 
or contribute in some way to the project under contemplation. 
Technology foraging and very strong R&D collaborations with 
other R&D organizations in Federal agencies and universities, 
in the private sector and abroad, have become part of the way 
we do our work, and it already had an impact on our ability to 
deliver a high return on investment.
    Now, we also realize that not all problems are amenable to 
technology solutions. Process changes and systems integration 
can also improve performance and increase efficiency. We have 
established a group within S&T to apply our scientific and 
engineering expertise to help components conduct operational 
analysis, integrate system engineering principles, and to 
provide assistance with complex acquisitions, all of which 
increases efficiencies in mission execution.
    The second thing we did is to develop closer, much more 
robust partnerships with our customers in the DHS components 
and the first responder communities to ensure that our R&D 
efforts reflect, first of all, priority needs--if we develop 
something that works, they will buy it and use it--and, 
secondly, to make sure we understand the problem we are trying 
to solve in all of its operational complexity.
    Third, we established the R&D Portfolio Review Process as 
the main mechanism of evaluating and selecting projects and 
ensuring they are aligned with our top priorities. The 
Portfolio Review process that we used was originally developed 
by industry and is now widely used in the private sector and by 
some Department of Defense (DOD) laboratories. It establishes 
our top goals--as I mentioned, operational impact, transition 
to use, scientific feasibility, et cetera--as metrics against 
which all R&D projects are weighed. Each R&D project is treated 
as a separate investment and evaluated by panels of outside 
experts, senior people from the component partners we are 
trying to serve, and S&T leadership.
    Over 3 years, we have driven our R&D portfolio toward our 
top priorities. We have had three Portfolio Reviews thus far 
between 2010 and 2012, and the percent of projects likely to 
transition to use in the field within 2 to 5 years has gone 
from 25 to 49 percent. The percent of----
    Chairman Carper. Just repeat that again, just that whole 
last sentence.
    Dr. O'Toole. The percent of R&D projects judged likely to 
transition to use in 2 to 5 years has gone from 25 to 49 
percent. The percent of investment targeting, what is judged to 
be high impact, high feasibility outcomes, has gone from 38 to 
45 percent. And the percent of projects benefiting from non-S&T 
funds has gone from 12 percent to 55 percent. This is cash 
coming from either the components or industrial partners. An 
additional 35 percent of these projects receive in-kind support 
that is at least 10 percent or more of the project costs. So, 
92 percent of our projects are receiving some kind of support 
from the customers, which I think is a vote of confidence that 
we are doing useful work.
    One might ask why those numbers are not even higher, but 
R&D is inherently risky and this performance actually places us 
in benchmark status compared to other R&D organizations 
evaluated by this process.
    I would like to illustrate our work with a few examples to 
give you a sense of the Directorate's impact on Homeland 
Security and the first responder community.
    First of all, we have developed a commercially available 
multi-band radio. You will recall that one of the top 
priorities of the 
9/11 Commission was this problem of lack of interoperability 
amongst first responders. The fire department, the police 
department, they were using different radio bands and they 
could not talk to each other.
    S&T took technology that had been invested in and, to some 
extent, developed by DOD. We used our money to help industry 
develop a commercially viable unit that was small enough and 
light enough and cheap enough to be comparable to legacy 
systems. And then we hooked the manufacturers up with our 
partnerships with first responders in the field and we did 
field testing of the prototype units.
    What resulted is the development of a robust commercial 
multi-band radio market and competition from multiple vendors. 
There are three radios on the market today and they have been 
bought by the Marine Corps, by the Department of the Interior 
(DOI), by State and local responders in multiple States, and by 
the U.S. Capitol Police (USCP). So this is a success.
    Another example in another area is our Resilient Electric 
Grid (REG) Project, which is aimed at addressing a critical 
vulnerability that we saw highlighted in Hurricane Sandy and 
many other times in the past few years. That is, how do we keep 
the grid operating?
    The grid today is separated into isolated subsections 
called substations to prevent rolling power failure from taking 
down an entire region. Especially in dense urban areas, this 
technological characteristic prevents power sharing during 
emergencies. You cannot ship power from one substation to the 
other. So it prolongs outages and leads to slow and costly 
restoration.
    What we have done is partner with DOE and with industry, 
who co-paid on this project, to develop a superconducting power 
cable that allows you to connect different substations and 
overcomes the previous technical limitations. This permits 
faster and more efficient restoration of power in emergencies. 
This technology is now in operational demonstration by Con 
Edison in New York City, in Yonkers, and we are exploring a 
scale-up partnership with NSTAR in Boston, which they would pay 
60 percent of, to lower the cable production cost and move 
toward wider implementation.
    Moving to cybersecurity, yet another critical 
infrastructure that is vulnerable to breakdown and attack, S&T 
won a very prestigious prize for creating the Domain Name 
System Security Extensions (DNSSEC) protocol. This is one of 
several S&T cyber projects that is aiming at reducing the 
vulnerabilities of the Internet itself, and what it does is it 
makes it much harder for criminals to hijack the message you 
are sending to your bank, thinking that you are going to get 
your own money out, and instead having it diverted to the 
criminals' site. More than 30 percent of all the top-level 
domains--dot-us, dot-uk, dot-com, et cetera--now utilize this 
protocol, and it has been mandated that all second generation 
domain names will use it, as well.
    You spoke of our work with TSA, Mr. Chairman. We all know 
that there is a need to improve passenger comfort in the flying 
public. But due to increases----
    Chairman Carper. Let me interrupt just for a moment.
    Dr. O'Toole. Sure.
    Chairman Carper. You have been speaking for almost 15 
minutes, and frankly, I think it is fascinating. But I want to 
make sure we hear from Dr. Maurer and have a chance to have a 
good conversation----
    Dr. O'Toole. I apologize. My things say 4 minutes 
remaining.
    Chairman Carper. Go ahead. Just wrap it up in about the 
next minute, summarize, and then we will----
    Dr. O'Toole. Of course.
    Chairman Carper [continuing]. Do the rest. Thank you.
    Dr. O'Toole. OK. I apologize. I have 4 minutes remaining 
here, but sure. I will wrap it up.
    I could go on and on with projects, but I think you get a 
sense of the breadth of work that we do and the direction that 
we are trying to take. I hope these few examples of our work 
illustrate what we are trying to accomplish.
    I am very honored to be Under Secretary and to work with 
the extraordinary colleagues in S&T, and I am happy to answer 
your questions.
    Chairman Carper. Are any of your colleagues here today?
    Dr. O'Toole. Yes.
    Chairman Carper. If they are, would you raise your hand? 
All right. Repeat after me---- [Laughter.]
    We have been joined by our colleague, Senator Pryor from 
Arkansas. Tom, I was giving Mark a hard time. He only serves on 
six Committees. I serve on three. I am not sure how many Dr. 
Coburn serves on, but I do not know anybody who serves on six 
Committees, so he is a busy guy. But I have been giving him a 
hard time about being the prodigal--not the prodigal son, but 
the prodigal brother, and I am happy to welcome him back into 
the fold today.
    Senator Pryor. Thank you.
    Chairman Carper. Great to see you, Mark.
    Senator Pryor. Thank you.
    Chairman Carper. All right. Mr. Maurer, you are on.

 TESTIMONY OF DAVID C. MAURER,\1\ DIRECTOR, HOMELAND SECURITY 
   AND JUSTICE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Maurer. Great. Thank you, Mr. Chairman.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Maurer appears in the Appendix on 
page 326.
---------------------------------------------------------------------------
    Chairman Carper. Would you tell me again who won the All-
Star Game last night?
    Mr. Maurer. It was the American League, three-to-nothing.
    Chairman Carper. Thanks so much. [Laughter.]
    Mr. Maurer. GAO is glad to serve the public and the 
Congress.
    I am pleased to be here this morning, Chairman Carper, Dr. 
Coburn, Senator Pryor, to discuss the findings from some of our 
recent work looking at research and development at the 
Department of Homeland Security.
    But before I talk about our work, I think it is important 
to stress a couple points about why R&D is important and why it 
really matters, and first and foremost is the fact that R&D is 
really the bridge between the scientific and engineering 
expertise that exists within the United States and the ability 
to address a wide variety of homeland security threats. To put 
it simply, good R&D helps make the country safer. So it is 
important that it is managed and implemented effectively and 
efficiently.
    The second reason why R&D matters is because the government 
and the country at large is facing some pretty significant 
fiscal constraints right now, and depending on how you add it 
up, DHS spends well over a billion dollars a year annually on 
R&D activities, and it is really important that the taxpayers 
are getting the most out of every single one of those dollars.
    It is also important to emphasize that good R&D is 
difficult to do. There is always a balancing act. You want to 
actually have some R&D projects fail because you want to push 
the boundaries of science. At the same time, you want to have 
enough R&D activity that transitions into real world use by 
operators--people are using it in the field someday to help 
secure the country. So appropriate management will find a way 
to balance the need to fail as well as the need to succeed.
    Within DHS, the Science and Technology Directorate has the 
lead responsibility for overseeing and coordinating R&D 
activities across all of DHS as well as playing a leading role 
in coordinating with its other Federal partners on homeland 
security R&D. I think it is also important to underscore the 
fact that from GAO's perspective, we have seen that S&T has 
made really important progress over the last few years, and 
some of the points that Under Secretary O'Toole has pointed 
out, I think, are important to underscore, as well.
    I think the reorganization that S&T undertook a few years 
ago was helpful. The fact that S&T now has a strategic plan 
that it is operating from. The Portfolio Review is helping 
provide a more strategic perspective on R&D investments within 
the Department. But I think, most critically, the fact that S&T 
is focused on working more closely with the various components 
within DHS is helping produce better R&D outcomes and also 
pursuing the broader goal of developing a ``One DHS'' vision 
for the Department. That is all very good.
    At the same time, I am also from GAO, so clearly, we want 
to talk about some of the challenges and the work remaining, 
because, clearly, there are some significant challenges on the 
R&D front.
    In our recently issued report, we focused on three issues. 
The first was, how is R&D actually defined at the Department? 
The second is, how much resources are devoted to R&D activities 
within DHS? And the third is, how is the Department overseeing 
and coordinating R&D?
    On the first issue, we found that DHS currently does not 
have a standard definition for R&D across all of the Department 
and that is a significant problem. We looked at other large 
agencies or departments that handle R&D work and they do have 
R&D definitions that are tailored to their specific missions. 
So, for example, National Aeronautics and Space Administration 
(NASA), DOD, and other organizations that spend a great deal 
more on R&D have developed a common definition. And that is 
important because having a common definition for such a large 
organization as DHS will help enable gaining better strategic 
visibility over R&D activities and also, frankly, allow the 
components to understand what some other activities--whether 
some fall into the R&D realm and whether some fall under the 
acquisition realm.
    Now, we will be the first to recognize that coming up with 
this definition at DHS is not going to be an easy thing to do. 
There is a wide array of missions and there is this whole 
spectrum of R&D and acquisition and there is a broad gray area. 
But we think it is important to do going forward.
    This lack of definition partially explains our second 
finding, which is, it is really unclear at this point how much 
DHS actually spends on R&D activities. When you look at the 
budget information that DHS provides annually through the 
budget process, you will see line items for the Science and 
Technology Directorate, the Domestic Nuclear Detection Office 
(DNDO), and the Coast Guard, and there is money there for R&D 
activities.
    In our work, we found that there were also R&D activities 
being implemented across a variety of other components. And, in 
fact, in fiscal year 2011, we identified an additional $255 
million in R&D activity that was not captured in the sort of 
standard R&D roll-up provided to the Congress. We feel that is 
a concern because it is hard to be strategic, it is hard to 
have a good perspective over what you are spending your money 
on if you do not have good visibility of who is doing what. So 
we think that is an issue that needs to be addressed.
    This lack of visibility also underscores our third finding, 
that DHS needs to improve the overall coordination and 
oversight of R&D activities, and that is at the Department 
level, not necessarily just at S&T. We found specific to S&T 
that it has improved its coordination with components. There 
have been a variety of mechanisms, a variety of forums that S&T 
has implemented in partnership with various operational 
components with DHS. This helped improve coordination. But it 
is a big task and we found that R&D is inherently fragmented 
across DHS. It is going on in a number of different components. 
Some of it is being conducted under the aegis of acquisition 
programs. It does not have good visibility. We think it is 
important to gain that visibility.
    So as part of our work, we looked at the potential for 
overlap and duplication among R&D projects within the 
Department. Our concern was that if there was not visibility 
over all the different activities and all the money, there 
could be unintentional duplication of effort.
    We found 35 instances involving $66 million of different 
R&D projects where there was overlap, and what that means is 
that different parts of the Department were working on similar 
aspects of R&D without necessarily being informed of one 
another's ongoing efforts. That is overlap. Now, when----
    Chairman Carper. A quick question.
    Mr. Maurer. Yes.
    Chairman Carper. Was GAO just looking within the Department 
for overlap and duplication, or did you look outside the 
Department for overlap and duplication?
    Mr. Maurer. For this review, we looked just within the 
Department of Homeland Security. We reviewed thousands of 
different contracts. Now, we dug in very deeply into those 
contracts to see if there was actual duplication. Duplication 
is when two different parts of DHS were working on exactly the 
same thing. We did not find any examples of duplication, but we 
found overlap.
    So, for example, we found cases where two different 
components were working on five separate contracts to review 
similar aspects of explosive detection technology. That is not 
necessarily bad if it is done by design. I will be the first to 
say, I want as many scientists as possible looking at explosive 
detection technology and looking at biothreats and other 
things. The problem occurs when it is not done strategically 
and when it is not done intentionally, and when that happens, 
it raises a potential risk of unnecessary duplication, and that 
is a problem because you can end up essentially wasting money.
    The reason why this has happened is because DHS lacks 
policies to have this effective oversight, to have this 
effective coordination across the entire Department, and we 
think that, going forward, there are a few things that S&T and, 
more broadly, the Department needs to address.
    We think, first and foremost, there needs to be a common 
definition of R&D that enables S&T and the other operational 
components to understand what is research and development and 
what is not.
    Second, there needs to be at the Department level defined 
processes and roles to enhance coordination, building on some 
of the successes that S&T has been able to engender in its own 
efforts to coordinate. We think it should be moved up to a 
higher level, to the Department level.
    Finally, there needs to be improved tracking of the 
individual R&D projects, in other words, improved information 
on who is doing what and at what cost. And again, there needs 
to be this strategic visibility.
    Right now in DHS's Acquisition Directive, there is a 
placeholder for research and development and it literally says, 
``to be determined.'' We think it is important for that ``to be 
determined'' to be translated into actual policies and 
procedures.
    The good news on that front is when we issued our report 
last fall, the Department in its official comments agreed with 
our recommendations, agreed with our findings, and they have 
started to take action to address those. So that is 
encouraging, but it is still very much a work in progress and 
we are looking forward to having the Department complete its 
efforts, implement our recommendations, and, therefore, better 
position themselves to deliver even improved and more enhanced 
results on the R&D front. We think that is important, not just 
for the sake of DHS or the GAO, but it is important for the 
country to get better national security and homeland security 
outcomes from the R&D investments.
    That concludes my remarks today. I look forward to your 
questions.
    Chairman Carper. Great. Thanks so much.
    The person who actually suggested to me initially that we 
do these series of hearings on Department of Homeland Security 
oversight was Dr. Coburn, with the eye toward eventually moving 
toward reauthorization of the Department. We have never done 
that in its 10 years of existence, so this is, as I said 
earlier, a part of a series of hearings. I am going to yield to 
him for questions and then to Senator Pryor and then I will 
follow Senator Pryor.

              OPENING STATEMENT OF SENATOR COBURN

    Senator Coburn. Welcome. I would tell you, I have sat at 
hundreds of these hearings and that is the best performance 
analysis by the GAO of any Department I have ever heard. Most 
of the criticisms you just heard were not of S&T. They were 
overbranching Homeland Security and the R&D outside of S&T. 
That is what we really just heard. So I want to compliment Dr. 
O'Toole. I think she has done a great job so far.
    I am concerned. One of the areas that, Dr. O'Toole, I want 
to ask you about, one of the things that you have been good at 
has been acquisition support, and I see in the President's 
budget cutting that almost a quarter. I know that is a decision 
that may have been made above your level, but to me--and Mr. 
Maurer, if you would comment on that, as well--I see that 
putting some of the progress we have made at risk if, in fact, 
we allow that to go through. Would you care to comment on that?
    Dr. O'Toole. Sure. We have two budget lines in S&T. One is 
our management budget line and the other is what is called the 
Research, Development, Acquisition, and Operations (RDA&O). 
This is part of GAO's problem. So the acquisition support that 
you are talking about, where we take our systems engineers and 
our operational analysts and our scientists and we try and help 
the components structure requirements at the very beginning of 
an acquisition that are going to get us what we need, on time, 
under budget, and so making sure we understand the entire life 
cycle cost, is not getting cut. It is this RDA&O budget number 
that is misleading in what it talks about.
    So, the kind of assistance that you are talking about and 
for which we set up a separate group is still intact and, in 
fact, growing. The demands exceed our grasp. We have 11 people 
in that section and we have to pick and choose what we are 
going to work on. But----
    Senator Coburn. But that component----
    Dr. O'Toole [continuing]. That is ongoing.
    Senator Coburn [continuing]. Is not being cut.
    Dr. O'Toole. Correct.
    Senator Coburn. OK. Thank you.
    Let us talk about electromagnetic pulse, both natural and 
intended----
    Dr. O'Toole. OK.
    Senator Coburn [continuing]. And the new transformers that 
are available. Where is the work there and what are we seeing 
happening right now?
    Dr. O'Toole. S&T is not doing any work on Electromagnetic 
Pulse (EMP). We are very aware of the threats to the grid from, 
as you say, all kinds of potential deliberate attacks, as well 
as natural events. The grid is the primary responsibility of 
the Department of Energy and they are doing work on this in 
collaboration, I believe, with DOD. But we do not have any R&D 
directed work on that.
    We have a very strong collaboration with DOE on the project 
that I talked about and several others, so we are generally 
aware of their work, but we would dive in much more deeply if 
we were actually investing in that area.
    Senator Coburn. And you do utilize the services of some of 
the labs----
    Dr. O'Toole. Yes.
    Senator Coburn [continuing]. In your research. You 
coordinate with that.
    Dr. O'Toole. Yes.
    Senator Coburn. Do you look at a review of everything they 
are looking at to see what they may be doing that might help 
you? In other words, rather than specifically, we need help 
here, do you ever do an inventory of what they are doing to see 
how that might prove as an augmentation to what you are doing?
    Dr. O'Toole. So, we have talked about this a lot. It is 
very difficult to do inventories of DOD or DOE National Labs 
work because they are large inventories and constantly 
shifting. That is what happens.
    Senator Coburn. Yes.
    Dr. O'Toole. R&D is a constantly dynamic beast.
    What we have done is asked the labs to give us their 
inventories of what they are investing in and for them to tell 
us who we should be working with on one project versus another. 
And we have made progress in that regard with the labs.
    So, for example, Pacific Northwest Lab is very adept at 
process control systems in cybersecurity. Other labs are much 
more focused on big data issues. And we have learned through 
professional association who does what and how well. But the 
answer to your question is no.
    Senator Coburn. OK.
    Dr. O'Toole. We do it project by project.
    Senator Coburn. So your Directorate basically manages a 
billion dollars a year in----
    Dr. O'Toole. In a good year.
    Senator Coburn. In a good year. Hopefully, we can have some 
more of those. But there is about a quarter of a billion in 
R&D, guesstimate, outside of S&T, is that your understanding?
    Dr. O'Toole. That is certainly the GAO finding. First of 
all, half of our budget is R&D and the rest is the university 
programs, et cetera, et cetera. The dilemma in DHS is that 
because we are so operationally focused, there is, as David 
said, this large gray area which the components do not now 
regard as R&D. If you think about the spectrum of R&D, it 
starts with trying to understand fundamental phenomena and then 
you gradually apply it. You make a technology. You prototype 
it. Once you get it out into the field and it is working and 
you are using it, you are still tweaking it in virtually all 
cases. Think of any technology you own.
    And what the components are doing is what they call 
tweaking--they do not call it tweaking. David calls it 
research. They call it operational performance improvements. So 
in these overlapping experiments or R&D efforts that he talked 
about between TSA and DHS, I mean, S&T, what we were trying to 
do was test brand new technologies, in this case, mass 
spectrometry, to see if it could actually detect these homemade 
explosives.
    What TSA was trying to do, sort of to make a leap forward 
in the way we deal with Hazardous Materials Endorsements 
(HMEs), what TSA was trying to do is improve the efficiency in 
the way they operate the scanning machines and the trace 
explosive detection that is already deployed in the field. So 
they do not regard that as R&D. They think that is operational. 
And figuring out a definition that accommodates both parties, 
that truly captures R&D without inhibiting the agility of the 
components to make operational improvements, is the dilemma.
    Senator Coburn. Dr. O'Toole, in your estimate, what 
percentage of this money that is operational improvement--is 
there other R&D going on in Homeland Security that is outside 
of your control?
    Dr. O'Toole. Yes. I mean, the components are sending money 
to the DOE labs and the DOE labs definitely do R&D.
    Senator Coburn. Right.
    Dr. O'Toole. I cannot answer the percentage. I do not know. 
I do not have any analytical basis for saying. What we would 
like to do is form strong partnerships with all the components 
as we are doing. I think a Portfolio Review, for example, is a 
much more powerful mechanism for identifying research and 
development than are budget lines----
    Senator Coburn. Right.
    Dr. O'Toole [continuing]. That say, this is R&D. And we 
have persuaded the Coast Guard, for example, to use this 
Portfolio Review. They really liked it. Actually, they improved 
it. We are going to adopt their innovations. And the 
Immigration and Customs Enforcement (ICE) is now looking at it, 
as well. It takes a lot of work to do a Portfolio Review. It is 
a big investment. But that would be something that we are 
trying to encourage the components to adopt, and that will, I 
think, pick up and identify that work which we would all agree 
is R&D and should be captured.
    Senator Coburn. Do you think the leadership at DHS buys 
into that, in other words, this Portfolio Review, so that we 
are actually using some of the techniques that you have put in 
at S&T--where you have not had a partnership component unit 
working with you? In other words, do you see that transitioning 
to the point where we are going to have buy-in throughout all 
the components of DHS?
    Dr. O'Toole. The Secretary is very much in favor of it and 
has said so. I think we will get there. Some components are 
much more willing than others. There is a spirit of, let us 
collaborate anywhere we can to save money and gain efficiencies 
abroad in the Department that I think is quite powerful.
    Senator Coburn. All right. Thank you.
    Chairman Carper. Senator Pryor.
    Senator Pryor. Thank you, Mr. Chairman. And you are 
correct. We were together over the weekend and someone was 
remarking that I am on six Committees, and I could see your jaw 
drop and you said, ``Six Committees? No wonder you never come 
to Homeland Security.'' [Laughter.]
    So, anyway, I am back. Thank you. It is great to be here, 
and I probably am on too much and doing too much, but thank you 
so much.
    Let me say thank you both for your leadership on this 
issue. This is important. You are doing good work. It is nuts 
and bolts. It is probably not going to grab a whole lot of 
headlines, but it is important for the government to do this 
and important for us to have that oversight.
    Secretary O'Toole, let me start with you. Last September, 
GAO recommended that DHS develop policies and guidance for 
defining, reporting, and coordinating R&D activities across the 
Department. I am curious just generally about the status of 
that. I know you talked some about that, but I would like just 
a brief status report on that and what you need to do to 
continue to implement those recommendations.
    Dr. O'Toole. So, we have accepted all the recommendations. 
We have researched the different definitions of R&D around the 
government and have offered a suggestion of one that we think 
will work for DHS without impeding agile improvements by the 
components.
    The Under Secretary of Management is preparing a second 
evolution of our fundamental Management Directive which would 
set up an integrated approach to how we do all work across DHS 
and would establish a lot more transparency and visibility into 
what everybody is doing in a manner that would be available to 
all of the components, including S&T. It would also give S&T a 
prominent role at the front end of any acquisition, which would 
be very important. Now, we come in just before we buy something 
and we do operational testing and evaluation (OT&E). We could 
save everyone a lot of grief and money if we had more expertise 
engaged at the front end.
    Third, S&T has established a process whereby we are going 
to collect information on what the different components are 
working on with the DOE labs.
    Senator Pryor. So, in terms of the GAO recommendations, are 
you halfway through? Are you three-quarters of the way through? 
Have you implemented all of them? I mean, tell me where you are 
in trying to----
    Dr. O'Toole. We are more than halfway. We are about done 
with the definition. The problem is that the definition will 
still come up against these different kinds of budget lines 
that will have to be worked through different Committees and 
may not be that illuminating in the end.
    The Integrated Investment Life Cycle Model (IILCM) is 
hopefully going to be established in the next several months 
and we will have an annual S&T delineation of DOE work this 
year.
    Senator Pryor. And is that the kind of thing where you get 
the GAO report and then you just go to work implementing it, or 
is there contact with GAO about how they think you should do it 
and for them to sort of help you make good decisions there? Do 
you have any contact with GAO on this?
    Dr. O'Toole. Well, we have certainly talked with Mr. Maurer 
and his team extensively about the report before and after they 
issued it. It is pretty straightforward. The dilemma is how you 
apply this definition across budget lines that we do not 
control.
    Senator Pryor. OK. Mr. Maurer, do you have a comment?
    Mr. Maurer. Yes, absolutely. We typically, after we issue a 
report, we let the report and the recommendations stand on 
their own, but we often work with the departments and agencies 
we make recommendations to and basically assess their actions 
and we make an independent judgment of whether or not we think 
those actions are sufficient to close a recommendation.
    I think, as of right now, we are encouraged by the progress 
that the DHS is making and we certainly leave it to them to 
work out all the details, because that is appropriate. But at 
the same time, we view those recommendations as open and not 
fully implemented at this point.
    Senator Pryor. But you feel like they are making progress?
    Mr. Maurer. Absolutely.
    Senator Pryor. And do you feel like that you can measure 
that progress and, at some point in the future, say, hopefully 
this year, you will be able to say they have been able to do 
all this, or will there be ongoing problems?
    Mr. Maurer. Well, I think that depends on what is actually 
implemented at the Department. Typically, what we want to see 
is not just a creation of a plan. We also want to see that plan 
implemented and put into practice. That has been one of the 
major challenges facing the Department, not just on the R&D 
front, but there have been a number of plans and directives to 
improve overall management of the Department, which, when you 
read the words on paper, are very encouraging and very 
positive, but you want to see those changes actually 
implemented and involve changes in the day-to-day operation of 
the Department and, hopefully, leading to cultural, 
organizational change within DHS.
    Senator Pryor. Secretary O'Toole, let me change gears, if I 
may, and ask you about the sequester and the management 
challenges that presents. So, I guess, just if you have some 
specific examples of ways that the sequester is making things 
difficult for you at DHS and maybe DHS Department-wide and how 
you would like to see all that resolved.
    Dr. O'Toole. R&D is particularly disrupted by budgets that 
go up and down, because when you invest in an R&D project, it 
does not bear fruit for several years. So not only does 
sequester threaten to cut funds for projects that are not yet 
completed, so you lose all your sunk costs, it makes it very 
difficult for us to decide what projects to begin. We have not 
begun any new projects for a while now because of budget 
uncertainties. What you really want is steady funding in R&D. 
Money that goes up and down is very difficult to deal with.
    So, for example, in our Portfolio Review, one of the things 
that it produces is a picture of all the potential investments 
across all of these different areas and the scores associated 
with those investments. And you have to decide, what are you 
going to invest in, given your piggybank? With the sequester, 
we are holding off on some very good projects that we would 
like to begin, or having to choose between two projects and we 
can only do one.
    Over time, this kind of uncertainty wears away at the 
morale and the quality of staff, frankly. If you ask any R&D 
director what their biggest problem is, it is recruiting and 
retaining talent. In R&D, when your budget goes down, you do 
not just pedal harder and work longer hours. Your project goes 
away. Your work goes away.
    So if we have too long a period of this kind of 
uncertainty, I think it will impair our ability to recruit and 
retain staff. That is No. 1. Two, it makes it very difficult to 
make really wise investments in new projects. And, three, it 
ultimately leads us to end projects that might have borne fruit 
before they ripen.
    Senator Pryor. Thank you, Mr. Chairman.
    Chairman Carper. Boy, you ask really good questions. You 
have had a chance to practice and prepare, so it was good.
    One of the things I loved to do when I was Governor--I 
still love to do it--is I love to do customer calls, and my 
guess is Dr. Coburn and Senator Pryor also do this back home, 
where we visit companies all over my State and we ask--our 
delegation does this, we do it with our Governor, Jack 
Markell--and we ask businesses, how are you doing? How are we 
doing and what can we do, we in government, our delegation, and 
when I was in Governor, in that role, what can we do to help 
you? We think that is part of creating a nurturing environment 
for job creation and job preservation, to ask our customers, in 
that case businesses large and small, how we can be helpful.
    One of the things that I oftentimes ask--I usually ask it 
at the end of the hearing--what can we do to help you do your 
jobs better? I think you provided part of that answer already 
in what you just said. And one of the things Dr. Coburn and, 
frankly, Senator Pryor and I work on a lot is trying to develop 
bipartisan support for a comprehensive deficit reduction plan 
that includes entitlement reform, includes some revenues, and 
includes just a real focus on changing the culture of 
government, from spendthrifts and more to one of thrift where 
actually we look at everything we do and ask, how do we get a 
better result for less money?
    But I am reminded--Tom and I were talking about this the 
other day in terms of weapons systems procurement--if the 
funding goes up and down, up and down, and we have a fixed 
contract, a fixed-price contract with, whether it is Lockheed 
or anybody else, it is pretty hard to--when they are talking 
about modernizing C-5 aircraft or any other weapons system 
project--it is pretty hard to get what we need at a good price.
    And the point that you make about the need for some 
certainty, some predictability with respect to funding is very 
well taken. I take that to heart.
    Let me just ask you, in terms of asking our customer, doing 
customer calls, talk to us about who your customers are. Talk 
to us about how you communicate with your customers.
    One of the trips I took earlier this year was up along the 
Canadian border. I was joined by Senator Levin of Michigan, to 
take a look at border security on the Northern border. And one 
of the memorable conversations I had up there, we spent some 
time in helicopters. We spent a lot of time on land with the 
Border Patrol folks, the Customs and Border Protection (CBP) 
people. But we also spent time with the maritime folks in small 
swift boats, fast boats, along the Great Lakes.
    And we were talking to the fellow who was in charge of one 
of the units up there that included a bunch of the boats, 
maritime folks. He said he is very much interested in R&D. 
Interesting. He has had some jobs within the Department, pieces 
of the Department, that actually gave him the opportunity to be 
involved in R&D. But what I heard from him is he was not really 
convinced that the, say, the Directorate, the folks at the top 
of the Directorate, were as interested as they might be, ought 
to be, in terms of asking folks on the front line, what do you 
need?
    In one of my old jobs, I was a Naval Flight Officer for 
many years in Navy P-3 aircraft and our job was to hunt for Red 
October, track Russian subs in all the oceans of the world--
Soviet subs, actually--stuff like that. We would from time to 
time be asked by the Navy and also by Lockheed, who was the 
developer of our planes, builder of our planes, what do you 
need? What is working? What is not working?
    I was on the Amtrak Board of Governors as Governor and we 
were always asking our customers, what do you need, because 
what we thought they were looking for and needing maybe was not 
what they did.
    But who are your customers? How do you find out what they 
need?
    Dr. O'Toole. So, our customers are the DHS components in 
all their variety and multitudes, hundreds of thousands of 
people, and the first responder community spread out over 
73,000 jurisdictions and also a heterogeneous set of 
communities.
    I have been up to the Northern border and the Great Lakes 
and talked to those people. We are working hard up there. It is 
hard to touch every person, but our outreach to the components 
is quite extensive. We have people deployed to Customs and 
Border Protection from S&T. We do not do a project without 
extensive engagement with the operators, whomever they may be, 
but the front line people.
    In the particular situation that you are talking about, for 
example, they are using on the Great Lakes and across the 
Northern border a system of sensing integration that we 
developed in Los Angeles-Longbeach for the Coast Guard, and the 
CBP saw it, liked it, and moved it up to the Northern border.
    At Ambassador Bridge in Detroit, where a lot of the 
Northern border truck and car traffic comes over, we just 
finished an Apex project that was trying out these smart locks 
which help to make CBP much more efficient, also help to make 
the vendors, particularly the car manufacturers, much more 
efficient, and improve their throughput and security.
    So we are very opportunistic in the projects that we take 
on. We cannot do everything. So if somebody comes to us--if a 
component comes to us and says, we have a problem, we will 
respond to that. We will not now invest unless the head of that 
component or his or her No. 2 says, this is a big problem for 
us. We want S&T to invest here and we will agree in writing on 
the objective and the approach to that project. And we do this 
every year. We check to make sure that we are doing the right 
thing.
    We have learned that the projects that succeed are those in 
which we have a partnering team that includes the operators, 
but also the people with the authority to commit money on the 
other side following that project throughout its gestation 
period. We do not say, OK, we are going to do this for you and 
walk away for 2 years and come back with a gizmo anymore. We 
will not do that.
    And if, after 2 years of S&T investment, the component is 
not willing to invest their own money in furthering their 
project, or at least establishing an acquisition line so that 
they can pick it up in another year or two if it succeeds, we 
stop. So we stopped the Secure Transit Corridor that we were 
working at the Ambassador Bridge because CBP told us, we would 
rather you spend your resources on air entry and exit.
    Chairman Carper. That was a reassuring answer. I would like 
to say, as Dr. Coburn and our staff says I often say, 
everything I do, I know I can do better. And I would just urge 
the folks that work for you just to make sure that on a daily 
basis, on an ongoing basis, that they bring to work the spirit 
of asking, what do you need? How can we help? Just make sure 
that they are continuing to improve that communication and 
asking that question and responding to the answers.
    I am going to slip out and take a quick phone call, and 
when we come back, I want to go from the Northern border to the 
Southern border. I spent a fair amount of time, as did Dr. 
Coburn, along our border with Mexico. As you know, we spent a 
lot of time in the Senate in the last month on legislation 
trying to figure out, among other things, how to make our 
borders more secure in a cost-effective way.
    I want to come back and talk about force multipliers and 
the ports of entry. We have this huge throughput of traffic you 
have alluded to. Also, how do we use force multipliers to get 
better results for less money or the same amount of money with 
all these Border Patrol people we have, and there is a proposal 
to add a whole lot more to them. And we ought to figure out, 
what are we doing that makes a lot of sense, but what, in terms 
of what you are hearing from your customers down on the 
Southern border, that we can do, things like Enforcement Link 
to Mobile Operations (ELMO) that we hear about that you have 
probably been involved in, the handheld device for the CBP 
people. I just want to delve into that and look forward to 
pursuing that and have some questions, too, for you, Mr. 
Maurer. Thanks very much. Dr. Coburn.
    Senator Coburn. Well, thanks. As Senator Carper said----
    Chairman Carper. You can just hold off for now and we will 
come back. I was telegraphing my pitch.
    Senator Coburn. No. Well, she had said something before 
that, but that is OK.
    Chairman Carper. All right. Thanks.
    Senator Coburn.[Presiding.] Tell me the benefits in the way 
that you work with DARPA.
    Dr. O'Toole. We have become very avid transition partners 
for DARPA. They work, as you know, on the leading edge of 
technology and we have on numerous occasions--I will give you 
some examples--worked with them to pick up their technology and 
apply it to DHS needs.
    We just held a Joint Industry Day with DARPA and TSA that 
is oriented around these new approaches to aviation safety. We 
are using DARPA's $25 million investment in compressive 
sensing, which is a way, mathematically, of getting more 
information out of a signal as part of this new checkpoint that 
I described.
    We have used a big DARPA investment in a classified system 
for gathering and making sense of data that we are going to 
declassify and use to try and maintain a better situational 
awareness of the marine environment, which, as you know, is 
plagued by these submersible, semi-submersibles, and small 
boats that we have a hard time seeing and tracking.
    We have benefited from DARPA's investment in a composite 
material-based box--they call them Hard Unit Load Device 
(HULDs), H-U-L-D--which is intended to house cargo being 
shipped in airplanes and to contain an explosion if some cargo 
in that box explodes. They developed a prototype. We have 
tested it, tweaked it a little bit. It is probably too heavy 
and expensive for what we need, but it has been a very good 
experience.
    We have used DARPA's algorithms for identifying explosives 
in our applications, and I could go on and on. But we have 
formed very close liaisons with them almost across the board of 
disciplines.
    Senator Coburn. And you feel comfortable you are not 
duplicating but you are, rather, extending their research----
    Dr. O'Toole. Yes.
    Senator Coburn [continuing]. In terms of----
    Dr. O'Toole. Very comfortable.
    Senator Coburn. All right.
    Dr. O'Toole. We do not do what DARPA does.
    Senator Coburn. Yes. You have these Centers of Excellence 
at the university level, which I assume you think you are 
getting good value from. Do you think you are always getting 
good value? Do you have good control over the expenditure of 
that money?
    Dr. O'Toole. We are getting more and more value out of the 
Centers of Excellence. There are initial stand-up transactional 
costs. It takes about a year, from what we can tell thus far, 
for a new COE to really get rolling. And the more they engage 
with DHS, the more successful they are. So last year, for 
instance, the Centers for Excellence combined got more money 
from the DHS components than they did from their S&T grants, 
which is a sign of confidence.
    But, yes, I think they are a very good value, and as I 
said, as they mature, they become more so out of time.
    We are also making a lot of efforts to get our own program 
managers from the Homeland Security Advanced Research Projects 
Agency (HSARPA) more familiar with and engaged in what the 
universities are doing so we can go out when we do technology 
foraging--that is actually the first thing that we do. Is there 
anything our COEs have that we could use?
    Senator Coburn. OK. I will submit questions for the record, 
and I do not know whether this came from S&T funding or from 
the component funding, but there are a couple of studies that 
were released from the COEs that I cannot find a connection to 
Homeland Security from, and one is from the University of 
Hawaii and another from the University of Arizona, that I do 
not see how it has any application to what you are doing, but I 
will not go into that now.
    Dr. O'Toole. OK.
    Senator Coburn. But I will send you a letter on it and have 
you look at it.
    Dr. O'Toole. OK.
    Senator Coburn. One of my criticisms in grants is, too 
often, especially at Homeland Security, we do not have the 
followup.
    Dr. O'Toole. Mm-hmm.
    Senator Coburn. Here is what the grant was supposedly for.
    Dr. O'Toole. Mm-hmm.
    Senator Coburn. Did they actually spend the money on the 
grant?
    Dr. O'Toole. Mm-hmm.
    Senator Coburn. Did the grant give us something of value? 
Could we have done a better job in detailing down and honing 
down on what the grant was for? Do those people receiving 
grants know you are going to be checking on them----
    Dr. O'Toole. Yes.
    Senator Coburn [continuing]. For compliance? In other 
words, creating an expectation as, we are going to give you a 
grant. It has to be serious. It is not about fulfilling some 
professor's need for some extra money for his research. Rather, 
here is a need the government has and we are going to check on 
you. And, by the way, if you are not doing it, we are going to 
pull the money.
    Because where we do that in the government, and it is not 
many places, we get much more value for what we send out 
because you change the culture. The culture becomes an 
expectation, if you get a Homeland Security S&T grant, you had 
better by dinghy be on the ball after it and you had better 
perform. Otherwise, you are not going to get the grant, and you 
might get that one pulled back.
    Dr. O'Toole. I agree. We do not pull back money, but we 
give more money if you are performing. We review each COE twice 
a year with a Federal Steering Committee. And these are very 
desirable grants. If you have not performed, you are certainly 
not going to get the second round of grants. But there is 
definite incentive to performing well and that is measured by 
how you help DHS.
    Senator Coburn. OK. Mr. Maurer, during your review, I 
presume you spoke with several of the components of DHS and 
their evaluation. What is their perception of S&T?
    Mr. Maurer. That is right, Dr. Coburn. We spoke with a 
number of different operational components at DHS and our 
report, obviously, was issued back in September, so all of this 
audit work was done about a year and a half ago or so. At that 
time, we spoke with representatives from six different 
components.
    We heard, frankly, a range of views. Some components were 
very complimentary of how closely they were working with S&T 
and they really applauded S&T's efforts to have a tighter link 
between operational needs and the R&D support and the other 
support that S&T can provide.
    There were other components, or representatives from other 
components, that were, frankly, unclear of the linkages and 
they were not sure that what S&T was providing was in direct 
alignment with their overall operational needs and they felt 
that there was a need for enhanced coordination and 
collaboration.
    Senator Coburn. Was that communication at the leadership 
level of those components or was it at sub-levels of that 
component?
    Mr. Maurer. We were talking to people at the sub-levels, at 
the working level.
    Senator Coburn. Yes, because I think the important point 
Dr. O'Toole made is we will work with you if you buy in. But if 
you are not going to buy in, we are not going to be there. And 
so I wonder, can you ferret out any of that for me in terms of 
the agencies where they were actually doing work and yet you 
still had a negative comment?
    Mr. Maurer. Generally speaking, the components where there 
was a more positive feedback from S&T had the tighter links at 
that senior level and it had trickled down through the 
organization. Some of the areas where there were some concerns, 
it may have been a combination of sort of legacy and longer-
term things, where the change had not percolated down into the 
trenches yet.
    Senator Coburn. Yes.
    Mr. Maurer. And I think that is actually not atypical 
within DHS, to be quite honest. I mean, there are good things 
happening within the Department, but you are really talking 
about changing the direction of an aircraft carrier. It takes a 
while for it to get all the way down.
    Senator Coburn. All right. Thank you very much.
    Mr. Chairman, let me have one other----
    Chairman Carper. [Presiding.] No, please, go ahead.
    Senator Coburn. One other question, if I might.
    Chairman Carper. Sure.
    Senator Coburn. The National Bio- and Agro-Defense Facility 
(NBAF) in Kansas, you got that under control?
    Dr. O'Toole. Yes.
    Senator Coburn. Going to come in on time, under budget?
    Dr. O'Toole. Under budget----
    Senator Coburn. On budget? How about on budget?
    Dr. O'Toole. On budget, yes. I think we can do that. This 
has been a very extensively studied construction project. It is 
a unique facility, very highly engineered. But the country 
needs this laboratory to protect its agriculture industry, and 
I think we have great partners in Kansas. They really want to 
build this for their own reasons, which I think are sound. So 
everybody's interests are aligned.
    Senator Coburn. OK. It is a big project, as you know.
    Dr. O'Toole. Huge, yes.
    Senator Coburn. It is bigger than your whole budget.
    Dr. O'Toole. Yes.
    Senator Coburn. So I would love updates on that as you get 
through. If you get in trouble, I would like to know earlier 
rather than later.
    Dr. O'Toole. I agree. I will say, we did bring the National 
Biodefense Analysis and Countermeasures Center (NBACC), which 
is the human BioSafety Level-IV (BSL-IV) lab, in on budget.
    Senator Coburn. OK. Thank you.
    Chairman Carper. All right. Thanks, Dr. Coburn.
    We have been joined by Senator McCaskill. There is nobody 
more vigilant than the two people sitting to my right in terms 
of trying to make sure there is a culture around here that 
focuses on better results for less money, and Senator McCaskill 
chairs a Subcommittee that focuses a lot on this and we are 
happy that she is here. It is all yours.
    Senator McCaskill. Thank you, Senator Carper.
    I believe that you have spent $334 million to produce an 
antibiotic, Raxi, dosage in preparation for and anticipation of 
an antibiotic-resistant anthrax, is that correct?
    Dr. O'Toole. No, Senator.
    Senator McCaskill. OK. How much has been spent?
    Dr. O'Toole. We have not spent any money on production of 
antibiotics. That would be the Health and Human Services (HHS) 
responsibility.
    Senator McCaskill. OK. But the Federal Government has spent 
this money.
    Dr. O'Toole. That is possible.
    Senator McCaskill. You do not know?
    Dr. O'Toole. No.
    Senator McCaskill. You have no idea how much has been spent 
for vaccinations for an anthrax attack?
    Dr. O'Toole. That is not my realm of responsibility, 
Senator.
    Senator McCaskill. OK. So you do not know about Raxi?
    Dr. O'Toole. I know of the drug----
    Senator McCaskill. OK.
    Dr. O'Toole [continuing]. But I do not have any direct 
oversight or engagement or responsibility with that issue.
    Senator McCaskill. Well, is it not your job to determine 
overall homeland security as it relates to science and 
technology? Is that not your job?
    Dr. O'Toole. My job is to manage the R&D investments on 
behalf of DHS. The realm of R&D that we do is set forth in the 
Statutory Act. We have very specific responsibilities in 
biodefense----
    Senator McCaskill. So if you do not have testing capability 
in terms of health, then you would not be in charge of having, 
instead of GenWatch, instead of having BioWatch, having blood 
testing done on individual responders to determine whether or 
not there has been some kind of terrorist bioattack?
    Dr. O'Toole. No. We do not do that work. The bio----
    Senator McCaskill. That would be HHS responsibility?
    Dr. O'Toole. Testing first responders----
    Senator McCaskill. Yes.
    Dr. O'Toole [continuing]. For exposure? Yes. That would be 
the--developing those tests, developing a diagnostic test is 
something that we are very interested in, but we would not----
    Senator McCaskill. But have you not advocated for that?
    Dr. O'Toole. I have advocated for a strategy that 
emphasizes the development of clinical diagnostics, because I 
think in a big bioattack or a pandemic, particularly if 
resources such as treatments are scarce, it will be very 
important to be able to specifically define who is infected and 
who is not.
    Senator McCaskill. OK. I am a little confused, then. So you 
are involved in the strategy of clinical diagnostics when it 
comes to testing first responders in terms of blood tests that 
would give us some indication as to whether or not there had 
been an attack, but you have nothing to do with Raxi, any 
strategy or any opinion about whether Raxi has been a good 
investment for the Federal Government.
    Dr. O'Toole. The medical countermeasure investments, which 
are defined as vaccines and antivirals and antibiotics, are 
under the purview of HHS and DOD for its own troops. DHS does 
not engage in research and development related to medical 
countermeasures. We have had a historical mission involved in 
trying to detect bioattacks and attain situational awareness 
over an attack once it occurs, which is the realm in which I 
think diagnostics would be important.
    Senator McCaskill. Well, let me just ask for your opinion 
then, even though it is not your--maybe you are going to say 
you do not have an opinion, which I would find shocking. Do you 
think it is a good idea that we have spent $5,100 per dose and 
spent over $334 million for an antidote when there has never 
even been a test that has proven that antidote will work, and 
that all of these doses will expire and be worthless to us in 
2015, and the person who had been recommending this everywhere 
he went in a professional capacity was on the board of 
directors of the only company that developed the drug and made 
more than a million dollars from that company during the period 
of time he was recommending this strategy, not only to HHS, but 
also to your predecessors and I believe you have had meetings 
with Mr. Danzig.
    Dr. O'Toole. I have known Mr. Danzig for over 20 years. I 
think he is a dedicated public servant. He works as a member of 
a panel for a contractor of ours on what is called the BioNet 
Assessment, which is an Homeland Security Presidential 
Directive (HSPD)-10 mandated panel that is supposed to look at 
our progress in biodefense periodically and report back. I have 
never heard him in any meeting on biodefense--and I have been 
in a lot, particularly prior to my job here, which has kind of 
moved me out of that realm, frankly--I have never heard him 
advocate that drug.
    But let me answer your first question.
    Senator McCaskill. Well, Secretary O'Toole, it is in 
writing. I would recommend you Google him. There is article 
after article about the importance of doing this. You are not 
going to sit there and tell me that Mr. Danzig has not 
advocated buying this vaccination, this treatment.
    Dr. O'Toole. What I said was I have never heard him 
advocate it.
    Senator McCaskill. OK.
    Dr. O'Toole. In terms of----
    Senator McCaskill. But you know he has been advocating it--
--
    Dr. O'Toole. I believe you----
    Senator McCaskill [continuing]. Far and wide for years.
    Dr. O'Toole. I believe you.
    Senator McCaskill. OK.
    Dr. O'Toole. OK. In terms of----
    Senator McCaskill. But you do not need to believe me. You 
know it, do you not?
    Dr. O'Toole. Pardon me?
    Senator McCaskill. You know this, do you not?
    Dr. O'Toole. No, not from personal experience or 
information, I do not.
    Senator McCaskill. So you have not read about this?
    Dr. O'Toole. No, I have not.
    Senator McCaskill. You are telling me that in your capacity 
of responsibility and leadership at the Department of Homeland 
Security, you have no idea that there has been a serious 
allegation of conflict of interest----
    Dr. O'Toole. Oh, no. I am well aware of the serious 
allegation of conflict of interest, but I do not believe 
everything I read, and I do know Richard and I had personal 
experiences with him.
    Let me go back to your first question, though, which is a 
very serious strategic point about what are we doing to protect 
the country against biodefense, OK. This is a very complicated 
area technically, OK, and in my view, which you have asked for 
so I will offer it--I am a little out of my area of 
responsibility here--it has not gotten sufficient congressional 
attention and oversight. It is very difficult to figure out, 
particularly in medical realms, when you are talking about 
drugs and vaccines, where there is a very long, complicated 
runway between the idea and the success, it is very difficult 
to figure out what to invest in.
    The added complication for biological weapons-related 
diseases is that we cannot ethically test a lot of this stuff 
in humans, which is the dilemma that you raise, Senator, 
regarding this pharmaceutical. So we need to have a very 
careful strategy of investment.
    This is big money that we are talking about, as you point 
out. That is not a lot of money per dose for your average 
biological, but it is a lot of money, particularly since we 
have to deal with many different potential agents and we are 
trying to protect the country, not just one, two, or a thousand 
patients. So there are very difficult decisions to be made, 
almost Hobbesian choices in some cases, about which medical 
countermeasure to invest in and what are the principles upon 
which we will be investing.
    And in my opinion, I think that deserves more attention 
from Congress than it has gotten. I think we are investing a 
lot of money. I think we are under-investing and I would like 
to see us take a more strategic approach. We have to buy down 
this cost with new technologies. It is a very difficult set of 
markets to move, very complicated. But I do think it would be a 
good thing to spend more of the Congress's attention on 
biodefense.
    Senator McCaskill. I am reading your responsibilities and 
it says, finally, some of the Under Secretary's 
responsibilities and authorities are primarily coordinative. 
These include collaborating with the Secretary of Agriculture, 
the Attorney General, and the Secretary of Health and Human 
Services in designating and regulating biological select 
agents.
    Dr. O'Toole. Mm-hmm.
    Senator McCaskill. And that is why I am a little surprised 
at your initial reaction that this is not anything that you 
have anything to do with and your assertions that you are not 
really aware of any of the----
    Dr. O'Toole. Well----
    Senator McCaskill [continuing]. Highly, frankly, 
questionable expenses that we have embraced without----
    Dr. O'Toole. Well, you are hitting on an important seam. 
Biodefense is one of these issues which is very important to 
national security but is not a top priority of any one agency. 
It is an inherently interagency set of responsibilities that is 
distributed over many different agencies.
    It primarily resides in HHS. What S&T does in DHS is we 
examine potential threat agents and we do analyses of these 
threats and then we determine if they really look like they 
could be made into a biological weapon. At that point, we hand 
off that information, which is called a Material Threat 
Determination, to HHS. They do their own analysis as to whether 
or not it is a highly consequential public health problem, and 
on the basis of those data, they decide whether and in what way 
to invest in medical countermeasures.
    Senator McCaskill. I have a number of more questions about 
BioWatch, but I know my time is up and you all may want to go, 
because we have billions in BioWatch and it is almost as bad as 
Raxi.
    Chairman Carper. Well, you are going to get another chance.
    Senator McCaskill. Thank you.
    Chairman Carper. So do not go away. Thanks for those 
questions. Thanks for the answers. That was a good tutorial for 
me.
    I telegraphed my pitch earlier, I think just about the time 
Senator McCaskill was getting here, and I want to go to the 
Southern border. Talk to us a little bit about force 
multipliers. One of the things that some of us have been 
concerned about the--I supported the immigration reform bill. I 
did so. I was not convinced that we really need to add 20,000 
Border Patrol officers down on the border given how many we 
have there. We spend more money for border security right now 
than we spend in all other Federal law enforcement activities 
combined, so that is a lot of money.
    I am convinced that we need more people in what we call the 
ports of entry, those lands ports. We have huge amounts of 
vehicular traffic, truck traffic, a lot of trade going back and 
forth. I saw some really interesting and impressive technology, 
a handheld device called the ELMO used at the ports of entry by 
our Customs and Border Protection officers.
    And one of the things that I want you to talk a little bit 
about is what are some fruits of our R&D activities that have 
been deployed along our Southern border with Mexico that we can 
point to and say, this is working and this is where we got the 
idea. Where did the idea come from? Maybe it came from your 
customers down on the border, the people who work there for us.
    Dr. O'Toole. Mm-hmm.
    Chairman Carper. And maybe give us some insight into some 
of the activities that you are working on that we hope will 
help make the men and women we have on the border, 20,000 
Border Patrol, 21,000 Border Patrol and thousands of others at 
the land ports. Talk to us about that----
    Dr. O'Toole. Mm-hmm.
    Chairman Carper [continuing]. What we have that is 
deployed, how you all worked in it, and some projects that you 
are working on that will enable us to be even more effective.
    I guess the implicit question is, what do we need to be 
doing here to support those activities so that those thousands, 
tens of thousands of people we deployed on the border can be 
more effective.
    Dr. O'Toole. We are doing a lot of work on the border. The 
Southern border is not a consistent entity. The kinds of 
technologies that will work in Arizona are different from what 
we need in Texas, for example, where there is a lot more 
vegetation and a river to cross and a very fast vanishing point 
once you get across. You can get in a car, be on a highway, and 
be gone very quickly.
    We have done, as I said, a recent operational analysis that 
shows that we can change procedures at no cost in a way that 
would reduce the time CBP agents spend processing aliens whom 
they pick up and get them back out to the border. We have made 
suggestions of other process changes that would cost some 
money, because they involve changes to computer systems, that 
would push those efficiencies further.
    We think of the border in terms of air surveillance, ground 
surveillance. On the Southern border, underground surveillance 
is very important because we are seeing more and more tunnel 
activity. One of the projects that we have underway in 
collaboration with DOD and some of the intelligence agencies is 
to figure out how we can guide Border Patrol agents in using 
the proper technology to find tunnels. It turns out that 
different technologies work differently depending upon the soil 
conditions. So we are creating a compendium of what works where 
and how to maximize your likelihood of finding tunnels.
    We have also instrumented some of the public infrastructure 
tunnels, the sewer drains and so forth, that people use as 
conduits so that we have more awareness of people coming 
through there and can more efficiently deploy Border agents 
when there actually is activity and not having them stand at 
the entry of the tunnel day and night.
    We have deployed ground-based radars and something called a 
trip wire on the Southern border. The trip wire is buried and 
it follows the contours of the land. One of the problems with 
the cameras and radars is it cannot see into the gullies. The 
trip wire costs about a tenth as much as the fence to deploy, 
has a very low false positive rate, allows you to determine 
whether it is an animal or a person or a vehicle that has 
tripped the wire, and has been very effective so far. It is in 
operational field testing now on the Southern border.
    We have also done a lot of work in marine surveillance and 
have a major program underway with Air and Marine Operations 
Center (AMOC) to----
    Chairman Carper. I am sorry, with whom?
    Dr. O'Toole. AMOC, the Air and Marine----
    Chairman Carper. OK, thanks.
    Dr. O'Toole [continuing]. And the CBP which uses DOD 
technology to gather more data from different sensors. We are 
taking existing sensors and repurposing them. So, for example, 
we are taking a National Oceanic and Atmospheric Administration 
(NOAA) weather buoy, changing the radar signal a little bit to 
give us notice of small dark boats in the area.
    So we are taking more data. We are putting it into this 
open mongoose system that fuses the data, aggregates it and 
analyzes it and then spreads it out to the people who need to 
use it in the Port Authorities and so forth. That program is 
now deployed in pilot at AMOC and will become progressively 
more functional over the next 6 months or so.
    We have also taken the mobile surveillance systems, which 
are the cameras and radar on trucks that CBP relies upon, 
particularly in Arizona, and we have upgraded them so that you 
have a wider field of view, a better resolution. We have 
improved the software so that they are still operable in bad 
weather, in windy weather, and we have made them easier to use 
and lowered the maintenance and operational cost. They, too, 
are now under operational testing at CBP.
    Chairman Carper. Senator McCaskill, we could almost have a 
hearing--this is fascinating stuff for me. I spent a fair 
amount of time down on the border with Senator John McCain and 
Secretary Napolitano, Congressman McCaul who heads up the 
Homeland Security Committee over in the House. This is really 
actually very helpful information in terms of us passing a 
comprehensive immigration reform bill that actually tries to 
strengthen further our border security.
    Dr. O'Toole. We----
    Chairman Carper. Let me just mention----
    Dr. O'Toole. Of course.
    Chairman Carper. I want to yield to Senator McCaskill, but 
we will come back and maybe have another round.
    I feel bad for Mr. Maurer just sitting here. He is just 
sitting here listening to your testimony, rolling his eyes--no, 
he is not rolling his eyes. [Laughter.]
    Mr. Maurer. No. I have my game face on. I am staying 
focused. [Laughter.]
    Chairman Carper. Do you want to jump in here?
    Mr. Maurer. Yes, sure.
    Chairman Carper. Before you do, and then I need to yield to 
Senator McCaskill, this guy named Tony Wayne--Senator McCaskill 
probably knows him--he was the No. 2 person, Deputy Chief of 
Mission (DCM), over in Kabul in Afghanistan when Karl 
Eikenberry was our Ambassador there. He is now our U.S. 
Ambassador to Mexico. And I talked with him on the phone last 
month just to get some input on border security, what we ought 
to do more of or less of.
    And one of the things we talked about were tethered 
dirigibles, lighter than air assets, and we talked about what 
we have deployed in Kabul in lighter than air surveillance and 
we have down in Kandahar and other places and he says it has 
been very effective in that part of the world. And we talked a 
little bit about using tethered dirigibles.
    If the wind is over 15 knots, you cannot fly a drone. We 
only have four drones in Arizona. We only fly two of them at 
any point in time. They fly 5 days a week, 16 hours a day. The 
rest of the time, they are not around. They are around, but 
they are not being used. The C-206 aircraft that we basically 
send--we have 18 of them. We send people out with binoculars to 
look at the border, not very smart, but there is a lot of 
technology. But when we come back, I want to ask you about 
tethered lighter than air.
    Mr. Maurer, just jump in here and then I am going to yield 
to Senator McCaskill.
    Mr. Maurer. Just really quickly, two points on the Southern 
border. One is we currently have ongoing work for the House 
Science Committee looking at R&D efforts on the border maritime 
realm at DHS. That report will be forthcoming in September, so 
be looking for that. I think that could help in deliberations.
    The second point I would like to make is as the Congress 
considers what to do on comprehensive immigration reform it 
underscores, really, the importance of having a strong 
management foundation at the Department, because if we are 
really going to be hiring 20,000 more additional Border Patrol 
agents, that is a tremendous human capital challenge. You are 
also going to have to put information technology (IT) in the 
hands of these people. They are also going to have to have 
financial management systems to track the costs. And you are 
going to require new technologies and put them in their hands 
so they can do an effective job. So, really, it is the 
management foundation that enables that mission, and that is 
why we placed a lot of emphasis in terms of our oversight and 
our work on the management front and I think that is one thing 
to always keep a good focus on.
    Chairman Carper. That is a great point. Let me just ask our 
staffs, both the Democrat and Republican staff here, just to 
make sure we come back to Mr. Maurer on that. If we are 
fortunate enough to get into conference on immigration reform, 
it is a huge amount of money we are going to spend in the 
Senate-passed version. I am not convinced all of it is wisely. 
Let us just make sure that we are coming back to the points 
that he made, OK. Thanks very much. Senator McCaskill.
    Senator McCaskill. Thank you.
    You have clarified what I think you see a role in terms of 
stockpiling vaccination or treatment for bioagents that could 
be used as a weapon against Americans. Are you going to 
recommend or have any opinion as to whether or not we should 
buy additional doses of Raxi, since it is all going to be 
worthless in 24 months?
    Dr. O'Toole. So, S&T participates--in some cases, I am the 
participant--in what is called the Executive Steering Committee 
at HHS that reviews these decisions periodically. I raised----
    Senator McCaskill. So, were you part of that when they made 
the decision to purchase it, but you had no idea how much it 
was?
    Dr. O'Toole. I do not think I was part of the decision, but 
I raised concerns on the point of the strategic intent of what 
we were doing.
    Senator McCaskill. Mm-hmm.
    Dr. O'Toole. Anthrax is of great concern as an agent 
because we have seen it used. The U.S. built anthrax weapons. 
We know the Russians did, as well, in their time, as did the 
British. And there are few technical barriers to doing so. So, 
it is the kind of weapon that you could imagine terrorists 
getting their hands on.
    The other problem with bio----
    Senator McCaskill. Although there are technical barriers to 
making lethal--according to the documentation I have read from 
scientists, there are barriers to making lethal doses of 
antibiotic-resistant anthrax.
    Dr. O'Toole. Yes. That is true. But----
    Senator McCaskill. But that is what we are buying the 
antidotes for at $5,100 a dose.
    Dr. O'Toole. There are technical barriers to making multi-
drug-resistant anthrax. There are no technical barriers to 
making an anthrax that is resistant to the primary drugs in our 
stockpile. Some of this is getting into classified information, 
so I apologize. But multi-drug-resistant anthrax, I think, is 
not likely to be a terrorist weapon.
    And I was part of a discussion in DHS in which we did not 
think it was wise to proceed with an R&D project to develop an 
antidote, if you will, a drug product against or a vaccine 
against multi-drug-resistant anthrax.
    Senator McCaskill. I guess I am back to my question. Will 
you be recommending that we buy more doses of Raxi that we have 
spent $334 million on that will be worthless in 24 months? Yes 
or no?
    Dr. O'Toole. No.
    Senator McCaskill. OK. BioWatch--how much have we spent on 
BioWatch?
    Dr. O'Toole. How much has S&T spent on BioWatch?
    Senator McCaskill. How much has DHS spent on BioWatch?
    Dr. O'Toole. Billions of dollars. I do not know the exact--
--
    Senator McCaskill. And how much of that was spent before 
you took your position?
    Dr. O'Toole. S&T has spent no money on BioWatch since I 
took my position.
    Senator McCaskill. How much had DHS spent before you took 
your position?
    Dr. O'Toole. I do not know that figure. I can get it for 
you.
    Senator McCaskill. I want to clarify for the record, it has 
been your stated position that you do not support or do not 
believe we should go to the next generation of BioWatch?
    Dr. O'Toole. My stated position before I became Under 
Secretary was that investing in Gen-3 BioWatch while not also 
investing in more traditional approaches to public health 
surveillance was a mistake.
    Since I have become Under Secretary, I have advised the 
Department that the performance of the Gen-3 candidates that 
the Office of Health Affairs (OHA) has tested thus far is not 
such that under DHS's own acquisition procedures would warrant 
further investment until performance can be improved. And those 
recommendations, which were mirrored by the Homeland Security 
Studies and Analysis Institute (HSSAIs) evaluation, which the 
Secretary requested, were a large part--not the only, but a 
large part of the basis for the Acquisition Review Board's 
(ARB) decision to put a hold on further acquisition of Gen-3, 
on proceeding with the Gen-3 acquisition.
    Senator McCaskill. And is there any effort at this point to 
proceed with acquisition of assays or anything in order for us 
to do blood testing on first responders or testing of blood 
donors or anything of that nature?
    Dr. O'Toole. As part of BioWatch, you mean?
    Senator McCaskill. In lieu of BioWatch. What has been 
advocated, and once again by Mr. Danzig, is that we develop 
what would be a very expensive, obviously, very expensive 
process of doing blood testing of, I guess, first responders 
that would volunteer to have their blood tested on a regular 
basis and/or others have suggested blood donors. It has been 
written up in some of the medical journals that they do not 
think that would be effective.
    Is there any discussion in the groups that you sit on, in 
the places you collaborate, or in the executive committees you 
stand on, to substitute for Third Generation BioWatch a blood 
testing protocol that would somehow, in lieu of BioWatch, give 
us notice that there is some kind of bioweapon being unleashed 
somewhere in America?
    Dr. O'Toole. Not for substitution for environmental 
sensors. We are going to need environmental sensors and we need 
to improve what we have. Whether that is Gen-3 BioWatch is one 
set of questions. I do not think it is, but that is a technical 
question that we have to determine empirically.
    The overall problem is that what we want is very early 
notice of a bioattack, if possible, before people become sick 
with symptoms, because by then, it is, as far as we know, very 
difficult to rescue them. That is certainly the case with 
anthrax, for example.
    Ten years ago--even the Defense Science Board suggested 
that we should be investing in rapid, cheap diagnostic tests 
that would be part of a panel of blood tests that people coming 
in for clinical care would get. So, for example, if you have an 
upper respiratory infection, it would be good for your doctor 
to know if that is viral or bacterial in origin because the 
latter requires antibiotics, the former does not. It would have 
all kinds of good consequences beyond that individual patient's 
well-being.
    If we had a cheap enough diagnostic that when you ran that 
test you also, by the way, checked for anthrax, tularemia, or 
the other bioweapons agents that we thought might be used, at 
almost no extra cost, it would give us a way, if we deployed 
that, for example, in a sample of hospitals around the country, 
to achieve very specific and actionable early warning.
    We have reached a point technologically where these kinds 
of very fast and simple tests are almost within reach. There 
are very few market forces pressing diagnostics forward, and 
one of the problems is how do we actually have the Food and 
Drug Administration (FDA) approve these multianalyte tests that 
look for more than one bug at a time.
    But we do need a way to get beyond the current process of 
diagnosis, which is to take blood from a sick person, someone 
who is already sick, culture that blood, which itself takes 24 
to 48 hours, and then go looking for the bug, which you often 
cannot find even if it is there. So you are now 2, 3 days into 
the bioattack and you do no good for that individual patient, 
who is probably dying by now, and it does not give you the kind 
of early warning we are looking for to protect the population 
with vaccination or whatever.
    Senator McCaskill. Dr. O'Toole, I am trying to make the 
point here that we spent billions on a tool to tell us if we 
were having a bioattack and now there seems to be consensus 
that we have wasted it, because we are not going to use it 
anymore. We are not going to buildupon it. Because if we do not 
do Third Generation, obviously, we are saying that it is not 
going to be effective for what we are trying to do.
    Dr. O'Toole. I do not think that the money spent on 
BioWatch as deployed has been wasted, OK.
    Senator McCaskill. OK.
    Dr. O'Toole. I think it is possible to improve BioWatch as 
deployed in ways other than investing in Gen-3.
    Senator McCaskill. Let me move on to a couple of other 
things. What is the ratio of contractors to employees at S&T?
    Dr. O'Toole. It is about one-to-one.
    Senator McCaskill. So you only have one contractor--so the 
vast majority of your budget, half of it is spent on employees 
and half of it is spent on contractors? Are you not passing 
through most of the money to people----
    Dr. O'Toole. No.
    Senator McCaskill [continuing]. Who have contracts with you 
to do research?
    Dr. O'Toole. Yes.
    Senator McCaskill. OK. So----
    Dr. O'Toole. Our Mergers and Acquisitions (M&A) budget is 
spent on Federal employees. Our contractors are different from 
a lot of Systems Engineering and Technical Assistance (SETA) 
contractors. We contract, for example, with scientists to help 
us on projects----
    Senator McCaskill. I am very aware of who you contract 
with, and I am on the Armed Services Committee and have spent 
years on contracting and R&D. So I understand that the vast 
majority of the money that we appropriate to you is not spent 
on your employees, correct?
    Dr. O'Toole. Correct.
    Senator McCaskill. What percentage of the money we 
appropriate to your Department is spent on employees as opposed 
to other contractors? They may be scientists, but they have a 
contract with us. They have an R&D contract with us. They have 
a development contract with us. They have all kinds of 
contracts that are being managed, ostensibly, by your division.
    Dr. O'Toole. Sure.
    Senator McCaskill. OK.
    Dr. O'Toole. Well, I can get that for you. The problem is 
that I have my M&A budget, which tells me what we are spending 
on Federal employees, and then what you are calling contractor 
costs are embedded in our project costs, so I do not have an 
overall sum of that number.
    Senator McCaskill. What percentage of your employees are 
actually doing research as opposed to overseeing research done 
by others?
    Dr. O'Toole. The only employees in S&T who are actually 
doing research are those who work in our five laboratories.
    Senator McCaskill. OK. So I know I am over, and I can 
finish on the next round----
    Chairman Carper. Yes, you are.
    Senator McCaskill [continuing]. Because this will involve 
Mr. Maurer, because I want him to talk about some of the 
documentation for acquisition and how lacking it is, especially 
when you realize this is primarily a pass-through organization.
    Chairman Carper. Mr. Maurer--do you want him to respond at 
this point in time or do you want to just--we will have one 
more round.
    Senator McCaskill. Well, this is me studying your reports, 
so maybe you can speak to it. We obviously have acquisition 
documentation that has not even been completed and you are in 
the sustainment phase. It does not do you much good to figure 
out that the acquisition is not needed if you are already 
supporting it in a sustainment phase, and I studied your report 
and would like you to speak to the fact that since, primarily, 
this is a pass-through organization, a core competency is going 
to be the documentation at the onset of these projects, before 
we ever begin paying for these projects. Could you speak to 
that, Mr. Maurer?
    Chairman Carper. I would like for you to go ahead and 
respond to that question. I would ask you to do it fairly 
briefly, if you could. If you need more time, we will just come 
back for one final round.
    Mr. Maurer. I will keep it short and sweet. You hit on a 
key point and a key challenge of acquisition at DHS, not just 
on BioWatch, but many others. DHS historically, since they 
developed acquisition guides, have had a good policy. They have 
not always followed that policy. They have gotten the cart 
before the horse in many acquisition projects, and not just 
BioWatch, and it is exactly the point you pointed out, which is 
that they have not clearly defined the requirements up front 
and/or they have not clearly demonstrated that the project or 
the program is going to work as advertised in real world 
conditions before spending a lot of money trying to deploy it, 
and that has been a problem that has plagued the Department for 
years.
    They are starting to take action to address that. They are 
trying to revamp their approach to acquisition, and I think 
that is encouraging, but they still have a long way to go.
    Senator McCaskill. Thank you, Mr. Chairman.
    Chairman Carper. That was short and sweet. Thank you.
    Mr. Maurer. Thank you.
    Chairman Carper. I am going to go back, if I can, to--I 
just wish Senator McCaskill were more passionate about this 
stuff. [Laughter.]
    Senator McCaskill. Sorry. I know I am obnoxious. I 
apologize, Dr. O'Toole.
    Chairman Carper. Actually, she is on her good behavior 
today.
    Senator McCaskill. But it came out of your mouth. There has 
not been enough oversight here, and I do not want you to be 
scared because I do have someplace I have to be in a few 
minutes, but I could go on a long time on this Department.
    Chairman Carper. OK. That is great, because I have 
someplace I need to be in a few minutes, too. [Laughter.]
    Let us go back a little bit to tethered dirigibles, the 
kind of technology that Tony Wayne, our Ambassador to Mexico, 
was talking with us about when he saw it firsthand over in 
Afghanistan. This may be outside your lane or outside your 
wheelhouse, but in terms of the kind of technology we could put 
on tethered dirigibles to do surveillance work along the 
borders on days that the drones are not flying, that they 
cannot get into the controlled airspace of the Department of 
Defense, any idea? We have all these assets over in 
Afghanistan. The question is, do we want to leave them there or 
can we bring them back here? Could we redeploy them along the 
border? Any thoughts along those lines?
    Dr. O'Toole. Yes. S&T has actually----
    Chairman Carper. And, Mr. Maurer, if you have any thoughts 
along those lines, we would welcome those, too.
    Go ahead, please.
    Dr. O'Toole. S&T has actually tested the DOD Aerostats on 
behalf of CBP to see how they perform. They are great. There is 
a lot that you can do with them. They do not perform well in 
weather which is fairly frequent on the border.
    The trouble with the Aerostats is they are very expensive. 
They are very expensive to operate and maintain. So we are 
going to have to make decisions----
    Chairman Carper. That is interesting. You would think with 
an Aerostat, you put in your tether, you put it up in the air, 
and it stays up for days as opposed to having to have an 
aircraft, either manned or unmanned. Even the drones are 
unmanned, but you have huge costs to support them. That is 
interesting that they would be that expensive.
    Dr. O'Toole. Yes. I mean, look, we are going to need a 
suite of technologies on the border and S&T is very eager to 
participate in these decisions. Going back to your how can we 
help you question, we would like to be engaged. We think there 
should be some kind of steering committee that ponders these 
difficult decisions and ways investments in one technology or 
another and----
    Chairman Carper. Well, we are going to be needing to use 
some steering here, so try to figure out how----
    Dr. O'Toole. Well, and there are going to be very difficult 
decisions to make, as Senator McCaskill is pointing out. These 
are complex technologies, complex situations, and a lot of 
judgment will have to be brought to bear.
    But the Aerostats are great. They are not the answer. There 
is a lot of very cool technology out there, and putting 
together a package that is efficacious and cost effective and 
can actually be maintained over time is going to be the 
challenge.
    Chairman Carper. All right. Thanks.
    I want to turn, if I could, to--Mr. Maurer, anything you 
wanted to add to that now?
    Mr. Maurer. Just really briefly.
    Chairman Carper. Please.
    Mr. Maurer. We issued a report in the last year or two 
specifically on Aerostats and I will get that directed to your 
staff.
    Chairman Carper. Give us just a little tease on it, a 
little----
    Mr. Maurer. Well, I did not actually do it myself, but we 
looked across the different Aerostat technology. I think a lot 
of it was focused on DOD, but it may be useful for your 
purposes and oversight on this Committee, as well.
    Chairman Carper. I would just ask our staff, let us just 
make sure we followup on that offer. Thank you.
    If I could, one question and then I am probably going to go 
back to yield the floor to Senator McCaskill.
    Senator McCaskill. I just have one more.
    Chairman Carper. OK. But let us talk a little bit about 
cybersecurity R&D duplication. I think the distinction you made 
between overlap and duplication was a good one and very 
instructive for us. But for Dr. O'Toole, let me just ask, one 
very important issue to this Committee and I think certainly to 
the Senate and to the Congress and to the President and our 
country is that of cybersecurity. And in such a fast-paced and 
evolving environment like ours, cybersecurity research and 
development is really important, as you know, as we try to stay 
out ahead of the bad guys.
    At the same time, a whole lot of agencies have a mission 
that touches on cybersecurity, a big one, but one of several. 
How does S&T coordinate with some of these other Federal 
agencies, and maybe even non-Federal agencies, but especially 
the Federal agencies and with the private sector to avoid 
duplication of cyber research and development efforts?
    Dr. O'Toole. Cybersecurity is coordinated by law by the 
High-Performance Computing Act of 1991 out of the Office of 
Science and Technology at the White House. It is under the 
aegis of what is called Networking and Information Technology 
Research and Development (NITRD), the National Coordinating 
Office for Networking and IT R&D. So this NITRD is broader than 
just cybersecurity, but it has a senior steering group devoted 
to cybersecurity R&D coordination and also several interagency 
working groups devoted to cybersecurity.
    Our Director of our Division of Cybersecurity in S&T co-
chairs the Non-Classified Cybersecurity Working Group. We do 
not do classified cybersecurity work. And they meet very 
regularly. There are many working groups on big data. There are 
various aspects of cybersecurity. We are also participants in 
the Classified Steering Committee on Cybersecurity.
    And the collaboration and cooperation is quite intense. 
This is an area of R&D that is very coordinated in the U.S. 
Government. We have a very good handle on who is doing what, 
and people are eager to stay in their lane, to collaborate with 
others in order to get the most out of resources. We are 
collaborating, as I said, with DOE, for example, on electric 
grid cybersecurity. And they meet monthly to talk about 
particular topics and everybody presents what they are doing. 
So who is doing what is made quite transparent.
    To your question about how do we cooperate with the private 
sector, the U.S. Government's investment in cybersecurity is 
coordinated through the Industrial Coordinating Councils, also 
managed out of the White House. So we are very involved in S&T 
in the Financial Sector Coordinating Council, in the Electric 
Grid Council, and also, we have a consortium of the big five 
oil and gas companies with whom we are working on a variety of 
cyber projects that they choose. They decide what the biggest 
vulnerabilities are and then we help them with fixes and we 
help them to disseminate those fixes.
    Chairman Carper. Take just 1 minute, and then I am going to 
yield to Senator McCaskill and run out and take a quick phone 
call, but how do you track the performance of your cyber R&D 
programs? And maybe just give one or two quick examples, but 
just be very brief, please.
    Dr. O'Toole. Cyber moves very fast. You can get a fix out 
there and it will be overtaken by the adversary months later. 
So this is very complicated.
    We basically measure progress by whether our solution has 
been picked up. We have had McAfee and Microsoft, for example, 
buy and incorporate cybersecurity solutions that we developed 
by supporting small companies. We also track how widely it is 
being used. In that one case, a $5 million investment in 
collaboration with DARPA, actually, resulted in half-a-billion 
computers being equipped with this particular malware 
protection.
    And we also get feedback from the venture capital 
community, which is extremely active in this area now, on the 
quality of our fixes. They are very interested in what we 
invest in because we, have a reputation of doing good work. But 
it is hard to judge efficacy in this field and we do it by, 
does it get commercialized? Does it get picked up? And how 
widely dispersed is the fix?
    Chairman Carper. OK, thanks.
    I am going to yield to Senator McCaskill and I will be 
right back, so----
    Senator McCaskill. I have a--and I will not be long, so 
should I dismiss the witnesses when I am finished? No. Ask them 
to stay? OK. I did not get what he said. [Laughter.]
    You are on your own. I am going to just ask you a couple of 
questions and you are on your own.
    I do understand that this is difficult, what you are tasked 
with doing, because you are being tasked to do cutting-edge 
research and technology to protect America. And I am not 
convinced that we are doing cutting edge. I think that there 
are component parts in DHS that are doing--and the GAO report, 
in fact, cited that, that we have research going on in 
component parts.
    I also am aware, Dr. O'Toole, that, for some reason, fair 
or unfair, your agency ranks at the very bottom in terms of 
best places to work. It is very bad, your rankings, from the 
people who work there. And I do not want you to--if you want 
to, you can respond today, but I would, as part of my questions 
for the record, there will be a number of specific questions 
about various projects, about when is the next risk assessment, 
how quickly are we pulling the plug.
    I do not want to be critical that you are pulling the plug 
on Gen-3 for BioWatch because I think part of the problem is 
plugs have not been pulled and we have wasted an awful lot of 
money. And, believe me, you have a way to go before you get to 
your big brother, the Pentagon, in terms of money that has been 
wasted, and the entire government in terms of IT.
    But I would like you to maybe in answers to these questions 
try to give a thoughtful response as to why the people who work 
in your Department rank your Department so low in terms of a 
place to work and to address the risk assessment and the fact 
that it is not occurring every 2 years and that means that we 
are getting down the line on things that are being done without 
really evaluating on an ongoing basis whether or not we are 
throwing good money after bad.
    I think your agency because of the responsibilities you 
have, has a much higher risk than many others in terms of good 
money being thrown after bad. And I am worried, because of a 
lack of documentation on projects, the fact that some of your 
recommendations that you are giving to some of your components, 
you did all that work on transit workers and then TSA just 
ignored you. Basically, we spent a lot of money developing 
technology for TSA and they said, never mind, we do not want 
it, and did not pay any attention to you.
    So there is something not right here, and I want to try to 
spend some time and energy--and be fair to you--to respond, 
because I do not think we have done enough oversight in this 
area. But I have kind of gotten into it now and I find it 
fascinating and interesting and that is really bad news for you 
because it means I am not going to go away until we get some 
more specific answers to these.
    So if you would like to respond about your----
    Dr. O'Toole. I would.
    Senator McCaskill [continuing]. Issues here, but it will 
also be part of the questions I will give you for the record.
    Dr. O'Toole. Good. I would appreciate that, Senator.
    First of all, I would like to offer to come and talk to you 
at length about these issues and particularly how S&T is trying 
to--and I think we have succeeded to a great extent--evolve a 
very efficient approach to R&D and how we are trying to partner 
with the components who do the acquisitions, and as you say, 
tighten up the front end of acquisitions when we devise the 
requirements that are going to guide what it is that we invest 
in. We do not want to find out at the tail end, as we are about 
to procure something, that we made a mistake and we are not 
getting what we need. But I would welcome the opportunity to 
talk about this or anything else you would like in person and 
at length.
    In terms of morale, this has been a source of enormous 
distress to me and to the Secretary, and actually to the entire 
DHS leadership, and we have discussed it for hours on end. I am 
happy to give you my view of what I think is going on, which I 
am sure is imperfect. We in S&T did followup surveys after the 
first abysmal congressional survey to try and get to the bottom 
of what is wrong and there are many facets to this.
    First of all, it would be useful if Congress made the 
survey every 2 years rather than every year, because what 
happens is just as we start to put in place the fixes, the 
results of the previous survey, the next one comes out. So it 
feels like there is never any progress.
    DHS employees are there for the mission. They say this 
again and again and they say it in the survey. I think it is 
very disheartening to have your agency constantly, almost 
without exception, bashed in the media and criticized. And God 
knows, as you say, we have this huge mission that is very 
difficult----
    Senator McCaskill. Welcome to our world. Amen. Touche. 
[Laughter.]
    Dr. O'Toole. That is one thing, because these people are 
public servants. They are not in it for the money.
    Second, one of the things that they told us in our survey 
was that they felt they did not have enough recognition for 
what they did do, so we put in place a whole series of, not 
rewards, but recognition ceremonies for progress that we had 
made and extra efforts that people had did, all of which has 
gone away in sequestration. We cannot have reward ceremonies. 
We cannot give bonuses. The 3-year freeze in salaries is 
beginning to really hurt. I mean, people are hesitating to buy 
houses and have second children because of this. So, over time, 
even though these people are not in their jobs to make money, 
that long-term pay freeze is very important.
    For us, one of the big impediments to doing our work, to 
getting out and meeting our customers and collaborating with 
others, is this rather draconian freeze on travel and 
conferences. Particularly for R&D, conferences are how we do 
work. And when you have to hire contractors in order to manage 
the paperwork involved in requesting permission to travel, 
something is wrong.
    So in the interest of more efficiency, in the interest----
    Senator McCaskill. Wait a minute. You have 439 people that 
work for you and you have to hire a contractor to do travel 
documents?
    Dr. O'Toole. Yes, to do it more efficiently, because I do 
not want to use Ph.D.s to fill out travel documents. We put 
together a very efficient process----
    Senator McCaskill. So all the people that are overseeing 
contracts and paperwork are Ph.D.s that work for you? What 
percentage of the people who work for you are Ph.D.s?
    Dr. O'Toole. No, the people who are overseeing contracts do 
not work for me. They work for the Office of Management.
    Senator McCaskill. OK.
    Dr. O'Toole. We can talk about this at length----
    Senator McCaskill. Yes, we need to, because----
    Dr. O'Toole. I should not have gotten you started.
    Senator McCaskill. You should not have told me you were 
hiring contractors to handle travel documents. That was not 
something----
    Dr. O'Toole. Well, no, it is----
    Senator McCaskill. Now I have another set of questions I 
need to ask.
    Dr. O'Toole. But I am saving money and I can prove it.
    Senator McCaskill. I would like to see that.
    Dr. O'Toole. OK. I can prove it. I am saving money doing it 
that way.
    Anyway, what has happened is people, as I am sure you do, 
feel very beleaguered. One big problem is the Civil Service 
Reward and Advancement Program. People say it is not fair. It 
is not. It is not. It is very broken. I mean, I am trying to 
run this organization and I have very little capacity to hire 
or fire. Imagine running an organization of this size and not 
being able to hire the skill set you need or fire people who 
are not performing. But that is the case across the Federal 
Government and people feel that very much is unfair.
    Senator McCaskill. Well, I appreciate your answer. I think 
what I would like you to give some thought to is this is a 
comparative survey and a lot of the problems that you indicated 
just now are across the Federal Government. So that would not 
be the answer as to why you are 292 out of 292, because 250 
have those problems and 10 have those problems. So that is what 
I would like you to reflect on, and we can visit----
    Dr. O'Toole. I will----
    Senator McCaskill. And I really appreciate you being here, 
and I hope you understand that all of this oversight is because 
it is needed and it is part of our job, and I hope that I was 
not too rough on you, but I was taken aback when you first kind 
of did not want to talk about Raxi and what it was and I think, 
clearly, in your job, I expected you to want to talk about it.
    So we will visit in person and continue and I will get 
questions to you.
    Thank you both very much. Thank you, Mr. Chairman.
    Chairman Carper. Thanks very much, Senator McCaskill. Thank 
you for your passion that you bring to this work.
    Sometimes I offer our witnesses an opportunity to give a 
short closing statement. Since we are running overtime right 
now, I am going to ask you to do that. You have just, sort of, 
given one, Dr. O'Toole, and I am just going to ask Mr. Maurer 
if you would like to make just a short concluding statement, 
just if you want to reiterate some things, emphasize some 
things, underline some things, feel free. If something new has 
come to mind you think you ought to leave it before us, this is 
a good time to do that.
    Mr. Maurer. Sure. Absolutely. I think the key takeaway from 
our discussion earlier from the GAO perspective is that it is 
important for DHS to define R&D. It is important for DHS to be 
able to know who is doing R&D within the Department, to have 
effective coordination mechanisms in place, to be able to make 
the necessary strategic tradeoffs, to make the wise decisions 
and make the most effective use of taxpayer dollars.
    Chairman Carper. All right. Thanks.
    Dr. O'Toole, just one last quick comment from you, if you 
want.
    Dr. O'Toole. Just I appreciate the opportunity to be here 
and I hope the Committee will be an advocate for using science 
and technology to make DHS more effective, efficient, and 
safer.
    Chairman Carper. I think it is safe to say that we will be. 
I hope you will not leave here discouraged. I hope you will 
leave here encouraged, both of you.
    I said to our staffs on both sides here, I said, I came 
into this hearing sort of uncertain as to how productive it was 
going to be, how constructive it was going to be. I think it 
has been, for me, very helpful and really encouraging. I am 
encouraged by your leadership, Dr. O'Toole, very encouraged.
    Dr. O'Toole. Thank you.
    Chairman Carper. And we have a lot of witnesses who come 
before us--I would say this to Mr. Maurer--we have a lot of 
witnesses from GAO. You are just two very excellent witnesses. 
For those who you work with and whom you lead, I want you to 
take back my appreciation for the work that is being done.
    Our staffs have heard me tell, probably more than they want 
to remember, the story of my driving to the train station. I go 
back and forth on the train most nights to Delaware. I drive 
into the train station early in the morning, listen to National 
Public Radio (NPR), and before I got to the train station to 
catch my train to come down here, and hearing about a year ago 
an international study done to ask the following question. What 
is it that gives people joy or satisfaction in their work? What 
makes people really satisfied in their work? What is it?
    And some people said they--from all over the world, 
thousands--they like getting paid. [Laughter.]
    Some people said they liked having fringe benefits, sick 
leave, vacation, pension, whatever. Some people said they like 
the folks they work with. Some people said they like the 
environment, the space in which they work.
    But do you know what most people said? Most people, the 
thing that gave them real satisfaction about their work is that 
they found that the work they were doing was important. They 
felt it was important. And the second half of that is they felt 
like they were making progress. Put those two together. That is 
what most people said.
    And I think the same is true here. We had a near meltdown 
in the Senate, as you may know. The old nuclear option 
fortunately defused and I think we have just a renewed spirit 
of cooperation and collegiality. I hope it extends beyond this 
week, and I am encouraged that it will.
    But just to take back to the folks you work with and lead 
that the work you are doing is important and I believe we are 
making progress, and God knows we need to.
    I have a beautiful closing statement that was prepared for 
me. I just have one quote here I am going to just throw out 
before I close, and it is Carl Sagan who once said, ``science 
is a way of thinking much more than it is a body of 
knowledge.'' That is pretty good.
    Part of our challenge is to figure out how to use science, 
good science, to help protect our country and the people here, 
and I am encouraged we are doing a lot of smart stuff, and 
clearly, we can do more of that.
    I have a couple questions I am going to submit for the 
record, and I know Senator McCaskill and, I presume, Dr. Coburn 
and other colleagues will, too. The hearing record is going to 
remain open for about 15 days--I think that is until August 1--
at 5 p.m. for the submission of statements and questions for 
the record.
    I want to thank our staffs, both our Minority and Majority 
staffs, for their work in preparing for this hearing. They do 
not just happen by themselves, but they have done good work. 
You all have done very good work here today.
    And with that, this hearing is adjourned. Thank you.
    Dr. O'Toole. Thank you, Mr. Chairman.
    [Whereupon, at 12:17 p.m., the Committee was adjourned.]




                            A P P E N D I X

                              ----------                              



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]




                        EXAMINING CHALLENGES AND
              ACHIEVEMENTS AND ADDRESSING EMERGING THREATS

                              ----------                              


                     WEDNESDAY, SEPTEMBER 11, 2013

                                       U.S. Senate,
                             Committee on Homeland Security
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 9:30 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Thomas R. 
Carper, Chairman of the Committee, presiding.
    Present: Senators Carper, Pryor, Baldwin, Coburn, Johnson, 
Ayotte, and Chiesa.

              OPENING STATEMENT OF CHAIRMAN CARPER

    Chairman Carper. Well, welcome one and all to this 
important hearing.
    Today marks the 12th anniversary of September 11, 2001. 
Coming down on the train today, Dr. Coburn and colleagues, I 
was reminded that 12 years ago exactly to this day, to the 
hour, to the minute, what was going on in our lives. So it is a 
very poignant day, a sad day, but a day that is not without 
hope. But it is a day for reflection--not only a day that we 
lost a lot of our fellow Americans, but a day that brought with 
it a sense of unity that we do not often see in this town and 
in this country in the wake of a terrible tragedy.
    There is going to be a moment of silence a bit later, I 
think observed here in the Capitol. I am going to ask us just 
to start this hearing with a moment of silence, and then I will 
introduce our witnesses and make some statements and begin. But 
if you will just pause now for a moment of silence, please.
    [Moment of silence.]
    Thank you.
    One of the things that our chaplain--some of you know our 
chaplain, Barry Black, a retired Navy Admiral. He always 
encourages us to pray for wisdom, each and every one of us in 
our own way, and that is probably a good thing for us to 
remember on this day.
    This anniversary also provides us with an important 
opportunity to think about all the efforts we have taken to 
secure our country since that fateful day, as well as the 
challenges that lie ahead.
    With us today we have just a remarkable group of witnesses 
that will share their thoughts, their counsel, on what we have 
accomplished since September 11, 2001, and the future of 
homeland security. We are just honored that each of you are 
here and delighted that you would come, and thank you so much 
for joining us and really for your service, your extraordinary 
service, to our country.
    This year, the Department of Homeland Security (DHS) turned 
10 years old. And while I am sure we can all agree that the 
Department can do a better job in certain areas, we should not 
forget about the remarkable progress that has been made in 
keeping Americans safer since Tom Ridge helped to open the door 
of that new Department those many years ago. There is no doubt, 
in my view, that we are safer today than we were 10 years ago 
in spite of greater threats to our Nation and to our well-
being.
    I want to take a couple minutes to highlight some of the 
more significant accomplishments, if I could.
    We have enhanced aviation security through a more risk-
based, intelligence-driven system that begins screening 
passengers against national security databases roughly 4 days 
before they ever board an aircraft.
    We have improved our preparedness for and our ability to 
respond to disasters while cutting red tape at the Federal 
level.
    We saw the fruits of these efforts in the response 
following the Boston Marathon bombings and also the natural 
disasters that struck my part of the country, including 
Hurricane Sandy.
    We have increased the security of our Nation's borders with 
historic levels of manpower and resources.
    And we have built up cybersecurity capabilities to work 
with the private sector and Federal Government agencies in 
preparing for, responding to, and mitigating against the ever-
growing number of cyber attacks.
    But is there still room for more improvement? And I would 
just say you bet there is. One of my favorite sayings is, ``The 
road to improvement is always under construction.'' And that is 
true in this venue as well. One way the Department can improve 
is by doing a better job of preparing for tomorrow's threats 
today.
    We do a pretty good job in this country at fighting the 
last war and preparing for the last type of attack, but to 
secure our homeland we must do an even better job at 
anticipating the next kind of attack that we will face. Ten 
years ago, for example, relatively few people were even talking 
about or thinking about cybersecurity. Some were, but a lot 
were not. Today we can hardly go a day without reading about a 
cyber attack or hearing about a cyber attack in the news, 
oftentimes many attacks.
    To respond to the challenge of ever-changing threats, we 
need a Department of Homeland Security that is flexible and 
ready to adapt when necessary. And sometimes we just need to 
use some common sense. If a program is not working, we should 
not just keep throwing good money after bad. Rather, we must 
work smarter with our limited resources and find ways to get 
even better results for less money or for the same amount of 
money.
    That is why Dr. Coburn and I are holding this hearing and a 
series of others. Actually, at the beginning of this year, he 
suggested that we focus on reauthorization. We have never done 
a reauthorization of the Department of Homeland Security. He 
suggested that maybe a good way to do that would be to do a 
year-long series of hearings that are relevant to the 
Department and its functions and looking forward. And this is 
one of those hearings, and a really important one.
    We are doing this top-to-bottom review of the Department so 
we can learn from instances where the Department succeeded and 
where it came up short. And this information will help us to 
better focus our scarce resources on what works.
    As the Committee conducts this review process, we will be 
looking to ensure that the Department is making smarter 
acquisition decisions, developing an even more agile and 
capable workforce, and improving its financial management 
systems. This review will also look at how we can strengthen 
the defenses of our homeland against very sophisticated and 
highly agile threats.
    One of the most important things we can do to improve 
homeland security is to come together to pass cybersecurity 
legislation, either in pieces or together as a comprehensive 
policy, a comprehensive approach for our country. The threat is 
too great and the consequences of inaction are too severe to do 
nothing. Enacting a thoughtful, comprehensive cybersecurity 
policy has not been easy, as we know. But we have a shared 
responsibility--both Democrats and Republicans, House and 
Senate, government and industry--to get this legislation across 
the goal line and into the end zone hopefully this year.
    We already saw many of the different parties come together 
to pass comprehensive immigration reform in the Senate a few 
months ago.
    I do not agree with everything in that bill, and I know my 
colleague here, Dr. Coburn, and I suspect Senator Johnson do 
not agree with everything either. But I believe the approach 
that we have taken in the Senate is vastly preferable to our 
current immigration system, the failings of which undermine 
both our national and economic security. It is my hope that the 
House will pass its own version of immigration reform so we can 
go to conference, make it even better, and pass the kind of 
historic piece of legislation that our country needs.
    So as we remember 9/11 and discuss the challenges that lie 
ahead, we must seek to recapture that spirit of unity that 
prevailed 12 years ago today, and we need that if we are going 
to succeed in making not just the Department of Homeland 
Security stronger over the next 10 years but our Nation 
stronger going forward into the future.
    So I look forward to working with Dr. Coburn and with our 
colleagues, even Senator Johnson over here, who is so good at 
coming to our hearings. He is always faithful in attendance and 
asks good questions. And we look forward to working with the 
Administration, with our witnesses, and a whole lot of other 
folks that are going to help us figure out how to do this job 
of shared responsibility better.
    So with that having been said, let me turn it over to Dr. 
Coburn for any comments he wants to make. Thank you.

              OPENING STATEMENT OF SENATOR COBURN

    Senator Coburn. Thank you, Senator Carper. I have a 
statement that I will place in the record.
    I have a lot of concerns with Homeland Security. One of the 
editorials that was in the New York Times today talked about 
the lack of focus on multiple committees--the focus on multiple 
committees instead of single committees of jurisdiction, and I 
know it is difficult for Homeland Security to answer all the 
questions from the 88 different committees and subcommittees 
that they have to answer to. And that is one of the things that 
we ought to be about changing because our frustrations are we 
cannot ever get answers. And I am sure it is not always 
intentional that we do not get answers. Sometimes it is, but it 
is because we are asking so much information all the time where 
the people who actually have responsibility at Homeland 
Security cannot do their job because they are busy answering 
questions of Members of Congress. So the disorganization.
    The other concern I have with Homeland Security is it has 
turned into an all-hazards agency, which was never its intent. 
And it has abandoned risk-based policies to put money where 
risk is rather than money where risk is not. And the 
politicians in Washington have very much accounted for that.
    In my opening statement that I will put in the record, 
there are a large number of areas where we are incompetent, 
whether it is in terms of either metrics or effectiveness, and 
we have not held the hearings that are necessary to straighten 
that out.
    I would welcome all of our panelists. Thank you for your 
service in multiple areas for our country. And I hope that you 
can give us some wisdom--I have been through your testimonies. 
I hope that you can give us some wisdom how to streamline and 
not undermine the goal and the long-term changes that need to 
be made in Homeland Security to get us back to a risk-based 
agency instead of a grab bag of political benefits agency.
    The final point I would make is that transparency is 
important, and the difficult job you had, Governor Ridge, in 
terms of bringing all these agencies together. We have had good 
Homeland Security Directors and Secretaries, but the idea that 
you can effectively manage this--and we have all the data to 
say that we are not effectively managing it. And so my hope 
today out of this hearing is that we will hear some great ideas 
on how you change the structure.
    And the final point I would make is we have 15 of the top 
17 positions at Homeland Security open, and to my knowledge, we 
only have two nominees pending in that area. And I may be 
wrong. That is my guess. I think we have two.
    So leadership matters, and having people in positions 
instead of acting people in positions is very different in 
terms of accomplishing the goals that need to be accomplished 
at Homeland Security.
    So I welcome you, thank you, and look forward to your 
testimony.
    Chairman Carper. Thank you. Thank you, Dr. Coburn.
    Before I introduce our witnesses, I will just note, if I 
could, that at 11 o'clock there is going to be a gathering of 
Members of Congress and former Members of Congress, I think on 
the east steps of the Capitol, for an observance. And my hope 
is that we would work right up to just before that time, and 
hopefully we will be in a position to conclude, to adjourn; and 
if not, I may ask to adjourn fairly briefly but come back in 
about half an hour. Hopefully we can be done. I know at least 
one of you has a tight schedule herself.
    All right. I want to just briefly introduce our first, or 
not so briefly, the first witness. Tom Ridge and I came to the 
House together in 1983, 30 years ago today. We were both in our 
mid-twenties, maybe early twenties. But we both served in the 
Vietnam War together, he with real distinction, as just a hero, 
and very modest about it. But we ended up on the Banking 
Committee together, and I think in the 102nd Congress, I think 
we ended up leading--on the Banking Committee, we had a 
Subcommittee on Economic Stabilization, and people said to me 
in the past years, ``Tom, what did you accomplish in those 2 
years that you and Tom Ridge led that Committee?'' I said, ``We 
laid the foundation for the longest-running economic expansion 
in the history of the country.'' And we stepped down from our 
responsibilities in 1993 and we were on our way to 8 glorious 
years. He went on after that to become Governor of 
Pennsylvania, our neighbor to the north, and the first 
Secretary of the Department of Homeland Security.
    Since stepping down as Governor, he has not only led the 
Department, but he has also served as chairman of the National 
Security Task Force at the Chamber of Commerce and on boards of 
the Institute of Defense Analysis, the Center for Studies of 
the Presidency and Congress, and chairman of the National 
Organization on Disability. Meanwhile, he travels the world as 
head of his firm, Ridge Global, and any number of other 
entities. Somewhere along the line, he found time to convince a 
woman named Michele to marry him, and they have two wonderful 
kids that we have been privileged to know, Leslie and Tommy.
    We are delighted to see you and thank you for your 
friendship and thank you for your extraordinary service to our 
country.
    Next I want to welcome Jane Harman, former Congresswoman 
from California's 36th District. During her tenure in the House 
of Representatives, Congresswoman Harman distinguished herself 
as one of the top national security voices in the House, 
serving on the House Armed Services Committee and the 
Intelligence and Homeland Security Committees. She was also one 
of the principal authors of the Intelligence Reform and 
Terrorism Prevention Act of 2004. Congresswoman Harman now 
serves as the Director of the Woodrow Wilson Center. She is 
also a member of the External Advisory Board for the Department 
of Defense (DOD), State, and the Central Intelligence Agency 
(CIA), and does a million other things. So it is great to see 
you. We welcome you warmly.
    Our next witness is in his civvies today, with facial hair, 
and I was kidding him earlier. I would not have recognized you 
had I not known it was you and that you were coming today. But 
it is great to see you. You are a hero in this country, a hero 
in the Coast Guard, and in the Department of Homeland Security. 
I have enormous respect and affection for you, as you know. 
Thank you for all that service. I wish you well as, I 
understand, the executive vice president at Booz Allen 
Hamilton, and we are happy for you for that opportunity, well 
deserved. But in the Coast Guard, Admiral Allen led the effort 
to respond to and recover from Hurricane Katrina after the 
first couple of weeks of the initial response as well as the 
Deepwater Horizon oil spill. And for that service and a million 
other things that you have done and continue to do, we welcome 
you. I want to thank your family for allowing you to serve our 
country and share you with all of us.
    The final witness is Stewart Baker batting cleanup, former 
Assistant Secretary for Policy at the Department of Homeland 
Security, a partner--are you partner now?--at Steptoe & Johnson 
here in D.C. I understand you have a book out. You are the 
author of a book. I love this title: ``Skating on Stilts: Why 
We Aren't Stopping Tomorrow's Terrorism.'' Good luck with that.
    In his position, Mr. Baker established the Department's 
Policy Office. He led successful negotiations with foreign 
governments over data sharing, privacy, and visas, and 
established a secure visa-free travel plan. What years did you 
serve in the Bush Administration?
    Mr. Baker. 2005 to 2009.
    Chairman Carper. OK. Thank you for that. And I want to 
again thank all of you for being here. Your entire statements 
will be made part of the record, so feel free to testify. We 
are going to lead off, I believe, with Governor Ridge, and I 
just want to say to Senator Chiesa, nice to see you. Welcome. 
Always a pleasure. He is the Senator from New Jersey whom you 
may or may not know. He is a great addition to this Committee 
and to this body.
    Governor. Congressman.

    TESTIMONY OF THE HON. TOM RIDGE,\1\ PRESIDENT AND CHIEF 
  EXECUTIVE OFFICER, RIDGE GLOBAL, AND FORMER SECRETARY, U.S. 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Ridge. Thank you very much. Good morning to my former 
colleague and my friend, Tom Carper. It is a great pleasure to 
appear before you and Senator Coburn.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Ridge appears in the Appendix on 
page 492.
---------------------------------------------------------------------------
    As they say, let me associate myself with the gentleman's 
remarks with regard to a risk-based approach, with regard to 
consolidating the incredible labyrinth of the jurisdictional 
maze that the Secretary and his or her Department have to 
continually respond to up here on the Hill. It was one of the 
recommendations of the 9/11 Commission, and 10 years later, 
that one and the other recommendation they made was with regard 
to a broadband public safety network. That is 10 years in the 
making. There is some legislation. We are a long way from 
execution. So I really appreciate your words in those regards. 
And to the other Members of the Committee, it is a great 
pleasure for me to spend this morning with you on this very 
historic and very important day.
    I appear before you in my wonderful personal capacity as a 
private citizen as well as the chairman of the U.S. Chamber of 
Commerce's National Security Task Force. The task force is 
responsible for the development and implementation of the 
Chamber's homeland and national security policies. Frankly, it 
is a voice for businesses across America. It certainly informs 
my perspective on many issues, but it does not dictate it 
because my work there is strictly voluntary. I am neither a 
lobbyist nor a paid advocate, but we do have certain views that 
we share, and I am happy to advocate when we share them.
    I welcome the opportunity to appear here to examine ways in 
which we can secure America's future. Since we have limited 
time, I would ask permission to revise and extend my remarks.
    Before I begin I want to, on this anniversary, acknowledge 
the families that lost loved ones on September 11th. We all 
know where we were. I had the opportunity to visit Shanksville 
a couple of hours after the plane went down.
    So the reason we are here is to work together and to do our 
best to ensure that such events do not happen again and that 
other families do not have to suffer like the families of our 
9/11 heroes.
    With your indulgence, I would like to make a few general 
observations first and then focus on what I believe is a cross-
cutting issue that both DHS and the broader Federal Government 
has faced in the past and has the potential to complicate our 
security forevermore.
    First of all, briefly, it is becoming clear that members of 
this body intend to pass some form of immigration reform. I 
think that is relevant to homeland security. DHS components can 
be expected to play a significant role in implementing these 
reforms. My position is that the time has come to grant status 
to those who wish to enter to our country legally, to work 
lawfully, to pay taxes, and deal with the issue that we have 
talked about for 10 years, and that is, the undocumented 
individuals who are here. I think it can be done. I hope this 
Congress does it. But I also think Congress has to balance this 
responsibility with providing adequate resources to the 
Department of Homeland Security in order to affect the outcomes 
that the broader American public want to achieve. We can talk 
about reaching consensus in Washington, but unless any reforms 
are resourced appropriately, DHS components will be saddled 
with an impossible mission in the critical area of border 
security.
    I am not going to discuss my deep and abiding concern about 
the number of critical senior-level vacancies at DHS. It has 
been addressed. It is disconcerting that an agency, if it is 
perceived by our government, the U.S. Government, to be as 
important as I believe it is, to have 15 vacancies, or whatever 
the number is, at any time. And yet these vacancies have lasted 
for quite some time. You are aware of it. I just urge the 
administration to fill the vacancies quickly and the Senate in 
a judicious manner and timely manner to exercise the advice and 
consent responsibilities and fill these positions.
    Let me spend the rest of my time discussing the challenges 
of information sharing, which I think goes to the heart of 
Homeland Security's responsibility. We do not generate 
intelligence. We are assigned from the get-go the enabling 
legislation to share it and provide whatever defensive measures 
we need to protect America.
    Information sharing is an issue that has been with us since 
September 11, 2001, and cuts across a range of challenges that 
have and will continue to confront the dedicated men and women 
of Department of Homeland Security. We all know the nature of 
the terrorist threat has changed. As we have seen in Iraq, 
Afghanistan, and today in Syria, our enemy is no longer just al 
Qaeda, but like-minded organizations and nation states that are 
willing to ally themselves in order to harm their common 
enemy--the United States. In my opinion, this will require the 
intelligence community to renew its commitment to work more 
closely with one another than ever before. Congress in its 
oversight role should ensure that DHS specifically remains 
plugged into the Federal intelligence community horizontal 
across the board. For if intelligence indicates a physical or 
cybersecurity threat against the homeland, DHS by enabling 
legislation is the agency required to work with our partners 
along the vertical--required to work with the State and locals, 
required to work with the private sector. That is embedded in 
the enabling legislation. Further, we should ensure that the 
great progress that has been made for information sharing with 
our State and local partners--such as the establishment of 
fusion centers--continues to be nurtured.
    No discussion of the DHS threat environment or about 
information sharing can be complete without discussing 
cybersecurity in greater detail. There is no part of our 
national economy, infrastructure, or social fabric that is not 
in some way connected to the Internet backbone--our critical 
power and communications, transportation, product supply 
chains, and financial systems. And DHS owns many of these 
sector-specific relationships.
    Let us face it. The cyber threat is not new or emerging. In 
fact, when I was Secretary, in 2003, a full decade ago, the 
first U.S. National Strategy to Secure Cyberspace was released. 
Greater awareness of this threat may be emerging, but the 
threat itself has been with us and will be with us for the rest 
of our lives. As the first Secretary of Homeland Security, I 
have a particular perspective on this issue.
    We learned after September 11, 2001, and we learned after 
Hurricane Katrina and we keep learning after all these 
incidents that information and coordination sharing could have 
been better, and some people refer to a digital cyber Pearl 
Harbor. Well, at least in that instance, historians say that we 
did not have notice of the emerging threat. Well, I do not 
think this is the cyber Pearl Harbor, because we have notice, 
and it is not an emerging threat. It is a constant and ever-
changing dynamic threat. So I am more inclined to say that it 
may end up being a cyber Hurricane Katrina where we had notice 
but we were not as prepared as we should have been until Thad 
Allen got there and cut through the Gordian knot of problems 
and began to address the situation that he confronted on the 
ground.
    I have several more pages of testimony. I see my time is 
running out. But I hope we get to this area in the question and 
answer (Q&A). At the end of the day, the sharing of information 
between the U.S. Government and the private sector 
specifically--and I can refer to the enabling legislation that 
says that is where DHS has a very significant legislative 
role--is absolutely critical, and not in a prescriptive form. 
It cannot be in a prescriptive form. We cannot mandate 
regulations. There are plenty of standards out there, and, 
frankly, the President's Executive Order (EO) asking the 
National Institute of Standards and Technology (NIST) to set 
the standards is something that we all welcome and we engage, 
but we hope we give it a chance to work and assure that the 
private sector is involved and engaged, because it is that kind 
of collaboration that is absolutely essential. And you are 
never going to defeat the cyber enemy, whether it is a nation 
state, organized crime, any organization, by having the private 
sector check the compliance box. We did all that Congress 
wanted us to do. That is not enough. That is inadequate. It is 
grossly ineffective. There has to be timely and continual 
information sharing horizontally within the Federal Government, 
particularly to DHS, and then vertically down to the State and 
locals, and particularly to the private sector. After all, the 
Federal Government relies on the private sector in order to 
function.
    So as I said before, we have some lessons to be learned 
about the inadequacy of what the Federal Government is doing to 
protect its own information. I think it would be helpful not 
only when we repair that, but we also make sure that we 
facilitate the day-to-day engagement and sharing of information 
with the private sector.
    I thank my colleagues who are on the panel, distinguished 
patriots as well, for the opportunity to appear with them, and 
I thank the Chairman and the Committee for the opportunity to 
share these remarks with you this morning.
    Chairman Carper. Thank you for those remarks very much.
    Congresswoman Harman, please proceed.

        TESTIMONY OF THE HON. JANE HARMAN,\1\ A FORMER 
    REPRESENTATIVE IN CONGRESS FROM THE STATE OF CALIFORNIA

    Ms. Harman. Thank you, Mr. Chairman. As I think every 
Member of this Committee knows, I have great affection for this 
Committee. I worked very closely with your prior management 
during 8 years on the House Homeland Committee and another 8 
years, some of them overlapping, on the House Intelligence 
Committee. Later today, at the invitation of Colorado Governor 
John Hickenlooper, I am flying to Denver where Senator 
Lieberman and I are appearing on a 9/11 panel in Denver this 
evening.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Harman appears in the Appendix on 
page 501.
---------------------------------------------------------------------------
    Chairman Carper. Well, I hope you will give them our best.
    Ms. Harman. I shall. And as my youngest daughter would say, 
your former Ranking Member, Susan Collins, is one of my 
``besties.'' And we stay close friends, and we all worked 
together on the intelligence reform law of 2004.
    I also have great affection for all of us testifying before 
you today, worked very closely with everyone on this panel on 
homeland topics, and we continue to stick together, which I 
think is a good thing.
    Twelve years ago today, as the towers were falling and the 
Pentagon fire was burning, I was walking toward the U.S. 
Capitol. My destination was the Intelligence Committee rooms in 
the Capitol dome--the place most consider was the intended 
target of the plane that went down in Shanksville. My staff 
called to alert me that the Capitol had just been closed, as 
were the House and Senate office buildings. So most of 
Congress, including me, milled around on the lawn in front of 
the Capitol. There was no evacuation plan. We had no roadmap 
for a response.
    Part of the solution which some of us recommended was to 
create a dedicated homeland security function, and that 
function we thought should be in the White House, and Tom Ridge 
became its first coordinator.
    Along the way, the White House proposed a much more 
ambitious concept, and in order to get this function as part of 
law, we embraced that concept, and then there became the 
Department of Homeland Security.
    Now in its tenth year, I am proud of my role as one of the 
Department's ``founding mothers,'' and I think we should 
acknowledge today the thousands of DHS employees who serve us 
daily around the country and the world. As we speak, Customs 
and Border Patrol (CBP) agents are in mega ports like the port 
of Dubai, and they are screening U.S.-bound cargo for dangerous 
weapons and materials. Specially trained homeland security 
investigation agents are in diplomatic posts everywhere in the 
world, and they are reviewing suspicious visas, and the 
Transportation Security Administration (TSA) screeners are 
daily depriving al Qaeda and other terror groups of the ability 
to turn more aircraft into weapons--a tactic we know they are 
continuing to attempt.
    Today, as Tom Ridge said, DHS remains a work in progress, 
but the efforts of its people are its backbone--and our 
backbone. We have a safer country because of them.
    A year ago, I testified here, and I noted some of the 
things that were going well at DHS. But I also noted 
challenges, and they include: An anemic intelligence function, 
something Tom Ridge just touched on; the need for DHS to focus 
more on its relationships with critical infrastructure owners 
and operators, something that is now happening because the 
cyber threat is increasing; and as mentioned by you, Mr. 
Chairman, the failure of Congress to reorganize its committee 
structure.
    Today, as you mentioned, there is a very good op-ed in the 
New York Times--I actually buy the print edition, called 
``Homeland Confusion'' but Tom Kean and Lee Hamilton, our good 
friends, and Lee preceded me as the president and Chief 
Executive Officer (CEO) at the Wilson Center, and we served as 
colleagues many decades ago in the House.
    I do not want to touch on all of this, but let me just 
briefly scope the bad news and the good news since last year.
    The bad news: We failed to thwart the Boston Marathon 
bombing; an exponential increase in cyber attacks; Edward 
Snowden; and the fact that the bomb maker, Ibrahim al Asiri, 
who belongs to al Qaeda, is still alive in the boonies of 
Yemen, despite our good efforts to retire his service.
    But there is significant good news. One is information 
sharing is improving. I know there is much to continue.
    Second, resilience. We showed resilience after Boston in 
particular, after the Boston Marathon bombing, and common sense 
is emerging in the way we approach homeland security. And to 
Senator Coburn's point, I think there is more support, and 
there should be, for a risk-based approach.
    Collaboration with the private sector on cyber, that is 
happening, and credit should go to--I guess she has just 
retired--the Secretary of Homeland Security Janet Napolitano 
for personally working on this issue.
    And we are getting ahead of privacy concerns.
    Let me just touch on these very briefly because my time is 
running out, too.
    Information sharing, Tom Ridge talked about it, but the 
Committee should take credit for the fact--and so should the 
Department--that homeland security grant money was critical. 
According to the Boston Police Department (PD), it helped make 
sure that the city was trained to share information rapidly 
during the emergency. DHS also participated in something called 
the Multi-Agency Coordination Center (MACC), that was 
operational before and during the marathon. And the MACC was 
critical in coordinating communications once the bombs 
exploded.
    Resilience--a very important factor in our country's 
ability not to be terrorized. It is not that we will not have 
future attempts and maybe even successful attempts at attacks. 
But if we fail to be terrorized, the terrorists lose. And DHS, 
again, and this Committee distributed almost $11 million to 
Boston, just to pick Boston, through its Urban Area Security 
Initiative (UASI). The money was used in part to upgrade over 
5,000 portable radios for first responders, install a 
communication system inside the tunnels of the Boston T, and 
conduct two citywide disaster simulations in coordination with 
DHS. This is a very good news story.
    Similarly, in Hurricane Sandy, which went fairly well, the 
Federal Emergency Management Agency (FEMA) activated in advance 
a National Response Coordination Center (NRCC), which was 
critical in terms of preventing more damage and speeding the 
recovery.
    Collaboration with the private sector on cyber.
    DHS will never ``own'' the cyber mission, but it is 
responsible for a central piece, which is critical 
infrastructure protection. And in the past year, DHS has 
tracked and responded to nearly--get this number--200,000 cyber 
incidents, a 68-percent increase from the year before. We will 
never get ahead of this problem if there is not a total lash-up 
with the private sector. And as Janet Napolitano and some of 
her team explained at the Wilson Center about 6 weeks ago, that 
is exactly what is happening. Kudos to the Department.
    Finally, getting ahead of privacy concerns. The Department 
itself has a Privacy and Civil Liberties Office. That office 
has trained many in the fusion centers--68 out of 78 fusion 
centers have received some training. There is enormous 
complaint out in the boonies about the invasion of privacy, and 
it is important that we do two things: One is protect the 
American people, and two is protect the American people's 
privacy. It is not a zero-sum game. It can be handled with 
proper training.
    And, finally, the Administration has fully populated the 
Privacy and Civil Liberties Oversight Board (PCLOB), which was 
created by the 2004 law and which was never functioning until 
May, and that should be helpful, too.
    Let me just conclude by saying DHS will continue to face 
difficult challenges, including al Qaeda's enormous ability to 
evolve, the rise of lone wolf-terrorists, the constant increase 
in the type and sophistication of cyber attacks, especially the 
risk of exploits in software, and privacy issues. But most 
attempts to attack us since September 11, 2001, have been 
thwarted, for which thousands of selfless DHS people deserve 
our thanks, and so do our former Secretaries of Homeland 
Security, starting with Governor Ridge over here, and so do 
Members of this Committee.
    Thank you very much, Mr. Chairman.
    Chairman Carper. Congresswoman, thank you so much.
    Admiral Allen, please proceed. Your whole statement will, 
again, be made part of the record. Feel free to summarize as 
you see fit.

   TESTIMONY OF THAD W. ALLEN,\1\ ADMIRAL, U.S. COAST GUARD 
       (RETIRED), AND FORMER COMMANDANT, U.S. COAST GUARD

    Admiral Allen. Thank you, Mr. Chairman, Ranking Member 
Senator Coburn, and Members of the Committee. Thank you for the 
opportunity to testify this morning.
---------------------------------------------------------------------------
    \1\ The prepared statement of Admiral Allen appears in the Appendix 
on page 505.
---------------------------------------------------------------------------
    Like Secretary Ridge, for the record, I am testifying in my 
personal capacity today and am not representing any particular 
entity. I would note, however, that the op-ed piece that was 
published this morning by Lee Hamilton and Tom Kean was the 
result of an Aspen-sponsored task force on congressional 
oversight of the Department of Homeland Security, and I am a 
member of that task force, for disclosure.
    I am also pleased to be here with comrades Jane Harman and 
Stewart Baker. These are people that I have worked with over 
the years and I hold with great respect and consider them 
friends and role models. I am glad to be here with them.
    As you mentioned earlier, Mr. Chairman, it is hard not to 
sit here this morning and not recall the events of 12 years ago 
and what has transpired in the interim. I was the Coast Guard 
Atlantic Commander on 9/11, and what happened that day was 
something I thought I would never see in my career, and that 
was a Coast Guard cutter stationed off the tip of Manhattan 
with its guns uncovered. It was a chilling site. We closed the 
port of New York. We closed the Potomac River north of the 
Woodrow Wilson Bridge and then used Coast Guard vessels to 
resupply Ground Zero because there was such a problem getting 
vehicles in and out. So this was a consequential event for the 
Coast Guard as well, and I, like the members of the panel here, 
pass on our best regards to the families that were impacted by 
that terrible event.
    I have testified before this Committee on several occasions 
since my retirement, and in each of the testimonies, including 
today, I have done a little bit of a retrospective on where the 
Department is at. I am not going to go into that today. I would 
say that I was the Chief of Staff of the Coast Guard when the 
Department was established and led the transition out of the 
Department of Transporation (DOT) into the Department of 
Homeland Security, and I have spoken over the years on many 
occasions about the conditions under which the Department was 
formed, which was bureaucratic light speed, just a little over 
3 months. And the issues associated with trying to bring all 
that together, including--it was in the middle of an 
appropriations year. It was between sessions of Congress. I 
think Secretary Ridge was confirmed the day before he became 
the Secretary, if I remember correctly.
    Mr. Ridge. Correct.
    Admiral Allen. That is a lot of stuff going on at the same 
time, but I think we have to move beyond the aggregation of 
entities that came into the Department and the conditions under 
which the Department was created and kind of get beyond that. 
You can talk about that as a means for why the Department kind 
of is the way it is. But I think 10 years later we have to 
actually sit down and say what is going on here and where do we 
need to go.
    So I would like to associate myself with the remarks that 
were made by Secretary Ridge and Jane Harman. They have talked 
about the what. I would like to talk a little bit about the 
how, because ultimately we need to know, moving into the 
future, how we are going to attack these problems and what is 
the best way to do that. And the central part of all of us and 
a recurring theme you are hearing is information sharing, 
because information sharing is the precursor to unity of effort 
and more integrated operations in the Department of Homeland 
Security, not only in mission execution but in mission support, 
all the back-room operations that actually enable folks to put 
boarding teams on, to have TSA inspectors screen people, and 
that is financial operations, human resource (H.R.) operations 
and so forth. So I would like to talk in general about the 
border, resiliency, counterterrorism, law enforcement, and 
cybersecurity, as has been previously referred to.
    Regarding the border, there is a lot of talk right now 
about the southwest border in relation to comprehensive 
immigration reform. And while we move forward and define what 
the policy is going to be and what we are going to do in 
relation to the number of illegal immigrants that are in the 
country right now, I think we need to remember that we have a 
border that is very complex and goes well beyond what I would 
call a geographically and physically described border. It is a 
functional border that also includes the analysis of data and 
the movement of cargo that are never touched by human hands but 
are virtually carried out and we have to carry out our 
functions as a sovereign government in a global commons in a 
variety of ways, including air, land, sea, and cyber domains.
    So when we look at border security, I would just urge the 
Committee to try and understand that it is a combination of 
functions and it is a system of systems. And it cannot be 
reduced to oversimplistic fixes like fences or more Border 
Patrol agents. We have to figure out what is the nature of the 
problem and what is the best way to deal with it with all the 
tools we have available, including the aggregation of data on 
all border functions into a fused picture that senior leaders 
can take a look at. And I am talking about all the different 
license plate reader programs, passenger information, 
information on private arrivals of aircraft and vessels and so 
forth, bringing that together and putting that where there can 
be coherent analysis done against it.
    I think sharing and fusing of sensor information across all 
domains is incredibly important. We need to build an 
architecture that allows us to do that so we can understand the 
current conditions and the threats and how to react to them on 
the border.
    We need to visualize that knowledge for our leaders so that 
they can understand what we would call a common operating 
picture, and that in turn can be discussed with folks here in 
the Congress regarding oversight.
    And I think we need to look at, along the southwest border, 
not every part of the border is the same, and boots on the 
ground and fences are not the way to control the border. We 
need to look at areas where, say, there is no traffic, and 
conversations that I have had with some folks in the 
Department, we are actually using satellite imagery and going 
back and taking several runs at a time. And if there are no 
movements, you can pretty much say that is a low-risk area and 
start concentrating on where you think there is a risk involved 
there. I think in that way we could probably do a better job of 
looking at how we are managing the border.
    Congresswoman Harman talked about national resiliency. I 
think this is extraordinarily important. And I think it is 
important because we need to start looking at resiliency as 
something that resides way beyond natural disasters and what 
FEMA does for a living inside the Department.
    I am in favor of regionally based risk assessments that 
focus on the most likely and consequential events that occur, 
either natural or the man-built environments, and that includes 
understanding what population densities and critical 
infrastructure do and what kind of risk they present. And we 
need to figure out how to reduce those risks, including looking 
at building codes, land use, going beyond current floodplain 
legislation and regulations associated with that and try and 
look at the behaviors that need to be influenced to change how 
we think and act at a local level.
    I think we need to improve our incident management 
doctrine. Homeland Security Presidential Directive (HSPD)-5 is 
a general framework for the Secretary to manage incidents, but, 
frankly, when you have these large, complex incidents, it is 
very hard to support one Cabinet to another in an overarching 
way to understand incident management, especially in complex 
hybrid events, I think is extremely important.
    If you look at the possibility that we could have a 
combination of events that starts with a cyber attack, then 
gets into industrial control systems that produces a 
consequential kinetic effect, all of a sudden you have FEMA, 
the National Protection and Programs Directive (NPPD), the 
Federal Bureau of Investigation (FBI) through the National 
Cyber Investigative Joint Task Force (NCIJTF) there because it 
is a potential crime scene, and then you have the overall 
incident management, we do not have a coherent doctrine how to 
move forward on that.
    And, finally, we need an integrated national operations for 
Homeland Security. The National Response Coordination Center at 
FEMA is an excellent operation for what they do. The Coast 
Guard has an operations center. One of the big challenges in 
the absence of being able to consolidate on a campus at St. 
Elizabeths is the inability to create a coordinated operations 
center with every component there to be able to coordinate in 
direct operations.
    I have some other points, but I see my time is out, so I 
will submit that for the record. I will be glad to answer any 
questions you may have.
    Chairman Carper. Thanks. You crammed a lot into 5\1/2\ 
minutes. Thank you. That was a lot of wisdom.
    Mr. Baker, please proceed. Welcome.

  TESTIMONY OF THE HON. STEWART A. BAKER,\1\ FORMER ASSISTANT 
   SECRETARY FOR POLICY, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Baker. Thank you, Chairman Carper, Ranking Member 
Coburn, and Members of the Committee. It really is an honor to 
be here with Members of the Committee and members of the panel. 
All of us made promises to ourselves and to the country 12 
years ago and it is a pleasure to be here to have an 
opportunity to continue and rededicate myself with the rest of 
the panel to those promises.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Baker appears in the Appendix on 
page 515.
---------------------------------------------------------------------------
    There have been a lot of achievements in those 12 years, 
and DHS has contributed to many of them. It has many successes 
that we have heard about from other panel members that could 
not have been possible without the Department. It also has had 
some failings that I think you are talking about addressing 
quite directly. Reauthorizing legislation is an excellent idea. 
The idea of reducing the number of committees that provide 
disjointed oversight to portions of the Department would be an 
excellent approach, as would be building the equivalent of the 
Defense Department's Office of the Secretary of Defense.
    We have had three great leaders of the Department who, when 
they are focused on a problem, have the entire Department sing 
like a chorus. But when they have had problems that they cannot 
spend 1 day a week on or one meeting a week on, the components 
tend to drift off. And there is no institutional mechanism for 
keeping the Department in tune when the Secretary is pulled off 
or the Deputy Secretary is pulled off in another direction. So 
finding ways to build the Office of Policy, the Office of 
Management, into effective managers of many of those second-
tier issues would be very valuable.
    I want to talk mainly about an issue where I think the most 
opportunity for progress is offered, and that is in cyber. This 
is a terrible crisis. We are not solving it. We are falling 
behind. Many of the ideas that have been proposed are rather 
divisive, but it seems to me that there are at least three 
issues where the Department of Homeland Security could 
contribute to and that may form a basis for less divisive 
solutions.
    What seems clear to me is that, while we are falling 
farther behind, we also have more information about the people 
who are attacking us than we actually expected to have 5 years 
ago. We know what their girlfriends look like. We know what 
blogs they write. They are no more able to secure their 
communications than we have been able to secure our networks, 
and that offers some opportunity for actually bringing 
deterrence to bear, not simply defense. We cannot defend 
ourselves out of this cyber crisis. That is like telling people 
that we are going to solve the street crime problem by making 
pedestrians buy better body armor. That is not the solution. We 
have to find a way to actually capture and deter and punish the 
people who are attacking us.
    How do we do that? Law enforcement is very familiar with 
the idea of deterring and punishing attackers, but prosecuting 
the people who are attacking us, many of them overseas, many of 
them associated with governments, is probably not the most 
effective measure. What we need is new ways of bringing 
sanctions to bear on the people that we can actually identify, 
and DHS can lead that.
    If we used the law enforcement capabilities that the 
Department has at the Immigration and Customs Enforcement 
(ICE), at the Secret Service, integrated them in a smaller 
group, maybe on an experimental basis with NPPD and its 
defensive capabilities and its understanding of the attacks, we 
could gather much more intelligence about these people and then 
bring to bear new forms of sanctions--again, something DHS 
could take the lead in developing. Many of the companies that 
support these hackers by hiring them after they have finished 
their service for government, the universities that train 
them--need and want visas to come to the United States. I do 
not know why we are giving them visas if we know who they are. 
We should impose sanctions of that sort or, frankly, sanctions 
of the sort that Treasury uses today to deal with conflict 
diamond merchants or the Russian officials who oppressed the 
human rights of Mr. Magnitsky.
    We face attacks on the human rights of advocates right in 
the United States, cyber attacks on Tibetan activists and the 
like. We should be treating attacks on human rights that occur 
in the United States every bit as seriously as we treat the 
Russian Government's abuses inside Russia. And, again, DHS 
could be authorized to go looking for ways to bring those 
sanctions to bear.
    And then, finally, with respect to the private sector, it 
seems to me the private sector knows more about the attackers 
inside their networks than government will ever know. They are 
more motivated to find their attackers and to pursue those 
attackers, who often end up as their competitors. What is being 
stolen is competitive information. It is fed to competitors, 
and those competitors are operating in our markets. If we can 
gather intelligence and close the loop to find the 
beneficiaries of cyberspying, we can bring to bear criminal and 
other penalties on the beneficiaries of these attacks.
    That is not something we are doing now because there is not 
enough integration between the people who have the resources 
and the incentive to do that, the individual companies who are 
under attack, and the law enforcement agencies that are totally 
swamped by the nature of the task. If we experimented with 
giving the companies that are under attack more authority to 
investigate their attackers under the guidance and supervision 
of the government, we could make more cases and impose more 
sanctions on the people who are attacking us.
    So those are three pretty concrete ideas. There are plenty 
more in my testimony, which I ask that you read into the 
record. Thank you.
    Chairman Carper. Your full testimony will be made a part of 
the record. Thank you very much for your testimony today.
    I want to return to a comment of Dr. Coburn's. Several of 
you, as well as, I think, Governor Ridge, and the issue--I call 
it ``executive branch Swiss cheese.'' It is not just DHS. It is 
not just the Department of Homeland Security. We have too many 
vacancies throughout the Federal Government. The Administration 
I think has released just in the last couple of days an 
extensive list of nominees. We welcome that. A lot of them are 
in the Department of State. One or two are in this Department. 
We are still looking for an Inspector General (IG). We need 
someone to fill that position in this Department, and a bunch 
of other IG positions that are vacant. This is a shared 
responsibility. The Administration has a responsibility to vet 
and give us names of excellent people, capable, honorable 
people, hard-working people. We have an obligation to hold 
hearings, to vet those nominees, and, to the extent that we 
feel they will do a good job, to move them promptly. And the 
Administration needs to do their job. We need to do our job. 
And we will keep focused on that.
    Governor Ridge, we're wearing different uniforms, him in 
the Army, me in the Navy. There was a popular movie called 
``Five Easy Pieces.'' Some of you are old enough to remember 
the Jack Nicholson movie. A great movie. And I think 
comprehensive cybersecurity policy is not five easy pieces, but 
maybe six. And I just want to mention them, and then I want to 
ask a question of each of you about one of those.
    One of the pieces is critical infrastructure, how we best 
protect our critical infrastructure. That is a shared 
responsibility, as we know.
    Another piece is information sharing. I think almost every 
one of you has touched on that in your testimony.
    A third we call the Federal Information Security Management 
Act (FISMA), but it is really protecting the Federal 
Government's networks.
    A fourth piece is workforce. Governor Ridge and I have 
talked about this recently and Dr. Coburn and I have talked 
about this a lot. How do we make sure that DHS is able to 
attract and retain the kind of people that they need to do 
their job in this arena.
    Research and development (R&D) would be a fifth piece.
    And another one that falls outside of our jurisdiction but 
an important one is data breach. How do we respond to data 
breaches? What are the expectations of those who breach data? 
That affects a lot of people's lives.
    So those are sort of the six not so easy pieces that we are 
dealing with.
    Over the past couple of years, the Department of Homeland 
Security has been playing an important role in protecting our 
Federal networks and working to try to secure our critical 
infrastructure. Unlike the specific statutory authority that 
defines the Federal Bureau of Investigations or the National 
Security Agency's (NSA) work in this arena, the Department of 
Homeland Security's authority comes really from a patchwork of 
Presidential Directives. It comes from policy memos. It comes 
from vaguely written laws.
    In fact, one way I have heard it described is this: As far 
as cyber capabilities go, if the NSA has a Doberman, if the FBI 
has a German Shepherd, then DHS has a Chihuahua. Nothing 
against Chihuahuas, but they need a bigger dog because this is 
a big fight. And we want to make sure that we figure out what 
to do and give them that capability.
    While I would say that DHS is much further along in 
developing cyber capabilities than some people give the 
Department credit for, I do think that we ought to provide the 
Department with clear statutory authority to carry on their 
current activities so that it can be compared to something a 
lot stronger, a lot more formidable than a Chihuahua.
    Let me just ask each of you, do you believe that it is 
important for the Congress to empower the Department, this 
Department, with clear and explicit statutory authority to 
carry out its current cyber activities? These activities 
include working voluntarily with the private sector to protect 
against, to prepare for, and recover from cyber attacks. And 
would a better defined statutory mission of the current cyber 
activities--help to strengthen the Department's cyber 
capabilities? Governor Ridge, do you want to lead it off, 
please?
    Mr. Ridge. Senator, I think the enabling legislation that 
created the Department of Homeland Security, embraced in a 
strong bipartisan way by the House and the Senate, basically 
set up conceptually that very idea that DHS would really be at 
the epicenter of engagement down to the State and locals as 
well as the private sector. So, No. 1, I think it is certainly 
consistent with the original intent of Congress in terms of the 
role that DHS plays.
    Second, I think any gray that exists in the alignment of 
DHS' relationship with the private sector particularly, 
probably creates a great deal of confusion. Right now I know 
the private sector is reluctant to cooperate, for many reasons 
even to share information because of the absence of liability 
protection or those sorts. I realize you are not asking that, 
but I think if there is a gray area that can be cleaned up and 
there is a direct line of responsibility--and, by the way, you 
also have the opportunity then to hold them accountable for not 
doing the job consistent with what Senator Coburn said. You 
have been assigned some tasks. We do not think you are 
providing those very well. You can hold them accountable that 
way.
    Third, I would only say, however, that it will be important 
to do two things. One, I think it will be important to resource 
the Department appropriately. The men and women in DHS right 
now that are working on cyber, and government generally, let us 
face it, there are probably a lot more potential lucrative 
opportunities out there in the private sector. So we have some 
real patriots. R's and D's, Independents, it is immaterial. 
They are working hard on cybersecurity matters because they 
believe it is their contribution to their family's security and 
their country's security as well. But we are probably going to 
need to take a look at some kind of compensation adjustment to 
keep some of the best and brightest with us for some time. So, 
one, I think it is consistent with the enabling legislation.
    Two, I think clarity would enhance the kind of voluntary 
collaboration that I think is absolutely critical between the 
private sector and the Federal Government vis-a-vis DHS. And 
then if it is going to be the mandate, I think they need to be 
properly resourced.
    Chairman Carper. Good. Thanks very much.
    Again, the same question, if I could, for Congresswoman 
Harman. Would a better defined statutory mission of DHS' 
current cyber activities help to strengthen the Department's 
cyber capabilities?
    Ms. Harman. My answer is absolutely yes. The Administration 
did issue an Executive Order last year, which is somewhat 
helpful, but it will take legislation, and Secretary Ridge 
outlined a lot of the issues. There has been a difference of 
opinion among people up here about how robust DHS' authorities 
have to be. But the bottom-line problem is that the private 
sector does not trust DHS. That has been overcome to some 
extent by the really impressive efforts that Secretary 
Napolitano has made in the recent months to reach out for 
industry, and now there literally is a floor in the DHS 
headquarters where the private sector and appropriate DHS 
representatives are working together on cyber threats. So that 
is a good start.
    I just want to add a robust endorsement to your point about 
Swiss cheese. There are a couple of nominations that have been 
made by this Administration, and one of the nominees I know 
very well. She has been nominated for Under Secretary for NPPD, 
which is in charge of the cyber function, and I just mention 
her to all of you. Her name is Suzanne Spaulding. I hired her 
to be the staff director of the Minority on the House 
Intelligence Committee and worked with her for years. And 
before that, she was the Executive Director of the National 
Commission on Terrorism (NCT) on which I served, which was then 
chaired by L. Paul Bremer, Jerry Bremer, whom many of you know, 
a bipartisan commission that predicted a major attack on U.S. 
soil, one of three commissions that was not paid a lot of 
attention to. But we need nominees, and I would recommend, if 
anyone cares, the guy to my left as the new Secretary of 
Homeland Security.
    Thank you.
    Chairman Carper. I will not ask if anyone wants to move 
that the nominations be closed. [Laughter.]
    But we could do a lot worse. I do not know that we could do 
a whole lot better. But there is no shortage of, I think, 
really good candidates. We just need for the Administration to 
pick one and send us a great name. For Suzanne Spaulding, I 
think we have a hearing--I believe, Dr. Coburn, we have a 
hearing for her next week, and my hope is that we will be able 
to move that nomination quickly. She is an impressive 
candidate.
    Admiral Allen, same question.
    Admiral Allen. That is a tough statement to follow, but I 
will try. I think there are three things we have to look at. I 
do not think you can look at just the DHS authorities in 
isolation. And if I could just enumerate them, because I think 
it is really important.
    The first one is the current status of FISMA, which is 
basically a regulatory compliance tool to try and ensure that 
proper information security is being carried out in the 
government. There is a major step being taken right now to go 
move away from a compliance checklist mentality to continuous 
mitigation and measurement at the gateways so we actually know 
what is going on. That will be enhanced shortly by a dashboard 
which will pull that information up and allow it to be shared 
across the agencies. That is a phenomenal step forward, but it 
has been largely done through the congressional and 
appropriations process where money was provided to actually go 
out and solicit for that work to be done. So I think we need to 
move forward and figure out how we are going to transition from 
FISMA, which is a compliance program, to continuous monitoring 
of our circuits and how to move that information around.
    Second, as Jane mentioned, the Executive Order (EO) on 
cybersecurity and infrastructure protection has laid out a 
number of very important steps, including a voluntary framework 
for the private sector that is being developed by NIST right 
now in cooperation with all the parties. But we need to go 
beyond the EO, as Secretary Ridge said, and start looking at 
the issues regarding liability and what are the prohibitions 
that keep the private sector from being involved.
    So you have the FISMA revision; you have the EO on cyber, 
which is going to take legislation to completely solve that, 
and I think both of the other panelists have said that. And 
then, finally, what are the authorities and the jurisdictions 
that DHS would need to do that? If we put all three of those 
together, I think you have the complete package, and I think 
legislation is needed. But it should not be separate from 
legislation that addresses the issues with the private sector 
as well.
    Chairman Carper. Good. Thank you for those comments.
    Last, Mr. Baker, would a better defined statutory mission 
of the current cyber activities at DHS help to strengthen that 
Department's cyber capabilities?
    Mr. Baker. Yes, I think in a couple of ways.
    First, the technology is always evolving, and yet the law 
that we are operating under is 10 years old at least. In many 
cases authorities were simply transferred. And FISMA is a great 
example. FISMA envisioned doing security checks that would 
occur on paper and take months to accomplish. Yet the 
Department is now actually rolling out technology that will 
perform much of the FISMA checks in 3 days. And it is important 
to revise the law so it takes account of those capabilities and 
all of the other security measures that are being developed in 
this area.
    I would certainly support the idea that working with the 
appropriators is the best way to do this. Having a single 
unified appropriations process for the Department is the saving 
grace for the Department, and the more that can be done, the 
better.
    Similarly, the second point that I will close on is that in 
many cases the authorizing legislation needs to make clear 
that, while the National Security Agency has a big dog, it is 
an important participant--I used to work there, am very 
supportive of it, but everyone in the country needs to be 
reassured that when we are talking about cybersecurity, it is 
DHS that is setting the policy and dealing with the data, not 
the National Security Agency.
    So what I would say is maybe DHS does not need so much a 
bigger dog as a leash, and authorizing legislation can provide 
that kind of reassurance to the American people.
    Chairman Carper. Thank you all for those responses.
    I consulted with Dr. Coburn. We are talking about how do we 
better honor the loss of all those lives 12 years ago this 
morning. Do we honor it by recessing and going to join some of 
our colleagues on the steps of the Capitol for an observance? 
Or do we really better honor their lives and their loss by 
continuing to do our work here today? And we believe that the 
best way to honor them is for us to continue doing that. We are 
going to continue going through the 11 o'clock hour, and that 
will give us a chance to really drill down on some of these 
important issues.
    With that having been said, let me just yield to Dr. 
Coburn. Thank you.
    Senator Coburn. Well, thank you, Mr. Chairman. A couple of 
points based on what I have heard here today. The Homeland 
Security budget is twice what it was when you had it, and 
everybody knows we are resource poor right now. And the 
question is: How do you put metrics on what Homeland Security 
is doing?
    I would suggest, No. 1, there are 45 open areas from the 
Office of the Inspector General (OIG) that have not been 
addressed by the Department of Homeland Security on 
recommendations that they essentially agree with but they have 
not acted on. I do not know if that is a priority problem or a 
resource problem. But that list is growing.
    The second thing, on FISMA, Bobbie Stempfley is a great 
leader at Homeland Security. If we had a hundred Bobbie 
Stempfleys, we could all sleep great at night. But the fact is 
FISMA is going backward, according to the last Office of 
Management and Budget (OMB) report, not forward. So I am very 
hopeful, based on what you said, Admiral, on what we are going 
to see and what you said, Mr. Baker, in terms of improving 
that.
    The other point I would make is I asked the Congressional 
Research Service (CRS) to give us what statutory authorities 
Homeland Security has, and they have most of the authorities 
they need for everything. As a matter of fact, when Secretary 
Ridge was Secretary, he had them start all these things under 
these authorities. So we need to ferret out what we actually 
really need to do to give increased authority.
    The things that I am concerned about is I do not--first of 
all, we cannot afford to duplicate things that we are doing at 
NSA. And we heard from all of you, every time we have seen a 
problem since September 11, 2001, it is because of either a 
stovepipe or an individual judgment that was made in the wrong 
direction. Even with Boston, if you go to the intel on all 
that, what we know was we had some errors made by individuals 
or by process rather than have flat, good, horizontal 
communication that was real time.
    So Tom Carper and I do not disagree about what the goals 
are. The question is or the disagreement is: How do you get 
there and how do you hold people accountable?
    So information sharing is the key for us to be flexible and 
highly responsive when it comes to threats for our country, and 
how we do that is important.
    And I think, Jane, you said something that I think is 
really important. The confidence level by the public and the 
private sector in terms of DHS' capability to handle all this 
is a key hurdle we have to get over. And what we have to do is 
we have to walk before we run. And we have been crawling, and 
now I think we are walking, and I would attribute some of that 
to the most recent Secretary, but also to Bobbie Stempfley and 
her crew and some of the other things that are going on there.
    The other thing is privacy is a big deal. We have seen 
that. But we had a lot of problems at fusion centers with 
privacy. We put out a report that showed that, and they 
responded. They were starting to respond before that. But there 
is no privacy policy associated with the drones with DHS right 
now. We have an open letter that has not been answered. What 
are you doing about it? And yet there was no consideration of 
privacy as they made the policy for the use of drones. So there 
are big problems for us to address.
    I guess what I would ask is--and, by the way, I do need to 
make a correction. The President has nominated four positions 
out of the 15, not two, so I stand corrected on that: Office of 
General Counsel, NPPD, Customs and Border Protection, and Mr. 
Mayorkas.
    So I guess the question I would ask is: How do we 
incentivize to make sure we have real-time sharing across all 
the branches, one? No. 2, how do we reform Congress' oversight 
of DHS to where we limit the committees? Tell me how we do that 
so that we can make them react in a positive way and not spend 
so much time up here on the Hill but have good, clear 
communication and single authority coming out? We have most of 
the authority for Homeland Security, but that is not true in 
terms of a lot of other subcommittees. So your comments on 
those, and I would like each of you to address that, if you 
could.
    Mr. Ridge. Well, I would be happy to volunteer to begin the 
conversation. I must tell you, Senator, that I think your 
frustration with the growth of the Department in terms of 
personnel and dollars is something that I share a little bit. 
More is not necessarily better.
    I remember my first year as Secretary. A well-intentioned 
Congress on both sides of the aisle wanted to give me more 
money, and I said, ``Before you give me more money, I think I 
better take a look at it and see if we are doing an effective 
job with the money we already have.'' And I thank you and 
Senator Carper for bringing that mind-set.
    Someone told me that we have gone from 180,000 basically to 
240,000. I do not know what the number is, but, I mean, I just 
have no idea where the additional bodies are needed, 
notwithstanding some increase in personnel down at the border, 
CBP and ICE, like that.
    So I must tell you, I think at the epicenter of all the 
concerns you have addressed is the failure of this institution 
of the Congress of the United States to consolidate 
jurisdictions so that there are no end runs to protect vested 
interests that have been existing in silos for a long time. And 
I think the only answer to that is the will of this body to 
effect a change. Unless you can consolidate jurisdictional 
responsibilities so that a small group of Republicans and 
Democrats in both chambers have exclusive jurisdiction or 
nearly exclusive jurisdiction, you are going to see through the 
process--because we all know that it is a little byzantine, it 
is--everybody has allies on all these other committees, both on 
authorization and appropriation levels. We really need to do 
that. And I think if you can consolidate that responsibility, I 
think you can affect the kind of change that you are talking 
about.
    It is amazing to me that the Congress would ask two of 
America's great public servants--Lee Hamilton and Tom Kean--to 
spend about a year and a half or 2 years, take all that 
testimony, and say, ``We as a Congress want to know how we can 
help this new Department mature and how we can make our country 
safer,'' and two of the most obvious and needed recommendations 
made 10 years ago, consolidate jurisdiction on the Hill and 
private sector, a public safety broadband network so that 
police and fire and emergency responders can handle future 
crises and all that, and we are not there.
    Senator Coburn. The third one is risk based rather than all 
hazards.
    Mr. Ridge. Exactly, and the third one is risk based. I 
mean, clearly--but I must say, they are starting to do it at 
TSA. I mean, I like the pre-clear program. I know John Pistole 
has done a great job. They are moving in that direction. But I 
am going to say to my friends on both sides of the aisle here, 
quit arguing about a fail-safe border security platform; you 
will never make an absolutely secure border. What we want to do 
is reduce the risk. So we have to risk-manage the border, we 
have to risk-manage commercial aviation, we have to risk-manage 
everything across the board. But I think at the end of the day, 
Senator, if you are looking to achieve the outcomes that I 
think are generally shared on both sides of the aisle, the 
commitment is that strong, then I think the Republican and 
Democrat leaders in both chambers have to sit down before the 
next Congress and say, ``Enough is enough.''
    One final anecdote, and I say this with the greatest 
respect for my 12 years here on the Hill. I cannot tell you the 
number of times we have been walking over to a vote, and we 
would be leaving a committee or subcommittee hearing, and there 
would be lament among the members: ``Geez, we got five or six 
committee hearings and subcommittee hearings today, and we have 
to run from here to there.'' And everybody decries the pressure 
on legislators to do their job effectively and all these 
committees and subcommittees, but nobody wants to relinquish 
the seat on the committee or subcommittee. It may not be 
voluntarily relinquished, but if the leaders in both chambers 
say, ``As of this Congress this is done, we are making these 
changes, Homeland Security does not report to 100, it reports 
to 5 or 10,'' it will be done.
    So I think the answer to that is you have to get the 
leaders in both chambers and both parties to agree, because I 
think it is at the epicenter of solving the problems that you 
have just addressed. A strong letter to follow.
    Ms. Harman. Mr. Chairman, let me apologize in advance. I 
have to leave at 11 because I serve on a foreign policy board 
to the State Department, which has been rescheduled three 
times, but it is today, and the meeting with----
    Chairman Carper. We understand. We are just delighted you--
we will make the next 17 minutes count.
    Ms. Harman [continuing]. At 11:30 on my way to the airport. 
All right. So I apologize.
    Let me just address reorganizing Congress, which I think is 
absolutely essential and will be very difficult to do. I was in 
the painful conversations with--I am not sure if it was the 
Democratic Caucus; Maybe Senator Baldwin remembers back in the 
day--about the need for more jurisdiction for the House 
Homeland Committee, and the pitch was made and people nodded, 
and then someone from the House Commerce Committee stood up and 
said, ``Oh, no, but this notion of an interoperable emergency 
broadband network is central to our jurisdiction.'' And so, of 
course, read: No change. And people in this institution on both 
sides earn their power through their committee positions. And 
giving up power in this institution is not something people 
will do voluntarily.
    So I agree with Tom Ridge that the leadership will have to 
basically require it. However, the leaders earn their power 
through the loyalty of their members, and making members shrink 
their own power is not really helpful to leaders holding power. 
So I do not know how the thing changes, but until it changes, 
we will not have the robust homeland function that we should 
have.
    Just one other comment, as I kind of implied, 10 years ago, 
the concept for the Homeland Department was more ambitious than 
maybe some of us would have wished. It was the White House's 
proposal to put 22 departments and agencies together. Some of 
us had thought about a more modest function directed by the 
Homeland Coordinator in the White House, a job Tom Ridge 
originally had. But we took it because the Administration was 
behind it.
    So it is a daunting task to make this thing work. At this 
point I do not think we should rearrange the deck chair in the 
Administration. But if there is a way--and maybe the members 
here have more power than members that I observed back in the 
day. If there is a way to reorganize Congress to give this 
Committee and the House Committee more power, I think our 
country will be safer for it.
    Chairman Carper. Admiral Allen, do you want to----
    Admiral Allen. Thank you, Mr. Chairman.
    Chairman Carper. And then Mr. Baker. Go ahead.
    Admiral Allen. As I stated earlier, I spent several days 
out at the Sunnylands Estate at the Annenberg Foundationsite in 
Rancho Mirage with Lee Hamilton and Tom Kean as part of the 
Aspen task force that produced the report that was sent out 
today. My proposal would be that be submitted and attached to 
the record because there is a detailed discussion of that 
rather than take the Committee's time here.
    I would say that I would not have served on that task force 
if I did not subscribe to the concept that we need to make this 
simpler.
    The Coast Guard's authorizing committee is Transportaion 
and Infrastructure (T&I), and there is a subcommittee for the 
Coast Guard there. I spent 4 years as the Commandant of the 
Coast Guard without an authorization bill. There were 
significant issues that we needed to deal with, anywhere from 
fishing vessel safety to unregulated small boats that never 
were able to be addressed, and then if they were, committees 
would assert jurisdiction that had to be sent over to those 
committees for review. Very time-consuming. And if you look at 
some of the issues we have not been able to address--and a lot 
of those areas are addressed in the Aspen report\1\--I would 
direct the Committee just to take a look because I think there 
are a lot of issues on the record that have been raised. The 
issue of security for general aviation aircraft is another one 
moving forward.
---------------------------------------------------------------------------
    \1\ The report to which Mr. Allen refers can be found on page 523.
---------------------------------------------------------------------------
    The only other point I would add in response to Senator 
Coburn's comments on risk based, if you look at what we are 
trying to do right now with flood insurance, it is very 
instructive, because we have a problem right now, and those 
that bear the risk do not pay for the risk. We have an 
extraordinary amount of liabilities that have been built up 
trying to pay off the flood insurance claims for Hurricane 
Katrina that still exist today, and there is no clear way to 
how those books are going to be balanced moving forward.
    On the other hand, if you start to let those flood 
insurance fees rise, you have issues with local communities. 
And what you really need to do in the long run, in my view, is 
get out ahead of all this by starting to change behaviors on 
building codes, land use, and zoning out there, which is a much 
more strategic way to deal with this. But you cannot do that if 
you have four or five committees asserting jurisdiction over 
the problem.
    Mr. Baker. I fully support the idea of reducing the number 
of authorizing and oversight committees. Let me, though, talk 
about two ways that we can address Senator Coburn's concerns 
about the budget and some of the other issues.
    It seems to me that proper authorizing legislation can set 
the framework for actually saving money in the budget, and I 
will give you two examples. In fact, you raised one. The 
question of duplicating NSA's capabilities, it makes no sense 
for DHS to try to do that. NSA has built capabilities over 50 
years, carrying out a mission that has been funded in ways that 
DHS's mission will never be funded. They have enormous 
capabilities.
    At the same time, both the American people and I think the 
Department of Homeland Security want some reassurance that if 
they lean on DHS to use those capabilities, they will not 
discover that policies are being made de facto, privacy policy 
in particular, by the people that they are leaning on. And so 
language that could create a set of authorizing legislation 
that sets aside DHS' authorities and leaves it in control of 
its area, drawing on NSA for talent and for tools and 
technologies that it already uses, you will end up saving money 
by relying on existing capabilities and creating at the same 
time reassurances for people about how that reliance will work.
    The same thing, it seems to me, is true if you can build a 
planning process, a budgeting process that uses integration, 
Office of Secretary of Defense type capabilities, to say how 
can we reduce the budget effectively, how can we eliminate 
redundancies by looking at the authorizing language? And if we 
do that, we will be building the capabilities at what I 
described as the second tier so that the Secretary does not 
have to sit down and get out the eyeshade and start asking 
about the 14th line on individual components' budgets, but that 
is being done by a centralized staff that is trying to 
eliminate redundancies. So by creating the right kind of 
authorization for those central staffs, you set the framework 
for reducing the budget.
    And, last, tied to that, it seems to me that until the day 
comes when we have eliminated many of the authorizing issues, 
one of the things that this Committee can do is build a 
relationship with the appropriators so that when the 
appropriators are asked about legislation that arguably is 
authorizing on appropriations, they know that this Committee 
has looked at those ideas, has thought about them, has vetted 
language, creating authorization language that may in a pinch 
end up in an appropriations bill, is worth considering in at 
least the short run until we get to the promised land.
    Chairman Carper. Good. Thanks. I apologize to Senator 
Baldwin and Senator Chiesa, and Senator Ayotte has just left, 
too, to attend the observance. We have gone well beyond our 5 
minutes, as you know, and I thank you for your patience. I just 
thought it was really important for us to allow this panel to 
answer these questions in the kind of thoughtful way that they 
have done, We spend so much of our lives here just going from 
one place to the other and in and out, as some of you know, and 
this was just a very helpful series of questions and responses.
    Senator Johnson, if he comes back, is next. Senator Chiesa 
is going to be recognized next, then Senator Baldwin. Senator 
Pryor was here. I think he has made the same decision that 
Senator Ayotte has made. But this is just an excellent hearing, 
and I am just very pleased with the way it is going. Jane, 
after Jeff asks his question, we will give you maybe the first 
rights, the first shot at that, if you want, and I know you 
have to leave.

              OPENING STATEMENT OF SENATOR CHIESA

    Senator Chiesa. Thank you, Mr. Chairman, and thanks to this 
panel for being here today.
    Mr. Chairman, I join everybody in remembering the families, 
many from my State, who were so tragically impacted by the 
events of 9/11. We all remember where we were that day, 
certainly in New Jersey, watching this go on.
    I have prepared some remarks that I would ask you to make 
part of the record rather than reading them here today.
    Chairman Carper. Without objection.
    Senator Chiesa. Thank you.
    The most recent events that we have seen that really get to 
the issue we are talking about today are the bombing at the 
Boston Marathon. And at the time--and I have raised this issue 
before when we had Commissioner Davis here and others to talk 
about those events, and I was serving as Attorney General at 
the time, and I remember in real time being in my office and 
learning that there were contacts, potential contacts to what 
was going on there in my State. And I remember--our State 
police and everybody just did an unbelievable job and turned 
that around in a way that makes everybody proud. It really 
does. And I understand that we want to work hard so that we do 
not have the event actually occur.
    So I have the same question, and, Congresswoman Harman, I 
would invite you to answer first because of your time 
constraint. Do you think we currently have the appropriate 
climate among the people that are responsible for having, 
developing, and sharing the information necessary so that 
information is flowing appropriately, to get to Secretary 
Ridge's point, we are not overly siloed? Because of all the 
things we are talking about, be it from a cyber perspective, be 
it from a terrorism perspective, be it from whatever these 
perspectives are, it is all about making sure the information 
is getting where it needs to get. And I would ask each of you 
to talk to us about your thoughts on the current climate of the 
way that information is shared among the people responsible for 
sharing it?
    Ms. Harman. Well, thank you, Senator. I would give us, as I 
just said, an F for reorganizing Congress. I think it is really 
sad that Congress has a 19th century structure to deal with 
21st century evolving threats against our country. But on 
information sharing, I would give us a B, and that is not an A, 
and I am looking at Tom Ridge. I do not think----
    Mr. Ridge. Did you say B or D?
    Ms. Harman. B. It is not an A, but the challenge was to 
break down silos and to create opportunities for people to 
actually know each other, which is one of the ways you build 
trust and enable information sharing.
    Yes, there were mistakes in the Boston Marathon case. The 
Terrorist Identities Datamart Environment (TIDE) list did not 
get to the right folks, and the FBI did not followup, and a 
little of this and a little of that. However, once the event 
occurred, Boston--the surrounding police departments, the State 
of Massachusetts, and all of our Federal law enforcement 
agencies and Homeland came together in almost a seamless way; 
and using video, including people's handheld phones, they were 
able to piece together the identity of the folks and to close 
in on them quickly. So that is why I say it is a B. After 
action we were an A; before action we were probably a C. But 
this is improving.
    I just want to mention something that we have not talked 
about but it is something I know a lot about based on my role 
on the Advisory Committee to the Director of National 
Intelligence (DNI) and some of these other intelligence places 
that I stay connected to, and that is that information--the 
dark side of information sharing is that it enables a Snowden 
or others to get too much information and to use it for 
nefarious purposes. So our goal has to be to build the trust, 
to build the horizontal arrangements, but then also to put in 
safeguards so that people with bad motives inside our system or 
outside our system cannot abuse it. And I do not think we 
mentioned that, and I do think it is part of the challenge 
going forward.
    Senator Chiesa. Thank you. Secretary Ridge.
    Mr. Ridge. Well, I had the great pleasure of working with 
Congresswoman Harman back then. I think she is grading on a 
higher curve than I would by giving everybody a B. I am not 
going to give them a grade, but I want to address something 
that I found and I still find troubling, and it goes to the 
perception that DHS has not done its job.
    I remember doing some TV after the Detroit bomber, and DHS 
was criticized for letting the individual on the plane. And I 
think Secretary Napolitano has taken some heat, and I had to 
remind everybody that DHS does not gather information. They 
rely on the alphabet agencies to provide it. And if the State 
Department did not give the information to DHS and Customs and 
Border Protection and give them reason not to put the person on 
the plane, then DHS should not be held accountable. But it 
seems from time to time they are.
    I think back to Fort Hood. There has been public revelation 
that the FBI in two different venues were aware that Hasan was 
e-mailing the radical cleric in Yemen, and DHS takes a little 
hit on that. Why didn't they do more? Well, frankly, that was 
not in DHS' spot. Somebody has to ask a couple of the other 
agencies why they did not do more.
    Now let me go to your question with regard to Boston. I do 
not think that the FBI is on a speed-dial arrangement with the 
Kremlin, and I would like to know personally how often the 
Kremlin picks up the phone and says, ``We think you have a 
couple terrorists in your midst.'' So I do not know how 
thorough the examination of that revelation was within the FBI. 
I am not faulting the FBI. I just do not know whether or not 
the Federal Government generally, including the FBI, took 
Russia, Russian intelligence, communication as seriously as it 
should have. There may have been other agencies that should 
have been involved.
    I think the response, as Congresswoman Harman said, to that 
incident was phenomenal. DHS did not get the credit--I mean, 
there were grants that went out; a training program went out. 
All that was done under DHS. But that is triage after the 
incident, and that is why information sharing is so critically 
important.
    Let me just take this a little step further. Let us assume 
that you break down the silos and there is more and better 
information sharing conceptually. I think somebody has to take 
a look at classification. The easiest way for an agency, I do 
not care what the agency is, to deny access to--and I am 
concerned about State and locals and private sector--is to say 
it is top secret, top secret sensitive compartmented 
information (SCI). Well, nobody wants to touch it. So I think 
somebody has to take a look at classification. I have seen a 
lot of things that were classified top secret that I know you 
could have shared with folks that would not do harm to sources 
and methods. And so I think classification is very important, 
particularly if we are serious about information sharing down 
to the State and locals and the private sector.
    Finally, I think Attorney Generals have to know more 
information about what is going on in their State. I am just 
one of those folks--you cannot secure the country from inside 
the Beltway, and at some point in time, Federal agencies, the 
alphabet agencies, have to entrust and trust high-level law 
enforcement members in all 50 States and territories with 
information about what is going on in their respective States. 
I venture a guess that you have no idea, as all the 
investigations did not when you were Attorney General, into 
potential terrorism activity in your State.
    I think it is a huge mistake. People say, well, somebody 
may reveal that information that was shared. Well, then, there 
would be consequences. But I just think we need to expand the 
network with fellow Americans who have responsibilities for 
safety and security in this country. We have to start to trust 
them. You cannot just keep all that information in here.
    So that is my response to that inquiry, and I do think we 
need to take a look at classification because it is overly 
classified, which is reason not to share, and safety and 
security is the ultimate concern. You have to trust fellow 
Americans outside this city to help keep the country safe and 
secure.
    Senator Chiesa. Thank you, Secretary, and I know that my 
experience was----
    Chairman Carper. Congresswoman Harman, as you leave, thank 
you very much. Godspeed.
    Senator Chiesa. Mr. Chairman, I know I am out of time. We 
had the opportunity to be briefed, and every Attorney General's 
jurisdiction is a little bit different. Mine included a lot of 
those things. But I think to get to your point, others have 
made these relationships. The first time you are talking cannot 
be after an event. Right? And talking before and having some 
trust and having seen somebody is invaluable once the event 
starts so that there is no hesitation, because that information 
has to get to the decisionmakers and to the rescuers and to 
whomever else is involved. So I appreciate your thoughts on 
that.
    Mr. Chairman, I am over my time, and I do not want to hold 
up Senator Baldwin, but at some point I would love to hear from 
the other panelists, too.
    Chairman Carper. Senator Baldwin, are you OK if the other 
panelists respond to his question? Are you OK with that? Let us 
just do that. We have a good flow. Thanks.
    Senator Chiesa. Thank you.
    Admiral Allen. Rather than repeat some of the points, which 
I think are very valid, that Jane and the Secretary have made, 
let me take a little bit of a different spin on this. When you 
look at counterterrorism and the great expansion of 
transnational organized crime and illicit trafficking, we know 
there are growing linkages there. Whether you are a terrorist 
or you are a criminal, you have to do a couple of things that 
are visible. You have to talk, you have to move, and you have 
to spend money. And every agency operates basically on a case 
doctrine and how you manage it, and in that case there are 
usually confidential informants, and there are sources and 
methods. That usually is the route of classification, as 
Secretary Ridge referred to, because they are trying to protect 
that.
    The problem is that our law enforcement structure in this 
country has evolved over the last century against business 
lines of the bad guys--drugs, alcohol, tobacco, firearms, 
counterfeiting, intellectual property, all managed by a law 
enforcement agency that manages as a case.
    The fact of the matter is we are dealing with networks, 
illicit networks, that generate cash however they need to to 
perpetuate their regime. And what you need to do is attack the 
network with a network. And I think the greatest case for 
information sharing and the greatest case for more and better 
integration, not only in the Department of Homeland Security 
but domestically and internationally, is to move to a way to 
look at these challenges as network challenges and how do we 
move across dealing with their business lines, which means you 
are only taking down one franchise. You are not dealing with 
the root of the problem, which is how the network managed 
itself, threat financing, how the money moves, how they move, 
and how they communicate. That is the No. 1 cause for action on 
information sharing in my view.
    Mr. Baker. Three thoughts on this, one that I offer only 
tentatively because I do not know all the details. But I do 
remember that when the older Tsarnaev brother came back from 
Russia, he entered the United States, we had the chance to 
interrogate him; we had the chance to look at his electronics 
as he crossed the border. We did not do it. My impression is we 
did not do it because at that point the FBI had closed its 
case. And one of the questions I wonder about is whether DHS 
and CBP have deferred too much to the FBI. We have an 
independent responsibility to protect the United States, and 
the fact that the FBI closed its case is not necessarily a 
reason not to ask questions of somebody who has gotten the 
kinds of intelligence reports that Tsarnaev earned.
    Second, one of the things----
    Senator Coburn. Let me correct the facts on that. Your 
statement is in error.
    Mr. Baker. All right.
    Senator Coburn. The information was sent to the Joint 
Terrorism Task Force in Boston, but it was not relayed to 
Customs and Border Patrol at Kennedy.
    Mr. Baker. OK. So then there clearly were failures of 
information sharing that cost us something, and something 
significant.
    Second, we learned after Boston how valuable cameras can 
be. They are not valuable in stopping crimes. They are valuable 
in catching the people who carry them out. That is also true--
we learned that in the Tube bombings in London. And yet for a 
variety of reasons, including privacy campaigns, a lot of 
cameras have not yet been installed inside the city centers. We 
do not actually need them hooked up, we do not actually need to 
be watching them, but they need to be recording so that if 
something bad happens, we can go back and figure out what 
events led up to that. We should be encouraging the 
installation of those cameras, and if people have privacy 
worries, we should just have them continually write over their 
hard drives as opposed to send the data anywhere.
    And, third, on the information-sharing point, I thought 
that Jane Harman was exactly right. Information sharing creates 
risks. It creates the risk of Snowdens or Mannings. But on the 
network Snowdens and Mannings look a lot like Chinese hackers 
who have also compromised computers on the networks and are 
gathering suspicious amounts of data, and the same tools that 
help us to provide better cybersecurity will also provide 
better audits of who is on the network, what they are doing, 
and will protect privacy as well because we will be able to 
tell who has accessed information improperly.
    And so one of the things that this Committee could do, that 
DHS could do, is to make it a little clearer to the State and 
local entities that get grants, that they can use that money 
for cybersecurity audit technology that will allow them to meet 
all of those requirements.
    Senator Chiesa. Thank you.
    Thank you, Mr. Chairman.
    Chairman Carper. You bet. Thank you.
    Senator Baldwin, thank you for your patience here today. 
You can take as much time as you want.
    Senator Baldwin. Thank you, Mr. Chairman, Ranking Member, 
for holding this hearing, and I want to thank all of our 
panelists, including Congresswoman Harman in absentia, for your 
service to our country. I appreciate each of your sharing your 
analysis and appraisal of where we have come in these last 10 
years and where we still have to go.
    I want to focus my questions on the larger issue of 
cybersecurity and the incredible increase in cyber attacks that 
we are experiencing. And I would like, if you could--and I will 
start with you, Mr. Baker--to sort of talk about any 
distinctions that we should appropriately make with regard to 
economic cyber attacks versus the threat of cyber terrorism 
where the goal might be to take out part of the power grid, for 
example. And I would like to have you focus--you ended your 
testimony a little bit with the private sector being in a 
position where they have more intel on their potential 
competitors, but I think you were talking about economic cyber 
attacks in that arena. So the question I have is: What can we 
do better with existing authorities?
    And then the second question that I would like to hear from 
all of you about is, you know, I do not know how long the 
journey will be until Congress actually passes legislation on 
this topic to supplement the Executive Order and to respond to 
many of the issues that have been raised. But there have been 
lots of comments about--and, Secretary Ridge, you talked about 
do not make this prescriptive, do not make this regulatory. 
Again, I wonder whether there is a distinction we need to make 
when we are talking about critical infrastructure because the 
people of America depend upon that critical infrastructure for 
daily life, and it may be private, but it is to the public 
benefit without question. And should there not be some 
additional obligation, some prescription, if you will, because 
of the level of importance of that critical infrastructure?
    If you do not mind, Mr. Baker, I would like to start with 
your reflections on those questions.
    Mr. Baker. So there are two big worries in cyber. One is 
what you might call economic espionage or espionage generally, 
in which all of the attacks are aimed at stealing information. 
And we have seen enormous amounts of attacks aimed at 
practically everybody who might be of interest to any foreign 
government with any capabilities in this area, and probably 
everybody on this panel and certainly everybody on this 
Committee has been attacked in an effort to gather that 
information. So that is a serious pandemic problem right now.
    Second, sabotage or cyber war or cyber terrorism designed 
to break systems is a very serious possibility. I am not so 
sure about terrorism. I do not think it has been very healthy 
for al Qaeda leaders to use the Internet in the past. But 
state-aided terrorism is a concern. If we actually did attack 
Syria, I think you would have to worry that Iran or Hezbollah 
or some organization assisted by them would engage in cyber 
attacks on the United States designed to cause failures in 
financial or industrial control systems, and those could be 
very serious.
    All of those attacks tend to actually use the same basic 
techniques. You break into a standard commercial network, and 
then you try to hop to an industrial control network that you 
can break and cause serious damage. And so stopping the 
espionage attacks, making it much more expensive to break into 
systems to steal secrets, is probably our first and highest 
priority.
    First, companies know a lot about who is in their network. 
I represent a lot of them, and the experts that they hire say, 
``Oh, yes, this is a unit of the People's Liberation Army or 
some criminal gang. We know, by the things they are doing, the 
code they are leaving behind, who it is, and we can tell you 
what their tactics are going to be for the next 24 hours or 48 
hours. We can tell you what they are trying to steal and why.''
    So companies know a lot just from looking at the activity 
on their network, information that may not be available to law 
enforcement. What they cannot do is go to the command and 
control servers that are being used to steal the information or 
to the attackers headquarters computers. For that you often 
need law enforcement authorities. But law enforcement does not 
have all of the background information. So we need to find a 
way to use existing law enforcement authorities and the 
existing resources and information that individual companies 
have to actually track those guys back home and then begin 
looking for reasonably creative penalties that can be applied. 
Again, using existing authorities, we can deny visas for any 
good reason. The President and Congress can impose financial 
sanctions on individuals who have committed this kind of crime. 
We have lots of authorities we have not yet used.
    Admiral Allen. I think the progress that has been made with 
the Executive Order that was signed by the President regarding 
cybersecurity and infrastructure protection has taken a major 
step forward. I think, though, as was mentioned earlier, until 
you start dealing with the issues about proprietary data, 
antitrust issues, and liability, there is going to be a 
hesitancy of the private sector to want to fully get on board 
with that.
    Now, I think the conversation that has been started in the 
last 2 weeks with the release of the draft voluntary framework 
by NIST is going to advance that discussion further. There are 
some critics that have said that is too general and not 
detailed enough to be effective. My position would be that you 
need to start out with the 1.0 version and go to the 2.0 
version, and having that conversation and moving forward and 
involving the private sector in that is really what is needed.
    But if you look at this problem, this is a classic case of 
macroeconomics. What is the inherent governmental role here? 
What should the private sector be doing? And I think that there 
is not a consensus in the country about what those roles are. 
Are the markets going to clear security? Or is the government 
going to provide there will be a command and control regulatory 
system?
    I think to figure out a way, No. 1, to share the 
information that is currently held classified within the 
government and get that out to the people that need it; on the 
other hand, when they are attacked, to get that information out 
of them so it can be used when they are concerned about 
regulatory oversight of potential civil or criminal penalties 
associated with that.
    I will just say this: There are a lot of people out there 
that are trying to work this problem. I have had the 
opportunity over the last couple years to work with an 
organization in Pittsburgh called the National Cyber-Forensics 
& Training Alliance. It is a 501(c)(3) organization that was 
developed with the local folks at the Software Engineering 
Institute at Carnegie Mellon and the local FBI office, and they 
actually have kind of developed a way to create what I would 
call a metaphorical Switzerland where they are collocated in 
the same place, so it is capable of just walking across the 
hall and exchanging information, understanding the protocols, 
building trust and so forth. But we are going to have to figure 
out a way for both of those parties to come into an area where 
they are free of risk, organizational risk, to provide that 
information and exchange it. If we cannot do that, it does not 
matter what the role of the government is or what the role of 
the private sector is. It is not going to work. And of all the 
conversations I have had in the last 2 or 3 years regarding 
this very complex problem, the National Cyber-Forensics & 
Training Alliance has come closer to trying to figure out 
exactly how that works in the organization I have run into, and 
I would suggest the Committee may want to reach out and talk to 
them.
    Mr. Ridge. Senator, I think----
    Senator Coburn. Turn your microphone on.
    Mr. Ridge. I believe quite a bit of progress has been made 
since the establishment of the Department with regard to 
addressing cybersecurity, although I think we all have to 
honestly admit in 2003, when the enabling legislation was 
created, there was no one, I do not think, that was as totally 
concerned about--some may have been--the emerging threat of 
cyber incursions as we all are today. It has accelerated. It is 
pretty remarkable if you think that we commercialized the 
Internet in 1992 or 1993, and now it is the backbone of 
absolutely everything we do. And so the sensitivity and concern 
with regard to distinguishing between what is an economic event 
and what is actually a more defense-directed or offense-
directed security incursion is a legitimate one. We know who 
the actors are. You have nation States. You have terrorists. 
You have hackers employed by nation States and terrorists. You 
have organized crime. There are multiple challenges in dealing 
with this.
    Even if we can attribute, if we can actually attribute who 
the attacker was and make a determination of the consequences, 
what do we do about it? What do we do about it? I mean, that 
again speaks, I think, to the kind of collaboration that 
focuses on information sharing in a true public-private 
partnership with the private sector rather than compliance, 
because with due respect to my profession, as an attorney, I do 
not see compliance lawyers as being the best means of assuring 
that we have enhanced our security in this country, because a 
regulation means there will be a block, it will be a check 
block, and you will check, and they said, OK, you did what the 
Federal Government wanted to do. And, frankly, the technology 
available today, offensive and defensive, as we speak, is 
changing, and it will be different tomorrow and the years 
ahead.
    So I think the best insurance right now is to take, 
frankly, the embrace of--I think it is Pat Gallagher running 
NIST, who I think testified perhaps in this Committee 
previously about, look, let us continue down this path of 
setting voluntary standards that both the Federal Government 
and the private sector agree upon, and let us see how well they 
do about taking those standards and devising the kind of 
defensive infrastructure that they need before we start 
thinking about regulations, because I am afraid we will never 
be--I am going to say this: Congress 4 or 5 years ago 
appropriately gave to DHS chemical facility antiterrorism 
standards and regs. I think we are 3 or 4 years later; there 
are a lot of people working really hard on it. But that 
delegation of authority does not mean it was executed in the 
appropriate way. And I am simply saying, for the time being I 
think we ought to let this--I think President Obama set it up 
with his Executive Order. I think we ought to let that come to 
fruition before we even think about standards--before we think 
about regulations.
    I might add the three or four critical sectors--and I think 
you were alluding to them in your comment--you have financial 
services, you have energy, you have transportation. I must say 
from my experience these sectors have spent and will continue 
to spend hundreds of billions of dollars, sometimes on their 
own, sometimes in cooperation, in collaboration with Homeland 
Security. But we have evolved a long way. I remember we created 
a Computer Emergency Response Team at Carnegie Mellon because 
this was an emerging problem back in 2001 and 2002. Now it is a 
fact of life. We are going to be dealing with forevermore. 
Forevermore. And so I do not think we are ever going to have a 
regulatory compliance scheme that is going to be able to keep 
up with the dynamic environment.
    So my recommendation based on the purpose of this hearing, 
even though I think your question is a very important one, I 
think we need to let the NIST standards play out and really 
push for far more collaboration between the public and private 
sector.
    One anecdote. My company deals with some significant 
private sector companies that deal with the cyber issue, and 
one of them, which is a multinational corporation, walked into 
one of the alphabet agencies and said, ``We have been hacked 
into,'' and the alphabet agency said, ``We know.'' And they 
said, ``Well, we are a taxpaying group of folks. Did you ever 
think it might be helpful if we sat down and worked together on 
it?''
    So I think, again, focusing on collaboration and sharing 
rather than compliance is the best approach for the time being.
    Chairman Carper. Do you want some more time?
    Senator Baldwin. No. Thanks.
    Chairman Carper. All right. We made good use of that.
    As we start a second round, I want to preface--let me just 
say, you mentioned Pat Gallagher, who did testify here before 
our Committee earlier this year--from NIST, and he said--every 
now and then witnesses show great wisdom. And in his testimony 
before us, I think he said, and I will paraphrase, he said, 
``We will know we are on the right track when good 
cybersecurity policy and good business policy are one.'' That 
is what he said. I thought that was pretty good advice. We have 
gotten a lot of good advice here today as well.
    Let me also preface my next question by saying that here we 
are, it is the anniversary of 9/11. Here we are, maybe days 
before the United States could launch limited Cruise missile 
attacks at some targets in Syria. Here we are, knowing that we 
are under attack on the cyber front 24/7. And we have an Acting 
Secretary of Homeland Security, and we have an Acting Deputy 
Secretary of Homeland Security. And that just cries out for the 
Administration and for us to do our jobs, to make sure we have 
in place the kind of confirmed leadership that we need, capable 
confirmed leadership.
    OK. That having been said, let me turn to a topic that I 
just mentioned, that is on our minds, and that is the potential 
for military action, limited military action, in Syria unless 
that country relinquishes its chemical warfare supply and 
dismantles their capability to create more chemical weapons.
    The prospect of our using military force is a serious 
matter. It weighs on us all, certainly the President who came 
and visited our caucuses yesterday in the Senate, both Democrat 
and Republican.
    I want to ask, as we prepare to make whatever decisions we 
need to make in the days ahead in conjunction with the 
President, I think it is important for us to get answers to a 
few more questions, and I would like to ask this seasoned panel 
of national security experts for some of your thoughts.
    If the President does choose to take limited military 
action against the Assad regime, what impact do you think that 
might have on homeland security? What should DHS be doing to 
prepare for some potential consequences that would flow from 
U.S. action, even on a limited basis, against Syria? Mr. Baker, 
if you would like to lead off, that would be great.
    Mr. Baker. Sure, I will be glad to. We absolutely need to 
prepare here. By taking on Syria, we are also taking on 
Hezbollah and Iran, their backers in that regime. And if they 
choose to make the United States regret the sanctions it 
imposes, they have very substantial capabilities. Hezbollah has 
its own cruise missiles. And a terrorist organization with that 
kind of capability certainly can develop and use cyber attacks 
or can send people to the United States to carry out attacks.
    So we would have to go on a pretty substantial alert basis. 
They would be biting off a lot. They are already on alert 
against Israel and fighting in Syria themselves, so they may 
decide that it is not prudent to attack, but hope is not a 
strategy for us. We need to be worried about our defensive 
capabilities. For the first time, we would face the risk that 
we will have a cyber attack aimed at getting us to quit 
engaging in military action.
    Iran is widely blamed for a series of attacks on our 
financial institutions that have been visibly punch-pulling 
exercises in which the attackers announce how long the attack 
will last and what day it will happen. Obviously they could do 
more and cause more damage. And, again, Iran, having blamed us 
for Stuxnet, is going to be less constrained about using that 
kind of weapon against the United States on behalf of an ally 
like Syria. So we will have to up our game both physically and 
virtually.
    Chairman Carper. OK. Thank you. Admiral Allen.
    Admiral Allen. Let me start with a caveat. It has been 
several years since I sat in a tank. I am not up to speed on 
operational briefings, so I am just going to talk in 
generalities. I would not want to speak for anybody or make any 
comments that would not be appropriate in this situation.
    In regard to cyber threats related to any untoward act--and 
it could be generated by this--one of the problems we are 
dealing with right now is we are trying to evolve these 
structures, and we have talked about them extensively here 
today. It is tough to talk about how you would deal with one of 
these things when the answer is what you talk about you need to 
do and you have not done yet.
    But let me focus on something called advanced persistent 
threat, which is something that is discussed both domestically 
and internationally, and it relates a little bit to what 
Stewart was talking about. There are footprints that are left 
regarding behaviors that go on out there that are indications 
of something that is going to occur. And one of the reasons the 
changes that need to be made in the cybersecurity posture in 
this country have been made and continue to be looked at in the 
Executive Order, the NIST standards, and everything else is 
that we need to move to continuous monitoring, and then after 
that we need to move to continually be able to look at the 
precursor or the context that is being set for an attack, and 
we do know what those are, and a lot of it has to do with 
basically analyzing social media, because people talk about 
this.
    So in regards to any threat situation, and this one 
specifically, I think there ought to be a fine-tuning of our 
sensors out there related to what is being talked about in 
social media and what types of activities are taking place. 
After 9/11, we used to talk about chatter. Well, we have a much 
better capability now with--we have a mismatch in computation, 
spectrum, and bandwidth management in this country. We do not 
utilize enough against these problems. I think in this case we 
will be looking at advanced persistent threat because if they 
are going to do anything immediately, they already have had to 
put the mechanism in place to do it.
    Chairman Carper. Thank you. Governor Ridge.
    Mr. Ridge. Senator, I appreciate the question, and I must 
tell you, based on a personal relationship, because you and I 
have had many long conversations over the years about topics of 
national interest, I am going to resist the opportunity to tell 
you how I think we got into this mess and how I think we ought 
to get out of it and answer your question exactly.
    It reminds me of the National Security Council coming over 
to what was then a small core staff between the time I was 
sworn in as Secretary and the intervening 6 weeks before we 
opened the door on March 1, 2003, the first day of the 
Department of Homeland Security. A couple members of the 
National Security staff came over and said, very confidential 
at the time, ``We are probably going into Iraq. We know you do 
not have a Department, but maybe you should think about 
potential blowback in this country and what we can do about it 
to minimize the effect.''
    So, one, I think your question is very appropriate and play 
the ``what if'' and then figure out how we respond if the 
``if'' occurs.
    I think we have learned a lot since Liberty Shield. I 
think, frankly, the State and locals are far better prepared. 
We know defense readiness condition (DEFCON)--even the much 
maligned and occasionally referred to color-coded threat 
warning system, which I will carry with me for the rest of my 
life, at least we know now there are certain levels of security 
that are embedded in the Federal Government and even within 
some of the State and locals and the private sector, No. 1.
    No. 2, I think the most likely pushback would be in the 
cyber realm, and to that end, again, it is a great place for me 
to suggest that this is precisely where the Federal Government 
should be sharing the precursors that it may know or the 
addresses that it has seen as it relates to the digital 
incursions that we have been hit with from the Syrian Army, 
perhaps the Hezbollah and the like. This is a classic example 
where we probably, in this instance, are more familiar with the 
electronic incursions directed at us from Russia, from Syria, 
et cetera, and at precisely the time that that information 
should be shared with not just State and locals but with the 
private sector.
    So, long term, I think we are far better prepared to 
respond to an attack because--I do think the word has been 
used--we are far more resilient today than we were 12 years 
ago. But this is an excellent opportunity for the Federal 
Government to share some of the information that I am sure they 
have that the private sector would like to check that 
information against what they see occurring on the grid, with 
the data systems, the financial institutions, and 
transportation, et cetera, to see perhaps if they are missing 
something and can be better prepared if there is an electronic 
attack or digital attack if we go into Syria.
    Chairman Carper. All right. Thank you all for those very 
thoughtful responses. Governor Ridge mentioned how he will take 
with him to his grave the leadership that he provided with 
respect to the color-coding alert. I am not so sure if there is 
some way to work that into your tombstone and the narrative of 
your life.
    I was kidding my wife recently. She said, ``Why do you 
spend so much time on postal reform?'' Dr. Coburn and I, along 
with our staffs, spent an inordinate amount of time this year 
trying to reach an agreement on bipartisan legislation. But she 
was kidding me about something about postal, and postal reform 
on my tombstone. And I thought out loud and said, ``Well, maybe 
what would be appropriate would be just these words: `Return to 
Sender.' ''
    Mr. Ridge. Again, it is a classic example of something that 
the Congress is going to have to deal with. I believe--look, we 
know that Russia and China have cyber attacks as part of their 
public warfighting strategy. We know this is a condition of not 
only military and diplomatic but business activity, 
international activity for the rest of the world. But, again, 
it is a place where you need the private sector and the public 
sector to sit down and really cooperate and determine if there 
is an attack, what are the consequences and who is responsible 
for returning it to sender? I mean, all this has to be worked 
out, and, again, I think that just calls for collaboration, 
cooperation, communication, and it does not require for a 
regulatory scheme where you check the compliance box and 
everybody feels that they are safe after that.
    Chairman Carper. All right. Thanks so much. Dr. Coburn.
    Senator Coburn. I think Governor Ridge agrees with this. I 
would love to have the other panelists' thoughts. We spend 
billions on grants every year. Is it your opinion that those 
grants ought to be risk based rather than parochial based?
    Mr. Ridge. Absolutely.
    Senator Coburn. Admiral.
    Admiral Allen. Senator Coburn, following the attacks of 9/
11--I was the Atlantic Area Commander, as I said earlier--I was 
concerned about the posture of our ports on the east coast, and 
I put a team together that developed a port security risk 
assessment model that now is called the Maritime Security Risk 
Assessment Model by which we look at impacts, trading off what 
you are protecting in a port based on risk and consequence.
    I remember having a conversation with Secretary Chertoff 
about implementing that at the secretarial level across the 
Department to inform the grant programs, and early on we had a 
pretty significant impact in doing that because there was a lot 
of logic attached to what we did, until Secretary Chertoff ran 
into the buzz saw which is called New York City. And we are all 
still stinging from that adventure a couple years ago.
    I unequivocally agree with you it ought to be risk based. 
It ought to be conditions based, based on the adherence of 
local communities to standards like the National Incident 
Management System (NIMS). It ought to be, in my view, linked to 
how they are making decisions on land use and reducing risk. I 
think there is every argument in the world to do that in a 
constrained budget environment.
    Senator Coburn. Thank you.
    Mr. Ridge. Senator, may I make just one quick comment if I 
may?
    Senator Coburn. Sure.
    Mr. Ridge. Because, again, I do not want to go back to the 
reorganization of Congress, but it just conjures up a couple 
conversations I had when we were trying to move it to risk 
based. And I could not agree with you more than my colleagues. 
Every dime going out the door ought to be risk based. But I 
think the Department of Homeland Security, of all the agencies 
in the Federal Government, is probably more susceptible to 
political meddling and interference and impact than any others.
    I will give you a perfect example. Once we got into the 
second year of the Urban Security Initiatives, action 
initiatives, we had the FBI talk about and the intel community 
really assess based on the prior year's intelligence gathering 
and try to come up with a risk assessment model vis-a-vis the 
cities that were potentially impacted, just given the volume 
and the credibility of the traffic.
    Long story short, from 1 year to the next, we took several 
cities off because on a risk-based analysis of the preceding 
year, they were no longer on the priority list. And the hue and 
cry from Congress, those who represented those communities, was 
not deafening, but it was fairly loud--not that we listened to 
it, but the fact of the matter is that it ought to be risk 
based, and I think you are on to something very important. But 
the whole system should be risk based.
    Senator Coburn. One of the things the President proposed 
that I agreed with--I was kind of a loner on this Committee--is 
combining all these grants together to where you really have an 
efficient, effective grant program where you set metrics, there 
is transparency to it, you are following up, and if they are 
not following what the grant was for, you jerk the money. So 
that we actually saved money by consolidating the grant 
programs, and then we had more money to actually go where the 
greatest risk is. And then we followed up to make sure there is 
compliance with what the grant was for.
    They got a pretty good cold shoulder here in Congress on 
that, and I got a cold shoulder when our Committee marked up 
while we were still doing things on the basis of parochial 
rather than risk based. As a matter of fact, that is in the 
law. Rather than risk based, we are doing it on a parochial 
basis.
    Any recommendations on how we can accomplish that? I do not 
know whether you agree with the President's recommendation of 
consolidating these grants and then using them on a risk-based 
process. Any recommendations, one, on how we would do that; 
and, two, whether or not we should do it?
    Mr. Ridge. Again, without knowing specifically the 
recommendation, it is just very consistent with my thinking as 
to--after 10 years of maturity and 10 years of growth, 
sometimes I think growth has not meant we have become more 
efficient or effective. It just seems to me that homeland 
security is all about risk management and resiliency, and the 
dollars out the door to be based on some kind of assessment, 
and it would be well to bring that philosophy to everything 
they do as well as the approach in terms of appropriating 
dollars for these grant programs.
    You might want to allow for--and I am going to speak and be 
very interested in my friend and colleague Thad Allen. I am not 
sure we have done quite enough with regard to maritime risks, 
port risks. So you may want to divide that aggregate, some 
might be into two or three verticals whereby you identify the 
greatest risks, one of which could be the maritime industry, 
and move on from there. But I know there is a duplication of 
programs and oversight, and I do not think it is needed and 
everything out the door to be risk-managed at this point.
    Senator Coburn. Admiral Allen.
    Admiral Allen. Yes, Senator, early on there was a port 
security grant program as well, and just one vignette 
associated with that. Then I would like to attack the larger 
issue that you raised.
    I was prone to support requests for grants in areas where I 
saw that there was not only a recognition of risk but a 
commonality of purpose and regional approaches. And we saw some 
areas--one of them is Houston--where they came together and 
they created a regional entity by which they consolidated all 
their requirements that came in for a grant program. I think 
whenever you can do that, that kind of behavior ought to be 
encouraged.
    Whatever you put in place--and this is going to be a lousy 
metaphor, but it is the only one I can come up with on the seat 
of my pants here--it is almost going to have to have an 
ironclad wall around it that allows it to be executed like the 
Base Realignment and Closure (BRAC) program, an up-or-down 
vote, this is what we decided; it is executed or it is not 
executed.
    Mr. Ridge. Yes, I like that.
    Admiral Allen. And I do not know how you structure that in 
law, but you are almost going to have to have a way where, once 
we decide how it is going to be done, the criteria are 
established and the decisions are made that it is irrevocable, 
it is either up or down, and it cannot be picked apart.
    The issues, I saw Secretary Chertoff just get wire-brushed 
up here, ran into the political buzz saw in New York after even 
trying to diminish the funding, and it is not to say that New 
York does not have problems, but that was a very difficult time 
for us at the Department.
    Mr. Baker. I think Admiral Allen raises a point that is 
worth thinking about in terms of how much of your personal 
credibility and time you would invest in that, because even 
after you have built a pretty good risk system for grants, 
politics will not disappear, and that risk system, whatever it 
is, could get distorted by the kinds of politics that Secretary 
Chertoff encountered, and others have.
    And so you may at the end of the day end up with a less 
mechanical system, but not one in which the politics have been 
eliminated. And at that point, it is possible you will ask 
yourself, ``How much did I really achieve by introducing this 
risk concept?'' I believe in it, but in practice, I am not sure 
that it works out as well as one imagines.
    Senator Coburn. Well, thank you. My comment on that is you 
need a backbone, the person that is running the agency, and 
take the heat, but do what is right for the country. When we 
have a Bearcat garden, a pumpkin festival in Keene, New 
Hampshire, and you say what could those dollars have done to 
either protect us on cybersecurity, advance our intelligence, 
what else could we have done? So we are not using any cost/
benefit analysis. What we are doing is parochial--dividing up 
the pie, and we are at a point where, first of all, this 
country cannot afford to do that anymore. We do not have the 
pleasure of doing that.
    And so I think the next Homeland Security Secretary, that 
is going to be one of the qualifications I am looking for: Are 
you ready to take on the fight to do what is best for the 
country, not what is best for the politicians?
    Thank you.
    Mr. Ridge. I think it would make the next Secretary and 
future Secretaries--you are right, a backbone will be 
essential. But it would be nice to have the institution that 
applies so much pressure, changing their jurisdiction, so, you 
know, the fact that you can apply pressure institution-wide is 
because they are answerable institution-wide. You start 
reducing that to a reasonable, necessary oversight and 
collaborative process, it will be a heck of a lot of pressure 
if the decisions--the legislative decisions that the Secretary 
is obliged to follow is reduced rather substantially and, 
therefore, held accountable to Senators Carper and Coburn.
    Admiral Allen. Mr. Chairman, could I make one quick 
comment?
    Chairman Carper. Sure.
    Admiral Allen. There are a lot of different grants out 
there. I am specifically going to refer--because I saw Senator 
Coburn on television making very strong statements after the 
tornadoes in Moore, Oklahoma. And this gets back to an earlier 
statement by Jane Harman. In the passage of the emergency 
supplemental following Hurricane Sandy, there were some very 
deft and artful amendments to the Stafford Act that got 
inserted into that bill that created more leeway and 
flexibility for local governments to deal with things like 
debris removal, where there was an economic incentive for them 
to do what was best for them, but also preserved those funds 
and allowed them for another use.
    So I think there may be some utility in looking at what we 
were able to do, and I realize that was a really unusual way to 
amend the Stafford Act, but I think there may be some insight 
there to be gained on how you can empower local communities 
with flexibility so there is an economic incentive for them to 
do what is right and build off a concept like that, sir. And I 
congratulate everybody on that piece of legislation, by the 
way.
    Chairman Carper. All right. Thanks.
    I believe it was back in March, Dr. Coburn and I held a 
hearing in this room to examine the progress that has been made 
and some of the challenges that still remain within the 
management of the Department of Homeland Security. I am sure 
that all of you are aware of the latest high-risk report from 
the Government Accountability Office (GAO) that found the 
Department had made considerable progress in integrating its 
components, moving toward actually having auditable financials 
and, we hope, an unqualified audit soon. But the overall 
management of the Department remains on GAO's high-risk list, 
and I have been really impressed by the efforts of the 
Department's leadership to address these management issues.
    With the changing of the guard, the impending changing of 
the guard at the top of the Department, there are still a bunch 
of questions about how the Department can sustain and buildupon 
the work of Secretary Napolitano and also, I should hasten to 
add, Deputy Secretary Jane Holl Lute.
    What do you view as the most urgent steps that the 
Department should take to develop strong management 
institutions and practices? That is the question. What do you 
view as the most urgent steps that the Department should take 
to develop strong management institutions and practices, to 
further develop those practices? And are there any legislative 
steps that come to mind that those of us who serve on this 
Committee and our colleagues ought to take to strengthen the 
tools and institutions that the Secretary needs to manage the 
Department?
    And a last quick question. Admiral Allen, you were there, I 
think, when we cut the ribbon on the new Coast Guard 
headquarters at St. Elizabeths. Were you there?
    Admiral Allen. I was not, sir. I was on travel that day.
    Chairman Carper. That was a special day. I wish you could 
have joined us. But how does the consolidation of DHS' 
headquarters at St. Elizabeths play into management 
improvements? Those three questions, if you all could take a 
swing at those, three strikes, three pitches. Just make sure 
your----
    Mr. Ridge [continuing]. Those fast balls, Senator. I am 
familiar with the report, not the contents of the report, with 
regard to management. I have often said that the Department of 
Homeland Security from the get-go had two responsibilities that 
it had to deal with simultaneously: one, build a safety and 
security platform to deal with risk and resiliency; the other 
was the business line integration. It is a business. It is a 
budget that has doubled. You have a couple hundred thousand 
employees, and one of the ways--one of the regrets--and it is 
something that you could not do anything about--is if you were 
going to merge 20-plus agencies with multiple missions, with 
multiple procurement requirements and budget requirements, et 
cetera, in the private sector, you would at least have had a 
year or so by the time you got all the Federal and State 
regulatory approvals, because Homeland Security was and still 
is about mergers, acquisitions, divestitures, and startups. And 
the management around those things for the past 10 years 
apparently, according to the GAO, has not dramatically 
improved.
    I frankly do not have an answer. I think that we have had 
some really good people there trying to get those things done. 
But absent buy-in from some of the management changes and the 
restructuring that they might recommend, and that is, buy-in by 
the Congress of the United States, it is pretty difficult to 
make reforms.
    I think that it is not just endemic to Homeland Security. I 
just truly believe that there are still silos within that 
agency that will require--that have to be merged, and it can 
only be done with legislative oversight and direction.
    I like the notion of consolidating. I hope you find money 
to build out St. Elizabeths, because as Secretary, when we 
would have periodic meetings with the leaders of the basically 
five or six really muscular agencies--they talk about 20 
departments and bureaus, but basically there were five or six 
that provided most of the employees, and the rest were just 
bits and pieces from the other units of government. And to try 
to pull your leadership together a couple of times a week, 
taking them from their offices and bringing them over to the 
Nebraska Avenue Complex (NAC) and sitting down for 2 or 3 hours 
a couple times a week was not a good use of their time or ours. 
We had the opportunity to develop the kind of day-to-day 
working relationship that I think Congress wanted when it put 
these agencies together. It was a tremendous opportunity for 
disparate pieces of Homeland Security, and it has been 
demonstrated tactically with Customs and Border Protection 
working with the Coast Guard, working with ICE. The 
collaboration is important. But I think you get better 
management if you have the chief leaders of the entity 
interacting on a day-to-day basis rather than piecemeal.
    I also think you get better management and efficiency if 
the restructuring that has been recommended by some of us from 
the outside and the Department of Homeland Security is put into 
law.
    Chairman Carper. OK. Thank you. Admiral Allen.
    Admiral Allen. Mr. Chairman, this is an area I have a great 
passion about, so do not feel bad about cutting me off here. 
Let me hit a couple of these issues.
    One of the things that happened when the Department was 
created was we aggregated the authorities and the jurisdictions 
from the legacy departments. But one of the things that has 
been insidious for over 10 years now--and I know this from 
talking with staff on the Appropriations Committees--is that we 
took the appropriations structures from the legacy 
departments--Treasury, Justice, and so forth--and just moved 
them to a single committee. There is no comparability in the 
Department right now between components on what is a personnel 
cost, an operating cost, and a capital cost. And because of 
that, you cannot compare and tradeoff between components on 
where you want to make investments.
    I have said in several hearings, both here and before the 
House, that in my view you have to get down to blocking and 
tackling if you are going to take on the management issues in 
the Department, and the first area should be to standardize the 
appropriations structure and how the budget is presented to the 
Congress in terms of the justifications so there is 
comparability. The Congress cannot make good decisions unless 
there is more transparency and comparability across the 
Department. That leads to financial management and the ability 
to have better insight on how you are spending your money.
    They got a qualified opinion on their audit this last year. 
That was a major breakthrough. The Coast Guard got a qualified 
opinion, the first military service to ever do that. That 
should be taken as the floor, the minimum expectation. It needs 
to move forward. But you are starting to talk about the 
integration of IT systems, financial systems. There are three 
major financial platforms that are used in the Department right 
now. There is going to be a look this next year at shared 
services and maybe a better way to do this.
    I think all that has to come on the table, and we have to 
look at really trying to integrate this enterprise and make it 
run efficiently like you would if you were running a 
corporation.
    Now, regarding St. Elizabeths, I have to kind of sit on my 
hands here. I was the Commandant when we made the decision to 
move, and all I said was: ``I can support this; I am behind it. 
I just don't want to go there without the Secretary.'' And I 
will leave it at that.
    There are issues with the Federal buildings funds. There 
are issues with how this whole project has been funded, issues 
with the District of Columbia planning entities. But the 
overriding imperative to have a central operations center from 
which the Secretary can operate and make decisions, as 
Secretary Ridge said, is a primary need in this Department. It 
is my written testimony. I will not belabor the fact here. A 
National Operations Center at a unified Department, operations 
and situational awareness, absolute imperative moving forward.
    Chairman Carper. All right. Thank you. I think you can 
control those passions pretty well. Thank you. Mr. Baker.
    Mr. Baker. I would certainly agree with Admiral Allen on 
St. Elizabeths. They say in Washington that where you stand 
depends on where you sit, and I do think that if DHS components 
sit together, they are likely to stand together much better 
than they do today. And so to the extent that we can get 
everybody in one place, we are much better off.
    I, too, am a little reluctant to make suggestions for 
changing the details of management in a Department that I left 
a few years ago. I think that there are probably some 
opportunities with respect to the Quadrennial Homeland Security 
Review (QHSR) to turn that from an exercise in which we look at 
some very interesting and difficult issues into something that 
turns our budget into a multi-year, thoughtful priority-driven 
exercise rather than something in which we ask how much money 
do we have and what can we cut. And to the extent that 
authorizing legislation can move the Quadrennial Homeland 
Security Review in the direction of actually influencing budget 
decisions, I think that would be an enormously effective way of 
dealing with the looming crisis we have with respect to 
appropriations for everybody, and making sure that the cuts are 
much smarter than they otherwise would be.
    Chairman Carper. Thank you.
    Before we wrap it up, let me just telegraph my final pitch, 
and that is, sometimes when we have a hearing like this, I like 
to invite our witnesses just to give a brief closing statement, 
just a couple of thoughts that you want to kind of pull 
together, just underline a few things and leave those for us. I 
would welcome, I think we would welcome that.
    Let me just yield to Dr. Coburn for any last comments? OK.
    Mr. Baker, do you want to give us a closing thought or two 
before we wrap it up?
    Mr. Baker. Yes. Nothing has made me prouder or caused me 
more frustration than my service at the Department of Homeland 
Security. I am deeply fond of the institution, and I believe 
that it is making a major contribution to the security of all 
Americans. It has changed our approach to the border in ways 
that nothing else could have, and that has paid dividends in 
almost every terrorist incident that has been planned or 
launched against us since 9/11.
    We need the Department, but we need it to be better, and we 
need it to be more organized, more consolidated, more 
coordinated. That is the biggest challenge that the Department 
faces. We have gotten by with three great leaders, but we 
cannot count on personality-driven unification forever. We need 
to institutionalize it.
    It is a big challenge, especially with the oversight 
authority that exists, but it is a challenge that you have the 
support, I am sure, of everyone on this panel in your effort to 
accomplish.
    Chairman Carper. All right. Thank you, sir. Admiral Allen.
    Admiral Allen. Mr. Chairman, in regard to some of the 
mission areas that we have talked about today--cybersecurity, 
immigration reform, and so forth--a lot of that is going to 
necessarily involve the Congress to do that. I sit on the 
Advisory Board of the Comptroller General, so I am aware of the 
risk areas. Gene Dodaro and I have talked about this before.
    I believe when it comes to the internal management of the 
Department of Homeland Security, there are adequate authorities 
in the Secretary, administrative space to operate. I think 
there needs to be a serious discussion about conditions of 
employment and a management agenda related to mission support 
activities and functional integration in the Department for the 
next leadership team moving in. And those ought to be clear and 
distinct, and they ought to be enforceable in the budget. And 
they ought to be laid out with metrics attached, as Senator 
Coburn would probably want.
    I do not believe any legislation is needed to take care of 
the management improvements that the Department could implement 
immediately.
    Chairman Carper. All right. Thank you. Governor Ridge.
    Mr. Ridge. When you look back on those days when there was 
considerable debate in this town as to whether or not we 
actually needed a Department of Homeland Security, I remember 
my friends on my side of the aisle said we are creating a 
brand-new bureaucracy of 180,000 people. And I hopefully 
reminded them and they believed me that they were not new jobs; 
we were just going to consolidate units of government that 
historically had missions related to protecting our borders and 
gaining knowledge about the people and the goods that come 
across our borders.
    Long needed in the 21st century world when the 
interdependency of the marketplace, the interdependency of 
information sharing for law enforcement purposes, and the 
interdependency of countries with regard to security is a part 
of our daily lives and how we are going to live. We are 
interdependent.
    But I think the Congress did the wise thing. I do think 
they brought together the right agencies. I think the 
Department has evolved and matured, but I am reminded of Sean 
O'Keefe's phone call to me after I was announced as being the 
President's nominee to be the Secretary of the Department of 
Homeland Security. He said, ``Tom, a couple of decades ago, we 
saw''--there was a smaller aggregation of responsibilities that 
created National Aeronautics and Space Administration (NASA), 
and he said, ``Decades later I still see the vestiges of 
culture in silos in this entity and in this organization.''
    So, one, I do not think we should be surprised that we have 
not made as much progress as we all think we need. We are not 
as efficient as we need to be. We are not as risk-managed and 
risk-based as we need to be. I do not think anything is wrong 
with the management structure. I do think there needs to be 
efforts to oversee the oversight of that structure to hold both 
the Congress and the Department far more accountable for the 
outcomes we want.
    At the end of the day, I think you have touched on some 
very important issues, and I am proud to have spent some time 
with these panelists. It is about information sharing. It is 
about resiliency. It is about risk-managed approach.
    I would hope you can resolve these issues. I realize that, 
again, ironically enough, the issues that I just raised are not 
necessarily all within the exclusive purview of this Committee, 
which speaks to one of the challenges I think the Congress has. 
But at the end of the day, I am proud to have been the first 
Secretary. I think they have made marvelous progress. I would 
like to see some of it accelerated. I am just not convinced 
because it got bigger it has gotten better. I do not think it 
has. And that has nothing to do with the well-meaning 
intentions of the people who go to work there every single day 
to make you and me safer and more secure. It just does not have 
the kind of collaboration and oversight with the Congress that 
I think is absolutely essential.
    At the end of the day, the mission is the same at the 
Department of Homeland Security. Make our country safe and 
secure. Do it in a way that is consistent with the Constitution 
and the rule of law. And the big challenge associated with that 
has been with us since 2003. But with the Snowden revelations 
and the vast impact of the digital world and the cyber world, 
that challenge to maintain that privacy of individuals and the 
protection of these rights under the Constitution becomes more 
complicated for this Committee and for the Congress of the 
United States. And I look forward to future invitations to 
share my point of view with all of you who are committed to 
making a stronger and better Department. And I thank you very 
much.
    Chairman Carper. It is we who thank you. We thank you for 
this day. We thank you for your preparation for this day and 
for this conversation, and for your continued service to our 
country. I have a closing statement I am going to submit for 
the record.\1\
---------------------------------------------------------------------------
    \1\ The closing statement of Senator Carper appears in the Appendix 
on page 485.
---------------------------------------------------------------------------
    And I will just say this: I think some remarkable progress 
has been made in the 10 years that has passed. Thank you for 
that initial leadership, Tom, as this Department was launched, 
and to Admiral Allen and Mr. Baker for your great leadership as 
well. This is as much progress as may have been made. There is 
clearly more to do. It is not a time to rest on our laurels.
    I like to say that everything I do, I know I can do better, 
and clearly the same is true in terms of protecting our 
homeland.
    So we leave here knowing that on this very special day we 
have learned a lot of lessons, and I think we have taken a lot 
of the appropriate steps to better secure our Nation. But 
obviously there is a whole lot more that we can do.
    Dr. Coburn gave me a really good idea earlier this year, 
and that is that we should do a top-to-bottom review of the 
Department and try to figure out how we go about reauthorizing 
the Department. He said this is an appropriate time to start 
that process. And what you have done today in laying out for us 
really a banquet of knowledge, just a font of great ideas, this 
is enormously helpful to us in this process. So we thank you 
for all that. It is great to see you.
    I want to thank our staffs for pulling this hearing 
together. You have all done a great job, and we are grateful to 
each of you.
    With that having been said, the hearing record will remain 
open for 15 days until, I think, September 26th at 5 p.m. for 
the submission of statements and any questions for the record.
    With that, again, our thanks and our thoughts and prayers 
for those whose lives we remember today. God bless. Thanks.
    We are adjourned.
    [Whereupon, at 12 noon, the Committee was adjourned.]





                            A P P E N D I X

                              ----------                              



[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]



                                 [ all]
