9/11 Commission Report: Reorganization, Transformation, and Information Sharing (03-AUG-04, GAO-04-1033T). The sorrow, loss, anger, and resolve so evident immediately following the September 11, 2001, attacks have been combined in an effort to help assure that our country will never again be caught unprepared. As the 9/11 Commission notes, we are safer today but we are not safe, and much work remains. Although in today's world we can never be 100 percent secure, and we can never do everything everywhere, we concur with the Commission's conclusion that the American people should expect their government to do its very best. GAO's mission is to help the Congress improve the performance and ensure the accountability of the federal government for the benefit of the American people. GAO has been actively involved in improving government's performance in the critically important homeland security area both before and after the September 11 attacks. In its request, the House Committee on Government Reform have asked GAO to address two issues: the lack of effective information sharing and analysis and the need for executive branch reorganization in response to the 9/11 Commission recommendations. Further, the Committee has asked GAO to address how to remedy problems in information sharing and analysis by transforming the intelligence community from a system of "need to know" to one of a "need to share." -------------------------Indexing Terms------------------------- REPORTNUM: GAO-04-1033T ACCNO: A11364 TITLE: 9/11 Commission Report: Reorganization, Transformation, and Information Sharing DATE: 08/03/2004 SUBJECT: Classified defense information Congressional oversight Counterterrorism Domestic intelligence Federal agency reorganization Federal intelligence agencies Government information dissemination Information centers Interagency relations Intergovernmental relations National preparedness Presidential appointments Strategic planning Emergency preparedness Terrorism Productivity in government Performance measures Personnel management Human resources utilization Human capital Homeland security ****************************************************************** ** This file contains an ASCII representation of the text of a ** ** GAO Product. ** ** ** ** No attempt has been made to display graphic images, although ** ** figure captions are reproduced. Tables are included, but ** ** may not resemble those in the printed version. ** ** ** ** Please see the PDF (Portable Document Format) file, when ** ** available, for a complete electronic file of the printed ** ** document's contents. ** ** ** ****************************************************************** GAO-04-1033T United States Government Accountability Office GAO Testimony Before the Committee on Government Reform, House of Representatives For Release on Delivery Expected at 10:00 a.m. EDT 9/11 COMMISSION Tuesday, August 3, 2004 REPORT Reorganization, Transformation, and Information Sharing Statement of the Honorable David M. Walker Comptroller General of the United States On 8/4/04 this testimony was reissued because: On page 12, in footnote 11, "OGC" was changed to "OCG" to correct a transposition error. On page 21, in the next to the last sentence in the final paragraph, "might" was changed to "must," and "challenges was changed to "responsibilities and opportunities." In the same pargraph, in the last sentence, " executive" was changed to "effective." These correct transcription errors. GAO-04-1033T Mr. Chairman and Members of the Committee: We at GAO applaud the efforts of the 9/11 Commission and the dedicated family members of the victims of that tragic day whose combined efforts have resulted in a definitive account of the past events, and a number of constructive recommendations for the future. The sorrow, loss, anger, and resolve so evident immediately following the September 11, 2001, attacks have been combined in an effort to help assure that our country will never again be caught unprepared. As the Commission notes, we are safer today but we are not safe, and much work remains. Although in today's world we can never be 100 percent secure, and we can never do everything everywhere, we concur with the Commission's conclusion that the American people should expect their government to do its very best. GAO's mission is to help the Congress improve the performance and ensure the accountability of the federal government for the benefit of the American people. GAO has been actively involved in improving government's performance in the critically important homeland security area both before and after the September 11 attacks. For example, GAO issued over 100 reports on homeland security-related issues and recommended the creation of a national focal point for homeland security before the attacks. We have also been privileged to actively support this Congress and the 9/11 Commission through details of key personnel, testimony before the Congress and the Commission, and sharing our research, products, and experiences. Just a few days after the tragic events of September 11, I testified about various challenges and strategies to address both our short- and long-term homeland security needs and outlined a framework for addressing our nation's efforts. I emphasized that we as a nation must find the best ways to sustain our efforts over a significant time period, and leverage our finite human, financial, and technological resources in ways that would have the greatest impact. At that time, I identified several key questions that our government needed to address in order to improve the security of the homeland:1 1. What are our vision and national objectives to make our homeland more secure? 1U.S. General Accounting Office. Homeland Security: A Framework for Addressing the Nation's Efforts, GAO-01-1158T (Washington, D.C.: Sept. 21, 2001). 2. What essential elements should constitute the government's strategy for securing the homeland? 3. How should the executive branch and the Congress be organized to address these issues? 4. How should we assess the effectiveness of any homeland security strategy implementation to address the spectrum of threats? During the past few years, we have seen major efforts to address these questions, such as the formation of the Department of Homeland Security (DHS) and major initiatives such as strengthened passenger and baggage screening, increased border patrols, reform of the Federal Bureau of Investigation (FBI), and the creation of the Northern Command. However, as the 9/11 Commission and our own work indicates, these questions are yet to be fully addressed. GAO has continued to explore these topics on behalf of this Committee and the Congress, issuing over 200 homeland security related products since the September 11 attacks, developing over 500 recommendations for action, testifying on over 90 occasions before the Congress, and working closely with the Congress and federal agencies, including the FBI, the Department of Defense (DOD), and DHS, to implement key recommendations to improve homeland security mission performance, improve government efficiency, and promote enhanced accountability and oversight to assure the American people that the federal government is doing all that can reasonably be expected. In your request, you have asked me to address two issues: the lack of effective information sharing and analysis and the need for executive branch reorganization in response to the 9/11 Commission recommendations. Further, you have asked me to address how to remedy problems in information sharing and analysis by transforming the intelligence community from a system of "need to know" to one of a "need to share." The 9/11 Commission has recommended several transformational changes, such as the establishment of a National Counterterrorism Center (NCTC) for joint operational planning and joint intelligence and replacing the current Director of Central Intelligence with a National Intelligence Director (NID) to oversee national intelligence centers across the federal government. The NID would manage the national intelligence program and oversee agencies that contribute to it. Yesterday, on August 2, 2004, the President asked Congress to create a NID position to be the principal intelligence advisor, appointed by the President, with the advice and consent of the Senate and serving at the pleasure of the President. Unlike the 9/11 Commission, the President did not propose that the NID be within the Executive Office of the President. He also announced that he will establish a NCTC whose Director would report to the NID, and that this center would build upon the analytic work of the existing Terrorist Threat Integration Center. He suggested that a separate center may be necessary for issues of weapons of mass destruction. Finally, he endorsed the 9/11 Commission's call for reorganization of the Congressional oversight structure. There are, however, several substantive differences between the President's proposal and the Commission's recommendations. While praising the work of the 9/11 Commission, and endorsing several of its major recommendations in concept, the President differed with the Commission on certain issues. These differences reflect that reasoned and reasonable individuals may differ, and that several methods may exist to effectuate the transformational changes recommended. However, certain common principles and factors outlined in my statement today should help guide the debate ahead. Although the creation of a NID and a NCTC would be major changes for the intelligence community, other structural and management changes have occurred and are continuing to occur in government that provide lessons for the intelligence community transformation. While the intelligence community has historically been addressed separately from the remainder of the federal government, and while it undoubtedly performs some unique missions that present unique issues (e.g., the protection of sources and methods) its major transformational challenges in large measure are the same as those that face most government agencies. As a result, GAO's findings, recommendations, and experience in reshaping the federal government to meet Twenty-First Century challenges will be directly relevant to the intelligence community and the recommendations proposed by the 9/11 Commission. Reorganizing government can be an immensely complex activity with both opportunities and risks. As a result, those who propose to reorganize government must make their rationale clear and build a consensus for change if proposed reorganizations are to succeed and be sustained. All key players must be involved in the process. The goal of improving information sharing and analysis with a focus upon the needs of the consumers of such improved information for specific types of threats can provide one of the powerful guiding principles necessary for successful transformation. The elevated threat advisory (orange alert) issued this past weekend for certain financial institutions in particular regions dramatically illustrates the value of improved analysis and sharing of information specific enough to guide effective and efficient preparedness actions by those most at risk. Earlier threat advisories issued by DHS were criticized for lack of specificity, "one size fits all" applicability, and lack of "actionable" information. In my testimony today, I will cover four major points. First, I describe the rationale for improving effective information sharing and analysis, and suggest some ways to achieve positive results. Improvements would include, for example, developing a comprehensive and coordinated national plan to facilitate information sharing and relationships. Second, I provide some overview perspectives on reorganizational approaches to improve performance and note necessary cautions. For example, the Congress has an important role to play in the design and implementation of a new structure, and oversight will be key to success. Third, I illustrate that strategic human capital management must be the centerpiece of any serious change management initiative or any effort to transform the cultures of government agencies, including that of the intelligence community. Strategic management includes, for example, consideration of human capital flexibilities. Finally, I emphasize the importance of resultsoriented strategic planning and implementation for the intelligence arena, focusing management attention on outcomes, not outputs, and the need for effective accountability and oversight to maintain focus upon improving performance. For example, much more attention needs to be paid to defining goals and measures, and providing for increased oversight of the performance of the intelligence community. I conclude by applying these concepts and principles to the challenges of reform in the intelligence community. This testimony draws upon our wide-ranging, completed, and ongoing work, and our institutional knowledge on homeland security, combating terrorism, and various government organizational and management issues. We conducted our work in accordance with generally accepted government auditing standards. Stronger Intelligence Sharing Is Needed Mr. Chairman, there is a continuing and heightened need for better and more effective and comprehensive information sharing. We agree the intelligence community needs to move from a culture of "need to know" to "need to share." The 9/11 Commission has made observations regarding information sharing, and recommended procedures to provide incentives for sharing and creating a "trusted information network." Many Commission recommendations address the need to improve information and intelligence collection, sharing, and analysis within the intelligence community itself. In addition, we must not lose sight of the fact that the purpose of improving information analysis and sharing is to provide better information throughout the federal government, and ultimately also to state and local governments, the private sector, and our citizens, so that collectively we are all better prepared. I want to make it clear that such information sharing must protect confidential sources and methods, and we do not propose any changes that would infringe upon those protections. In addition, as the Congress considers the Commission's recommendations, I would also recommend that it consider the role that state and local agencies and the private sector should play as informed partners in homeland security. The Commission's work, as is the case with our own observations, notes the changing perspective of "federal" versus "other entities'" roles in homeland security and homeland defense. In performing its constitutional role of providing for the common defense, we have observed that the federal government must prevent and deter terrorist attacks on our homeland as well as detect impending danger before attacks occurs. Although it may be impossible to detect, prevent, or deter every attack, steps can and must be taken to reduce the risk posed by the threats to homeland security. Furthermore, in order to be successful in this area, the federal government must partner with a variety of organizations, both domestic and international. Traditionally, protecting the homeland against threats was generally considered a federal responsibility. To meet this responsibility, the federal government (within and across federal agencies) gathers intelligence, which is often classified as national security information. This information is protected and safeguarded to prevent unauthorized access by requiring appropriate security clearances and a "need to know." Normally, the federal government did not share national-level intelligence with states and cities, since they were not viewed as having a significant role in preventing terrorism. Therefore, the federal government did not generally grant state and city officials access to classified information. After the September 11 attacks, however, the view that states and cities do not have a significant role in homeland security changed, and the "need to share" intelligence information became clear.2 However, reconciling the need to share with actually sharing has been at the heart of the 9/11 Commission's recommendations and our own findings and observations on practices to improve information sharing. In work begun before the September 11 attacks,3 we reported on informationsharing practices of organizations that successfully share sensitive or timecritical information. We found that these practices include: o establishing trust relationships with a wide variety of federal and nonfederal entities that may be in a position to provide potentially useful information and advice on vulnerabilities and incidents, o developing standards and agreements on how shared information will be used and protected, o establishing effective and appropriately secure communications mechanisms, and o taking steps to ensure that sensitive information is not inappropriately disseminated. As you might recall, we also testified before this committee last year on information sharing. GAO has made numerous recommendations related to sharing, particularly as they relate to fulfilling DHS's critical infrastructure protection responsibilities.4 The Homeland Security Information Sharing Act, included in the Homeland Security Act of 2002 (P.L. 107-296), requires the President to prescribe and implement procedures for facilitating homeland security information sharing and establishes authorities to share different types of information, such as grand jury information; electronic, wire, and oral interception information; and foreign intelligence information. In July 2003, the President assigned 2U.S. General Accounting Office, Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened, GAO-03-760 (Washington, D.C.: August 2003). 3U.S. General Accounting Office, Information Sharing: Practices That Can Benefit Critical Infrastructure Protection, GAO-02-24 (Washington, D.C.: Oct. 15, 2001). 4U.S. General Accounting Office. Homeland Security: Information Sharing Responsibilities, Challenges, and Key Management Issues, GAO-03-1165T (Washington, D.C.: Sept. 17, 2003); GAO-03-715T (May 8, 2003). these functions to the Secretary of Homeland Security, but no deadline was established for developing such information sharing procedures.. To accomplish its missions, DHS must gain access to, receive, and analyze law enforcement information, intelligence information, and other threat, incident, and vulnerability information from federal and nonfederal sources, and it must analyze such information to identify and assess the nature and scope of terrorist threats. DHS must also share information both internally and externally with agencies and law enforcement on such things as goods and passengers inbound to the United States and individuals who are known or suspected terrorists and criminals (e.g., watch lists). As we reported in June 2002,5 the federal government had made progress in developing a framework to support a more unified effort to secure the homeland, including information sharing. However, this work found additional needs and opportunities to enhance the effectiveness of information sharing among federal agencies with homeland security or homeland defense responsibilities, and with various state and city law enforcement agencies that have a key role in homeland security, as well as with the private sector. As we reported in August 2003,6 efforts to improve intelligence and information sharing still needed to be strengthened. Intelligence- and information-sharing initiatives implemented by states and cities were not effectively coordinated with those of federal agencies, nor were they coordinated within and between federal entities. Furthermore, neither federal, state, nor city governments considered the information-sharing process to be effective. For example, information on threats, methods, and techniques of terrorists was not routinely shared; information that was shared was not perceived as timely, accurate, or relevant; and federal officials have not established comprehensive processes or procedures to promote effective information sharing. At that time, we recommended that the Secretary of Homeland Security work with the heads of other federal agencies and state and local authorities to: 5U.S. General Accounting Office, Homeland Security: Key Elements to Unify Efforts Are Under Way but Uncertainty Remains, GAO-02-610 (Washington, D.C.: June 7, 2002). 6GAO-03-760. o incorporate the existing information-sharing guidance that is contained in the various national strategies and information-sharing procedures required by the Homeland Security Act, o establish a clearinghouse to coordinate the various information-sharing initiatives to eliminate possible confusion and duplication of effort, o fully integrate states and cities into the national policy-making process for information sharing and take steps to provide greater assurance that actions at all levels of government are mutually reinforcing, o identify and address the perceived barriers to federal information sharing, and o use a survey method or a related data collection approach to determine, over time, the needs of private and public organizations for information related to homeland security and to measure progress in improving information sharing at all levels of government. DHS concurred with the above recommendations. DHS and other federal agencies have instituted major counterterrorism efforts involving information and intelligence sharing over the past 2 years. For example, the Terrorist Threat Integration Center (T-TIC) was designed to improve the collection, analysis, and sharing of all counterterrorism intelligence gathered in the United States and overseas. The DHS Information Analysis and Infrastructure Protection (IAIP) Directorate is intended to receive intelligence from a variety of federal sources and act as a central fusion point for all intelligence relevant to homeland security and related critical infrastructure protection. Furthermore, the FBI has created a new Office of Intelligence, established a National Joint Terrorism Taskforce, expanded its Joint Terrorist Task Forces (JTTFs), and recently made operational an interagency joint Terrorist Screening Center. Although improvements had been made, we continue to identify needs, such as developing a comprehensive and coordinated national plan to facilitate information-sharing on critical infrastructure protection (CIP); developing productive information sharing relationships among the federal government and state and local governments and the private sector; and providing appropriate incentives for nonfederal entities to increase information sharing with the federal government and enhance other critical infrastructure protection efforts. As we recently reported, information sharing and analysis centers (ISACs) have identified a number of challenges to effective CIP information sharing between the federal government and state and local governments and the private sector, including sharing information on physical and cyber threats, vulnerabilities, incidents, potential protective measures, and best practices. Such challenges include building trusted relationships; developing processes to facilitate information sharing; overcoming barriers to information sharing; clarifying the roles and responsibilities of the various government and private sector entities that are involved in protecting critical infrastructure; and funding ISAC operations and 7 activities. Although DHS has taken a number of actions to implement the public/private partnership called for by federal CIP policy, it has not yet developed a plan that describes how it will carry out its informationsharing responsibilities and relationships, including consideration of appropriate incentives for nonfederal entities to increase information sharing with the federal government, increase sector participation, and perform other specific tasks to protect the critical infrastructure. Such a plan could encourage improved information sharing among the ISACs, other CIP entities, and the department by clarifying the roles and responsibilities of all the entities involved and clearly articulating actions to address the challenges that remain. The department also lacks policies and procedures to ensure effective coordination and sharing of ISAC-provided information among the appropriate components within the department. Developing such policies and procedures would help ensure that information is appropriately shared among its components and with other government and private sector CIP entities. GAO recommended that the Secretary of Homeland Security direct officials within DHS to (1) proceed with the development of an information-sharing plan that describes the roles and responsibilities of DHS, the ISACs, and other entities and (2) establish appropriate department policies and procedures for interactions with other CIP entities and for coordination and information sharing among DHS components. DHS has generally agreed with our findings and recommendations. 7U.S. General Accounting Office. Critical Infrastructure Protection: Improving Information Sharing with Infrastructure Sectors, GAO-04-780 (Washington, D.C.: July 9, 2004). DHS has also implemented the Homeland Security Advisory System. Utilizing five color-coded threat levels, the system was established in March 2002 to disseminate information regarding the risk of terrorist acts to federal agencies, states and localities, and the public. Our recent work indicates that DHS has not yet officially documented communication protocols for providing threat information and guidance to federal agencies and states, with the result that some federal agencies and states may first learn about changes in the national threat level from media sources. Moreover, federal agencies and states responding to our inquiries indicated that they generally did not receive specific threat information and guidance, and they believed this shortcoming hindered their ability to determine whether they were at risk as well as their ability to determine and implement appropriate protective measures.8 In addition, there is a need for an improved security clearance process so that state, local, and private sector officials have the access to information they need, but with appropriate security safeguards in place, while efforts to improve information sharing continue. In a recent report,9 we described the FBI's process for granting access to classified information for state and local law enforcement officials. The FBI's goal is to complete the processing for secret security clearances within 45 to 60 days and top secret security clearances within 6 to 9 months. While the FBI's processing of top secret security clearances has been generally timely, that was not the case for secret clearances. However, the FBI made substantial improvements in 2003 to the timeliness of processing secret clearances. We also have conducted a body of work that has found that long-standing security clearance backlogs and delays in determining clearance eligibility affect industry personnel, military members, and federal employees. For example, as we reported in May of this year,10 more than 187,000 reinvestigations, new investigations, or clearance adjudications were not completed for industry personnel alone within established time frames. 8U.S. General Accounting Office, Homeland Security: Communication Protocols and Risk Communication Principles Can Assist in Refining the Advisory System, GAO-04-682 (Washington, D.C.: June 25, 2004). 9U.S. General Accounting Office. Security Clearances: FBI Has Enhanced Its Process for State and Local Law Enforcement Officials, GAO-04-596 (Washington, D.C.: April 30, 2004). 10U.S. General Accounting Office, DOD Personnel Clearances: Additional Steps Can Be Taken to Reduce Backlogs and Delays in Determining Security Clearance Eligibility for Industry Personnel, GAO-04-632 (Washington, D.C: May 26, 2004). Delays in conducting investigations and determining clearance eligibility can increase national security risks, prevent industry personnel from beginning or continuing work on classified programs and activities, or otherwise hinder the sharing of classified threat information with officials having homeland security or homeland defense responsibilities. The FBI has also taken a number of steps to enhance its information sharing with state and local law enforcement officials, such as providing guidance and additional staffing. The FBI has further increased the number of its JTTFs, increasing them from 35 prior to the September 11 attacks to 84 as of July 2004 and state and local law enforcement officials' participation on these task forces has been increased. The FBI has at least one JTTF in each of its 56 field locations and plans to expand to 100. The FBI also circulates declassified intelligence through a weekly bulletin and provides threat information to state and local law enforcement officials via various database networks. These critical needs for better information and information sharing identified by federal, state, and local governments and the private sector must form the clear rationale and basis for transformation of the intelligence community. Reorganization isn't the objective; rather it is improving government performance to meet twenty first century information sharing requirements. 9/11 Commission Chairman Thomas H. Kean and Vice-Chairman Lee H. Hamilton, in their testimony before the Senate Governmental Affairs Committee on July 30, 2004, noted: "There is a fascination in Washington with bureaucratic solutions-rearranging the wiring diagrams, creating new organizations. We do recommend some important institutional changes. We will articulate and defend those proposals. But we believe reorganizing governmental institutions is only a part of the agenda before us. Some of the saddest aspects of the 9/11 story are the outstanding efforts of so many individual officials straining, often without success, against the boundaries of the possible. Good people can overcome bad structures. They should not have to. We have the resources and the people. We need to combine them more effectively, to achieve unity of effort." GAO agrees with this comment, and we have noted several related suggestions below. While Changes May be Needed, Caution and Care Must be Taken As the committee is aware, GAO has done extensive work on federal organizational structure and how reorganization can improve performance. The 9/11 Commission has recommended major changes to unify strategic intelligence and operational planning with a National Counterterrorism Center and provide the intelligence community with a new National Intelligence Director. As the Congress and the administration consider the 9/11 Commission's recommendations, they should consider how best to address organizational changes, roles and responsibilities, and functions for intelligence-sharing effectiveness. In response to the emerging trends and long-term fiscal challenges the government faces in the coming years, we have an opportunity to create highly effective, performance-based organizations that can strengthen the nation's ability to meet the challenges of the twenty first century and reach beyond our current level of achievement. The federal government cannot accept the status quo as a given-we need to reexamine the base of government policies, programs, structures, and operations. We need to minimize the number of layers and silos in government, emphasize horizontal versus vertical actions, while moving our policy focus to coordination and integration. The result, we believe, will be a government that is effective and relevant to a changing society-a government that is as free as possible of outmoded commitments and operations that can inappropriately encumber the future, reduce our fiscal flexibility, and prevent future generations from being able to make choices regarding what roles they think government should play. Many departments and agencies, including those of the intelligence community, were created in a different time and in response to challenges, threats, and priorities very different from today's world. Some have achieved their one time missions and yet they are still in business. Many have accumulated responsibilities beyond their original purposes. Many are still focused on their original mission that may not be relevant or as high a priority in today's world. Others have not been able to demonstrate how they are making a difference in real and concrete terms. Still others have overlapping or conflicting roles and responsibilities. Redundant, unfocused, uncoordinated, outdated, misaligned, and nonintegrated programs and activities waste scarce funds, confuse and frustrate program customers, and limit overall efficiency and effectiveness.11 These are the 11U.S. General Accounting Office, Managing in the New Millennium: Shaping a More Efficient and Effective Government for the 21st Century, GAO/T-OCG-00-9 (Washington, D.C.: Mar. 29, 2000). charges highlighted by the 9/11 Commission's findings and recommendations. The problems the 9/11 Commission has described with our intelligence activities indicate a strong need for reexamining the organization and execution of those activities. However, any restructuring proposal requires careful consideration. Fixing the wrong problems or even worse, fixing the right problems poorly, could cause more harm than good. Past executive reorganization authority has served as an effective tool for achieving fundamental reorganization of federal operations. As I have testified before this committee,12 the granting of executive reorganization authority to the President can serve to better enable the President to propose government designs that would be more efficient and effective in meeting existing and emerging challenges involving the intelligence community and information sharing with other entities. However, lessons learned from prior federal reorganization efforts suggest that reorganizing government can be an immensely complex activity that requires consensus on both the goals to be achieved and the process for achieving them. Prior reorganization authority has reflected a changing balance between legislative and executive roles. Periodically, between 1932 and 1984, the Congress passed legislation providing the President one form or another of expedited reorganization authority.13 Congressional involvement is needed not just in the initial design of the reorganization, but in what can turn out to be a lengthy period of implementation. The Congress has an important role to play-in both its legislative and oversight capacities-in establishing, monitoring, and maintaining progress to attain the goals envisioned by government transformation and reorganization efforts. However, as the 9/11 Commission has noted, past oversight efforts in the intelligence area have been wholly inadequate. To ensure efficient and effective implementation and oversight, the Congress will also need to consider realigning its own structure. With 12U.S. General Accounting Office, Executive Reorganization Authority: Balancing Executive and Congressional Roles in Shaping the Federal Government's Structure, GAO03-624T (Washington, D.C.: April 3, 2003). 13Ronald C. Moe, Congressional Research Service, The President's Reorganization Authority: Review and Analysis (Washington, D.C.: Mar. 8, 2001). changes in the executive branch, the Congress should adapt its own organization. For example, the Congress has undertaken a reexamination of its committee structure, with the implementation of DHS. The DHS legislation instructed both houses of Congress to review their committee structures in light of the reorganization of homeland security responsibilities within the executive branch. Similarly, the 9/11 Commission recommends realigning congressional oversight to support its proposals to reorganize intelligence programs. Addressing Intelligence Human Capital Needs Requires Strategic Management The 9/11 Commission stresses the need for stronger capabilities and expertise in intelligence and national security to support homeland security. For example, the Commission recommends rebuilding the Central Intelligence Agency's analytical capabilities, enhancing the agency's human intelligence capabilities, and developing a stronger language program. We believe, Mr. Chairman, that at the center of any serious change management initiative are the people involved-people define the organization's culture, drive its performance, and embody its knowledge base. They are the source of all knowledge, process improvement, and technological enhancement efforts. As such, strategic human capital (or people) strategy is the critical element to maximizing government's performance and ensuring accountability of our intelligence community and homeland security efforts. Experience shows that failure to adequately address-and often even consider-a wide variety of people and cultural issues is at the heart of unsuccessful organizational transformations. Recognizing the "people" element in these initiatives and implementing strategies to help individuals maximize their full potential in the new environment is the key to a successful transformation of the intelligence community and related homeland security organizations. Thus, organizational transformations that incorporate strategic human capital management approaches will help to sustain agency efforts and improve the efficiency, effectiveness, and accountability of the federal government. To help, we have identified a set of practices that have been found to be central to any successful transformation effort.14 Committed, sustained, highly qualified, and inspired leadership, and persistent attention by all key parties in the successful implementation of organizational transformations, will be essential, if lasting changes are to be made and the challenges we are discussing today are to be effectively addressed. It is clear that in a knowledge-based federal government, including the intelligence community, people-human capital-are the most valuable asset. How these people are organized, incented, enabled, empowered, and managed is key to the reform of the intelligence community and other organizations involved with homeland security. We have testified that federal human capital strategies are not yet appropriately constituted to meet current and emerging challenges or to drive the needed transformation across the federal government. The basic problem has been the long-standing lack of a consistent approach to marshaling, managing, and maintaining the human capital needed to maximize government performance and ensure its accountability to the people. Thus, federal agencies involved with the intelligence community and other homeland security organizations will need the most effective human capital systems to address these challenges and succeed in their transformation efforts during a period of sustained budget constraints. This includes aligning their strategic planning and key institutional performance with unit and individual performance management and reward systems. Fortunately, the Congress has passed legislation providing many of the authorities and tools agencies need. In fact, more progress in addressing human capital challenges was made in the last 3 years than in the last 20, and significant changes in how the federal workforce is managed are under way. For example, the Congress passed legislation providing governmentwide human capital flexibilities, such as direct hire authority, the ability to use category rating in the hiring of applicants instead of the "rule of three," and the creation of chief human capital officer (CHCO) positions and the CHCO Council. In addition, individual agencies-such as the National Aeronautical and Space Administration (NASA), DoD, and 14U. S. General Accounting Office, Results-Oriented Cultures: Implementation Steps to Assist Mergers and Organizational Transformations, GAO-03-669 (Washington, D.C.: July 2, 2003). DHS-received flexibilities intended to help them manage their human capital strategically to achieve results. While many agencies have received additional human capital flexibilities, additional ones may be both needed and appropriate for the intelligence, homeland security, national defense, and selected other agencies. While the above authorities are helpful, in order to enable agencies to rapidly meet their critical human capital needs, the Congress should consider legislation granting selected agency heads the authority to hire a limited number of positions for a stated period of time (e.g., up to 3 years) on a noncompetitive basis. The Congress has passed legislation granting this authority to the Comptroller General of the United States and it has helped GAO to address a range of critical needs in a timely, effective, and prudent manner over many years. Recent human capital actions have significant precedent-setting implications for the rest of government. They represent progress and opportunities, but also present legitimate concerns. We are fast approaching the point where "standard governmentwide" human capital policies and processes are neither standard nor governmentwide. As the Congress considers the need for additional human capital authorities for the intelligence community, it should keep in mind that human capital reform should avoid further fragmentation within the civil service, ensure reasonable consistency within the overall civilian workforce, and help maintain a reasonably level playing field among federal agencies in competing for talent. Importantly, this is not to delay needed reforms for any agency, but to accelerate reform across the federal government and incorporate appropriate principles and safeguards. As the Congress considers reforms to the intelligence communities' human capital policies and practices, it should require that agencies have in place the institutional infrastructure needed to make effective use of any new tools and authorities. At a minimum, this institutional infrastructure includes a human capital planning process that integrates the agency's human capital policies, strategies, and programs with its program goals and mission and desired outcomes; the capabilities to effectively develop and implement a new human capital system; and, importantly, a set of appropriate principles and safeguards, including reasonable transparency and appropriate accountability mechanisms, to ensure the fair, effective, credible, nondiscriminatory implementation and application of a new system. Managing for Results As Chairman Kean and Vice-Chairman Hamilton caution, organizational changes are just a part of the reforms needed. The Commission rightly says that effective public policies need concrete objectives, agencies need to be able to measure success, and the American people are entitled to see some standards for performance so they can judge, with the help of their elected representatives, whether the objectives are being met. To comprehensively transform government to improve intelligence and homeland security efforts, we must also carefully assess and define mission needs, current capabilities, resource practicalities, and priorities. And we must implement our plans to achieve those mission needs. The federal government is well short of where it needs to be in setting national homeland security goals, including those for intelligence and other mission areas, to focus on results-outcomes-not inputs and outputs which were so long a feature of much of the federal government's strategic planning. We are concerned that the tenets of results management-shifting management attention from inputs, processes, and outputs to what is accomplished with them (outcomes or results)-still are elusive in homeland security goal setting and operational planning. We advocate a clear and comprehensive focus on homeland security results management, including the mission of intelligence and information sharing. Results management should have the elements to determine (1) if homeland security results are being achieved within planned timeframes, (2) if investments and resources are being managed properly, (3) if results are being integrated into ongoing decision making and priority setting, and (4) what action is needed to guide future investment policies and influence behavior to achieve results. These actions go far beyond a limited focus on organizational structure. As the Gilmore Commission stated, a continuing problem for homeland security has been the lack of clear strategic guidance from the federal level about the definition and objectives of preparedness and how states and localities will be evaluated in meeting those objectives.15 The 9/11 Commission's broad recommendations, if adopted, will require a thoughtful, detailed, results-oriented management approach in defining specific goals, activities, and resource requirements. 15The Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, V. Forging America's New Normalcy, (Arlington, VA.: Dec. 15, 2003). The track record for homeland security results management to date is spotty. The National Strategy for Homeland Security, issued by the administration in July 2002, was intended to mobilize and organize the nation to secure the homeland from terrorist attacks.16 Intelligence and warning was one of its critical mission areas. Despite the changes over the past two years, the National Strategy has not been updated. In general, initiatives identified in the strategy do not provide a baseline set of performance goals and measures upon which to assess and improve preparedness, stressing activities rather than results. For example, for intelligence and warning, the National Strategy identified major initiatives that are activities, such as implementing the Homeland Security Advisory System, utilizing dual-use analysis to prevent attacks; and employing "red team" techniques. Establishing clear goals and performance measures is critical to ensuring both a successful and a fiscally responsible and sustainable preparedness effort. We are currently doing work on the extent to which the National Strategy's goals are being implemented by federal agencies. Senator Lieberman has recently introduced legislation requiring executive branch efforts to produce a national homeland security strategy. We support the concept of a legislatively required strategy that can be sustained across administrations and provides a framework for congressional oversight. Before the administration's National Strategy for Homeland Security was issued, we had stated that the strategy should include steps designed to (a) reduce our vulnerability to threats; (b) use intelligence assets and other broad-based information sources to identify threats and share information as appropriate; (c) stop incidents before they occur; (d) manage the consequences of an incident; and (e) in the case of terrorist attacks, respond by all means available, including economic, diplomatic, and military actions that, when appropriate, are coordinated with other nations.17 Earlier this year we provided a set of desirable characteristics for any effective national strategy that could better focus national 16The White House, The National Strategy for Homeland Security, (Washington, D.C.: July 2002). 17U.S. General Accounting Office, Homeland Security: Challenges and Strategies in Addressing Short- and Long-Term National Needs, GAO-02-160T (Washington, D.C.: Nov. 7, 2001). homeland security decision making and increase the emphasis on outcomes.18 Strategic planning is critical to provide mission clarity, establish long-term performance strategies and goals, direct resource decisions, and guide transformation efforts. In this context, we are reviewing the DHS strategic planning efforts. Our work includes a review of the manner by which the Department's planning efforts support the National Strategy for Homeland Security and the extent to which its strategic plan reflects the requirements of the Government Performance and Results Act of 1993. DHS's planning efforts are evolving. The current published DHS strategic plan contains vague strategic goals and objectives for all its mission areas, including intelligence, and little specific information to guide congressional decision making. For example, the strategic plan includes an overall goal to identify and understand threats, assess vulnerabilities, determine potential impacts, and disseminate timely information to DHS's homeland security partners and the American public. That goal has very general objectives, such as gathering and fusing all terrorism-related intelligence and analyzing and coordinating access to information related to potential terrorist or other threats. Discussion of annual goals are missing, and supporting descriptions of means and strategies are vague, making it difficult to determine if they are sufficient to achieve the objectives and overall goals. These and related issues will need to be addressed as the DHS planning effort moves forward. In another effort to set expectations, the President, through Homeland Security Presidential Directive 8,19 has tasked the Department of Homeland Security with establishing measurable readiness priorities and targets appropriately balancing the potential threat and magnitude of terrorist attacks, major disasters, and other emergencies with resources required to prevent, respond to, and recover from them. The task also is to include readiness metrics and elements supporting the national preparedness goal, including standards for preparedness assessments and strategies, and a system for assessing the nation's overall preparedness to respond to major 18U.S. General Accounting Office, Combating Terrorism: Evaluation of Selected Characteristics in National Strategies Related to Terrorism, GAO-04-408T (Washington, D.C.: Feb. 3, 2004). 19The White House, Homeland Security Presidential Directive 8 (National Preparedness), (Washington, D.C.: Dec. 17, 2003). events, especially involving acts of terrorism. However, those taskings have yet to be completed, but they will have to address the following questions: o What are the appropriate national preparedness goals and measures? What are appropriate subgoals for specific areas such as critical infrastructure sectors? o Do these goals and subgoals take into account other national goals such as economic security or the priority objectives of the private sector or other levels of government? o Who should be accountable for achieving the national goals and subgoals? o How would a national results management and measurement system be crafted, implemented, and sustained for the national preparedness goals? o How would such a system affect needs assessment and be integrated with funding and budgeting processes across the many organizations involved in homeland security? However, even if we have a robust and viable national strategy for homeland security, DHS strategic plan, and national preparedness goals, the issue of implementation remains. Implementation cannot be assured, or corrective action taken, if we are not getting the results we want, without effective accountability and oversight. The focus for homeland security must be on constantly staying ready and prepared for unknown threats and paying attention to improving performance. In addition to continuing our ongoing work in major homeland security mission areas such as border and transportation security and emergency preparedness, GAO can help the Congress more effectively oversee the intelligence community, and any changes should consider, in our view, an appropriate role for the GAO. With some exceptions, GAO has broad-based authority to conduct reviews relating to various intelligence agencies. However, because of historical resistance from the intelligence agencies and the general lack of support from the intelligence committees in the Congress, GAO has done limited work in this community over the past 25 years. For example, within the past 2 years, we have done a considerable amount of work in connection with the FBI and its related transformational efforts. In addition, GAO has recently had some interaction with the Defense Intelligence Agency in connection with its transformation efforts. Furthermore, GAO has conducted extensive work on a wide range of government transformational and homeland security issues over the past several years. As always, we stand ready to offer GAO's assistance in support of any of the Congress' oversight needs. The Challenges Faced in Intelligence Reform In conclusion, on the basis of GAO's work in both the public and the private sector over many years, and my own change management experience, it is clear to me that many of the challenges that the intelligence community faces are similar or identical to the transformation challenges applicable to many other federal agencies, including GAO. Specifically, while the intelligence agencies are in a different line of business than other federal agencies, they face the same challenges when it comes to strategic planning and budgeting, organizational alignment, human capital strategy, and the management of information technology, finances, knowledge, and change. For the intelligence community, effectively addressing these basic business transformation challenges will require action relating to five key dimensions, namely, structure, people, process, technology, and partnerships. It will also require a rethinking and cultural transformation in connection with intelligence activities both in the executive branch and in the Congress. With regard to the structure dimension, there are many organizational units within the executive branch and in the Congress with responsibilities in the intelligence and homeland security areas. Basic organizational and management principles dictate that, absent a clear and compelling need for competition or checks and balances, there is a need to minimize the number of entities and levels in key decision making, oversight, and other related activities. In addition, irrespective of how many units and levels are involved, someone has to be in charge of all key planning, budgeting, and operational activities. One person should be responsible and accountable for all key intelligence activities within the executive branch, and that person should report directly to the President. This position must also have substantive strategic planning, budget, operational integration, and accountability responsibilities and opportunities for the intelligence community in order to be effective. In addition, this person should be appointed by the President and confirmed by the Senate in order to help facilitate success and ensure effective oversight. With regard to the oversight structure of the Congress, the 9/11 Commission noted that there are numerous players involved in intelligence activities and yet not enough effective oversight is being done. As a result, a restructuring of intelligence and homeland security related activities in the Congress is also needed. In this regard, it may make sense to separate responsibility for intelligence activities from personal privacy and individual liberty issues in order to ensure that needed attention is given to both while providing for a check and balance between these competing interests. With regard to the people dimension, any entity is only as good as its people, and as I stated earlier, the intelligence community is no exception. In fact, since the intelligence community is in the knowledge business, people are of vital importance. The people challenge starts at the top, and key leaders must be both effective and respected. In addition, they need to stay in their positions long enough to make a real and lasting difference. In this regard, while the FBI director has a 10-year term appointment, most agency heads serve at the pleasure of their appointing official and may serve a few years in their respective positions. This is a problem when the agency is in the need of a cultural transformation, such as that required in the intelligence community, which typically takes at least 5 to 7 years to effectuate. In addition to having the right people and the right "tone at the top," agencies need to develop and execute workforce strategies and plans helping to ensure that they have the right people with the right skills in the required numbers to accomplish their missions. Many of these missions have changed in the post-Cold War and post September 11 world. This is especially critical in connection with certain skills that are in short supply, such as information technology and certain languages, such as Arabic. In addition, as the 9/11 Commission and others have noted, it is clear that additional steps are necessary to strengthen our human intelligence capabilities. With regard to the process and technology dimensions, steps need to be taken to streamline and expedite the processes used to analyze and disseminate the tremendous amount of intelligence and other information available to the intelligence community. This will require extensive use of technology to sort and distribute information both within agencies and between agencies and other key players in various sectors both domestically and internationally, as appropriate. The 9/11 Commission and others have noted various deficiencies in this area, such as the FBI's information technology development and implementation challenges. At the same time, some successes have occurred during the past 2 years that address process and technology concerns. For example, the Terrorist Screening Center, created under Homeland Security Presidential Directive 6 is intended to help in the consolidation of the federal government's approach to terrorism screening.20 This center has taken a number of steps to address various organizational, technological, integration, and other challenges, and it may serve as a model for other needed intra-and interorganizational efforts. With regard to partnerships, it has always been difficult to create an environment of shared responsibility, shared resources, and shared accountability for achieving difficult missions. Effective partnerships require a shared vision, shared goals, and shared trust in meeting agreedupon responsibilities. Partnerships also mean that power is shared. Too often we have seen both public and private sector organizations where the term "partnership" is often voiced, but the reality is more a jockeying for dominance or control over the "partner." The end result is that resources are not shared, the shared mission is never complete or adequate, and opportunities for true strategic alliance are squandered. In the intelligence arena, we know the potential end result is failure for the nation. With regard to the cultural dimension, this is both the softest and the hardest to deal with. By the softest, I mean it involves the attitudes and actions of people and entities. By the hardest, I mean that changing longstanding cultures can be a huge challenge, especially if the efforts involve organizational changes in order to streamline, integrate, and improve related capabilities and abilities. This includes both execution and oversight-related activities. As the 9/11 Commission and others have noted, such a restructuring is needed in both the executive branch and the Congress. This will involve taking on the vested interests of many powerful players, and as a result, it will not be easy, but it may be essential, especially if we expect to go from a "need to know" to a "need to share' approach. As I have often said, addressing such issues takes patience, persistence, perspective, and pain before you prevail. Such is the case with many agency transformational efforts, including those within our own GAO. However, given the challenges and dangers that we face in the post 9/11 world, we cannot afford to wait much longer. The time for action is now. 20The White House, Homeland Security Presidential Directive-6 (Integration and Use of Screening Information), Washington, D.C.: Sept. 16, 2003. Conclusion Mr. Chairman, in its final report, the Gilmore Commission stated: "There will never be an end point in America's readiness. Enemies will change tactics, citizens' attitudes about what adjustments in their lives they will be willing to accept will evolve and leaders will be confronted with legitimate competing priorities that will demand attention....In the end, America's response to the threat of terrorism will be measured by how we manage risk. There will never be a 100% guarantee of security for our people, the economy, and our society. We must resist the urge to seek total security-it is not achievable and drains our attention from those things that can be accomplished."21 Managing risk is not simply about putting new organizations in place. It requires us to think about what must be protected, define an acceptable level of risk, and target limited resources while keeping in mind that the related costs must be affordable and sustainable. Perhaps more important, managing risk requires us to constantly operate under conditions of uncertainty, where foresight, anticipation, responsiveness, and radical adaptation are vital capabilities. We can and we must enhance and integrate our intelligence efforts as suggested by the 9/11 Commission to significantly improve information sharing and analysis. Several models to achieve this result exist, and despite the unique missions of the intelligence community can readily be adapted to guide this transformation. We at the GAO stand ready to constructively engage with the intelligence community to share our significant government transformation and management knowledge and experience in order to help members of the community help themselves engage in the needed transformation efforts. We also stand ready to help the Congress enhance its oversight activities over the intelligence community, which, in our view, are an essential element of an effective transformation approach. In this regard, we have the people with the skills, experience, knowledge, and clearances to make a big difference for Congress and the country. Mr. Chairman, this concludes my statement. I would be happy to answer any questions that you or members of your committee may have at this time. 21V. Forging America's New Normalcy, p. 2. Contacts For information on this testimony, please contact Randall Yim at (202) 512-6787 or [email protected]. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO's Mission Obtaining Copies of GAO Reports and Testimony The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548 To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061 To Report Fraud, Contact: Waste, and Abuse in Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: [email protected] Programs Automated answering system: (800) 424-5454 or (202) 512-7470 Gloria Jarmon, Managing Director, [email protected](202) 512-4400Congressional U.S. Government Accountability Office, 441 G Street NW, Room 7125 Relations Washington, D.C. 20548 Public Affairs Jeff Nelligan, Managing Director, [email protected] (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548 *** End of document. ***