[House Hearing, 117 Congress]
[From the U.S. Government Publishing Office]


                 EXAMINING THE OPERATIONS OF THE OFFICE 
                       OF INTELLIGENCE AND ANALYSIS

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                            INTELLIGENCE AND
                            COUNTERTERRORISM

                                OF THE

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED SEVENTEENTH CONGRESS

                             SECOND SESSION

                               __________

                           DECEMBER 13, 2022

                               __________

                           Serial No. 117-74

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
                                     

        Available via the World Wide Web: http://www.govinfo.gov

                               __________
                               
                                
                    U.S. GOVERNMENT PUBLISHING OFFICE                    
51-412 PDF                        WASHINGTON : 2023                    
          
-----------------------------------------------------------------------------------                                    
 
                     COMMITTEE ON HOMELAND SECURITY

               Bennie G. Thompson, Mississippi, Chairman
Sheila Jackson Lee, Texas            John Katko, New York
James R. Langevin, Rhode Island      Michael T. McCaul, Texas
Donald M. Payne, Jr., New Jersey     Clay Higgins, Louisiana
J. Luis Correa, California           Michael Guest, Mississippi
Elissa Slotkin, Michigan             Dan Bishop, North Carolina
Emanuel Cleaver, Missouri            Jefferson Van Drew, New Jersey
Al Green, Texas                      Mariannette Miller-Meeks, Iowa
Yvette D. Clarke, New York           Diana Harshbarger, Tennessee
Eric Swalwell, California            Andrew S. Clyde, Georgia
Dina Titus, Nevada                   Carlos A. Gimenez, Florida
Bonnie Watson Coleman, New Jersey    Jake LaTurner, Kansas
Kathleen M. Rice, New York           Peter Meijer, Michigan
Val Butler Demings, Florida          Kat Cammack, Florida
Nanette Diaz Barragan, California    August Pfluger, Texas
Josh Gottheimer, New Jersey          Andrew R. Garbarino, New York
Elaine G. Luria, Virginia            Mayra Flores, Texas
Tom Malinowski, New Jersey
Ritchie Torres, New York, Vice 
    Chairman
                       Hope Goins, Staff Director
                 Daniel Kroese, Minority Staff Director
                          Natalie Nixon, Clerk
                          
                                 ------                                

           SUBCOMMITTEE ON INTELLIGENCE AND COUNTERTERRORISM

                  Elissa Slotkin, Michigan, Chairwoman
Sheila Jackson Lee, Texas            August Pfluger, Texas, Ranking 
James R. Langevin, Rhode Island          Member
Josh Gottheimer, New Jersey          Michael Guest, Mississippi
Tom Malinowski, New Jersey           Jake LaTurner, Kansas
Bennie G. Thompson, Mississippi (ex  Peter Meijer, Michigan
    officio)                         John Katko, New York (ex officio)
               Brittany Carr, Subcommittee Staff Director
          Adrienne Spero, Minority Subcommittee Staff Director
                    Alice Hayes, Subcommittee Clerk
                            
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Elissa Slotkin, a Representative in Congress From 
  the State of Michigan, and Chairwoman, Subcommittee on 
  Intelligence and Counterterrorism:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable August Pfluger, a Representative in Congress From 
  the State of Texas, and Ranking Member, Subcommittee on 
  Intelligence and Counterterrorism:
  Oral Statement.................................................     4
  Prepared Statement.............................................     6
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security:
  Prepared Statement.............................................     7
The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas:
  Prepared Statement.............................................     8

                                Witness

Mr. Kenneth L. Wainstein, Under Secretary, Office of Intelligence 
  and Analysis, U.S. Department of Homeland Security:
  Oral Statement.................................................    10
  Prepared Statement.............................................    12

                             For the Record

Statement of the National Fusion Center Association..............    19

                                Appendix

Questions From Chairman Bennie G. Thompson for Kenneth L. 
  Wainstein......................................................    35
Questions From Chairwoman Elissa Slotkin for Kenneth L. Wainstein    37
Questions From Ranking Member August Pfluger for Kenneth L. 
  Wainstein......................................................    40

 
  EXAMINING THE OPERATIONS OF THE OFFICE OF INTELLIGENCE AND ANALYSIS

                              ----------                              


                       Tuesday, December 13, 2022

             U.S. House of Representatives,
                    Committee on Homeland Security,
                              Subcommittee on Intelligence 
                                      and Counterterrorism,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10 a.m., in 
room 310, Cannon House Office Building, Hon. Elissa Slotkin 
[Chairwoman of the subcommittee] presiding.
    Present: Representatives Slotkin, Jackson Lee, Langevin, 
Pfluger, Guest, Van Drew, LaTurner, and Meijer.
    Ms. Slotkin. The Subcommittee on Intelligence and 
Counterterrorism will be in order.
    The subcommittee is meeting today on ``Examining the 
Operations of the Office of Intelligence and Analysis'' at the 
Department of Homeland Security.
    Without objection, the Chair is authorized to declare the 
subcommittee in recess at any point.
    Good morning, everybody. I want to thank my colleagues from 
the Committee on Homeland Security for joining us, both in 
person and on-line, for this important hearing to discuss the 
current and future state of the Department of Homeland 
Security's Office of I&A, or Intelligence and Analysis.
    I want to welcome back Mr. Kenneth Wainstein, who is 
testifying before us this morning. After serving as our 
Nation's fourth Homeland Security Advisor, Mr. Wainstein is 
intimately familiar with this committee. We are glad to welcome 
you back in your new role as the under secretary for 
intelligence and analysis at DHS.
    As a former CIA officer, I understand the importance of the 
role that intelligence plays in preventing and mitigating 
threats to the homeland and in developing long-term expertise 
on issues and supporting the policy-making process.
    I&A's contributions to the intelligence process are 
particularly important, as the office has a unique 
responsibility, unique among the, I think, 17 different intel 
agencies across the U.S. Government, to provide intelligence to 
our State, local, Tribal, territorial, and private-sector 
partners, who in many cases are on the front lines of keeping 
Americans safe.
    I&A's mission success is dependent on effective 
information-sharing capabilities with local partners to address 
these dangerous threats. However, we know that I&A has often 
struggled to consistently achieve mission success.
    DHS is our newest Cabinet-level agency, just born with 9/
11. So we are all invested in I&A's success. We want to make 
sure that we understand I&A's information sharing to State and 
local partners, make sure it is timely, make sure our 
communities are getting easy access to intelligence.
    We want to make sure that some of the concerns raised by 
the GAO, the Government Accountability Office, recently in 
their preliminary report that focused on some of the products 
right before January 6, 2021, the day that the U.S. Capitol 
came under attack--make sure we understand some of the sharing 
practices, since some of those products were not made available 
until days after the attack.
    So we are interested in hearing from you, Mr. Wainstein, as 
you are in, I believe, your sixth month of taking the helm 
here, what are some of the issues you are focused on? How are 
you making sure that places like I&A are not politicized in any 
way, that it lives up to the intelligence community tradition 
of being nonpartisan and providing support to whoever is the 
Commander-in-Chief, whoever is in leadership? Then help us 
understand some of the concerns that have been brought up in 
these various investigations.
    We are particularly--I was pleased to hear you say, under 
secretary, during your Senate confirmation hearing that you are 
committed to the production of ``objective, unvarnished 
intelligence'' and that is your first focus as under secretary. 
We all believe that that is the mission of I&A.
    Today I hope we have an honest, robust conversation about 
how we address those issues, how we help, from an oversight 
perspective, to make sure that, for the American people, for 
the stakeholders invested in I&A's success, we all feel that 
you are able to do your best work to keep the homeland safe.
    I just want to say that I believe this is the final hearing 
of this subcommittee's work before the end of the year. 
Throughout my time as Chairwoman, we have had really wonderful 
staff support. We have worked with the Department, with other 
Federal agencies. I want to thank Ranking Member Pfluger for 
being a good partner in this committee.
    So, as we move into a new Congress, I hope that the work 
that you are going to put on display for us is something we can 
take forward into the next Congress and continue to develop 
that relationship for the betterment of the Department and for 
the people of the American public.
    [The statement of Chairwoman Slotkin follows:]

                 Statement of Chairwoman Elissa Slotkin

                           December 13, 2022

    The Subcommittee on Intelligence and Counterterrorism will 
be in order. The subcommittee is meeting today on ``Examining 
the Operations of the Office of Intelligence and Analysis.''
    Without objection, the Chair is authorized to declare the 
subcommittee in recess at any point.
    Good morning.
    I want to thank my colleagues on the Committee on Homeland 
Security for joining me in this important hearing to discuss 
the current and future state of the Department of Homeland 
Security (DHS)'s Office of Intelligence and Analysis.
    And I want to welcome back Mr. Kenneth L. Wainstein, who is 
testifying before us this morning.
    After serving as our Nation's fourth Homeland Security 
Advisor, Mr. Wainstein is intimately familiar with this 
committee, and we are glad to welcome you back in your new role 
as the under secretary for intelligence and analysis--or I&A--
at DHS.
    As a former CIA intelligence officer, I understand the 
important role that intelligence plays in helping prevent and 
mitigate threats to the homeland and U.S. interests abroad--and 
in developing long-term expertise on issues and supporting the 
policy-making process.
    I&A's contributions to the intelligence process are 
especially vital, as the office has the unique responsibility 
for delivering intelligence to our State, local, Tribal, 
territorial, and private-sector partners--who in many cases are 
on the front lines of keeping Americans safe.
    I&A's mission success is dependent on effective 
information-sharing capabilities and processes with these local 
partners to address the persistent and dangerous threats facing 
our Nation.
    However, I&A has struggled to consistently achieve mission 
success.
    At times, information from I&A to State and local partners 
may not be timely enough to help them take steps to protect our 
communities from threats.
    For example, the Government Accountability Office recently 
issued a preliminary report finding that although I&A developed 
two threat products regarding potential threats on January 6, 
2021--the day the U.S. Capitol came under attack from domestic 
terrorists--it did not share the products with partners until 2 
days after the attack, on January 8.\1\
---------------------------------------------------------------------------
    \1\ Government Accountability Office, DRAFT Report ``CAPITOL 
ATTACK: Federal Agencies Identified Some Threats, but Did Not Fully 
Process and Share Information Prior to January 6, 2021,'' December 
2022.
---------------------------------------------------------------------------
    Delays in I&A intelligence product review, approval, and 
dissemination are not new.
    A March 2017 report by the inspectors general of DHS, the 
intelligence community, and the Department of Justice found 
that I&A officials in the field lacked, and I quote, ``release 
authority, that is, the authority to send intelligence reports 
directly to the clearing offices for review and approval 
without first sending them to the Reporting Branch,'' where 
there were backlogs.\2\
---------------------------------------------------------------------------
    \2\ ``Review of Domestic Sharing of Counterterrorism Information,'' 
Inspectors General of the Intelligence Community, Department of 
Homeland Security, and Department of Justice, March 2017, https://
oig.justice.gov/sites/default/files/reports/OIG-17-49-Mar17.pdf.
---------------------------------------------------------------------------
    Four years later--a DHS Administrative Review found that 
similar review backlogs were a factor in the improper 
collection and dissemination of open-source intelligence 
reports on journalists engaged in Constitutionally-protected 
activities during the Portland, Oregon protests in July 
2020.\3\
---------------------------------------------------------------------------
    \4\ ``Report on DHS Administrative Review into I&A Open Source 
Collection and Dissemination Activities During Civil Unrest Portland, 
Oregon, June through July 2020,'' DEPARTMENT OF HOMELAND SECURITY 
OFFICE OF GENERAL COUNSEL, Jan. 6, 2021, http://cdn.cnn.com/cnn/2021/
images/10/01/internal.review.report.20210930.pdf.
---------------------------------------------------------------------------
    Unresolved internal control deficiencies are not the only 
thing that has troubled I&A over the years.
    Under the previous administration, I&A was repeatedly 
politicized, especially regarding information that could be 
used to justify the administration's actions.
    Between March 2018 and August 2020, the senior official 
performing the duties of the under secretary for intelligence 
and analysis, Brian Murphy, made at least five whistleblower-
protected disclosures regarding the politicization of 
information within DHS.
    These concerns led the OIG to initiate investigations, 
during which the OIG found that--on at least one occasion--and 
I quote, ``I&A employees during the review and clearance 
process changed the product's scope by making changes that 
appear to be based in part on political considerations, 
potentially impacting I&A's compliance with intelligence 
community policy.''\4\
---------------------------------------------------------------------------
    \4\ Joseph V. Cuffari, DHS Actions Related to an I&A Intelligence 
Product Deviated from Standard Procedures, DEPARTMENT OF HOMELAND 
SECURITY OFFICE OF INSPECTOR GENERAL, Apr. 22, 2022, https://
www.oig.dhs.gov/sites/default/files/assets/2022-05/OIG-22-41-Apr22-
Redacted.pdf.
---------------------------------------------------------------------------
    These serious long-standing issues amount to a decline in 
institutional capacity that is prone to happen when an agency 
lacks a permanent leader who is dedicated to the mission and 
leading the workforce to mission success.
    This is why, Under Secretary Wainstein, I was pleased to 
hear you say during your Senate confirmation hearings that you 
are committed to the production of ``objective, unvarnished 
intelligence,'' and that your first focus as under secretary is 
on the workforce.
    I believe in the mission of I&A--and today I look forward 
to having a robust, honest conversation about how we address 
these issues to ensure I&A is most effective, that it continues 
to garner support from its stakeholders and the American 
public, and that the men and women of I&A feel good about their 
efforts to keep the homeland safe.
    Throughout my time as chair of the Intelligence and 
Counterterrorism Subcommittee, I have worked tirelessly with 
the Department, other Federal agencies, and Members on both 
sides of the aisle--including my Ranking Member, Mr. Pfluger--
to find solutions to issues that came before us.
    So as we move into a new Congress, I hope that we use what 
we learn today to work together in ensuring I&A's success.
    Before I turn to the Ranking Member, without objection, I 
ask unanimous consent to enter into the record a statement by 
the National Fusion Center Association.

    Ms. Slotkin. The Chair now recognizes the Ranking Member of 
the subcommittee, the gentleman from Texas, Mr. Pfluger, for an 
opening statement.
    Mr. Pfluger. Thank you, Madam Chair. I agree with your 
sentiments, and it has been a pleasure to serve on this 
committee with you. I appreciate your leadership, the staff's 
participation, and, I think, the ability to look at some of 
these issues in what I hope will continue to be more of an 
apolitical, nonpartisan view focused on security.
    So, last month, at our full committee hearing, we focused 
on world-wide threats to the homeland, and Secretary Mayorkas 
testified about foreign terrorist organizations seeking new and 
innovative ways to target the United States--on-going cyber 
attacks on our critical infrastructure and emerging technology 
like drones being weaponized to cause harm; so many other 
threats. Perhaps more now than ever before, we must depend on 
our intelligence professionals to anticipate, to detect, to 
identify the countless threats that we are facing.
    The Office of Intelligence and Analysis was tasked with the 
important role of leading the intelligence enterprise, composed 
of DHS components, as it navigates that complex threat 
environment, and it seeks to mitigate threats before they 
become costly or devastating to Americans or to our homeland.
    Per statute, I&A also serves as the intel community's 
primary liaison to State, local, Tribal, territorial, private 
partners, as well as the conduit for information exchange 
within the many components of DHS that rely on timely and 
reliable, accurate intelligence to execute their own mission 
sets.
    Being someone who served in the military, I know this for a 
fact: Intelligence can be invaluable when properly vetted and 
delivered to the appropriate stakeholders prior to the 
escalation of a threat.
    However, I do believe I&A has struggled, as the Chairwoman 
has said, in a couple of areas, potentially identifying and 
disseminating pertinent intelligence. Whether we call these 
``failures'' or some other adjective, having been investigated 
by DHS OIG, which has found that I&A identified pertinent 
specific threat information on several occasions but in some of 
these cases failed to produce any reports on these threats 
until clearly past the point of mitigation.
    For example, we will go back to Portland, Oregon. Prior to 
your time, I&A published several intelligence reports on U.S. 
journalists engaged in ordinary journalism protected by the 
First Amendment and leading to public outcry. DHS later 
acknowledged, rightfully so, that these reports were misguided 
and eventually recalled them.
    Though a comprehensive DHS administrative review on I&A 
intelligence collection and dissemination activities in 
Portland found no evidence of politicization, it did uncover a 
host of other alarming issues that undoubtedly played a role in 
these high-profile intelligence failures.
    The DHS review found I&A suffered from understaffed and 
overworked personnel, high turnover and decreased institutional 
knowledge, lack of oversight and leadership in some cases, and 
training gaps that left employees operating without an informed 
direction or knowledge of the policy.
    In the Portland incident, junior collectors with less than 
ideal guidance and very little oversight were sent into a 
volatile situation with enormous pressure to produce 
intelligence products before they had mastered the core 
competencies of their own specific duties, leading to 
intelligence reporting on journalists rather than the real-
world threats.
    Conversely, in other situations, open-source collectors 
discovered potentially actionable threat intelligence prior to 
escalation but fell short in the critical mission set of 
sharing that information with law enforcement partners because 
they were, again, unclear on the Department's intelligence 
reporting policy and requirements.
    These sorts of incidents led to public confusion, anger, 
and even ridicule, which only exacerbated the morale of those 
within I&A, many of whom had extended their working hours, 
covering 24/7 shifts and truly working overtime.
    I look forward to hearing from you, Mr. Under Secretary, on 
where the morale of the rank-and-file members is today and what 
leadership has done to right the ship.
    Like so many other members of the IC, I&A is granted the 
authority to collect intelligence through publicly-available 
sources. Having multiple agencies collect and disseminate 
intelligence from publicly-available internet searches and 
other law enforcement public releases can offer limited value 
and at times could be redundant, duplicative, as we mentioned 
before the hearing started.
    A recent DHS OIG review of 9 I&A finished intelligence 
domestic terrorism products released over a 1-year period 
showed 6 of the products contained information that its 
partners could have easily found.
    I hope that during this hearing today we will be able to 
talk about where we have a duplicative or overlapping gathering 
system and we can have that open and honest conversation to 
know where I&A can be most effective going forward.
    In the two decades since the attacks of September 11, the 
intelligence apparatus has evolved greatly, and I am glad that 
it has, as the Chairwoman served in one of those agencies. The 
Office of the Director of National Intelligence, including the 
National Counterterrorism Center, NCTC, has been established. 
The FBI has refocused considerable attention and resources 
toward the counterterror mission and enhancing their 
information-sharing relationship with law enforcement partners. 
DHS-component intelligence branches, from CBP to CISA, have 
been bolstered.
    It is incumbent on us to assess and review at this time the 
performance of the Office of Intelligence and Analysis and 
consider steps to update and rebalance its role and 
responsibilities to ensure that the value is what the American 
people not only deserve but what our hard-earned taxpayer money 
is going toward, eventually with the goal of continuing to keep 
the homeland protected.
    So it is with that that I hope we have a great hearing, 
thank you for calling this, and I yield back.
    [The statement of Ranking Member Pfluger follows:]
               Statement of Ranking Member August Pfluger
    Thank you, Madam Chairwoman. I am pleased the subcommittee is 
holding this important hearing today. Last month, at our full committee 
hearing focused on Worldwide Threats to the Homeland, Secretary 
Mayorkas testified about foreign terror organizations seeking new and 
innovative ways to target the United States, on-going cyber attacks on 
our critical infrastructure, emerging technology like drones being 
weaponized to cause harm, and many other threats. Perhaps now more than 
ever, we must depend on our intelligence professionals to anticipate 
and detect the countless threats to our homeland so that we can defend 
our country from those plotting against us.
    The Office of Intelligence and Analysis was tasked with the 
important role of leading the intelligence enterprise, composed of DHS 
components, as it navigates the complex threat landscape and seeks to 
mitigate threats before they become costly or devastating attacks to 
the homeland. Per statute, I&A also serves as the intelligence 
community's primary liaison to State, local, Tribal, territorial, and 
private partners, as well as the conduit for information exchange 
within the many components of DHS that rely on timely and reliable 
intelligence to execute their prescribed mission sets.
    Intelligence can be invaluable when properly vetted and delivered 
to the appropriate stakeholders prior to escalation of a threat. 
However, I&A has struggled in identifying and disseminating pertinent 
intelligence. I&A's failures have been investigated by the DHS OIG, 
which has found that I&A identified pertinent specific threat 
information on several occasions, but failed to produce any 
intelligence reports on these threats until clearly past the point of 
mitigation.
    For example, during the riots in Portland, Oregon, I&A published 
several intelligence reports on U.S. journalists engaged in ordinary 
journalism protected by the First Amendment, leading to public outcry. 
DHS later acknowledged the reports were misguided and recalled them. 
Though a comprehensive DHS administrative review on I&A intelligence 
collection and dissemination activities in Portland found no evidence 
of politicization, it did uncover a host of other alarming issues that 
undoubtedly played a role in these high-profile intelligence failures.
    The DHS review found I&A suffered from understaffed and overworked 
personnel, high turnover and decreased institutional knowledge, lack of 
oversight and leadership, and training gaps that left employees 
operating without informed direction and policy. In the Portland 
incident junior collectors, with less-than-ideal guidance and very 
little oversight, were sent into a volatile situation with enormous 
pressure to produce intelligence products before they had mastered the 
core competencies of their duties, leading to intelligence reporting on 
journalists rather than real-world threats. Conversely, in other 
situations, open-source collectors discovered potentially actionable 
threat intelligence prior to escalation but fell short in their 
critical mission to share that intelligence with law enforcement 
partners because they were again unclear on the Department's 
intelligence reporting policy and requirements.
    These sorts of incidents led to public confusion, anger, and even 
ridicule, which only exacerbated the morale of those within I&A, many 
of whom had worked extended hours covering 24/7 shifts during staffing 
shortages. I look forward to hearing from Under Secretary Wainstein on 
where the morale of the rank-and-file stands today and what leadership 
is doing to right this ship and improve the culture at I&A.
    Like many other Members of the intelligence community, I&A is 
granted the authority to collect intelligence through publicly-
available sources. Having multiple agencies collect and disseminate 
intelligence from publicly-available internet searches and other law 
enforcements' public releases can offer limited value and at times 
needless redundancy. A recent DHS OIG review of 9 I&A finished 
intelligence domestic terrorism products released over a 1-year period 
showed 6 of the products contained information that its partners could 
easily find on their own.
    I hope to hear from the under secretary on efforts to address the 
issues that have plagued I&A and contributed to the struggles 
illustrated by this series of critical reviews. More specifically, I 
hope to hear what initiatives are under way to address the challenges 
in reporting timely and relevant intelligence while ensuring quality 
control and oversight.
    Last, I hope we can discuss more broadly how I&A can be most 
effective going forward. In the two decades since the attacks of 
September 11, the intelligence apparatus has evolved greatly. The 
Office of the Director of National Intelligence, including the National 
Counterterrorism Center, has been established. The FBI has refocused 
considerable attention and resources toward the counterterror mission 
and enhancing their information-sharing relationship with law 
enforcement partners. And DHS component intelligence branches--from CBP 
to CISA--have been bolstered.
    It is incumbent on us to assess and review the performance of the 
Office of Intelligence & Analysis and consider steps to update and 
rebalance its role and responsibilities to ensure it provides a 
distinct value add to the DHS intelligence enterprise and all the 
external partners and stakeholders it serves.
    With that I yield back the balance of my time.

    Ms. Slotkin. I thank the Ranking Member.
    Members are also reminded that the subcommittee will 
operate according to the guidelines laid out by the Chairman 
and Ranking Member of the full committee in their February 3, 
2021, colloquy regarding remote procedures.
    The Chair now recognizes Mr. Wainstein--I am sorry. Just 
making sure we don't have Mr. Thompson or Mr. Katko? Opening 
statements may be submitted for the record.
    [The statements of Chairman Thompson and Honorable Jackson 
Lee follow:]
                Statement of Chairman Bennie G. Thompson
                 December 13, 2022 at 10 o'clock am EST
    Good morning.
    Thank you to Subcommittee Chair Slotkin and Ranking Member Pfluger 
for calling today's hearing to examine the Department of Homeland 
Security (DHS)'s Office of Intelligence and Analysis (I&A).
    And thank you, Under Secretary Wainstein, for joining us today.
    At the Committee's annual Worldwide Threats to the Homeland hearing 
last month, we heard from the Secretary of Homeland Security, FBI 
director, and director of the National Counterterrorism Center that 
threats to the homeland have never been more complex.
    We heard that threats posed by domestic violent extremists continue 
to rise and those posed by foreign terrorist organizations have not 
gone away.
    We also heard that state actors continue to engage in cyber 
operations that threaten Americans' safety and security.
    Just recently, a cyber attack on a power substation in North 
Carolina wiped out power for more than 45,000 people for days.
    As Chairwoman Slotkin mentioned in her opening remarks, the role of 
intelligence is more important than ever, because it helps us detect, 
deter, and defend against the myriad of threats we face today.
    As an intelligence community member, I&A contributes to the mission 
of delivering information to help protect our country.
    I&A is an invaluable player, as it is the only intelligence 
community member that is tasked--by law--with passing intelligence 
information to State, local, Tribal, territorial, and private-sector 
partners.
    Our State, local, Tribal, and territorial partners are on the 
ground in communities across the country, working daily to protect 
Americans from danger.
    And in many ways, private-sector partners help support that 
critical effort.
    To do the best job possible, it is critical that those on the 
ground have the most reliable intelligence available.
    Unfortunately, I&A has faced challenges that have raised questions 
about its ability to meet its mandate.
    I&A has struggled at times to identify specific analytic products 
and activities to best meet the needs of State and local partners.
    It has also historically had trouble disseminating products in a 
timely manner--Chairwoman Slotkin referenced a few instances in her 
opening statement--and there have been issues with the mechanisms 
through which the information has been shared.
    More recently, the Trump administration sought to use I&A as a tool 
to push the former President's political agenda.
    Today's hearing is an opportunity for Members to hear from Under 
Secretary Wainstein about his plans to ``right the ship.''
    Under his leadership, I&A already has taken important steps in the 
right direction--one of those being improving training for its 
employees.
    In October, I&A changed its new-hire on-boarding and initial 
training program to align them in a more seamless experience.
    The DHS Intelligence Training Academy (ITA) is also working 
diligently to ensure that before being assigned to their unit and 
beginning work, all new employees receive training on regulations 
surrounding:
   collection, retention, and dissemination of data, and
   protecting privacy, civil rights, and civil liberties.
    Moreover, earlier this year the ITA developed a new, special 
learning module on identifying and defending against politicization.
    Having properly-trained personnel is foremost in ensuring that I&A 
is well-positioned to meet its mission of delivering timely, useful 
information to State and local governments and the private sector.
    I look forward to hearing from Under Secretary Wainstein on any 
updates regarding improving I&A's training regimen, and I stand ready 
to work with the under secretary on legislation to ensure the 
preservation of the improvements made and that we continue to build on 
them.
    As training is just one part of investing in the workforce, I also 
look forward to hearing about Under Secretary Wainstein's efforts to 
boost morale within the office, as unfortunately, I&A once again ranked 
near the bottom of the 2021 Best Places to Work in the Federal 
Government list for subcomponents.
    I've said before that an agency's most significant asset is its 
people.
    When we properly invest in their well-being and professional 
development, mission success becomes more attainable.
    With that, I yield back.
                                 ______
                                 
               Statement of Honorable Sheila Jackson Lee
                           December 13, 2022
    Thank you, Chairwoman Slotkin and Ranking Member Pfluger, for 
convening this hearing and affording us, the Homeland Security 
Subcommittee on Intelligence and Counterterrorism, the opportunity to 
hear testimony on ``Examining the Operations of the Office of 
Intelligence and Analysis.''
    I welcome today's witness, the Honorable Kenneth L. Wainstein, 
under secretary for intelligence and analysis, U.S. Department of 
Homeland Security and look forward to your testimony.
    This hearing is the Intelligence and Counterterrorism 
Subcommittee's opportunity to examine the operations of the DHS Office 
of Intelligence and Analysis (I&A) and to hear from the recently 
confirmed Under Secretary for Intelligence and Analysis Kenneth L. 
Wainstein on his vision for the office.
    During the administration of the former president, the DHS I&A 
faced several challenges caused by a misalignment of the aims of the 
former President's administration and the facts as identified by DHS 
I&A's intelligence products.
    For example, a May 13, 2019, whistleblower complaint states that 
the Trump administration members at DHS I&A made inquiries requesting 
information indicating that the Southwest Border was being utilized by 
terrorists as a point of entry to the United States.
    However, DHS I&A's intelligence products showed overwhelming 
intelligence and evidence that the Southwest Border was NOT a primary 
entry point for terrorists.
    This attempted politicization by the former President's 
administration, during his tenure, of the intelligence gathering of DHS 
I&A is gravely concerning.
    DHS I&A is the only U.S. intelligence community (IC) element that 
is statutorily charged with delivering intelligence to our State, 
local, Tribal, and territorial (SLTT) and private-sector partners, and 
with developing intelligence from those partners for the Department and 
the IC.
    As such, State, local, Tribal, and territorial (SLTT) governments, 
the private sector, the intelligence community, and critical 
infrastructure owners and operators depend on DHS I&A components to 
ensure that they are aware of the most pressing threats to the Nation.
    Consequently, your leadership, Mr. Wainstein, over I&A is 
appreciated and critical at this time when domestic and home-grown 
violent extremism are on the rise.
    Domestic Violent Extremists (DVEs) jeopardize Americans' safety and 
security, as they seek to advance political or social goals through 
violence or threats of violence, without direction from any foreign 
organization.
    Home-grown Violent Extremists (HVEs) are those who are radicalized 
to engage in violence by the ideology of a foreign terrorist 
organization.
    In recent years, a number of paramilitary groups within the United 
States have been stockpiling weapons and preparing for violence.
    These characters are a subset of Domestic Violent Extremists (DVEs) 
called militia violent extremists or MVEs and they present the most 
likely threat to conduct mass-casualty attacks against civilians.
    MVEs typically target law enforcement and Government personnel and 
facilities. In the past 2 years, some MVEs have been instigated by the 
former President's allegations about the 2020 election.
    According to an opinion article published by the New York Times 
Editorial Board titled ``How a Faction of the Republican Party Enables 
Political Violence,'' a 2022 survey found that some 18 million 
Americans believe that the 2020 election was stolen from Donald Trump 
and that force is justified to return him to power. Of those 18 
million, 8 million of them own guns, and 1 million either belong to a 
paramilitary group or know someone who does.
    Another subset of DVE's is defined by their racially or ethnically 
antagonistic motivations.
    Your testimony states that, racially or ethically motivated violent 
extremists (RMVEs) are also among the most likely to conduct mass-
casualty attacks against civilians.
    The New York Times reports that of the more than 440 extremism-
related murders committed in the past decade, more than 75 percent were 
committed by right-wing extremists, white supremacists, or anti-
Government extremists.
    RMVE's are a particularly pressing concern to me because the city I 
represent, Houston, is one of the most diverse cities in the country.
    According to Rice University's Kinder Institute for Urban Research, 
over the past 5 decades, Houston has become a minority-majority city. 
The population of Harris County--that encompasses Houston--is 31 
percent white, 42 percent Hispanic, 19 percent Black and 8 percent 
Asian.
    As you noted in your testimony, RMVEs are responsible for a 
majority of DVE-related deaths since 2010--92 of the 192 deaths in that 
period.
    There is no place in our democracy for racially or ethnically 
motivated violence whether they are based on conspiracy theories rooted 
in anti-Black, antisemitic, or any other bigoted ideologies. Their 
manufactured paranoia about the ``great replacement'' and ``white 
genocide,'' or any other fabricated animosity threatens our Nation's 
social fabric.
    The need for modernization and focus on DHS I&A's ability to 
produce tangible and impactful products from intelligence gathering is 
clear.
    On January 6, 2021, a violent mob of rioters stormed the U.S. 
Capitol in an attempt to overturn the results of the 2020 Presidential 
election. In the midst of the chaos, House Speaker Nancy Pelosi was 
targeted by the mob. They broke into her office, vandalized it, and 
defiled the Capitol.
    The threats against Members of Congress accelerated since then and 
are now more than 10 times as numerous as they were just 5 years ago.
    As these risks continue to escalate, I welcome your leadership and 
look forward to learning more about the changes being implemented at 
DHS I&A and their results.
    However, any improvements must still ensure that all intelligence 
development activities are conducted in accordance with the law, the 
Constitution, and in a manner that protects individual rights to 
privacy, civil rights, and civil liberties.
    Your testimony reported that a realignment of I&A's open-source 
collection officers to threat-specific accounts, enabled I&A's 
intelligence collectors to be one of the first in the intelligence 
community to locate the manifesto of the shooter responsible for the 
domestic violent extremist attack in Buffalo, New York, and that I&A 
was able to provide that critical information within minutes of the 
attack to stakeholders in the FBI and SLTT partners.
    It is essential that I&A's intelligence efforts continue to improve 
and ensure that a January 6th calamity never occurs again.
    Again, any improvements must safeguard Constitutionally-protected 
rights while ensuring that dangerous people seeking to cause harm are 
denied opportunities to commit acts of violence.
    With the rise in domestic violent extremism, cyber attacks, 
misinformation, and racially-motivated violent extremism, the I&A's 
mission is formidable and critical.
    Yet, DHS I&A must continue to keep our homeland secure, preserve 
democratic values, and combat maliciously-disseminated falsehoods that 
are spread with the intent to upend democracy.
    Democracy flourishes when citizens are free from harm and can 
receive reliable information; hence, it is ultimately the task of 
intelligence agencies to ensure that both occur.
    The Nation depends on I&A to help safeguard our liberties and 
democratic traditions, as well as combat attempts by foreign interests 
to sow discord in our society through manipulation and misinformation.
    Only in this way can we ensure that our homeland remains safe, 
democracy prevails, and the institutions of our republic are protected 
for future generations.
    Thank you, and I yield back the remainder of my time.

    Ms. Slotkin. The Chair now recognizes Mr. Wainstein for his 
opening statement.

 STATEMENT OF KENNETH L. WAINSTEIN, UNDER SECRETARY, OFFICE OF 
INTELLIGENCE AND ANALYSIS, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Wainstein. Thank you, Chairwoman Slotkin, Ranking 
Member Pfluger. I very much appreciate the opportunity to 
discuss DHS's Office of Intelligence and Analysis, or I&A. It 
is an honor to be here, but it is really an honor to be here 
representing the dedicated and high-caliber intelligence 
professionals at I&A.
    While my statement for the record includes a very 
comprehensive sort-of overview of what we are doing at I&A 
right now, over the next few minutes I would like to run 
through some of the key points describing I&A's mission and its 
management and oversight.
    In terms of mission, first and very fundamentally, as an 
intelligence agency, I&A's primary function is to carry out 
each stage of the intelligence cycle on behalf of its 
customers: setting requirements, collecting against those 
requirements, reporting on that collection, and then 
disseminating those products to our partners.
    In terms of dissemination, I&A is currently modernizing how 
we deliver intelligence to our partners. This year, I&A rolled 
out a mobile app which allows our customers, police on the beat 
out in their squad cars, to access products on their phones, 
making it a lot easier for them to get real-time access to 
intelligence.
    We are also piloting a project that distributes laptops at 
the Secret level out to our cleared partners so that they don't 
need to be tethered to a fusion center or to an office to get 
intel.
    The second area that I want to focus on and that is a 
critical part of our mission is intelligence partnerships. As 
Secretary Mayorkas often says, DHS is fundamentally a 
department of partnerships. We have taken a number of recent 
steps to energize our relationships.
    For example, we recently established a Deputy Under 
Secretary for Intelligence Partnerships, which has elevated 
that engagement function within our organization, and that 
person reports directly to me. We started hosting biweekly 
meetings with our State, local, territorial, and Tribal 
partners to discuss the threat environment that we all face.
    In August, as an example, we hosted a national intelligence 
summit with the IACP, which convened over 100 partners, police 
officials from agencies and associations at all levels of 
government, to reimagine and discuss information-sharing 
efforts in the future.
    So, in addition to the intelligence cycle and intelligence 
partnerships, a third and absolutely critical mission has been 
building and enhancing the management and well-being of the I&A 
work force, something that you both very appropriately 
mentioned.
    I am particularly encouraged by our recent progress both 
before and after my arrival here in bolstering morale and 
organizational health. This progress includes:
    (A), a focus on enhancing diversity initiatives. We live in 
a diverse world, and it requires a diverse intelligence work 
force, and, as such, we consider diversity a core value.
    Second, we have reenvisioned our telework program and 
flexible scheduling to attract and retain talented personnel.
    Third, we are improving employee communication on different 
mechanisms therefor, including how we receive feedback from the 
work force, which is so critical to self-examination, which is 
so needed in progress.
    Fourth, we have instituted initiatives to bolster employee 
morale. We launched a speaker series with speakers like Jim 
Clapper and Stacey Dixon. In October we held the first I&A 
Family Day in almost 10 years, patterned after what the CIA has 
done for many generations.
    Then, finally, knowing that this committee has placed a 
special focus on the quality of I&A's training, we have made 
substantial progress in enhancing our training efforts over the 
past couple years, including development of oversight training 
that covers I&A's authorities, the Intelligence Oversight 
Guidelines, and whistleblower protections.
    In addition to training its own staff, I&A has expanded 
training opportunities for intelligence personnel in other DHS 
components and among our State and local partners, to the tune 
of almost a 300 percent increase in 2021 alone in terms of the 
number of people who have taken that training.
    These training efforts are being done in tandem with the 
formulation of a rigorous process of oversight. In response to 
the findings from the reports that you all mentioned, I&A has 
worked hard to instill an oversight culture that is intensely 
focused on analytic integrity and on the protection of privacy, 
civil rights, and civil liberties of U.S. persons.
    In 2021, I&A doubled the size of its Intelligence Oversight 
Branch, which provides training and advice on the Attorney 
General-approved Intelligence Oversight Guidelines. It also 
conducts compliance inquiries and reviews all of I&A's 
intelligence products--finished intelligence.
    We have hired two career professionals as full-time ombuds, 
who help resolve individual and organizational concerns in the 
work force without fear of retaliation.
    It is also important to note that DHS's Offices for Civil 
Rights and Civil Liberties, Privacy, and the General Counsel 
are all heavily involved in our oversight efforts and review 
all of our finished intelligence products.
    To ensure that our organizational decisions are aligned 
with our long-term strategy, we are also currently carrying out 
a 360 review of I&A's activities--and this goes to something 
that you said, Mr. Ranking Member--taking a look at where we 
stand today. We are doing that with the help of two 
distinguished National security professionals who are studying 
the organization and engaging with stakeholders to ensure that 
we are adapting and aligning our resources to meet the evolving 
threats.
    Should we identify room for improvement in that process, we 
will work closely with Congress on the authorities and 
resources we may need. For instance, with our fiscal year 2023 
budget, we have made particularized requests to expand our 
analytical cadre on a range of growing threats and to invest in 
technology that we need.
    So, to conclude, I want to thank you for your continued 
support and your continued guidance. As I trust you can see 
from our summary, I&A remains committed to enhancing 
partnerships, to reinvigorating our information-sharing 
efforts, to improving the way we deliver intelligence to our 
partners, and to maintaining an intense focus on enhancing 
oversight, training, and morale across the organization.
    Thank you for the honor of appearing before you today, and 
I look forward to answering your questions.
    [The prepared statement of Mr. Wainstein follows:]
               Prepared Statement of Kenneth L. Wainstein
                           December 13, 2022
    Chairwoman Slotkin, Ranking Member Pfluger, and Members of the 
subcommittee, thank you for the opportunity to discuss the current 
activities of the Office of Intelligence and Analysis (I&A) of the 
Department of Homeland Security (DHS). It is an honor to be here 
representing I&A's dedicated and high-caliber intelligence 
professionals who work tirelessly to further the security of our 
Nation.
    Today, I will provide the committee with an overview of I&A and its 
operations. In crafting this overview, I have erred on the side of 
being comprehensive and detailed, as I know that the committee Members 
are intensely interested in the organizational effectiveness and well-
being of every part of I&A. This overview will focus on describing 
I&A's mission, detailing certain aspects of the management and 
oversight we are putting in place, and assessing the current threat 
that my I&A colleagues are confronting.
                             i. the mission
    Last month marked the 20th anniversary of the Homeland Security Act 
of 2002, which brought together many components of the Federal 
Government in a determined National effort to safeguard the United 
States against terrorism in the wake of the devastation on September 
11, 2001. The creation of DHS was the largest reorganization of the 
Federal Government's National security establishment since 1947 and is 
a testament to the grave threat we face as a Nation from terrorism.
    The Homeland Security Act provides many of the core authorities 
that guide I&A's intelligence activities. Acknowledging the need to 
enhance information sharing and provide timely, actionable intelligence 
to a far-reaching base of customers and partners, Congress tasked I&A 
to collect, analyze, and disseminate intelligence with State, local, 
Tribal, and territorial (SLTT) governments, the private sector, the 
intelligence community, critical infrastructure owners and operators, 
and other DHS components to ensure that these entities are all aware of 
the most pressing threats to the Nation.
The Intelligence Cycle
    Over the past 20 years, I&A has developed its capacity to carry out 
every stage of the intelligence cycle--the establishment of 
requirements, the collection of information, the analysis and reporting 
of that information, and its dissemination to our partners. I&A plans 
and directs its intelligence activities, performing collection, 
analysis, dissemination, and feedback functions, to holistically 
implement the full intelligence cycle.
    Establishment of Intelligence Requirements.--I&A oversees the 
formulation of the requirements that guide our intelligence collection 
and production efforts. Each year, I&A represents DHS in the ODNI's 
National Intelligence Priorities Framework process by which the 
President articulates the intelligence targets and topics that should 
be prioritized by the Federal intelligence community elements. During 
that process, we advocate for the Department's intelligence interests 
in the ranking of priorities across the Federal Government.
    As the chief intelligence officer of the Department, I also oversee 
the intelligence prioritization process within DHS--called ``Threat 
Banding''--by which we prioritize the homeland security threats within 
our Departmental responsibility. The Department's intelligence efforts 
are prioritized and carried out in accordance with that ranking.
    Collection.--I&A then carries out collection activities in 
furtherance of the established requirements and in support of National 
and Departmental missions. It is authorized to do so through overt 
means and by collecting publicly-available information.
    A focus of our collection efforts has been on enhancing I&A's Open-
Source Collection Operations Office, where we have realigned our open-
source collection officers to threat-specific accounts, which has 
enhanced our ability to identify and disseminate actionable 
intelligence. As a recent example, our collectors were one of the first 
in the intelligence community to locate the manifesto of the shooter 
responsible for the domestic violent extremist attack in Buffalo, New 
York, providing it within minutes of the attack to stakeholders 
including the FBI and SLTT partners. In the coming year, we plan to 
make additional investments in the capabilities of our open-source 
collection program consistent with DHS policy and legal authorities 
that protect privacy, civil rights, and civil liberties. We are also 
engaging with fusion centers and the intelligence community to share 
best practices for open-source collection and analysis.
    Intelligence Production.--I&A conducts analysis and issues products 
on the full range of threats that are currently facing the homeland. 
I&A's analyst cadre is organized in mission centers--e.g., the 
Transnational Organized Crime Mission Center and the Cyber Mission 
Center--allowing analysts to develop specific subject-matter expertise 
and to develop the network of contacts within the agencies that operate 
within their mission space.
    Since 2020, I&A has recommitted to improving the quality and 
timeliness of its analysis to provide decision advantage to homeland 
security stakeholders in responding to threats. As part of these 
efforts, I&A has centralized its planning, review, and dissemination of 
finished intelligence production under its research director--a senior, 
analytic subject-matter expert who recently came to I&A from the 
Defense Intelligence Agency. The research director has focused on 
establishing effective processes and procedures for producing analysis 
and instituting multi-layered review of finished intelligence products 
and improving training tailored to analytic expertise.
    These efforts have resulted in greater utility of I&A's analysis by 
homeland security customers and positive feedback on its timeliness and 
relevance to protecting the homeland. In fiscal year 2022, I&A received 
significant positive feedback on its finished intelligence products.\1\
---------------------------------------------------------------------------
    \1\ This feedback indicated that 86 percent of the respondents were 
very satisfied or satisfied with the timeliness, and 89 percent were 
very satisfied or satisfied with the relevance of the products.
---------------------------------------------------------------------------
    Dissemination.--I&A has one of the broadest customer sets within 
the intelligence community--from the President and Cabinet-level 
officials like Secretary Mayorkas to State government leaders, local 
law enforcement, critical infrastructure owners and operators, and even 
the public. In fiscal year 2022, more than 60 percent of I&A's finished 
intelligence products were produced at the un-Classified level to 
ensure the widest dissemination with those who have a need to know. At 
the same time, I&A's production--including regular products in the 
President's Daily Brief last year--helped inform the intelligence 
community and policy makers on the unique threats the Nation faces 
internally and at its borders.
    With such a broad customer set, I&A has worked to modernize our 
methods for delivering intelligence to our full range of customers. In 
2020, I&A stood up a team to manage the delivery of intelligence to 
customers within DHS. This team curates a daily read book with DHS and 
intelligence community products that have a Homeland nexus and provides 
a daily Classified briefing to all I&A personnel deployed across the 
country, including those assigned to the 80 State and major urban area 
fusion centers. Each month, that team also provides a Secret-level 
threat briefing to our SLTT customers.
    The primary mechanism for dissemination of un-Classified products 
is the Homeland Security Intelligence Network, which provides on-line 
access to over 50,000 un-Classified intelligence products for our SLTT 
partners. To facilitate more convenient access to these products, this 
year I&A rolled out its HSIN-Intel mobile application that allows HSIN 
members to access those products on their smartphones.
    As another effort to facilitate SLTT access to our intelligence 
products, we are currently piloting a project that distributes laptops 
to cleared SLTT partners that will allow them access to SECRET-level 
products without having to travel to one of the few locations scattered 
around the country with a SECRET, Homeland Security Data Network or to 
a Sensitive Compartmented Information Facility.
    The above efforts are going a long way to expand access to DHS and 
intelligence community products and enhance coordination with our 
State, local, Tribal, territorial, and private-sector partners against 
the threats to our homeland security.
Intelligence Partnerships
    As Secretary Mayorkas often says, DHS is fundamentally a department 
of partnerships. This is at the core of why Congress established I&A 
and why the I&A workforce is dedicated to building close and lasting 
coordination with all levels of government and the private sector, 
including critical infrastructure owners and operators, academia, faith 
communities, and non-profit organizations. We are taking numerous steps 
to further energize that coordination.
    First, we recently established a deputy under secretary for 
intelligence partnerships to elevate I&A's partner engagement efforts. 
This new position and structure elevate our engagement, liaison, and 
outreach efforts under a single position, ensuring our senior 
leadership maintains close connectivity with our partners, and 
providing those partners with a single senior-level touch point within 
I&A.
    Second, we are hosting national, bi-weekly meetings with our SLTT 
and private-sector partners to discuss the threat environment. These 
meetings allow I&A to routinely share relevant threat information and 
discuss emerging threats at both the local and national levels, while 
also providing an opportunity for I&A to hear and incorporate our 
partners' perspectives into our analysis.
    Third, we hosted a national Intelligence Summit in August 2022 in 
partnership with the International Association of Chiefs of Police, 
which convened over a hundred partners from agencies and associations 
at all levels of government. The summit started with the premise that 
the information-sharing architecture that was largely built after and 
in response to the 9/11 attacks had failed to evolve with the emerging 
threats of the past 20 years and that we need to re-energize the 
process and urgency of building and maintaining information-sharing 
processes among all levels of government. Over 2 days of issue-specific 
workshops, the summit participants came up with--and mutually committed 
to--a slate of initiatives to guide our information-sharing efforts in 
the future. As a follow-up to the Summit, Secretary Mayorkas asked the 
Homeland Security Advisory Council (HSAC) to further evaluate and make 
recommendations for reform of the current practices and processes for 
sharing information and intelligence with our Federal, SLTT, and 
private-sector partners, and we are supporting the HSAC as it develops 
its recommendations.
The DHS Intelligence Enterprise
    In my role as CINT, I&A is working closely with our DHS components 
through the Homeland Security Intelligence Council (HSIC) to coordinate 
the development of intelligence processes and intelligence oversight 
across the Department. In March 2022, Secretary Mayorkas directed that 
I&A lead the effort to expand and apply uniform standards and 
consistent oversight to all intelligence products across the Homeland 
Security Intelligence Enterprise (IE), providing unity and 
standardization to the Department's intelligence operations writ large. 
As an important part of that effort, DHS's Office for Civil Rights and 
Civil Liberties, Privacy Office, and Office of the General Counsel are 
engaging directly with DHS components to help them apply intelligence 
oversight principles to all DHS finished intelligence.
              ii. leadership and organizational management
    A leader's first priority is to support that leader's personnel. As 
such, supporting the I&A team is my top priority, and much of my focus 
during my first 6 months has been on the workforce.
Morale and Organizational Health
    I am proud of the progress that has been made recently--both before 
and after my arrival--in bolstering morale and organizational health, 
and I am confident that our efforts will continue to yield dividends in 
morale and productivity.
    Those efforts have included the following initiatives. First has 
been a focus on enhancing our diversity initiatives and representation. 
We live in a diverse world that requires a diverse intelligence 
workforce, and as such, we consider diversity a core value. In 
September 2020, I&A appointed a chief diversity, equity, and inclusion 
officer to drive diversity and equity initiatives. I&A also established 
a Diversity and Inclusion Council and issued its first Inclusive 
Diversity Strategic Plan for Fiscal Years 2022-2026, which is designed 
to spark new and creative efforts to enhance diversity, equity, 
inclusivity, morale, and productivity across I&A.
    Second, following lessons learned during the COVID-19 pandemic, we 
have re-envisioned our telework program and flexible scheduling. We are 
finding that an appropriate level of flexibility is helping us attract 
and retain talented personnel.
    Third, we recently implemented an advanced analytic employee 
feedback survey, which can be used to examine the functioning of an 
individual I&A center or division, diving deep into the leadership and 
work environment of teams and individuals. This tool has already 
provided actionable insight into several areas for improvement, 
contributing to I&A's adjustments in work unit dynamics, leadership 
training, and work flexibility opportunities.
    Fourth, I&A implemented a multi-faceted communication strategy 
leveraging multiple mediums to share information and gather feedback--
including office-wide brown bags, employment of an organizational 
ombudsman, monthly newsletters, and virtual forums focused on employee 
concerns and feedback--to ensure our employees are fully engaged and 
informed about important workforce matters.
    Finally, we have instituted several new initiatives designed to 
bolster employee enthusiasm and morale. These include a new speaker 
series, which featured conversations with recognized high-ranking 
national security and intelligence experts, including former CIA 
Director John Brennan, former Director of National Intelligence (DNI) 
James Clapper, and Principal Deputy Director of National Intelligence 
(PDDNI) Dr. Stacey Dixon.
    In October 2022, we also held the first I&A Family Day in almost 10 
years. Modeled after the Central Intelligence Agency's family day, this 
was a special celebration of I&A families and the support they give to 
us and our careers. We had over 300 family members participate in the 
event, many of whom traveled to the District of Columbia to learn about 
the important work their loved ones do to protect the country. Thanks 
to the generosity of our partners, they were able to see a number of 
special capabilities from the operational missions we support, 
including a CBP helicopter, a Secret Service drone demonstration, the 
Secret Service Presidential limousine known as ``The Beast,'' and U.S. 
Park Police horses.
Training Enhancements
    I know from my engagement with committee Members that this 
committee has placed a special focus on ensuring that I&A's training 
meets the high standards of both the intelligence community and the 
Department. I appreciate and share that focus. Following the reviews of 
I&A's activities in Portland during the summer of 2020 and leading up 
to the attack on the Capitol on January 6, 2021, I&A has significantly 
enhanced the quality and comprehensiveness of its training. I&A's 
training is an essential part of our workforce development and is key 
to ensuring that all activities are conducted in accordance with the 
law and the Constitution, and in a manner that appropriately protects 
individuals' privacy, civil rights, and civil liberties.
    In partnership with the Office of the General Counsel, I&A 
developed a series of refresher oversight training sessions which cover 
I&A's authorities, the legal interpretation of the Intelligence 
Oversight Guidelines, whistleblower protections, and some of the 
discrete Constitutional and statutory considerations that were 
encountered by I&A collectors working on the Portland situation during 
the summer of 2020. This year, we also created a new mandatory training 
program for all new open-source collection officers, which includes 
education about the types of information I&A can and cannot collect and 
the procedures for disseminating this information to appropriate 
stakeholders. Finally, I&A is providing training webinars on the 
conceptualization of finished intelligence products and I&A's Analytic 
Tradecraft Evaluation program to reinforce ODNI tradecraft standards.
    In addition to training its own staff, I&A has expanded training 
opportunities for intelligence personnel in other DHS components and 
among our SLTT partners. In fiscal year 2021, I&A adopted a blended 
learning delivery model to reach students from across DHS and our SLTT 
partners through a combination of virtual and classroom instructor-led 
classes, resulting in over 3,000 graduates from the Intelligence 
Training Academy--a 290 percent increase over fiscal year 2020. Last 
year, I&A also increased the number of students from other DHS 
components at the National Intelligence University (NIU) by 57 percent 
and expanded their enrollment in intelligence community courses by 121 
percent.
    Overall, I&A's recent efforts to enhance its internal and external 
training have been exceptional. In fact, they recently earned 
recognition with two awards from the director of national intelligence: 
the ``Intelligence Community Learning Innovator of the Year Team 
Award'' for our post-pandemic pivot and success in the virtual training 
space and the ``Intelligence Community Education/Training Support Staff 
Person of the Year'' for the good work of one of our exceptional 
training staff members.
Effective Oversight
    I&A has also made great strides in developing a comprehensive and 
effective oversight process for its intelligence activities. In direct 
response to the findings and recommendations of numerous reports and 
reviews over the past several years, I&A has significantly enhanced its 
oversight efforts to instill a culture that is intensely focused on 
analytic integrity and on the protection of the privacy, civil rights, 
and civil liberties of U.S. persons.
    The touchstone of that oversight is found in the Attorney General-
approved Intelligence Oversight Guidelines for I&A's intelligence 
activities. These guidelines ensure that I&A appropriately collects, 
retains, and disseminates information concerning U.S. persons and 
executes its vital mission to protect the homeland without compromising 
our values or the privacy, civil rights, and civil liberties of 
Americans.
    I&A has developed strong processes to ensure compliance with both 
the letter and the spirit of these guidelines. It has built a Privacy 
and Intelligence Oversight Branch of professionals who ensure that the 
Constitutional and privacy rights of U.S. persons are carefully 
observed throughout the intelligence cycle. The branch, which doubled 
in size in 2021, provides intelligence oversight training for all I&A 
personnel, conducts compliance reviews and inquiries into questionable 
intelligence activities, reviews certain finished intelligence 
products, and advises I&A staff and managers on privacy matters. These 
oversight professionals are assigned to each mission area of I&A, and 
one of them is embedded with the collectors in the Open Source 
Collection Office to advise and assist with applying intelligence 
oversight and privacy principles to I&A's open-source collecting and 
reporting activities.
    I&A has also hired two career intelligence community professionals 
as full-time ombuds--an Organizational Ombuds and an Analytic Ombuds. 
I&A's ombuds are independent, impartial dispute resolution 
practitioners who provide an informal and confidential forum to hear, 
informally investigate, and help resolve individual and organizational 
concerns without fear of retaliation. I&A employees are encouraged to 
bring the full scope of issues to the ombuds, including concerns about 
collection practices and analytic tradecraft. Beyond facilitating 
equitable outcomes for employees with these concerns, the ombuds seek 
to promote better communication, foster constructive dialog, increase 
collaboration, and improve transparency within the workforce.
    It is important to note that DHS's Office for Civil Rights and 
Civil Liberties, Privacy Office, and Office of the General Counsel are 
all heavily involved in our internal intelligence oversight efforts. 
These offices help oversee and train DHS intelligence personnel, and, 
importantly, they review most I&A finished intelligence products before 
they are approved and disseminated outside the Federal Government, to 
ensure that those products are drafted in a way that fully protects the 
privacy and the legal rights of all U.S. persons. As mentioned above, 
at the Secretary's direction, we are currently extending that review 
process to the finished products of the other DHS components as well.
    As we continue to confront the myriad threats facing the homeland, 
we recognize that our activities must be conducted under strict 
oversight and in a manner that is consistent with the law and the 
Constitution and that fully protects the privacy, civil rights, and 
civil liberties of United States persons.
Future of I&A
    I have now gone through I&A's overall mission and the way that I&A 
is currently deployed to further that mission. I will now describe what 
we are doing to position I&A to carry out that mission in the future.
    Strategic Review.--To ensure that our organizational decisions are 
aligned with a long-term strategy, I&A has hired two distinguished 
National security professionals to assist with strategic planning--one 
the former Senate-confirmed general counsel of DHS and the other the 
former acting director and deputy director of the National 
Counterterrorism Center. These National security professionals are 
engaging with I&A's stakeholders, reviewing I&A's current activities 
and resources, and helping to ensure that I&A is adapting and aligning 
its resources to meet the evolving threats to the homeland. They are a 
great source of advice and counsel to my team and me as we chart out 
the future of I&A.
    Analytic Resources.--We have also asked Congress for the resources 
that will equip I&A to meet those evolving threats. Our budget request 
for fiscal year 2023 allows us to expand our analytic cadre to, among 
other things, enhance cybersecurity threat analysis, deepen our 
coverage of nation-state threat actors and their proxies, enable 
analysis focused on the full range of terrorism tactics, techniques, 
and procedures, and better assess how these threats impact our critical 
infrastructure. The request also includes funding to enable and sustain 
I&A's economic security and financial intelligence mission, including 
efforts related to foreign direct investment in the United States 
(CFIUS), threats to the U.S. supply chain, intellectual property theft, 
and strategic threats to U.S. economic security. Finally, our budget 
request seeks a necessary investment in modernizing our information 
technology tools, particularly those needed for analyzing significant 
un-Classified data holdings, which are critical to our ability to 
identify and share actionable intelligence with the intelligence 
community and our SLTT and private-sector partners.
                     iii. current threat assessment
    With that clarification of I&A's mission and the steps we are 
taking to meet that mission now and in the future, I will now turn to 
the homeland security threats that we are confronting. Today's threat 
environment is a complex combination of domestic and international 
terrorism, transnational organized crime, malicious cyber actors, 
traditional counterintelligence threats, and foreign adversaries who 
try to undermine our National security with non-traditional collection 
efforts and malign foreign influence campaigns.
Nation-State Adversaries
    Nation-state adversaries are becoming an increasingly complex 
threat with the use of both traditional and non-traditional tradecraft. 
These countries, including China, Iran, and Russia, engage in 
traditional, government-focused espionage; they engage in economic 
espionage targeting private-sector intellectual property and 
technology; and they also conduct malign influence campaigns to sow 
divisions in our society and to undermine confidence in our democratic 
institutions.
    The People's Republic of China (PRC), in particular, has 
aggressively employed a whole-of-government approach to undercut U.S. 
competitiveness and democracy, methodically targeting each of our 
industries to steal our innovations, amplifying narratives that sow 
doubt in U.S. institutions, and targeting messaging campaigns against 
U.S. politicians they deem hostile to PRC interests, including one U.S. 
Congressional candidate who was a leader in the Tiananmen Square 
demonstrations in 1989. The PRC also employs trade agreements, sister-
city agreements, and other seemingly benign economic and cultural 
outreach efforts to foster exploitable relationships to exert influence 
and establish a stronger foothold in the U.S. homeland. Recently, the 
PRC has gone so far as to set up so-called ``police stations'' in the 
United States to leverage police powers to target dissidents and other 
perceived adversaries in our country.
Terrorism
    As the IC has assessed, the most significant and persistent 
terrorism threat we currently face is from U.S.-based lone actors and 
small groups who are inspired by a broad range of ideologies, including 
Homegrown Violent Extremists (HVEs) and Domestic Violent Extremists 
(DVEs). Before addressing that assessment, however, I would like to 
register our recognition of the significant and complex policy issues 
related to an intelligence agency conducting lawful activities to 
counter the domestic terrorism threat. The motivations that drive 
domestic terrorists to engage in criminal activity often overlap with 
lawful, Constitutionally-protected thought, activity, and speech. As 
such, we recognize that it is critical that we focus our domestic 
terrorism intelligence operations only on activity reasonably believed 
to have a nexus to violence and always in accordance with the legal and 
policy limitations on that conduct. As a result, I&A personnel are 
prohibited under all circumstances from engaging in any intelligence 
activities for the sole purpose of monitoring activities protected by 
the First Amendment.
    For definitional purposes, U.S.-based terrorist actors fall into 
two groups. The Home-grown Violent Extremists (HVEs) are those who are 
radicalized to violence by the ideology of a foreign terrorist 
organization. The Domestic Violent Extremists (DVEs) are those who seek 
to further political or social goals through violence or threats of 
violence, without direction or inspiration from any foreign 
organization.
    DVEs are motivated by a wide range of factors, including biases 
against racial and religious minorities, perceived Government 
overreach, conspiracy theories promoting violence, and false or 
misleading narratives that are often spread on-line. Among DVEs, 
racially or ethnically motivated violent extremists (RMVEs) and militia 
violent extremists (MVEs) present the most lethal DVE threats, with 
RMVEs most likely to conduct mass-casualty attacks against civilians 
and MVEs typically targeting law enforcement and Government personnel 
and facilities. RMVEs have been responsible for a majority of DVE-
related deaths since 2010--92 of the 192 deaths in that period--often 
directing their attacks against soft targets, such as large public 
gatherings, houses of worship, and retail locations.
    One tragic recent example of this was the May 2022 murder and 
wounding of numerous innocent shoppers at a Buffalo, New York, 
supermarket by a shooter who was motivated by anti-Black and 
antisemitic conspiracy theories, often referred to as the ``great 
replacement'' or ``white genocide'' theories. Another example was the 
August 2019 shooting at a Walmart in El Paso, Texas, which resulted in 
the death of 23 individuals allegedly by a shooter who cited similar 
grievances and inspiration for the attack and is awaiting trial.
    Among DVEs, RMVEs also possess the most persistent and concerning 
connections around the world. RMVEs are present throughout many Western 
countries, they are known to frequently communicate with each other, 
and they routinely use the internet to inspire like-minded individuals 
to launch attacks in other countries. Over the past two decades, many 
transnational on-line RMVE networks have emerged, fostering a 
decentralized movement that encourages supporters to undertake violent 
action that is framed around the concept of leaderless resistance in 
support of global RMVE activity. For example, both the Buffalo and El 
Paso attackers indicated they were inspired by Australian Brenton 
Tarrant's 2019 attack on two mosques in Christchurch, New Zealand, 
which killed 51 worshippers.
    In recent years, DVEs adhering to different violent extremist 
ideologies have increasingly been motivated and radicalized by 
perceptions of Government overreach and election. As a consequence, we 
have seen an increase in threats and acts of violence from these actors 
against law enforcement, judiciary, and Government personnel.
    While focusing on domestic terrorism, we remain vigilant against 
the terrorist threat from foreign terrorist organizations (FTOs) like 
ISIS, al-Qaeda, and al-Shabaab. These foreign groups are committed to 
attacking the United States, and they continue to expand their 
networks, raise funds, recruit, organize, plan operations, and hone 
their social media-based messaging to inspire attacks in the homeland 
and against our allies. They maintain a highly visible on-line presence 
focused on inspiring HVEs to conduct attacks in the United States. ISIS 
media outlets, for example, routinely issue on-line content portraying 
the group as the true vanguard of resistance against the United States 
and its allies, calling for attacks in the United States, and sharing 
tactics and techniques for conducting terrorism operations without 
detection by law enforcement.
    Iran and its partner, Lebanese Hezbollah, also continue to pose an 
enduring threat to the homeland, evidenced by Iran's public statements 
threatening retaliation for the death of Islamic Revolutionary Guard 
Corps Quds Force Commander Qasem Soleimani and for the arrests of 
Iranian agents for plotting operations and spying on Iranian dissidents 
in the United States. In August, U.S. Federal prosecutors unsealed 
charges against an IRGC member for plotting to assassinate former 
National Security Advisor John Bolton.
Cyber
    On the cyber front, we face a sustained cyber threat from 
sophisticated nation-state cyber actors and from cyber-criminal groups, 
including cyber-enabled espionage and disruptive cyber attacks on 
health care companies and other private-sector organizations.
    In terms of nation-state actors, we can expect Russia to continue 
its targeting of the homeland with malicious cyber operations to 
collect intelligence, enable influence operations, and improve its 
ability to disrupt critical infrastructure in a crisis. We anticipate 
similar efforts from Beijing with the sharpening competition between 
the United States and China and the potential threat of a crisis over 
Taiwan. Iran's growing expertise and willingness to conduct aggressive 
and opportunistic cyber operations make it a major threat as well. Last 
year, for instance, cyber actors from Iran attempted to conduct a cyber 
attack on Boston Children's Hospital. While the attack was successfully 
thwarted, it exemplifies the type of high-impact threat we face from 
Iran.
    In terms of criminal actors, ransomware has become a serious threat 
in recent years. Ransomware incidents have increasingly targeted the 
U.S. Government and critical infrastructure organizations, with ransom 
demands in 2021 exceeding $3 billion in the United States alone and the 
ransomware attacks costing an estimated $160 billion in down time. 
There is also increasing criminal misuse of cryptocurrencies to 
facilitate illicit activity.
Transnational Criminal Organizations
    Another enduring and critical National security threat is that from 
Transnational Criminal Organizations (TCOs)--particularly Mexico-based 
cartels--that continue to wreak havoc on the health and economic 
prosperity of our communities and profit at the expense of American 
lives.
    These cartels are becoming more and more sophisticated, with some 
extending their traditional narcotics-focused trafficking operations to 
human smuggling, and even taking over legitimate industries in the 
regions they dominate in Mexico. They have also become expert at 
mitigating U.S. law enforcement interdiction efforts, actively 
employing modified commercial drones for counter-surveillance 
operations and skillfully using diversion tactics to facilitate drug 
smuggling operations at the border.
    Two particular TCOs, the Sinaloa Cartel and New Generation Jalisco 
Cartel, dominate today's drug smuggling market. These TCOs are 
trafficking a range of narcotic products, to include methamphetamine, 
fentanyl, cocaine, and heroin. In fiscal year 2021, CBP seized 221,000 
pounds of these drugs, which was a nearly 40 percent increase over 
fiscal year 2019.
    In a very troubling development, we are increasingly seeing mass 
production of illicit synthetics, like fentanyl and methamphetamine, 
which are cheaper to produce than crop-based drugs. As a result, these 
drugs are becoming more and more common throughout the United States, 
and the deaths from these drugs are spiraling upward--approximately 
108,000 last year alone. This is not surprising, given the potency of 
these new drugs. In the case of fentanyl, for example, just a few 
grains of the chemical are enough to stop a heart and kill someone. Nor 
is it surprising, given how many different products are now laced with 
fentanyl, that many of the drug's victims are youngsters who have no 
idea they are taking fentanyl.
    The intelligence suggests that this threat will only grow in the 
coming years, as these cartels further concentrate on the lucrative 
fentanyl market, maintain and try to expand the flow of precursor 
chemicals from China, and shift their finishing operations from Mexico 
to the United States, which they are now doing to cut costs and 
facilitate more efficient and broader distribution. The threat from 
these synthetic drugs is tragic, and it is a threat that will require a 
whole-of-Government and a whole-of-society effort to stem the tide of 
deaths among our people.
                               conclusion
    Thank you again for the opportunity to appear before you today to 
discuss these critical issues and for your continued support. I&A 
remains committed to meeting its statutory mandate by enhancing 
partnerships, reinvigorating our information-sharing efforts, and 
continually improving the way we deliver intelligence to our customers. 
In addition, I&A is intensely focused on improving oversight, training, 
and morale across the organization. These efforts are vital to 
improving the overall health of I&A and ensuring that each and every 
member of the workforce feels fully supported and fully empowered to 
achieve our core mission of securing the homeland with honor and 
integrity.
    Thank you for your time today, and I look forward to answering your 
questions.

    Ms. Slotkin. Without objection, I ask unanimous consent to 
enter into the record a statement by the National Fusion Center 
Association.
    [The information follows:]
          Statement of the National Fusion Center Association
                       Tuesday, December 13, 2022
    Dear Chairwoman Slotkin, Ranking Member Pfluger, and Members of the 
subcommittee: I am pleased to submit this statement for the record on 
behalf of the National Fusion Center Association (NFCA). The NFCA 
represents the interests of 80 State and major urban area fusion 
centers where more than 3,000 local, State, Federal, and private-sector 
personnel collaborate every day to help protect America while 
protecting the privacy, civil rights, and civil liberties of all 
people. The National Network of Fusion Centers (National Network) is 
the hub of much of the intelligence and information flow between State, 
local, Tribal, territorial (SLTT) and private-sector partners and 
several components of the Federal Government.
    The Office of Intelligence and Analysis (I&A) at the Department of 
Homeland Security is the only U.S. intelligence community element that 
is statutorily charged with supporting the National Network (6 USC 
124h). A strong, collaborative, and fully-resourced I&A is essential to 
ensure effective and efficient information and intelligence sharing 
regarding threats to the homeland, whether the threat is related to 
terrorism, natural disasters, or other criminal activity.
    We are operating in the most dynamic threat environment we have 
seen since 
9/11. It is critical that I&A has steady, experienced leadership who 
understands the threat environment and how to break down information 
silos to bring together those with a mission of keeping our country 
safe. We were proud to support Under Secretary Wainstein's nomination 
given his noteworthy career in law enforcement and National security. 
We commend the high importance he has placed on collaboration and 
partnership with State and local partners. We are appreciative that 
this emphasis has led to the creation of a new position--the deputy 
under secretary for intelligence partnerships. We think this position 
should result in better coordination, communication, and support to all 
State, local, Tribal, and territorial partners. Ideally, this position 
should be held by a professional with significant experience in State 
or local law enforcement intelligence so that opportunities and 
challenges can be easily translated to the under secretary for I&A and 
throughout the Office of Intelligence and Analysis.
    Enhancing analytical collaboration in the field is essential to the 
detection, prevention, and mitigation of threats. It is an enduring 
focus of the NFCA, and the support provided by I&A personnel assigned 
to fusion centers is critically important. We continue to encourage I&A 
to prioritize the deployment of well-trained and experienced I&A 
intelligence professionals throughout the network. We have several gaps 
around the Nation today, and we call on Congress to provide sufficient 
funding to I&A each year to enable robust presence of intelligence 
officers, reports officers, and analysts in the field, including at 
fusion centers.
    We applaud Congress for passing the DHS Field Engagement 
Accountability Act (Pub. L. 116-116) in 2020 to ensure that I&A 
presence in the field is strengthened. The law requires I&A to consult 
with fusion center officials in developing and annually updating a 
strategy for I&A's fusion center engagement. In our view, deployment of 
I&A resources to the field to ensure best alignment with the centers' 
missions and needs is a central part of that strategy.
    The NFCA strongly encourages Congress to increase funding for I&A 
to ensure it can hire, train, and deploy an adequate number of 
personnel across the Nation. Every State and regional fusion center 
should have an I&A intelligence professional with the authority to 
collect and share raw information. Those professionals should have 
release authority, they should be able to execute joint production, and 
they should be empowered to efficiently share timely and highly 
relevant information across all classification levels. Decisions 
regarding the appropriate type of intelligence professionals for each 
fusion center and their role within the center should be the result of 
discussions between those State and regional fusion centers and I&A.
    Strengthening I&A's ability to support the National Network also 
requires I&A to invest in modernizing information-sharing systems and 
technologies, prioritizing reliable access to critical data, including 
Classified data, and increasing offerings of high-quality training 
related to intelligence analysis and privacy, civil rights, and civil 
liberties.
    Analysts throughout the National Network are trained to monitor and 
contribute relevant threat-related information using the Homeland 
Security Information Network (HSIN). HSIN is an essential tool for the 
protection and security of our Nation, but it remains limited by its 
interface, access requirements, and capabilities. I&A should continue 
to support the development and enhancement of HSIN and other data and 
information-sharing systems it maintains.
    While we have overcome certain Federal data access issues, the 
National Network still needs help to break down barriers that are 
currently keeping information from reaching analysts and decision 
makers at the local, regional, and State levels who work to protect 
communities from acts of terrorism and other homeland security threats. 
A handful of fusion centers still lack access or have trouble accessing 
critical databases, like the FBI's National Crime Information Center 
(NCIC) and Treasury's FinCEN systems. I&A can play a supportive role by 
advocating for appropriate access to Federal systems by State and local 
partners.
    I&A provides important training opportunities for analysts in 
fusion centers. I&A facilitates the delivery of specialized analytic 
seminars focused on specific threat topics. The seminars bring together 
a diverse range of State and local subject-matter experts and partner 
agencies from all levels of government to inform analytic efforts. 
These seminars provide a welcome opportunity for fusion center analysts 
and their Federal counterparts to discuss emerging threats, trends, and 
patterns and collaborate on joint products and best practices. State 
and local partners are eager for more training opportunities, 
especially in emerging threats like cybersecurity and standing 
priorities like civil rights and civil liberties protections. More 
virtual training opportunities would be very helpful since many 
analysts and centers have adapted to remote working environments, and 
since State and local budget resources for travel remain tight.
    The NFCA supports a strong I&A that is relentlessly focused on 
strengthening its partnerships and collaboration with State, local, 
Tribal, and territorial agencies including fusion centers. We encourage 
Congress to ensure I&A has the right authorities and budget to enable 
those strong partnerships and to execute our shared mission to protect 
America from all threats, foreign and domestic.
            Sincerely,
                                                 Mike Sena,
           President, National Fusion Center Association Director, 
                  Northern California Regional Intelligence Center.

    Ms. Slotkin. Thank you for your testimony.
    I will remind the subcommittee that we will each have 5 
minutes to question the witness. We have just a handful of us 
on, so we will likely be able to do a few rounds.
    I will now recognize myself for questions.
    So, you know, we are of course interested in morale and 
training, but could you give us and C-SPAN the meat and 
potatoes? How many analysts? What kind of production do you 
have per month? Who is your principal customer?
    Then give us some illustrative examples of what you are 
producing so that people understand not just how your work 
force is faring but the value proposition for the American 
people.
    Mr. Wainstein. That is a great question. Thank you, Madam 
Chairwoman.
    So, to step back and sort-of take a high-level view to 
begin with, I&A's value proposition--this goes back to its 
origins in 2002, when it was first stood up by statute--was to 
help make sure that all the players in the homeland security 
enterprise, be they Federal agencies like the intelligence 
community--DHS, DOJ, FBI--and all our partners out among the 
State and local law enforcement, territorial and Tribal 
entities, and the private sector, that we are doing our best to 
share relevant information across all of those partners.
    That is one of the lessons, as you recall, of 9/11, which 
is that we didn't connect the dots. But connecting the dots was 
more than just not taking one data point and seeing its 
relevance to another data point. It was not having the 
intelligence channeled from one person who had the information 
to somebody who could act on it. You know, one of the main 
concerns was that our State and locals were not part of the 
Federal process of intelligence sharing.
    That is our main job. Our main job is as a bridge to the 
State and locals. That is one of the reasons why my statement 
for the record and my comments just now focused on what we are 
doing to cement that relationship, expand our regular 
communication with State and locals, be they police forces, 
sheriffs, first responders.
    Our analysts--you know, not only are we building those 
relationships, but our analysts focus on the kind of threat 
information that is going to be relevant to those partners.
    Ms. Slotkin. So just help us understand. How many analysts 
currently work for your shop?
    Mr. Wainstein. All told, we have--do we have a final number 
now?
    I thought it was a little over 300. It is somewhere in the 
300 range, in terms of pure analysts. I have a work force of 
about 1,000, including 300 contractors, 700 Feds.
    Ms. Slotkin. OK. How many pieces of finished intelligence, 
generally, would you say that that 300 analysts produce per 
month?
    Mr. Wainstein. You know, I don't have that number exactly. 
So----
    Ms. Slotkin. Can you give me an example of just one or two 
pieces that have gone out? Understanding classification, just 
tell us what you can, so that the average person--my dad, who 
is sitting at home, who is in the hot dog business--understands 
what I&A does.
    Mr. Wainstein. Happy to. This sort-of follows on from my 
previous comments. Finding intelligence that is relevant to our 
State and local partners.
    So a ``for instance'' is: Right in the aftermath of the 
abortion decision that came down from the Supreme Court--as you 
recall, it sort-of came out suddenly on a Friday. It was 
unexpectedly early. We convened a call with all the 
stakeholders around the country, but we also put a piece out 
which just raised the concerns about possible violence in 
reaction to that decision. It explained what we have seen in 
the past, from which violent actors we have seen it in the 
past, and what we are hearing now about whether those violent 
actors are going to react to the decision.
    As you recall, it was relatively peaceful. But it was very 
well-received, because it just sort-of laid out, ``These are 
things to look for.''
    Similarly, one other example: You will recall the attack on 
the FBI out in, I believe it was Cleveland, after the Mar-a-
Lago situation, where an individual came in and tried to attack 
an FBI office and then was killed. We also put something out 
talking about threats to law enforcement around the country, 
calibrating whether that threat was focused only on Federal law 
enforcement, the FBI, because of this Mar-a-Lago situation or 
whether there was a broader threat to other law enforcement.
    Ms. Slotkin. Uh-huh.
    Then, just last: So Mr. Pfluger referenced some of these 
things in his opening statement. You know, if you are sitting 
at home in Michigan right now, every single person I know knows 
someone who has been the victim of a ransomware attack and/or a 
stolen identity, some sort of cyber threat.
    Have you done production on cyber threats? Have you done 
production on counter-drone threats--or drone threats? The 
things that sort-of the American people think about as a 
potential problem, what is the level of production you have 
done on those things?
    Mr. Wainstein. Quite a bit. On the cyber front, we are 
embedded with and working very closely with CISA on cyber and 
critical infrastructure in general. But we put out a good bit 
on cyber.
    Put out some products on ransomware, because that is the 
kind of issue that, you know, the average American really needs 
to be thinking about.
    Ms. Slotkin. Uh-huh.
    Mr. Wainstein. In fact, in our fiscal year 2023 request, we 
have asked for more cyber resources because of the criticality 
of that threat.
    Ms. Slotkin. Uh-huh.
    Then, last, can you describe in as much detail as you can 
how I&A is handling the issue of domestic terrorism?
    Mr. Wainstein. Hugely important question.
    We are very focused on domestic terrorism. As you know, 
everybody from the DNI to the FBI director to Ale Mayorkas at 
DHS has said that the primary terrorist threat today, the most 
lethal, sustained threat, is from individuals or small groups 
here in the United States. We still have al-Qaeda and the 
foreign terrorist organizations out there who are a real 
threat, but in terms of lethality right now that is the threat, 
main threat.
    So we are very focused on that, and we see ourselves as 
playing a critical role in that effort, because domestic 
terrorism of that type, whether they are domestic violent 
extremists or home-grown violent extremists, they are the kind 
of targets where the State and locals are apt to be the first 
to find out about them. So they need our strategic intelligence 
to know what to look for out on the street. Then we need to get 
from them what they are seeing so that we can couple that with 
intelligence from other parts of the country to zero in on the 
bad guys. When I say ``bad guys,'' I am talking about people 
who are engaging in violence.
    Ms. Slotkin. Uh-huh.
    Mr. Wainstein. That is the key, right?
    So we are heavily involved in that, including our 
collection process, not just our analytical process but our 
open-source collection, where we target a collection against 
people, once again, who are fomenting violence. This is not 
spouting political views or religious views; it is violence. So 
that is an area where we see an expanding role with the 
expanding threat.
    Ms. Slotkin. I will come back to that, because I am 
interested in that collection part. The last time, you know, 
with your previous acting under secretary, it was more like, I 
think, two or three bodies had been expanded, but there wasn't 
any clarity on what exactly was happening, particularly on the 
collection side.
    But I yield to the Ranking Member, Mr. Pfluger.
    Mr. Pfluger. Thank you, Madam Chair.
    Secretary Wainstein, I am happy to hear you talk about how 
the role of I&A is to be a bridge to the State and local.
    So I think I will start just with a broad question: I mean, 
what makes I&A unique in the IC? Where is the most value added 
of having I&A? What should we, as the American public, be 
looking at I&A as, ``Nobody else does this, and here is why it 
is critical''?
    Mr. Wainstein. It is a great question, sir. I guess I would 
encapsulate it this way: As I said in response to the 
Chairwoman's questions, we have the statutory responsibility--
we alone have the statutory responsibility to be the 
intelligence bridge to the State, local, territorial, Tribal, 
and private-sector partners around the country. So that is our 
function.
    We have other functions too, and I have listed our various 
facets of our mission, but that really is the key. So that is 
what we do. This goes back and addresses the failings, which 
were sort-of highlighted by 9/11, where we had insufficient 
coordination between the State and locals and the Federal 
entities.
    So that is really our key mission. That is why, for 
example, we have created the new position, deputy under 
secretary for intelligence partnerships, to highlight the need 
to keep those relationships strong and vibrant.
    That is why I mentioned earlier--and I think you actually 
alluded to this in your opening remarks--we are stepping back 
right now and doing a 360 review of I&A. What that entails is 
taking a look at the organization, seeing where it adds the 
most value to our partners, particularly the State and locals, 
see where maybe there are other agencies that can handle those 
responsibilities as well or better than us, and then, if so, 
consider shifting our resources to an area where we really do 
add more significant and unique value.
    Mr. Pfluger. I think that is fantastic. That is exactly 
what we are looking for, to reduce the duplicative nature that 
Big Government has really become, not just in this area but 
overall.
    Keeping on that statutory mindset, when we look at the 
authority that you have and the two dozen responsibilities, 
approximately, that the office has, I personally have not seen 
an explicit provision for collection on open-source data.
    I would like you to elaborate on the authorities and the 
justification drawn from the Executive Order 12333, if you 
will, to build out such a large collection capability and why 
I&A has strayed into that area of open-source collection vice 
focusing on the two dozen other authorities.
    Mr. Wainstein. Good question, sir. This sort-of goes to 
what we alluded to in our earlier conversation about how we 
should focus our resources in those areas where we add value.
    So, statutorily, we are authorized to do intelligence work 
against the threat, the homeland security threats, and 
consistent with the departmental or national mission. In terms 
of 12333, we are allowed to do open-source collections but it 
is overt and it is only gaining access to publicly available 
information. So we have no covert means at our disposal. So 
that is a very important caveat.
    We have an open-source collection office of about 10 people 
and 1 supervisor, I believe is the number now. So it is not 
huge, but it is consistent with our authorities. We have very 
heavy oversight, and part of that is an outgrowth of the 
situations you talked about earlier, where we had Portland and 
the January 6. The lessons learned from that resulted in us 
embedding an oversight officer in the open-source collection 
group to make sure that they were available to answer all 
questions, because that can be a dicey area. You are talking 
about privacy interests, even though it is publicly-available 
information.
    So we do have the authorities. We are exercising them with 
strict oversight and fidelity to the oversight guidelines that 
were authorized by the Attorney General. We are doing so 
pursuant to Departmental missions, in particular to, you know, 
terrorism and other National security threats.
    Mr. Pfluger. If we get to a second round of questioning, I 
will go down a path that deals with some of those last points.
    Do you believe that there is a--and thank you for the 
answer. Thank you for the review. Because I think it is 
critical that we do this 360 review, that we get to a point 
where I&A has an area where you are focused and you are adding 
value to the IC where no other organization can do, at the 
level that you intend to, these types of jobs.
    But do you believe that there is a question, a public 
question, or a perception problem with some of our 
intelligence-gathering apparatus, the IC in general, when it 
comes to that line and that friction point of privacy?
    Mr. Wainstein. I think that is inherent in intelligence 
collection domestically. I mean, we are a democracy. Our 
Government operates best when it operates transparently. By 
definition, some of the intelligence enterprise is conducted 
clandestinely, not transparently. As a result, there is always 
concern and there should always be intense scrutiny on the 
activities of the intelligence community, especially when they 
are focused internally here in the United States.
    I will say that, be it here or before the Intelligence 
Committees when I have been testifying, my mantra has been: 
Give us the authorities, give us the resources, but give us the 
oversight responsibilities. Impose oversight. Because the best 
situation is where both Congress and the American people have 
the means and have comfort that the authorities they are giving 
to their intelligence community are being used appropriately.
    Mr. Pfluger. Thank you.
    I yield back.
    Ms. Slotkin. The Chair recognizes the gentleman from the 
great State of Michigan, Peter Meijer.
    Mr. Meijer. Thank you, Madam Chair.
    Thank you, Mr. Under Secretary, for being here.
    I just want to ask quickly, on the National Terrorism 
Advisory System, you know, replacing that color-coded HSAS 
system from the immediate post-9/11 period--but we continually 
state and use the phrase ``heightened threat environment.'' 
Heightened and heightened.
    As anyone who travels through the airport also knows, you 
know, we have the TSA liquids rule, that 3.4-ounce maximum. 
Originally in 2006, after we foiled that plot to have liquid 
explosives on airliners, that was initially supposed to be 
temporary, right?
    The ratchet goes in one direction. I am just curious--from 
a general standpoint, if it is heightened, it is heightened 
relative to a baseline. Is that baseline pre-9/11? Is that 
baseline just some sort of fantasy of safety that we have had?
    Would you ever see your Department putting out an advisory 
that says the threat environment has diminished or that we are 
returning to a baseline?
    Mr. Wainstein. Well, thank you, sir. I appreciate the 
question. Very nice to meet you.
    That is an excellent question. I will say, personally, I 
was in Government dealing with the post-9/11 response up until 
I left, inauguration day of 2009, came back in after 13 years, 
and that is one of the questions I had. I had the sense that 
the level of concern about terrorism had diminished in relation 
to other threats, but I wasn't sure about that ratchet issue.
    I don't know that I have an absolute answer in terms of 
what will happen in the future on that. But I think one thing 
that might be illustrative is the most recent bulletin that we 
put out. It just went out 2 weeks ago.
    We debated, you know? OK, so we don't have any triggering 
event that suggests that there is a threat that is heightened 
over what we announced in the last bulletin 6 months before, 
but it is still at a heightened level.
    So what we tried to do is make very clear that we are 
putting that out as a bulletin--in other words, as an update--
not as an alert, ``Hey, everybody, take note of this. We see 
this credible evidence that there is a new threat, or a newly 
heightened threat.'' Rather, ``We are still in a heightened 
threat environment.''
    Given what we have seen of late, I think that is the case, 
that we are still heightened. But that sort-of ducks the 
question a little bit of, heightened from where? I take your 
point that maybe at some point we should step back and say, 
maybe today we are in a new reality, and sort-of recalibrate 
that system.
    Mr. Meijer. It is probably an unfair question, but just 
that question of, where do we establish a baseline? I mean, you 
still walk into stores and there are ``mask required'' posters 
up on the wall, and nobody is wearing a mask, right? I mean, it 
is that----
    Mr. Wainstein. Uh-huh.
    Mr. Meijer. It becomes the intelligence advisory bulletin 
that cried wolf. You know, it just fades into the background, 
and then risks not being received.
    But, again, that is just something I always keep in the 
back of mind on the intelligence side. Because it is so easy to 
put out an advisory. It is very difficult to--well, it is easy 
to say, be worried or be cautious. It is very hard to then face 
the consequences if you are wrong and there was a risk that 
hadn't been appreciated.
    But just quickly on the clandestine intelligence collection 
side of the house, can you speak to how I&A deconflicts the 
various streams coming in and avoids circular reporting, which 
I think especially in the clandestine realm, given the 
necessity of protecting source information, is especially an 
acute risk?
    Mr. Wainstein. So, good question about the deconfliction. 
There is always a concern about deconfliction when you have 
multiple agencies--frankly, multiple actors within individual 
agencies doing intelligence work on the same target.
    Just to be clear, we do not do clandestine work. We work 
very closely with the Bureau--that is probably the main place 
where that opportunity might arise--to make sure that they know 
what we are looking at, we know what they are looking at, and, 
to the extent that they, let's say, have an investigation going 
on, that we don't issue anything that would be problematic for 
the integrity of their investigation.
    But since we are not running sources, you know, in the 
classic sort-of clandestine way or using covert means, it is a 
little less--that specific issue is a little less of a concern 
for us.
    Mr. Meijer. OK. So largely dependent on the FBI, or whoever 
that clandestine authority is, to be pursuing their own 
deconfliction, rather than on the analytical back end?
    Mr. Wainstein. Right. What we do on the analytical back end 
is, if we are, let's say, getting intelligence from NSA or the 
FBI that is, you know, covertly collected intelligence, you 
know, we make sure to deconflict with them to the extent of 
making sure we are not disclosing something, either in a 
Classified or un-Classified forum, that could be problematic. 
So we do do that.
    But we draw on their intelligence, put it into a format 
that is appropriate. Sometimes we then downgrade it, because 
one of the--back to our sort-of original function of trying to 
serve the State and locals, oftentimes we will take Classified 
and downgrade it to un-Classified. Obviously, we need to get 
their opinion on the appropriateness of that downgrading.
    Mr. Meijer. I see our Chairwoman is not here for the 
moment, so I will just say in--I just want to make sure, from a 
terminology usage, ``clandestine,'' where, you know, the role 
is masked, versus ``covert,'' where it is never acknowledged, 
in terms of the ultimate source of the information or the 
ultimate collector of that information.
    But I guess I will yield to our Ranking Member, Mr. 
Pfluger. There you go.
    Mr. Pfluger [presiding]. The Chairwoman has stepped out 
momentarily. So we will proceed with the second round of 
questions, and when the Chair returns, we will hand it back. 
But I now recognize myself for another 5-minute questioning 
period.
    Thank you for the first round of, you know, where your 
mindset is.
    I would like to shift gears a little bit and understand 
what you believe the definition of ``domestic terrorism'' or 
``domestic violent extremism'' is.
    Mr. Wainstein. Sir, that is a good question, and I think it 
is very pertinent. We have to constantly remind ourselves of 
that.
    One of the purposes of this oversight apparatus that has 
really developed over the last couple years--and it is quite 
comprehensive. I would invite you, you know, to ask further 
questions about that or come see it. But one of the main 
purposes of that is to make sure that, in the terrorism space, 
that we are only collecting, we are only monitoring, we are 
only issuing intelligence when it comes to the possibility of 
violence.
    So, in terms of domestic terrorism, as I mentioned earlier, 
we have domestic--well, home-grown violent extremists, who are 
home-grown extremists who were inspired by foreign terrorist 
organizations or foreign terrorist rhetoric. Then you have 
domestic violent extremists, who are U.S.-based individuals or 
small groups who get radicalized without inspiration or without 
direction from overseas.
    Both are legitimate targets for intelligence collection and 
production for I&A. But the key is--and this is where the 
rubber meets the road in terms of our ability to act on it--is, 
it can't just be somebody who is talking about an extremist 
political view. That is perfectly protected by the First 
Amendment. It can only be somebody who is coordinating, moving 
toward, discussing the possibility of violence. That is the key 
element in the definition of the type of domestic terrorism 
that we can collect on.
    Mr. Pfluger. Well, thank you for that, and I think it is 
important. In your 360 review, I would implore you to make sure 
that the people that are assigned as officers or employees of 
I&A understand that and make sure that--the rhetoric that we 
hear at times is not helpful on a political level but it is not 
helpful for our country either.
    You know, when you get to some of the threats that we have 
seen--you mentioned the Dobbs decision. Do you believe that the 
threats that were made against certain religious organizations 
or pregnancy help centers in that aftermath were terroristic?
    Mr. Wainstein. Yes. If you look at the definition of 
``terrorism''--threats or acts of violence intended to shape 
public opinion or influence policy--there were such acts, yes. 
In fact, I think the document, the report that I mentioned 
earlier highlighted some of those.
    We have done a lot with the faith-based community to 
discuss these threats, the possibility of them. Whether related 
to that particular Supreme Court decision or not, we have seen 
a lot of faith-based victimization over the last few months.
    Mr. Pfluger. Oh, we certainly have. Obviously, the 
antisemitic comments and violence that has played out in places 
like New York City and otherwise are extremely harmful.
    You know, kind-of getting back to--and thank you for those 
answers.
    As you look at your work force, something that was 
previously mentioned, can you kind-of talk to us about maybe 
the breakdown of the skills, the growth rate from 2002 until 
now of I&A and where those positions--I think you said you have 
300-ish analysts. You know, what are the skill sets that you 
have hired? What is that, you know, growth rate over the past 
20 years on a year-to-year basis, if you know that?
    Mr. Wainstein. A good question. That is something that I am 
learning as I am getting into this position, learning the 
history.
    I will say, a number of my predecessors did a very good job 
of bringing in and recruiting strong people. We have really 
strong analysts. I mean, that is one thing I have been 
impressed with since I have come on board. These are people who 
care a lot. They know a lot. They work well with other 
agencies, which is really a key element of the job description 
at I&A--you have to be able to work well with other agencies--
and are smart analytically.
    But I will say that we have really ramped up the training 
program over the last few years. I have gone back and looked at 
the same reviews and reports about Portland and January 6, and 
there were concerns about the sufficiency of the training. That 
is one reason I highlighted this and one reason I have 
appreciated this committee and Chairman Thompson's focus on 
training over the last few months, and so I have been engaging 
with the committee. Because that is the key.
    Mr. Pfluger. Uh-huh.
    Mr. Wainstein. I mean, you can bring smart people in--and 
we have a tremendously successful internship program that 
brings these whip-smart young kids in in college, they work for 
the summer, and then a high percentage of them come on board 
permanently. They are great. They are a great raw material, but 
it needs to be shaped. That takes training and experience and 
mentoring. So we are really focused on that.
    Mr. Pfluger. Do I have 30 seconds?
    Do you believe that MAGA supporters are terrorists?
    Mr. Wainstein. No. A MAGA supporter, in and of itself, is 
not a terrorist at all. A terrorist is somebody who seeks to 
use violence or the threat of violence to shape public opinion, 
to influence policy. I can tell you that at I&A we are very 
focused on that concern.
    Just to broaden the question out here, the issue, the 
challenge here is that a good bit of domestic terrorism grows 
out of political views. That is inherent in your question, 
obviously. The challenge for the intelligence community and law 
enforcement community is making sure that you protect the right 
of people to believe whatever they want, at either end of the 
spectrum, as extreme as they want to believe, and only focus on 
those people who take those beliefs over the line to 
radicalization and violence.
    Mr. Pfluger. I am looking forward to telling my 90-year-old 
grandmother that she is not a terrorist, and I appreciate your 
answer.
    I yield back.
    Ms. Slotkin [presiding]. Thank you.
    Sorry. I had to step out for a final vote in another 
committee.
    Staying on the topic of domestic terrorism, right, I am of 
the belief, I think as you are, that, no matter who you are, on 
the left or the right, if you are espousing violence, that is 
where your freedom of speech ends, and you should be held to 
account, no matter what your views, if you are threatening or 
using violence against other American citizens.
    But there is also a ladder of escalation that people climb, 
short of violence, that is indicating behavior of a problem.
    In Michigan, we have had double the number of antisemitic 
incidents in the past year, in 2022. My own synagogue just had 
an incident last week where a man came and stood outside, 
screamed, ``Death to Jews.'' This is the place where my 
grandparents helped build this place. When the police officers 
pulled him over afterwards, as long as he didn't have a weapon, 
he was good to go, and they fist-bumped him, and he went on his 
way.
    We are having a huge community conversation about this in 
metro Detroit tomorrow. When I go to understand antisemitism 
and the rise of incidents in my State, I don't go to the 
Department of Homeland Security I&A. I go to the ADL, I go to 
other organizations.
    So tell me what production you have done on things that may 
be short of violence but are indicators that violence is on the 
increase.
    Mr. Wainstein. That is an excellent question, Chairwoman 
Slotkin, as it relates to how you identify somebody who should 
be looked at, but how do you do that without monitoring someone 
who is just exercising the right to free speech.
    We actually have been involved in putting out a set of 
indicators, radicalization indicators, to all, you know, our 
partners around the country to help them identify those things 
that suggest that somebody might be radicalizing toward 
violence.
    It is a truism in our country that you are allowed to speak 
your mind and your opinion, even if that opinion is abhorrent, 
so long as it doesn't foment violence and is not intended to 
coordinate violent attacks.
    So, in addition to those indicators, we have put a good bit 
of effort in the houses-of-worship area, because they have been 
a target recently. I think Ranking Member Pfluger just 
mentioned the New York situations recently that we have seen. 
We can get you the products that we have done on that. Happy to 
do so.
    Also, I have been involved working with a number of faith-
based groups, and we actually have a DHS-level faith-based 
group that draws on members from all around the country to talk 
about these issues. I have been focused on that in particular 
in the antisemitic area, where it has been--you know, we have 
heard a number of these hate crime incidents recently.
    Happy to get you those materials, though.
    Ms. Slotkin. Yes, and I am happy to take them.
    I guess my point is, we are having this huge community 
meeting tomorrow, which unfortunately I have to miss because I 
am voting, but it includes, obviously, the local community. The 
FBI will definitely be there. Our attorney general will 
definitely be there. The ADL will definitely be there. What--I 
mean, is the Department of Homeland Security not part of that 
conversation?
    I guess it just strikes me as like, if you want to be 
relevant and be in the game, it is not just about handing 
someone a piece of paper or a finished intel piece kind-of to 
show that you have done the work, but it is to push it out and 
make it available to a wider audience.
    As the Chairwoman of a committee, the fact that I go to 
non-Governmental agencies to learn about the Proud Boys--which 
we had a real problem with. My district is where the raids 
happened for the plot to kidnap and kill my Governor, right?
    Mr. Wainstein. Uh-huh.
    Ms. Slotkin. So it is a real thing for us on the ground. 
But the Government agencies--I understand it is a sensitive 
issue, but I couldn't feel more strongly about the importance 
of you all getting left and right limits, being really clear 
about it, and then coming up to proactively talk to us about 
this issue.
    Because no one wants to go after someone for free speech, 
but when you have had double the incidents of antisemitism in 
my State, the question remains, like, what is my Government 
doing to help my population?
    So I would just put that on your radar. Having it in your 
back pocket is not as useful as being at the table.
    Mr. Wainstein. No, I take your point. In fact, what I was 
trying to say earlier about how we have enhanced our engagement 
with our partners, a large part of that is with the faith-based 
partners.
    There is not a First Amendment concern with us going out 
and explaining to organizations like the ones you cited and 
explaining what we see as, you know, mobilization indicators or 
radicalization indicators. Which is to say, we put a product 
out, but we actually do try to get out to the table.
    So, if you have meetings and you don't see us there or 
somebody, one of our people at the fusion centers--where you 
have now people at, you know, almost all our fusion centers 
around the country. I have been spending a lot of time--I was 
just out with the folks in the field in Texas, and they are 
very embedded with the local groups, including the faith-based 
groups. So----
    Ms. Slotkin. Well, we will be----
    Mr. Wainstein [continuing]. Let us know.
    Ms. Slotkin [continuing]. Looking for the DHS presence at 
this large community meeting tomorrow in the metro Detroit 
area.
    Mr. Wainstein. OK.
    Ms. Slotkin. I yield to Representative Meijer.
    Mr. Meijer. Madam Chair, I just asked a question, but I am 
happy to yield to Representative Langevin, who I believe is 
also on the line.
    Ms. Slotkin. Sure.
    The Chair yields to the Representative from Rhode Island, 
Jim Langevin.
    Mr. Langevin. Thank you, Madam Chair. I am going to hold on 
questions for now. I just joined the hearing. I was in the 
House Armed Services Committee mark-up, so just joined, and I 
will hold on questions for now. Thank you.
    Ms. Slotkin. OK.
    I think, with that, anything else from my peers here?
    We are very keenly aware that we have two intel officers 
and one military officer staring you down. We could, no doubt, 
go with you all day on these issues, but, in fairness--just 
checking with Ranking Member, are we good to go?
    OK.
    I appreciate your time in coming down here. We will enter 
into the record your opening statement.
    I would just offer, since this is the first time you are 
appearing in front of this committee--it will be changing hands 
come January--that many of us serve on various committees, and 
there are agencies and departments that are proactive about 
coming to Congress, and there are those that wait to be asked. 
Given the IG reports, given the sort-of short history on I&A, 
my strongest recommendation, particularly on domestic terrorism 
issues, is to come up early and often, be open kimono about 
your rules and left and right limits, and help this staff 
understand.
    Because, as you see, it is a sensitive issue, kind-of both 
ways. We want you to be doing this work, but we don't want you 
to be violating anyone's freedom of speech. So your help in 
being proactive in the next Congress would be appreciated, 
okay?
    Mr. Wainstein. You can count on that. Thank you very much.
    Ms. Slotkin. Thanks very much. Thanks for coming.
    Mr. Langevin. Madam Chair?
    Ms. Slotkin. Oh, yes, Representative Langevin?
    Mr. Langevin. Yes. I didn't realize we were going to be 
adjourning. If it is OK, I will go with two questions.
    Ms. Slotkin. Sure. Sure. Please, go ahead.
    Mr. Langevin. OK.
    So, in July, DHS OIG released a report entitled ``The 
Office of Intelligence and Analysis Needs to Improve Its Open 
Source Intelligence Reporting.'' The report was the result of 
an OIG audit to determine the extent to which I&A has an 
effective process for managing and collecting open-source 
intelligence for operational and intelligence purposes.
    So the OIG found that, while I&A has made recent efforts to 
address challenges related to insufficient guidance and 
technology, additional processes improvements are needed to 
ensure effective intelligence reporting.
    So, if we could ask, you know, what steps were taken to 
address the issue, and do those steps involve plans to draft 
new policies, revise training, and upgrade technology?
    Mr. Wainstein. Thank you, sir.
    Yes, the open-source office is one of the areas of our 
intense focus for two reasons: No. 1, because there were issues 
that were spotted there in the context of the Portland and 
Capitol attack situations; but, No. 2, because they are going 
to be so critical to so many of the threats that we deal with 
in the future. We just talked about domestic terrorism as one 
of them.
    So, before I got there, many steps had been taken to 
enhance training. There is a mandatory open-source training 
class that was instituted, very comprehensive. We embedded an 
intelligence oversight officer down there among the 10 or so 
people who are on that group to give them sort of hands-on, 
direct, immediate guidance on the various issues about privacy 
that they encounter day in and day out.
    We actually have--and this is, once again, before I got 
there--assigned the members of that group to particular 
portfolios so they get to understand the issues, aren't just 
generalists, but they are focused on particular threats so they 
become more expert, they are more able to, like, separate the 
wheat from the chaff.
    We are also looking at resources. One of the issues that I 
do want to talk to Congress about, both now and in the future, 
is how we would deploy more resources for that group if and 
when we need to to deal with the different threats, many of 
which are carried out over social media and through publicly-
available information.
    So that is an area of intense focus, and happy to keep you, 
sir, and Congress informed of what we are doing on that front.
    Mr. Langevin. Thank you. Thank you for that answer, and 
look forward to having that follow-up.
    Let me shift gears for a minute, now switching over to a 
cyber issue. How does the Cyber Mission Center within the 
Office of Intelligence and Analysis coordinate with the 
Cybersecurity Infrastructure Security Agency, or CISA, in the 
delivery of cyber intelligence products? Because I think that 
kind of coordination is really important, and I would like you 
to help us understand how that fits.
    Mr. Wainstein. That is actually an important sort-of 
operational question that occurred to me as soon as I started 
looking into I&A, before I was even, I guess, nominated.
    CISA uses a good number of our analytical resources. We 
have analysts embedded over at CISA doing cyber work and cyber, 
you know, threat intelligence work, and we work with them. I 
actually had a call with Jen Easterly before I came on board to 
talk about how that works, whether that is the most sensible 
approach or whether it makes more sense for CISA to have their 
own organic intelligence cadre.
    To date, the reports we get from both operationally within 
CISA and from our people is that that relationship works really 
well. We bring the analytical expertise, CISA has the innate 
cyber expertise, and it works well, and we are getting the 
information out.
    We actually--I just talked to Jen about this 3 days ago, 
and some of our colleagues had a meeting yesterday on this very 
issue, as to sort-of exactly how that deployment should work. 
So we are looking at it fresh just to make sure that in that 
absolutely critical area we are putting our best intel foot 
forward.
    Mr. Langevin. Thank you for the answer. I mean, that kind 
of coordination is very important. It really needs to be 
seamless. We get, obviously, a better product out of 
coordination. So I thank you for the work that you are doing.
    With that, my time has expired, so I will yield back. Thank 
you.
    Mr. Wainstein. Thank you, sir. Appreciate the questions.
    Ms. Slotkin. Thank you, Mr. Langevin.
    I see Representative LaTurner has come on.
    Representative LaTurner, would you like to ask a question?
    OK. We will come back to him.
    Representative Jackson Lee, you are recognized for 5 
minutes.
    Well--Ms. Jackson Lee, are you there?
    Or Mr. LaTurner?
    Going once, going twice.
    Okay.
    Any other further questions here?
    Okay. Unless I hear from one of the two folks who are on 
screen who are not asking to be recognized, the Members of the 
subcommittee may have additional questions for the witness, and 
we ask that you respond expeditiously in writing to those 
questions.
    The Chair reminds Members of the subcommittee that the 
record will remain open for 10 business days.
    Without objection, the subcommittee stands adjourned.
    [Whereupon, at 10:59 a.m., the subcommittee was adjourned.]



                            A P P E N D I X

                              ----------                              

  Questions From Chairman Bennie G. Thompson for Kenneth L. Wainstein
    Question 1. In recent years, I&A has been plagued by reported 
abuses and politicization of intelligence, to include the previous 
administration's pursuit of tailored information to support its agenda 
regarding the Southwest Border.
    How are you working to prevent future political interference? More 
specifically, what internal controls have been established for 
producing, reviewing, and sharing objective intelligence products?
    Answer. The U.S. Department of Homeland Security's (DHS) Office of 
Intelligence and Analysis (I&A) has implemented and updated a number of 
internal controls to ensure intelligence analysis is objective and free 
from political consideration. To educate the workforce, the analytic 
ombuds engages new analysts in the on-boarding process to communicate 
their role in the organization and to discuss politicization in 
analysis. Over the last year, we developed an e-learning module on 
Analytic Politicization using real-world events as a case study; this 
module has become mandatory training. Additional outreach to the 
analytic workforce includes listening sessions, webinars, and marketing 
and maintaining a website with resources available to all staff. The 
analytic ombuds meets monthly with senior leadership to keep them 
apprised of trends, distributes the Office of the Director of National 
Intelligence (ODNI) annual Analytic Objectivity and Process survey to 
analysts, and is the I&A representative of the Intelligence Community 
(IC) Analytic Ombuds Community of Practice, established August 2022, 
attending regular meetings with IC counterparts to discuss best 
practices. Based on recommendations from the DHS Office of the 
Inspector General (OIG) and under the guidance of the research 
director, I&A also has adapted its processes and procedures for 
producing finished intelligence to prevent attempts to politicize I&A 
analysis.
    Question 2. In June, I sent you a letter detailing my concerns 
regarding several reports that found that analysts lacked appropriate 
training.\1\
---------------------------------------------------------------------------
    \1\ Report on DHS Administrative Review into I&A Open Source 
Collection and Dissemination Activities During Civil Unrest Portland, 
Oregon, June through July 2020, Department of Homeland Security Office 
of General Counsel, January 6, 2021,  http://cdn.cnn.com/cnn/2021/
images/10/01/internal.review.report.20210930.pdf.
---------------------------------------------------------------------------
    I appreciate the detailed response and I understand I&A is working 
to address the training issues.
    I believe that the good progress you have made on this should be 
codified and that more needs to be done to ensure I&A's employees 
receive the necessary training to guard against and mitigate the myriad 
of threats facing our country. I plan to introduce legislation to do 
just that. Will you commit to working with me to advance this 
legislation to ensure I&A has properly-trained personnel?
    Answer. I&A remains committed to working in a collaborative and 
transparent way on all matters of interest to the committee, including 
on its ideas for enhancing the quality and comprehensiveness of our 
training. I&A has undertaken the following measures to improve its 
training:
   I&A developed a series of refresher oversight training 
        sessions in partnership with the Office of the General Counsel 
        (OGC). These cover I&A's authorities, application of the 
        Intelligence Oversight (IO) Guidelines, whistleblower 
        protections, and some of the discrete Constitutional and 
        statutory considerations that I&A collectors faced while 
        working on the Portland situation during the summer of 2020.
   Last year, I&A created a new mandatory training program for 
        all new open-source collection officers, which includes 
        reinforcement about the types of information I&A can and cannot 
        collect and the procedures for disseminating this information 
        to appropriate stakeholders.
   I&A is providing training webinars for its analysts on the 
        conceptualization of finished intelligence products and I&A's 
        Analytic Tradecraft Evaluation program to reinforce ODNI 
        tradecraft standards.
   I&A has expanded training opportunities for intelligence 
        personnel in other DHS components and among our State, local, 
        Tribal, and territorial (SLTT) partners.
   In fiscal year 2021, I&A adopted a blended learning delivery 
        model to reach students from across DHS and our SLTT partners 
        through a combination of virtual and classroom instructor-led 
        classes, resulting in over 3,000 graduates from the 
        Intelligence Training Academy--a 290 percent increase over 
        fiscal year 2020.
    Question 3. In your testimony, you wrote that ``I&A has centralized 
its planning, review, and dissemination of finished intelligence 
production under its Research Director--a senior, analytic subject-
matter expert who recently came to I&A from the Defense Intelligence 
Agency.'' Please describe how this centralization differs from the 
current review process and what the expected benefit is.
    Answer. Under the Research Director, I&A has instituted an 
executive-level review of I&A finished intelligence products to ensure 
that I&A's analysis is objective, timely, and relevant to homeland 
security stakeholders. This transition has helped restore uniform, 
multi-level quality review of finished intelligence products and 
mirrors best practices in other IC agencies.
    Question 4a. In your testimony, you also wrote that ``In March 
2022, Secretary Mayorkas directed that I&A lead the effort to expand 
and apply uniform standards and consistent oversight to all 
intelligence products across the Homeland Security Intelligence 
Enterprise (IE), providing unity and standardization to the 
Department's intelligence operations writ large.''
    What is the status of that effort?
    Question 4b. Does I&A's lack of authority to direct component 
intelligence impede the Department's ability to produce strategic level 
intelligence?
    Answer. I&A is working with the Office of Privacy, the Office of 
Civil Rights and Civil Liberties, and OGC to finalize implementation 
plans that include:
   Designating types of products that require review,
   Establishing processes for immediate review of certain 
        products,
   Updating DHS intelligence enterprise production standards, 
        and
   Determining additional resource requirements and proposals.
    Collectively, we are working with DHS components to develop 
individualized plans to account for variations in authorities, 
resources, and oversight requirements.
    Question 4b [sic]. Does I&A's lack of authority to direct component 
intelligence impede the Department's ability to produce strategic-level 
intelligence?
    Answer. The existing statutory framework attempts to strike an 
appropriate balance between I&A's consultative role to lead 
Departmental intelligence activities and the DHS operational component 
heads' discretion to employ intelligence personnel and resources to 
support their respective mission requirements. As the Department's 
chief intelligence officer, the under secretary for intelligence and 
analysis is required by statute and by DHS policy to, among other 
things, ``coordinate and enhance integration among the intelligence 
components of the Department, including through strategic oversight of 
the intelligence activities of such components'' and to ``establish the 
intelligence collection, processing, analysis, and dissemination 
priorities, policies, processes, standards, guidelines, and procedures 
for the intelligence components of the Department, consistent with any 
directions from the President and, as applicable, the Director of 
National Intelligence.'' (6 U.S.C.  121(d)). Each DHS intelligence 
component, in turn, has a reciprocal statutory obligation to, among 
other things (and consistent with guidance issued by the director of 
national intelligence), ensure that their intelligence activities ``are 
carried out efficiently and effectively [and otherwise] in support of 
the intelligence mission of the Department, as led by the under 
secretary for intelligence and analysis.'' (6 U.S.C.  124d)
    Question 5a. On December 13, Yahoo News reported on a domestic 
terrorism analyst at I&A's account of being met with resistance when 
the analyst attempted to warn of the January 6, 2021 attack before its 
occurrence.\2\ According to the report, ``[t]he analyst was told to 
send an official Request for Information to the open source collection 
office . . . This tasking was essentially a way to turn what the 
analyst saw on-line into official Government reporting that could be 
sent out to law enforcement partners in raw intelligence reports that 
could be used to produce broader intelligence assessments to warn 
local, State, and Federal agencies about an emerging threat.''
---------------------------------------------------------------------------
    \2\ Jana Winter, ``Exclusive: An intel analyst tried to prevent the 
Jan. 6 attack--but DHS failed to act,'' Yahoo! News (December 13, 
2022), https://news.yahoo.com/exclusive-an-intel-analyst-tried-to-
prevent-the-jan-6-attack-but-dhs-failed-to-act-190922453.html.
---------------------------------------------------------------------------
    Please describe the official process for taking information that a 
collector or analyst receives or uncovers and turning that information 
into an intelligence report for dissemination to partners.
    Answer. When an I&A open-source collection officer receives 
information from another office within I&A or an external partner, the 
collection officer reviews the information to ensure that the 
information is publicly available and responds to a validated 
collection requirement. If the information meets this threshold, the 
collection officer will generate an Open-Source Intelligence Report 
(OSIR). Once written, the OSIR is reviewed by a peer, a senior 
collection officer, and finally a supervisor. Upon completion of all 
reviews, the supervisor publishes and disseminates the OSIR to 
customers with need to know.
    Question 5b. Was the analyst who uncovered the information 
prohibited from producing the raw intelligence report for 
dissemination? Why was it necessary that the analyst had to send a 
Request for Information to the open-source collection office?
    Answer. I&A Mission Centers do not have a separate open-source 
reporting and dissemination function. Additionally, analysts are not 
trained or certified to collect and disseminate raw intelligence 
information. Only I&A officers who are trained and certified to release 
such information, such as an open-source collection officer, can 
disseminate a raw intelligence report. Analysts produce finished 
intelligence products that analyze raw intelligence and use analytic 
tradecraft to assess the impact of that information.
    Question 5c. The reporting indicates that a new process for 
submitting requests delayed action on it. When was the new process 
initiated? What was the reason for the change? Please describe how the 
new process deviated from the process before.
    Answer. As noted to the journalist, some of the information 
provided in this article is mischaracterized or factually inaccurate. 
I&A did not create a new process for submitting requests.
    Question 5d. Why was the analyst's note that this request was a 
time-sensitive/urgent matter not heeded?
    Answer. On December 29, 2020, I&A analysts sent open-source 
collectors a request for threat information regarding January 6 events 
and noted the request was urgent, after which the collectors researched 
possible threats. There were several reasons why OSIRs on possible 
threats were not published, including concerns that the information did 
not meet the threshold for reporting under I&A Attorney General 
guidelines and hesitancy to report information following scrutiny of 
I&A's actions in Portland, Oregon in the summer of 2020, as noted in 
the DHS OIG report OIG-22-29 on I&A actions related to the January 6, 
2021, U.S. Capitol breach, dated March 4, 2022. I&A concurred with the 
OIG recommendations in this report and in OIG-22-50 on I&A improving 
its open-source intelligence reporting and continues working to address 
these issues.
   Questions From Chairwoman Elissa Slotkin for Kenneth L. Wainstein
    Question 1a. The Office of Intelligence and Analysis plays a 
critical role in protecting the American people from harm by analyzing 
and disseminating timely threat information that allows those on the 
front lines--our State, local, and Tribal law enforcement partners--to 
adequately prepare for and neutralize threats. I&A is unique in that it 
is the only member of the intelligence community statutorily charged 
with delivering this information to these partners.
    You testified that the Department was conducting a 360-degree 
review of I&A and attempting to recalibrate the office.
    What is the status of that review and explain the steps you are 
currently taking to better articulate I&A's mission and its unique 
statutory role of delivering intelligence to State and local partners?
    Question 1e. To what extent has the 360-degree review taken into 
account actions needed to implement the 2021 National Strategy for 
Countering Domestic Terrorism?
    Answer. The review is on-going, and the most immediate product of 
that review is the delivery of recommendations to the deputy secretary, 
which are near completion. We are considering several proposed 
organizational changes based on feedback from the workforce, external 
reviews and audits, advice from former National security officials and 
I&A leaders, as well as IC best practices and the work that was done at 
I&A throughout fiscal year 2021 and 2022. We intend to formally request 
approval from the deputy secretary in the second quarter of fiscal year 
2023, and then will begin assessing I&A's substantive mission areas 
under the prospective leadership structure later in fiscal year 2023.
    The review is carefully considering that preventing and mitigating 
terrorism, including domestic terrorism, is a critical part of I&A's 
core mission (see Section 111 of the Homeland Security Act), as well as 
the DHS activities and responsibilities outlined. The administration's 
strategy for carrying out the domestic terrorism part of that mission 
is set forth in the 2021 National Strategy for Countering Domestic 
Terrorism. One of the priorities for DHS in that strategy is to advance 
I&A's support for policy makers and operational officials, including 
State, local, Tribal, and territorial officials, with their 
responsibilities for preventing, mitigating, and responding to domestic 
terrorism.
    Question 1b. How do you measure the impact of I&A's products and 
other efforts on State, local, and private-sector partners, as well as 
on the intelligence community?
    Answer. I&A collects and reviews production data related to 
dissemination/classification accessibility, viewership, citations, 
evaluations, and customer satisfaction feedback to develop a holistic 
view of its impact on SLTT and IC partners. We also keep in constant 
communication with our customers to identify emerging partner 
requirements.
    Question 1c. What performance feedback do you collect from your 
customers and how do you use that information to better meet their 
needs?
    Answer. I&A utilizes a customer feedback form appended to each 
finished intelligence product to reach a diverse range of recipient 
organizations at all levels of government and solicit customer 
perspectives (e.g., satisfaction ratings regarding the timeliness, 
relevance, usefulness, and responsiveness of a product).
    Question 1d. Setting aside products that I&A creates, how does I&A 
foster intelligence-sharing throughout the broader homeland community?
    Answer. I&A was established to fill a void that existed within our 
Nation's intelligence- and information-sharing architecture between 
Federal, SLTT, and private-sector partners. In support of this mission, 
I&A manages strategic relationships with key partners, including across 
Federal, SLTT, and private-sector stakeholders. I&A is committed to 
working closely with these partners, including the sharing of timely 
and actionable information to ensure they have the information they 
need to keep our communities safe. I&A systematically establishes and 
leverages these partnerships to promote multidirectional intelligence 
and information sharing; collaborates with key partners to build 
mutually beneficial relationships; facilitates the identification of 
partner requirements and needs; enables partner access to I&A products, 
resources, and expertise; and advocates partner equities across I&A in 
support of their respective Homeland Security missions.
    Additionally, I&A has deployed over 130 intelligence professionals 
across the country to directly collaborate and share intelligence with 
their Federal, SLTT, and private-sector partners. These individuals 
focus on sharing actionable intelligence with our partners and are also 
responsible for ensuring our partners can expeditiously access the 
capabilities, resources, and expertise necessary to share information 
and intelligence and serve as full participants in the homeland 
security intelligence enterprise.
    Question 2a. Unlike many other members of the intelligence 
community, I&A does not have a discrete mission--rather your mission is 
broad, requiring that you cast a wide net around intelligence needed to 
protect the homeland and prevent terrorist attacks.
    How does I&A develop its intelligence priorities?
    Answer. I&A is a unique member of the U.S. IC and is the only IC 
element statutorily charged with delivering intelligence to SLTT and 
private-sector partners and developing intelligence from those partners 
for DHS and the IC. This is at the core of why Congress established 
I&A, in part to fill a void that existed within our Nation's 
intelligence- and information-sharing architecture between Federal and 
SLTT partners. I&A uses a comprehensive framework of intelligence 
topics and subtopics, the DHS information needs, that corresponds to a 
National IC framework but also includes DHS-specific topics and 
subtopics. We use a process, Intelligence Threat Banding, to evaluate 
the overall impact of threats to the homeland and the extent to which 
we understand them from an intelligence perspective. For example, a 
high-impact threat on which there are many intelligence gaps is 
prioritized higher than a low-impact threat with few or no intelligence 
gaps. The results of this process are used to inform the Program of 
Analysis, which encompasses I&A's most strategically significant 
analytic production, and more generally to calibrate levels of effort 
across functional analytic portfolios and collection requirements 
office-wide. I&A also prioritizes short-term production and collection 
requirements dynamically based on emergent threats and in response to 
Departmental leadership direction.
    Question 2b. How do these priorities relate to the authorities and 
priorities of other agencies within the intelligence community?
    Answer. I&A priorities represent DHS Enterprise customer needs and 
ultimately drive production and collection requirements to address 
those constituencies. Any IC or other agency (e.g., DHS components) 
that provides information responsive to I&A requirements either as a 
result of an intelligence activity or collected incidentally as a 
result of operational activity does so under its own authorities, just 
as I&A collects intelligence only as consistent with our authorities. 
In many instances, I&A and national IC priorities coincide where there 
is specific authorized mission overlap and/or I&A has a specific 
capability or access that can lead to responsive intelligence 
reporting. When this occurs, the I&A collection activity and its 
associated raw reporting is conducted in accordance with our 
authorities and disseminated to authorized IC recipients.
    Question 2c. How do I&A's written products and activities, such as 
briefings, align with its intelligence priorities?
    Answer. I&A's intelligence priorities determine its organizational 
structure and require the development of subject-matter expertise in 
various functional analytic portfolios, the result of which is inherent 
alignment of written products and briefings with National, 
Departmental, SLTT, and private-sector customer needs. Analysts 
undertake substantive intelligence work only after they and their 
leadership determine that it addresses an authorized mission reflected 
in I&A priorities and consistent with oversight guidelines.
    Question 3. The Domestic Terrorism Analytic Branch was established 
in March 2021, however, the committee has received very little 
information on how exactly the creation of the discrete branch has 
improved the Department's understanding of the rising threat of 
domestic terrorism and subsequently, the Department's efforts to combat 
the threat.
    Please describe I&A's progress and accomplishments under the branch 
and what specific metrics have been developed to evaluate success, 
including the improvement of our understanding of the Domestic 
Terrorist threat.
    Answer. I&A has been able to vastly improve its ability to directly 
support SLTT and private-sector customers, as well as senior DHS 
leadership's intelligence information needs on domestic terrorism--a 
consistent high-priority requirement for most customers. Providing 
dedicated support to this effort has allowed us to focus analytic 
efforts on the full range of domestic violent extremist threats and 
issues. Since 2021, I&A has authored or co-authored more than 100 
finished intelligence products addressing domestic terrorism issues. In 
particular, I&A has taken the lead on assessments on topics such as 
possible threats associated with the anniversary of the Capitol breach, 
targeting of the health care sector, threats to the Nation's electrical 
grid, threats associated with the U.S. Supreme Court's decision in 
Dobbs v. Jackson Women's Health Organization, and threats to potential 
U.S. border policy changes. I&A also has co-authored a number of Joint 
Intelligence Bulletins and other products with Federal Bureau of 
Investigation (FBI), National Counterterrorism Center, U.S. Capitol 
Police, and fusion centers, and jointly updated the U.S. violent 
extremist mobilization indicators booklet to ensure the indicators also 
apply to domestic violent extremism.
    I&A also has regularly delivered briefings to Federal, SLTT, and 
private-sector partners in the Homeland Security Enterprise to apprise 
them of changes in the domestic terrorism threat environment, and to 
help inform prevention, mitigation, security, and response efforts. I&A 
has prioritized briefing staff at the National Network of Fusion 
Centers and other State and local law enforcement partners throughout 
the Nation at the U//FOUO level. I&A also has engaged with foreign 
partners to share information, produce intelligence assessments 
regarding violent extremist threats, and identify commonalities and 
potential collaboration between these actors.
    I&A measures progress against goals and objectives established in 
the National Strategy to Counter Domestic Terrorism and the DHS 
Framework for Countering Terrorism and Targeted Violence Posture 
Review, and by monitoring the numbers/types of briefing or engagement 
requests received, numbers/types of analytic requests received, and/or 
feedback on products. We are also constantly examining our internal 
priorities and resources to improve our ability to align analytic 
expertise to intelligence customer priorities.
    Question 4a. According to the Strategic Intelligence Assessments 
and Data on Domestic Terrorism that your office produces, in 
collaboration with the FBI and National Counterterrorism Center, from 
2016-2019 I&A produced 67 domestic terrorism-related finished 
intelligence products and 1,068 domestic terrorism-related raw 
intelligence products. From fiscal year 2020 to fiscal year 2021, I&A 
produced 100 domestic terrorism-related finished intelligence products 
and over 500 domestic-terrorism related raw intelligence products.
    While there appears to be some increase in producing analytic 
products on domestic terrorism, what percentage does this make up of 
I&A's total intelligence production?
    Question 4b. Relatedly, what is I&A's total intelligence 
production? In other words, how many pieces of finished intelligence 
generally would you say that the 300 analysts within the Office produce 
per month?
    Answer. Although the majority of I&A's workforce comprises 
intelligence personnel in the GS-0312 job series, many of those 
personnel perform intelligence work in disciplines other than analysis, 
such as collection requirements management, information sharing/liaison 
roles, and indications & warning functions. Finished intelligence is 
produced almost exclusively in I&A Mission Centers with approximately 
180 analytic, management, and support personnel--about 140 of whom are 
front-line analysts who research and draft all-source products. 
Approximately 10 percent of I&A's finished intelligence production is 
related to domestic terrorism.
    In fiscal year 2022, I&A disseminated nearly 1,000 intelligence 
products. This metric does not include any products disseminated 
outside of I&A's finished production lines, including Presidential 
Daily Briefs and joint products published in other IC elements' product 
lines (CIA WIRe, NCTC Current, DIA DID, etc.). I&A production is driven 
by mission priorities, customer demand, and on-going threat streams, 
all of which can evolve based on current events and associated drivers. 
I&A and other intelligence agency production is focused on quality and 
value of the content to their respective customers, which is not 
accurately assessed based solely on average quantities.
    Question 4c. According to the October 2022 Strategic Intelligence 
Assessments on Data on Domestic Terrorism, data related to domestic 
terrorism incidents were focused solely on incidents investigated by 
the FBI, but I&A also tracks domestic terrorism incident information. 
How did the FBI and I&A develop the methodology used to determine which 
incidents would be included in the report?
    Answer. I&A Counterterrorism Mission Center has a formal process 
for continually collecting, coding, and analyzing domestic violent 
extremist incident data which is included in an internal incident 
tracker. This incident tracker has been in existence since 2016, and 
the methodology has been continually updated since its inception with a 
more comprehensive update undertaken in 2021. In August 2022, I&A 
widely released an FOUO Intelligence in View titled ``Domestic Violent 
Extremist Attacks and Plots in the United States From 2010 Through 
2021,'' which provided an overview of 2010-2021 fatal and non-fatal 
attacks and plots associated with domestic violent extremism.
    For the Strategic Intelligence Assessments on Data on Domestic 
Terrorism, I&A, FBI, and the U.S. Department of Justice (DOJ) jointly 
agreed on the inclusion of specific incidents, based on FBI's and DOJ's 
respective roles as lead Federal agencies for terrorism investigations 
and prosecutions and their access to specific investigative data on 
these incidents. I&A will continue to coordinate with FBI and DOJ on 
future updates to this report to ensure these reports contain the most 
comprehensive data possible on significant incidents the Federal 
Government is aware of.
 Questions From Ranking Member August Pfluger for Kenneth L. Wainstein
    Question 1a. A review of I&A's statutory authority, which lists 
approximately two dozen responsibilities within your office, reveals 
that there is no explicit provision for open-source collection. During 
the hearing on December 13, 2022, you said I&A mainly relies on 
authorities drawn from Executive Order 12333 to build out such a large 
collection capability. You also made clear that I&A's open-source 
collection is a major focal point for agency resources. Prior to the 
revised and re-issued EO 12333 by President Bush in 2008, where did I&A 
draw these collection authorities from?
    Question 1b. What efforts is I&A making to ensure that its other 
authorities, which are designated by statute, are prioritized and 
carried out, over those which are solely granted by EO 12333?
    Answer. The Homeland Security Act of 2002 directed I&A's 
predecessor office to, among other things, ``access, receive, and 
analyze . . . information,'' ``integrate relevant information, 
analyses, and vulnerability assessments (whether such information, 
analyses, or assessments are provided or produced by the Department or 
others),'' and ``ensure . . . the timely and efficient access of the 
Department to all information necessary to discharge the 
responsibilities [of I&A].'' Implicit in these authorities is the 
authority to collect information, including publicly available (i.e., 
open-source) information. Recognizing this, and the increasing 
importance of open-source intelligence to I&A's work, Congress amended 
the Act in 2007 by explicitly requiring I&A to, ``whenever possible . . 
. produce[] and disseminate[] unclassified reports and analytic 
products based on open-source information'' (emphasis added). As with 
I&A's authority to ``access, receive, and analyze'' all source 
information, this subsequently--added statutory requirement that I&A 
``produce and disseminate'' intelligence based on open-source 
information necessarily implies the authority to collect such 
information.
    As the statutorily designated office in DHS responsible for 
carrying out the Secretary's responsibilities relating to intelligence 
and analysis (6 U.S.C.  121) and a designated element of the U.S. 
intelligence community (50 U.S.C.  3003(4)(K)), I&A carries out all 
intelligence activities assigned to it--whether in law or Executive 
Order--in support of both National and Departmental missions in 
accordance with the intelligence priorities, policies, and guidelines 
established by or otherwise consistent with the direction of the 
President, the Secretary, and the director of national intelligence, 
and in consultation with intelligence, law enforcement, and other 
Federal, State, local, and private-sector homeland security partners.
    Question 2a. I&A has faced bipartisan frustration throughout the 
years. In 2009, I&A produced a non-public report intended for law 
enforcement partners entitled ``Right-wing Extremism: Current Economic 
and Political Climate Fueling Resurgence in Radicalization and 
Recruitment.'' This report was heavily criticized by Congress and 
veterans' organizations for its characterization of the right-wing 
extremist group's recruitment of former service members. Since that 
report, the Privacy Office, Office of Civil Rights and Civil Liberties 
(CRCL), and General Counsel have reviewed and cleared analytic products 
that would be disseminated to non-Federal recipients. While well-
intentioned, how has this process impacted I&A's ability to issue 
reports in a timely manner?
    Answer. I&A has worked closely with these oversight offices as well 
as our own Privacy and IO Branch to build and maintain collaborative 
relationships that help us produce products that meet customer 
intelligence needs in a timely and meaningful way, that are consistent 
with our intelligence authorities, and that protect the privacy, civil 
rights, and civil liberties of U.S. persons. We have codified the roles 
and responsibilities of the relationship between the analytic workforce 
and the legal offices in I&A Policy Instruction IA-901: Production of 
Finished Intelligence. The instruction stresses that I&A personnel and 
the oversight offices work collaboratively to address any requested or 
required edits and includes a dispute resolution mechanism, which 
includes the I&A analytic ombuds, to ensure that the analytic workforce 
and the legal offices have avenues to express concerns with the review 
process. The timing of the review process can be adjusted as mission 
needs require through coordination with the oversight offices and it 
has not negatively affected product timeliness since the updated 
process was codified.
    Question 2b. Has this process impacted the independent nature of 
I&A's analytical judgments? How much involvement do offices such as 
CRCL and Privacy--with personnel who are not familiar with 
intelligence--have with the content of products?
    Answer. DHS's oversight offices provide consultation and advice to 
all I&A personnel concerning legal requirements, policies for the 
protection of privacy, civil rights, and civil liberties, and oversight 
and compliance guidelines for I&A Finished Intelligence Products, and 
affirmatively clear I&A Finished Intelligence Products that include 
information and analysis relating to U.S. persons, Constitutionally-
protected activity, or other matters that have significant oversight 
equities. The oversight offices ensure compliance but seek to avoid 
altering or influencing analytic judgments of products or the 
substantive content on which they are based.
    Question 3. I&A is charged with the administration of the Homeland 
Security Advisory System, which is meant to advise the public of 
specific warnings, protective measures, and countermeasures related to 
threats to homeland security. The National Terrorism Advisory System 
(NTAS) is the mechanism for communicating specific terrorist attack 
threats. For almost 2 years, a number of NTAS bulletins have 
continuously been in effect stating that the United States is in a 
``heightened threat environment.'' During the hearing on December 13, 
2022, you reflected that the persistence of this designation and 
generality of the threat explanation could diminish the usefulness of 
the NTAS to the public and distract from the intent for I&A to 
communicate specific, targeted warnings, protective measures, and 
countermeasures to ``triggering events'' that disrupt the ``baseline'' 
threat environment. Given this reflection, how can the NTAS bulletins 
be leveraged into a more effective tool for notifying the American 
public without undermining its own efficacy with a persistent threat 
designation that is not comparable to a baseline?
    Answer. DHS replaced the color-coded alerts of the Homeland 
Security Advisory System (HSAS) with the National Terrorism Advisory 
System (NTAS) in 2011, and the responsibilities for the NTAS have been 
delegated by the Secretary to the Department's Counterterrorism 
Coordinator. The NTAS is designed to communicate information about 
terrorist threats by providing timely, detailed information to the 
American public, through the provision of NTAS advisories (both Alerts 
and Bulletins). NTAS bulletins have typically been issued in 3- to 6-
month increments and have ranged from 3 weeks up to 7 months in 
duration. In contrast to the HSAS, the NTAS provides value to the 
public by sharing resources and information associated with the threat. 
I&A shares the committee's concern that successive issuances of updated 
NTAS bulletins might be construed to diminish the significance of the 
heightened environment by relegating it to a perpetual baseline. Due to 
the volatile and ever-evolving nature of the current threat 
environment, DHS issues, cancels, or updates NTAS bulletins when deemed 
necessary. In the most recent update, we opted to issue the NTAS noting 
that conditions justified continuing to caution the public about the 
heightened threat environment despite the absence of a specific, 
emergent threat.
    Question 4. I&A was originally envisioned to be the nexus of 
intelligence activities related to threats to the homeland, in 
partnership with the FBI and other intelligence agencies. However, for 
many reasons, I&A struggles to live up to this vision. Could you please 
describe the current operating procedure of DHS I&A within the rest of 
the intelligence community (IC)? What is I&A's unique value-add within 
the National security apparatus?
    Answer. I&A is a unique member of the U.S. IC and is the only IC 
element statutorily charged with delivering intelligence to SLTT and 
private-sector partners and developing intelligence from those partners 
for DHS and the IC. This is at the core of why Congress established 
I&A, in part to fill a void that existed within the intelligence- and 
information-sharing architecture between Federal and SLTT partners. 
Carrying out this role as a bridge between the IC and our front-line 
SLTT and homeland security operators and decision makers ensures that 
these entities remain aware of the most pressing current and emerging 
threats to the Nation and contributes to our collective defense of the 
homeland. I&A is positioned to identify and collect information of 
intelligence value from non-Federal partners and make it available to 
authorized recipients across the IC that otherwise could never obtain 
it. In the other direction, I&A is able to facilitate SLTT and private-
sector partners' access to National IC information, often at a lower 
classification level for greater utility. The intelligence shared by 
I&A supports the effective identification and mitigation of the threats 
we face from foreign and domestic terrorists, nation-states, 
transnational criminal organizations, cyber criminals, and emerging 
threats.
    Question 5a. I&A has no clandestine intelligence collection 
authority and primarily operates as an integrator and disseminator of 
information among the DHS components; State, local, and Tribal 
agencies; private-sector entities; and other related elements of the 
IC. Could you please explain the flow of information from its initial 
collection in the IC or DHS component intelligence offices, to I&A, and 
out to I&A's consumer base?
    Answer. While I&A does not have clandestine intelligence collection 
authorities, it does have the authority to collect raw, unevaluated 
information overtly or from publicly-available sources, and regularly 
provides unique information of intelligence value to DHS, the IC, and 
its SLTT partners. I&A collectors gather and report intelligence 
information in serialized raw reports that are disseminated to DHS, the 
IC, and SLTT analysts via IC reporting systems and the Homeland 
Security Information Network Intel portal. I&A analysts synthesize and 
integrate this information with other DHS, IC, and SLTT information and 
draft finished intelligence products on topics related to customer 
priority information needs. Once drafted the finished intelligence 
product is reviewed and cleared through I&A's review process and 
disseminated via one of I&A's externally-facing information-sharing 
websites and briefed to customers as needed and appropriate.
    Question 5b. When I&A analyzes a product that it has received from 
the IC and/or enterprise, how and why does I&A make additional analysis 
to the original examination performed by the collecting agency or 
component? Is there a value-add provided by I&A's analysis?
    Answer. It is important to distinguish between raw information of 
intelligence value and the process of its transformation, through 
analysis and integration with other information, into finished 
intelligence products. In addition to its own raw, unevaluated 
intelligence reporting, I&A analyzes component and other IC element-
derived raw intelligence reporting to answer intelligence questions 
through original and strategic finished intelligence. I&A analysis 
provides value in that it takes raw information from all sources and 
synthesizes that information into finished analytic products tailored 
to DHS Enterprise customers, especially non-traditional consumers of 
intelligence such as State, local, Tribal, territorial, and private-
sector partners--at the lowest classification for ease of dissemination 
to decision makers. I&A analysis also ensures that unique analytic 
insights and data from State and local partners and DHS components are 
provided to National-level, traditional intelligence customers, which 
better informs more holistic understanding of National security 
threats.
    Question 5c. Is I&A's analysis of such products ever re-evaluated 
or audited? If so, please elaborate.
    Answer. I&A evaluates a sampling of its own published and 
disseminated finished intelligence products each month for adherence to 
ODNI Intelligence Community Directive (ICD) 203 Analytic Standards. I&A 
uses the results of these evaluations as a teaching tool for analysts 
and reviewers of draft finished intelligence products to improve future 
finished intelligence products.
    Question 6a. The I&A workforce has grown substantially over the 
past several years. Could you please provide the committee with I&A's 
overall growth (reflected in both personnel and budget) since its 
inception, broken out by year?
    Answer. See table below for I&A's authorized full-time equivalent 
positions. Top-line budget figures for IC organizations are Classified 
and I&A can provide a briefing on its funding and expenditures in a 
closed session.

 
------------------------------------------------------------------------
                             Year                                Number
------------------------------------------------------------------------
Fiscal year 2007.............................................        301
Fiscal year 2008.............................................        312
Fiscal year 2009.............................................        365
Fiscal year 2010.............................................        473
Fiscal year 2011.............................................        657
Fiscal year 2012.............................................        636
Fiscal year 2013.............................................        617
Fiscal year 2014.............................................        612
Fiscal year 2015.............................................        548
Fiscal year 2016.............................................        544
Fiscal year 2017.............................................        590
Fiscal year 2018.............................................        623
Fiscal year 2019.............................................        653
Fiscal year 2020.............................................        674
Fiscal year 2021.............................................        732
Fiscal year 2022.............................................        758
Fiscal year 2023.............................................        781
------------------------------------------------------------------------

    Question 6b. Could you provide a breakdown of the types of hires, 
including skill sets, this growth has focused on?
    Answer. Since the organization's inception, I&A's growth has been 
focused in the following three job categories: Intelligence Operations 
Specialists (0132 job series), Management & Program Analysts (0343 job 
series) and Information Technology Specialists (2210 job series).
    Question 6c. Please explain how this growth strategically aligns 
with I&A's mission to deliver intelligence to State, local, Tribal and 
territorial partners as well as to develop intelligence from partners 
in the Department and IC.
    Answer. I&A's growth and investment directly or indirectly supports 
our partnership and information-sharing mission, particularly in 
ensuring representation at all 80 State and major urban area fusion 
centers. Our investments are focused on enhancing the quality and 
timeliness of our intelligence production or enabling intelligence and 
information sharing to directly benefit State, local, Tribal, 
territorial, and private partners. This includes producing intelligence 
that addresses those partners' requirements and feedback and that is 
generally available at the un-Classified level. In fiscal year 2022, 66 
percent of I&A products were at the un-Classified level, and 
investments in technology have focused on enhancing State and local 
access to intelligence, including through the new DHS Intel App that 
allows our partners to receive un-Classified intelligence on their 
mobile device.
    Question 7. I&A boasts a robust internship program that operates in 
the functional areas of Intelligence Analysis, Intelligence Operations, 
Mission Readiness, Information Technology, and Data Science. How much 
has this internship program grown over the past 10 years, and how many 
of these interns convert to full-time I&A employees?
    How many of these interns that convert to full-time employees have 
previous intelligence analysis experience?
    Answer. I&A's Internship Program has become the primary driver to 
recruit entry-level talent across the organization. With strong and 
sustained leadership support, I&A has been able to expand the applicant 
pool and refine the selection process to ensure an annual internship 
cadre reflects traditional markers of diversity as well as broad skill 
sets and interests that allow them to be assigned widely across I&A 
offices to leverage their talents. Adaptations gained during the 
pandemic now enable interns to support offices remotely while back in 
school and to receive virtual training sessions and briefings to 
develop their knowledge of I&A, DHS, and the IC.
    Since 2014, I&A's internship program has grown by over 1,100 
percent. In January 2014, I&A had four student interns on board and 
that number has grown to 49 as of the beginning of fiscal year 2023--
peaking at 70 at the beginning of fiscal year 2020. Approximately 139 
of I&A's over 300 student interns converted to full-time employees 
since 2014.
    Question 7b. Could you provide the committee with the percentage of 
intern converts encompassing the entire I&A workforce?
    Answer. At the beginning of fiscal year 2023, approximately 10.6 
percent of I&A's current workforce are former I&A interns (78 
employees).
    Question 7c. How many of these interns that convert to full-time 
employees have previous intelligence analysis experience?
    Answer. Nation-wide colleges and universities form I&A's internship 
candidate pool. We cannot rule out that an intern had prior 
intelligence analysis experience when entering the internship program; 
however, we do not explicitly recruit interns based on prior 
intelligence experience.
    Question 8a. Over a year ago, DHS leadership stood up a working 
group to investigate malicious internet activity that permeated many of 
the threats the Department handled. This group was helmed by the DHS 
Office of Policy and I&A. Its members concluded last year that there 
wasn't a mechanism to address the policies governing how these 
activities are coordinated across the Department. This conclusion led 
to the creation of the DHS Disinformation Governance Board. Could you 
please describe I&A's exact role within the working group as well as 
its involvement in the subsequent Disinformation Governance Board?
    Question 8b. Please elaborate on I&A's role within the 
misinformation, disinformation, and mal-information space. How has this 
role evolved over the past 5 years?
    Answer. I&A has been asked to provide DHS leadership with a threat 
overview of malign foreign actors' efforts to spread mis-, dis-, and 
mal-information in ways that affect Departmental missions. I&A provided 
a similar threat overview to the Secretary's Homeland Security Advisory 
Council when that body was asked to review the Disinformation 
Governance Board's activities. Within this space, in 2019 I&A 
established the Foreign Influence & Interference Branch within the 
Cyber Mission Center to identify foreign malign influence activities, 
particularly but not solely with regard to election interference. This 
branch monitors influence efforts by statutorily designated malign 
foreign actors--under 50 U.S.C. Sec. 3059--including Russia, China, and 
Iran, and evolving tactics, techniques, and procedures by such actors 
seeking to influence U.S. audiences.
    Question 9a. In its August 24, 2022 final report on the 
Disinformation Governance Board, the Homeland Security Advisory Council 
states that I&A should serve as a principal channel for obtaining 
disinformation warnings from the IC and from other entities. This is in 
part because I&A already identifies the spread of disinformation 
through all-source intelligence research, including open-source 
collection from known forums. Could you please elaborate on I&A's 
identification process for disinformation?
    Question 9b. What are the standards set (and by whom) for I&A to 
define disinformation and what recourse exists once disinformation is 
identified? Are different standards utilized for information 
originating from foreign nation-states and Transnational Criminal 
Organizations versus American citizens?
    Answer. I&A approaches the identification of mis-, dis-, and mal-
information in a content-neutral manner. We do not assess the validity 
or veracity of narratives being spread on-line, but rather, focus on 
identifying the messaging of statutorily-designated malign foreign 
actors--under 50 U.S.C. Sec. 3059--including but not limited to China, 
Russia, and Iran. We also review the spread of messaging from these 
actors by other foreign governments. As these actors are designated 
under U.S. law as being involved in active efforts to influence U.S. 
audiences, spread information with malicious intent, and engage in 
activities such as interference with U.S. elections, I&A tracks the 
messaging of these foreign actors without independently seeking to 
assess the veracity of these governments' claims. I&A also identifies 
messaging on-line by transnational criminal organizations, often 
related to human smuggling and influencing migration to the U.S. 
border, to inform U.S. Customs and Border Protection (CBP) and other 
border security stakeholders.
    Question 10. I&A's statutory authority describes agency 
responsibilities to be more of a facilitator of information between DHS 
and other components of the IC or Federal, State, and local law 
enforcement, as well as private-sector partners. Can you discuss the 
focus that I&A places on this facilitating and sharing function and the 
importance of it to the mission of DHS? How does this differ from the 
FBI's relationships and information sharing with State and local law 
enforcement?
    Answer. I&A is a unique member of the U.S. IC and is the only IC 
element statutorily charged with delivering intelligence to SLTT and 
private-sector partners and developing intelligence from those partners 
for DHS and the IC. This is why I&A is dedicated to building close and 
lasting coordination with all levels of government and the private 
sector, including critical infrastructure owners and operators, 
academia, faith communities, and non-profit organizations. In 
recognition of the importance placed on fostering these relationships, 
I&A has elevated its externally-focused engagement by creating the 
position of deputy under secretary for intelligence partnerships. I&A 
is only able to execute our mission when we have strong collaboration 
with our law enforcement and homeland security partners across the 
country. Additionally, through our partnership with the National 
Network of Fusion Centers, DHS deploys personnel across the country to 
share information on a broad range of threats. DHS remains committed to 
working closely with SLTT partners, including the sharing of timely and 
actionable information to ensure our partners have the information they 
need to keep our communities safe. DHS's primary focus is on the two-
way sharing of threat information with our partners across all threats. 
In this capacity, we complement our partners at the FBI, which shares 
its information with SLTT partners through a variety of task forces and 
jointly-produced analytic products.
    Question 11a. The predecessor to I&A was stood up on the heels of 
9/11 while the Department took shape. Since I&A's official 
establishment in 2007, the threat landscape and the role of DHS have 
transformed. How would you assess I&A's role within DHS and its 
cooperation with other agencies in the IC has shifted?
    Question 11b. From the feedback you have received from other 
elements of the IC as well as Federal, State, local, and private-sector 
partners, what do you believe is the perception of the value that I&A 
adds?
    Answer. Following the September 11, 2001 terrorist attacks, the 
Homeland Security Act of 2002 created DHS and the Implementing 
Recommendations of the 9/11 Commission Act of 2007 established I&A as 
the first Federal agency statutorily mandated to share intelligence 
with State, local, Tribal, and territorial law enforcement, as well as 
the private sector--creating the necessity for a comprehensive approach 
and strategy to homeland security. The threat environment is never 
static, thus I&A remains dynamic in its actions to combat the 
challenges of today, as well as the future, through partnerships, 
information sharing, and a concrete understanding of the evolving 
landscape at home and beyond our Nation's borders. Terrorist networks 
continue operations to inspire and mobilize those in our country, 
transnational criminal organizations seek to exploit our borders, and 
state and non-state cyber actors target our critical infrastructure, 
information networks, and the American people.
    In the early years of its existence, I&A was largely involved in 
facilitating the sharing of information acquired by other organizations 
and was a contributor to the analytic work of more well-established IC 
agencies. As I&A has matured, it has established its own native 
capability to overtly collect raw intelligence, fuse DHS-unique data 
from components, and produce tailored homeland-centric intelligence for 
a wide range of National and non-Federal partners in a way no other IC 
agency can. I&A is also on the leading edge of exploiting open-source 
intelligence while safeguarding privacy, civil rights, and civil 
liberties. As DHS engages, supports, and shares information with our 
partners, we enhance and bolster opportunities to protect the homeland, 
and ensure critical information and data resident within the holdings 
of our partners can be accessed and shared with DHS and the IC.
    Question 12. In your testimony before Congress on December 13, 
2022, you stated, ``At the same time, I&A's production--including 
regular products in the President's Daily Brief last year--helped 
inform the IC and policy makers on the unique threats the Nation faces 
internally and at its borders.'' How much of this content was unique 
I&A analysis versus the modified analysis of another IC member or 
Intelligence Enterprise (IE) component?
    Answer. The vast majority of I&A analysis is original analysis 
tailored to our unique customers' intelligence needs and incorporating 
unique insights from DHS data and expertise. At times, I&A will 
identify existing IC and Intelligence Enterprise (IE) production that 
we believe would be useful to our customers and will work with the 
originating agency to further disseminate production--often at a 
downgraded classification level--to those additional customers if they 
do not already have access to it. DHS IE components also post their 
finished intelligence products to our externally facing production 
websites which customers are able to access given appropriate 
clearances and need-to-know. Additionally, in cases where a topic would 
be better informed by the unique analysis, expertise, and data from 
multiple agencies or components, I&A produces jointly authored products 
with those IC agencies and DHS IE components to tell a more holistic 
story.
    Question 13a. The Department of Homeland Security often engages 
with the Committee on Foreign Investment in the United States (CFIUS) 
and Team Telecom to review transactions that potentially pose a risk to 
the Department's interests. As part of this review, I&A submits 
information to the Office of the Director of National Intelligence 
(ODNI) to inform CFIUS and Team Telecom determinations. Exactly how 
many I&A personnel are dedicated to the CFIUS and/or Team Telecom 
review processes?
    Answer. Currently there are three I&A personnel dedicated to 
supporting the Committee on Foreign Investment in the United States 
(CFIUS) and/or Team Telecom review processes.
    Question 13b. Please explain what information I&A provides ODNI to 
inform these processes.
    Answer. I&A manages the DHS Intelligence Enterprise's (IE) 
participation in the IC's threat assessment process for CFIUS. I&A 
solicits threat information from the DHS IE, requesting information 
from each DHS component to look at the transaction and vet/assess if it 
were to take place, would the transaction pose a threat or concern to 
their component mission interests. I&A consolidates the DHS IE threat 
information, places it into context informed by operator perspectives, 
and sends it to ODNI for the IC-coordinated threat assessment. I&A is 
uniquely positioned to reach counterparts across DHS operational 
components' broad missions, vast repositories of exploitable 
information, and deep field expertise that can be leveraged to inform 
CFIUS decision makers.
    Question 13c. How often do these information exchanges occur?
    Answer. I&A corresponds on each CFIUS request received (in 2022 
there were 289 CFIUS transactions and 55 Team Telecom requests).
    Question 13d. What other IC and IE information exchanges are 
occurring in support of CFIUS and Team Telecom?
    Answer. Currently, I&A holds a quarterly meeting with the DHS IE 
for the CFIUS portfolio. I&A also participates in an ODNI--hosted 
weekly CFIUS meeting for the IC.
    Question 13e. How much of the information shared is the result of 
I&A's own collection and analysis versus that of another member of the 
IC or IE?
    Answer. The information I&A provides to ODNI for CFIUS cases comes 
from the DHS IE and their data sources. I&A receives Team Telecom 
requests from the DHS Office of Strategy, Policy, and Plans' Foreign 
Influence Risk Management and I&A conducts reviews on these Team 
Telecom requests for foreign ownership, control, and influence in open 
source, commercial, and Classified data.
    Question 14. How many Full-Time Employees (FTE) and contractors 
does I&A employ? Please provide a breakdown of the categories of roles 
each of these FTEs and contractors perform within I&A, including those 
that perform collection versus analysis roles or other categories of 
responsibilities. Please provide the budget allocations associated with 
each of these categories of roles.
    Answer. I&A's fiscal year staffing levels averaged approximately 
750 full-time employees, and the budget allocations and percentages by 
primary function are below.
    The data reflect an approximate level of effort or resource 
investment, but variances occur throughout the year based on mission 
priorities.

------------------------------------------------------------------------
                                                                Percent
                               Percent   Personnel     Non-      of I&A
                                of I&A     (Fed)    personnel   Staffing
                                Budget   costs (%)  costs (%)     (%)
------------------------------------------------------------------------
Analysis & Production.......         11         92          8         30
Collection & Exploitation...          8         58         42         21
Information Sharing &                18         75         25         19
 Partnerships...............
Department Integration......         12         50         50          8
Technology & Data...........         35         16         84          8
Corporate Resources &                16         60         40         14
 Services...................
------------------------------------------------------------------------

    Question 15. The committee was informed that the Special Event 
Assessment Rating (SEAR) process would be relocated under I&A as part 
of a DHS reorganization process. Has this relocation occurred yet? If 
so, how many staff are assigned to this work? If not, when can we 
expect this relocation to occur? What is the budget allocation required 
to support this function? Will that funding transfer with the movement 
of the function?
    Answer. In 2021, the Department identified a number of strategic 
infrastructure transformation priorities as a path forward on how to 
better organize the Department for the challenges we will face in the 
years to come. One of the outcomes of the process was a recommendation 
to move the DHS Special Events Program (SEP) into I&A. I&A has been 
collaborating with SEP on the anticipated transition since early 2022. 
SEP's transition into I&A became official when Congress enacted the 
fiscal year 2023 budget in January 2023, authorizing the transfer of 11 
SEP billets and $2.2 million to I&A.
    Question 16. The National Vetting Center (NVC) is a collaborative, 
interagency effort to provide a clearer picture of threats to National 
security, border security, homeland security, or public safety posed by 
individuals seeking to transit our borders or exploit our immigration 
system. Does I&A provide technical support to the NVC? If so, how many 
staff are assigned to this work and what is the budget allocation 
required to support this function?
    Answer. I&A acts as a technical service provider on behalf of CBP, 
which administers the National Vetting Center (NVC). CBP provides 
reimbursable funding to I&A each year for several technical services 
(software, hardware, labor) that, in totality, comprises the NVC's case 
management system, known as the High Side Vetting Unified Environment. 
With the passing of the fiscal year 2023 budget, CBP intends to 
transfer approximately $20 million to DHS I&A under its reimbursable 
authorities. I&A executes the funds across several contracts that 
provide different functional services, such as: (1) Development and on-
going operations and maintenance support to vetting programs, project 
management, and integration with IC partners; (2) IT security to 
provide the review of incremental system changes; (3) cross-domain 
infrastructure and engineering to automate the secure transfer of 
information across classification domains; (4) cloud engineering 
support; and (5) Amazon Web Services cloud storage and processing and 
other software licenses. About 40 contractor staff support the NVC from 
I&A, but contract staffing levels can vary depending on the activity. 
Currently, there is one I&A Federal employee serving as the NVC's 
Technical Director with two additional full-time employees pending 
selection and hiring.
    Question 17. During the hearing December 13, 2022, Representative 
Slotkin inquired about I&A's policy and procedures, if any, for 
monitoring individuals who have projected hateful rhetoric but have not 
committed a crime or threatened to do so. What is I&A's official policy 
and procedure for monitoring speech in such individuals or situations?
    Answer. I&A's intelligence activities surrounding on-line speech 
are regulated primarily by the interaction of two key provisions in 
I&A's Attorney-General approved IO Guidelines. I&A's IO Guidelines 
provide that I&A personnel may engage in intelligence activities where 
they have a reasonable belief that the activity supports one or more of 
the National or Departmental missions listed in this section of the 
Guidelines. Departmental missions include not only domestic terrorism, 
but a variety of other significant threats that could overwhelm our 
State, local, or Federal partners with homeland security missions. In 
addition, the guidelines provide that I&A personnel are prohibited from 
engaging in any intelligence activities for the purpose of affecting 
the political process in the United States, for the sole purpose of 
monitoring activities protected by the First Amendment or the lawful 
exercise of other rights secured by the Constitution or laws of the 
United States, or for the purpose of retaliating against a 
whistleblower or suppressing or burdening criticism or dissent. 
Further, as a matter of internal DHS policy, I&A personnel are not 
permitted to engage in intelligence activities based solely on an 
individual's or group's race, ethnicity, gender, religion, sexual 
orientation, gender identity, country of birth, or nationality. As 
such, I&A's work that touches on hateful rhetoric focuses on 
identifying, understanding, preventing, and mitigating threats of 
terrorism and targeted violence.

                                 [all]