Information Technology: Homeland Security Information Network
Needs to Be Better Coordinated with Key State and Local
Initiatives (10-MAY-07, GAO-07-822T).
The Department of Homeland Security (DHS) is responsible for
coordinating the federal government's homeland security
communications with all levels of government, the private sector,
and the public. In support of its mission, the department has
deployed a Web-based information-sharing application--the
Homeland Security Information Network (HSIN)--and operates at
least 11 homeland security networks. The department reported that
in fiscal years 2005 and 2006, these investments cost $611.8
million to develop, operate, and maintain. In view of the
significance of information sharing for protecting homeland
security, GAO was asked to testify on the department's efforts to
coordinate its development and use of HSIN with two key state and
local initiatives under the Regional Information Sharing
Systems--a nationwide information-sharing program operated and
managed by state and local officials. This testimony is based on
a recent GAO report that addresses, among other things, DHS's
homeland security networks and HSIN. In performing the work for
that report, GAO analyzed documentation on HSIN and state and
local initiatives, compared it against the requirements of the
Homeland Security Act and federal guidance and best practices,
and interviewed DHS officials and state and local officials.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-07-822T
ACCNO: A69445
TITLE: Information Technology: Homeland Security Information
Network Needs to Be Better Coordinated with Key State and Local
Initiatives
DATE: 05/10/2007
SUBJECT: Computer security
Data transmission
Federal/state relations
Government information dissemination
Homeland security
Information disclosure
Information resources management
Information technology
Local governments
Data coordination
Program coordination
Policies and procedures
GAO High Risk Series
Homeland Security Information Network
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-07-822T
* [1]d07822t.pdf
* [2]Results in Brief
* [3]Background
* [4]DHS Established HSIN to Provide Information-Sharing
Capabili
* [5]State and Local Governments Have Also Established Similar
In
* [6]GAO Has Designated Information Sharing as High Risk
* [7]Efforts to Coordinate HSIN with Key State and Local Informat
* [8]Key Practices Were Not Effectively Implemented
* [9]DHS's Expedited Schedule Was Major Cause for Limited
Coordin
* [10]DHS Has Improvements Planned and Under Way, Including
Implem
* [11]Contacts and Acknowledgements
* [12]PDF6-Ordering Information.pdf
* [13]Order by Mail or Phone
United States Government Accountability Office
GAO
Testimony
Before the Subcommittee on Intelligence, Information Sharing and Terrorism
Risk Assessment, Committee on Homeland Security, House of Representatives
For Release on Delivery
Expected at 10 a.m. EDT
Thursday, May 10, 2007
INFORMATION TECHNOLOGY
Homeland Security Information Network Needs to Be Better Coordinated with
Key State and Local Initiatives
Statement of David A. Powner, Director
Information Technology Management Issues
GAO-07-822T
www.gao.gov/cgi-bin/getrpt?GAO-07-822T .
To view the full product, including the scope
and methodology, click on the link above.
For more information, contact David Powner at (202) 512-9286 or
[email protected].
Highlights of [15]GAO-07-822T , a testimony before the Subcommittee on
Intelligence, Information Sharing and Terrorism Risk Assessment, Homeland
Security Committee, House of Representatives
May 10, 2007
INFORMATION TECHNOLOGY
Homeland Security Information Network Needs to Be Better Coordinated with
Key State and Local Initiatives
The Department of Homeland Security (DHS) is responsible for coordinating
the federal government's homeland security communications with all levels
of government, the private sector, and the public. In support of its
mission, the department has deployed a Web-based information-sharing
application--the Homeland Security Information Network (HSIN)--and
operates at least 11 homeland security networks. The department reported
that in fiscal years 2005 and 2006, these investments cost $611.8 million
to develop, operate, and maintain.
In view of the significance of information sharing for protecting homeland
security, GAO was asked to testify on the department's efforts to
coordinate its development and use of HSIN with two key state and local
initiatives under the Regional Information Sharing Systems--a nationwide
information-sharing program operated and managed by state and local
officials.
This testimony is based on a recent GAO report that addresses, among other
things, DHS's homeland security networks and HSIN. In performing the work
for that report, GAO analyzed documentation on HSIN and state and local
initiatives, compared it against the requirements of the Homeland Security
Act and federal guidance and best practices, and interviewed DHS officials
and state and local officials.
In developing HSIN, its key homeland security information-sharing
application, DHS did not work effectively with two key Regional
Information Sharing Systems program initiatives. This program, which is
operated and managed by state and local officials nationwide, provides
services to law enforcement, emergency responders, and other public safety
officials. However, DHS did not coordinate with the program to fully
develop joint strategies and policies, procedures, and other means to
operate across agency boundaries, which are key practices for effective
coordination and collaboration and a means to enhance information sharing
and avoid duplication of effort. For example, DHS did not engage the
program in ongoing dialogue to determine how resources could be leveraged
to meet mutual needs.
A major factor contributing to this limited coordination was that the
department rushed to deploy HSIN after the events of September 11, 2001.
In its haste, it did not develop a comprehensive inventory of key state
and local information-sharing initiatives, and it did not achieve a full
understanding of the relevance of the Regional Information Sharing Systems
program to homeland security information sharing.
As a result, DHS faces the risk that effective information sharing is not
occurring and that HSIN may be duplicating state and local capabilities.
Specifically, both HSIN and one of the Regional Information Sharing
Systems initiatives target similar user groups, such as emergency
management agencies, and all have similar features, such as electronic
bulletin boards, "chat" tools, and document libraries.
The department has efforts planned and under way to improve coordination
and collaboration, including developing an integration strategy to allow
other applications and networks to connect with HSIN, so that
organizations can continue to use their preferred information-sharing
applications and networks. In addition, it has agreed to implement
recommendations made by GAO to take specific steps to (1) improve
coordination, including developing a comprehensive inventory of state and
local initiatives, and (2) ensure that similar coordination and
duplication issues do not arise with other federal homeland security
networks, systems, and applications. Until DHS completes these efforts,
including developing an inventory of key state and local initiatives and
fully implementing and institutionalizing key practices for effective
coordination and collaboration, the department will continue to be at risk
that information is not being effectively shared and that the department
is duplicating state and local capabilities.
Madame Chair and Members of the Subcommittee:
I appreciate the opportunity to be here today to discuss challenges facing
the Department of Homeland Security (DHS) in coordinating efforts on its
Homeland Security Information Network (HSIN) with state and local
governments and other parties involved in the mission of keeping our
nation secure. As you know, DHS is responsible for coordinating the
federal government's homeland security communications with all levels of
government--including state and local. In support of this mission, the
department developed HSIN as part of its goal to establish an
infrastructure for sharing homeland security information.^1 Besides HSIN,
an Internet-based application, DHS also operates at least 11 other
networks in support of its homeland security mission. The department
reported that in fiscal years 2005 and 2006, these investments cost $611.8
million to develop, operate, and maintain.
As agreed, in my remarks today I will discuss the department's efforts to
coordinate its development and use of HSIN with key state and local
information-sharing initiatives. These remarks are based on our recent
report on homeland security networks and applications.^2 That report
focused on two key initiatives under the Regional Information Sharing
Systems program. This nationwide program, operated and managed by state
and local officials, provides services (including information sharing) to
support law enforcement and criminal justice agencies. Its
information-sharing efforts also include emergency responders and public
safety officials.
In performing the work for the report, we analyzed descriptive data (e.g.,
type of network, estimated costs) on major networks and Internet-based
systems identified by DHS as supporting its homeland security mission,
including information sharing. We also reviewed documentation on HSIN and
state and local initiatives; compared it against the requirements of the
Homeland Security Act, federal guidance, and related best practices; and
interviewed DHS officials and state and local officials. This work was
performed in accordance with generally accepted government auditing
standards.
^1 The Homeland Security Act of 2002 directed DHS to establish
communications to share homeland security information with federal
agencies, state and local governments, and other specified groups.
^2 GAO, Information Technology: Numerous Federal Networks Used to Support
Homeland Security Need to Be Better Coordinated with Key State and Local
Information Sharing Initiatives, GAO-07-455 (Washington, D.C.: Apr. 16,
2007).
Results in Brief
In developing HSIN, DHS did not effectively coordinate with key state and
local initiatives that are part of the Regional Information Sharing
Systems program. Specifically, the department did not fully develop joint
strategies and coordinated policies, procedures, and other means to
operate across agency boundaries and meet mutual needs, which are key
practices for effective coordination and collaboration and are a means to
enhance information sharing and avoid duplication of effort. For example,
DHS did not engage the program in ongoing dialogue to determine how
resources could be leveraged to meet mutual needs or work through
technical issues and differences in what each organization considers to be
terrorism information.
A major factor contributing to the limited coordination was that after
September 11, 2001, the department expedited its schedule for deploying
HSIN. In its haste, it did not develop a comprehensive inventory of key
state and local information-sharing initiatives.
Consequently, DHS faces the risk that effective information sharing is not
occurring. It also faces the risk that the HSIN system may be duplicating
state and local capabilities. Specifically, both HSIN and one of the key
initiatives target similar user groups, such as emergency management
agencies, and all have similar features, such as Web portals,^3 electronic
bulletin boards, "chat" tools, and document libraries.
^3 A Web portal is generally a site that offers several resources or
services, such as search engines, news articles, forums, and other tools.
The department has efforts planned and under way to improve coordination
and collaboration. For example, it is forming an HSIN Mission Coordinating
Committee and an HSIN Advisory Committee to help ensure that HSIN meets
the information-sharing needs of DHS and other users. However, these
activities have either just begun or are being planned, with
implementation milestones yet to be defined. In addition to the planned
improvements, DHS has agreed to implement our recommendations to take
steps to ensure that HSIN is effectively coordinated with key state and
local government information-sharing initiatives, which include
identifying and inventorying such initiatives. We also recommended that
DHS determine whether there are coordination and duplication issues with
its other homeland security networks and associated systems and
applications. Until DHS completes these activities, including developing
an inventory of key state and local initiatives, and fully implementing
and institutionalizing key practices and guidance for effective
coordination and collaboration, it will continue to be at risk of not
effectively sharing information with other key state and local information
initiatives and duplicating state and local capabilities.
Background
DHS is the lead department involved in securing our nation's homeland. Its
mission includes, among other things, leading the unified national effort
to secure the United States, preventing and deterring terrorist attacks,
and protecting against and responding to threats and hazards to the
nation. As part of its mission and as required by the Homeland Security
Act of 2002,^4 the department is also responsible for coordinating efforts
across all levels of government and throughout the nation, including with
federal, state, tribal, local, and private sector homeland security
resources.
^4 Homeland Security Act of 2002, Pub. L. No. 107-296, 116 Stat. 2135
(Nov. 25, 2002).
As we have previously reported, DHS relies extensively on information
technology (IT), such as networks and associated system applications, to
carry out its mission.^5 Specifically, in our recent report, we reported
that the department identified 11 major networks it uses to support its
homeland security functions, including sharing information with state and
local governments.^6 Examples of such DHS networks include the Homeland
Secure Data Network, the Immigration and Customs Enforcement Network, and
the Customs and Border Protection Network. In addition, the department has
deployed HSIN, a homeland security information-sharing application that
operates on the public Internet. As shown in table 1, of the 11 networks,
1 is categorized as Top Secret, 1 is Secret, 8 are Sensitive but
Unclassified, and 1 is unclassified. HSIN is considered Sensitive but
Unclassified.
Table 1: DHS Information-Sharing Networks and HSIN Application
Reported cost per fiscal
year (dollars in millions)
Users
Name Categories outside DHS 2005 2006 Total
C Local Area Network Top Secret -- (a) (a) --
(C-LAN)
Homeland Secure Data Secret Other $46.2 $32.6 $78.8
Network (HSDN) federal,
state,
local
Coast Guard Data Sensitive but Other 15.0 15.0 30.0
Network Plus (CGDN+) Unclassified federal
Critical Sensitive but Other 12.1 12.0 24.1
Infrastructure Unclassified federal,
Warning Information state
Network (CWIN)
Customs and Border Sensitive but -- 58.7 63.0 121.7
Protection (CBP) Unclassified
Network
DHS Core Network Sensitive but -- 13.4 10.3 23.7
(DCN) Unclassified
Homeland Security Sensitive but Other 11.9 20.5 32.4
Information Network Unclassified federal,
(HSIN) state,
local
Immigration and Sensitive but Other 14.4 19.2 33.6
Customs Enforcement Unclassified federal,
Network (ICENet) state,
local
ONENet Sensitive but -- 34.6 40.0 74.6
Unclassified
Secret Service Wide Sensitive but -- 2.8 3.1 5.9
Area Network (WAN) Unclassified
Transportation Sensitive but Other 70.0 105.0 175.0
Security Unclassified federal
Administration
Network (TSANet)
Federal Emergency Unclassified -- 6.0 6.0 12.0
Management Agency
(FEMA) Switched
Network
Total^a $285.1 $326.7 $611.8
^5 See, for example, GAO, Information Technology: Major Federal Networks
That Support Homeland Security Functions, GAO-04-375 (Washington, D.C.:
Sept. 17, 2004) and Information Technology: DHS Needs to Fully Define and
Implement Policies and Procedures for Effectively Managing Investments,
GAO-07-424 (Washington, D.C.: April 27, 2007).
^6 GAO-07-455.
Source: GAO analysis of agency data.
^a Costs for C-LAN are not included, as the information is not publicly
available.
As the table shows, some of these networks are used solely within DHS,
while others are also used by other federal agencies, as well as state and
local governments. In addition, the total cost to develop, operate, and
maintain these networks and HSIN in fiscal years 2005 and 2006, as
reported by DHS, was $611.8 million. Of this total, the networks accounted
for the vast majority of the cost: $579.4 million.
DHS Established HSIN to Provide Information-Sharing Capabilities
DHS considers HSIN to be its primary communication application for
transmitting sensitive but unclassified information. According to DHS,
this network is an encrypted, unclassified, Web-based communications
application that serves as DHS's primary nationwide information-sharing
and collaboration tool. It is intended to offer both real-time chat and
instant messaging capability, as well as a document library that contains
reports from multiple federal, state, and local sources. Available through
the application are suspicious incident and pre-incident information and
analysis of terrorist threats, tactics, and weapons. The application is
managed within DHS's Office of Operations Coordination.
HSIN includes over 35 communities of interest, such as emergency
management, law enforcement, counterterrorism, individual states, and
private sector communities. Each community of interest has Web pages that
are tailored for the community and contain general and community-specific
news articles, links, and contact information. The community Web pages
also provide access to other resources, such as the following:
0M Document library. Users can search the entire document library
within the communities they have access to.
0M Discussion threads. HSIN has a discussion thread (or bulletin
board) feature that allows users to post information that other
users should know about and post requests for information that
other users might have. Community administrators can also post and
track tasks assigned to users during an incident.
0M Chat tool. HSIN's chat tool, known as Jabber, is similar to
other instant message and chat tools--with the addition of
security. Users can customize lists of their coworkers and send
messages individually or set up chat rooms for more users. Other
features include chat logs (which allow users to review
conversations), timestamps, and user profiles.
State and Local Governments Have Also Established Similar Initiatives
State and local governments have similar IT initiatives to carry out their
homeland security missions, including sharing information. A key state and
local-based initiative is the Regional Information Sharing Systems (RISS)
program.
The RISS program helps state and local jurisdictions to, among other
things, share information in support of their homeland security missions.
This nationwide program, operated and managed by state and local
officials, was established in 1974 to address crime that operates across
jurisdictional lines. The program consists of six regional information
analysis centers that serve as regional hubs across the country. These
centers offer services to RISS members in their regions, including
information sharing and research, analytical products, case investigation
support, funding, equipment loans, and training. Funding for the RISS
program is administered through a grant from the Department of Justice.
As part of its information-sharing efforts, the RISS program operates two
key initiatives (among others): the RISS Secure Intranet (RISSNET) and the
Automated Trusted Information Exchange^7 (RISS ATIX):
^7 Formerly called the Anti-Terrorism Information Exchange.
0M Created in 1996, RISSNET is intended as a secure network
serving member law enforcement agencies throughout the United
States and other countries. Through this network, RISS offers
services such as secure e-mail, document libraries, intelligence
databases, Web pages, bulletin boards, and a chat tool.
0M RISS ATIX offers services similar to those offered by RISSNET
to agencies beyond the law enforcement community, including
executives and officials from governmental and nongovernmental
agencies and organizations that have public safety
responsibilities. RISS ATIX is partitioned into 39 communities of
interest, such as critical infrastructure, emergency management,
public health, and government officials. Members of each community
of interest contribute information to be made available within
each community.
According to RISS officials, the RISS ATIX application was
developed in response to the events of September 11, 2001; it was
initiated in 2002 as an application to provide tools for
information sharing and collaboration among public safety
stakeholders, such as first responders and schools. As of July
2006, RISS ATIX supported 1,922 users beyond the traditional users
of RISSNET.
RISS ATIX uses the technology of RISSNET to offer services through
its Web pages. The pages are tailored for each community of
interest and contain community-specific news articles, links, and
contact information. The pages also provide access to the
following features:
0M Document library. Participants can store and search relevant
documents within their community of interest.
0M Bulletin board. The RISS ATIX bulletin board allows users to
post timely threat information in discussion forums and to view
and respond to posted information. Users can post documents,
images, and information related to terrorism and homeland
security, as well as receive DHS information, advisories, and
warnings. According to RISS officials, the bulletin boards are
monitored by a RISS moderator to relay any information that might
be useful for other communities of interest.
0M Chat tool. ATIXLive is an online, real-time, collaborative
communications information-sharing tool for the exchange of
information by community members. Through this tool, users can
post timely threat information and view and respond to messages
posted.
0M Secure e-mail. RISS ATIX participants have access to e-mail
that can be used to provide alerts and related information.
According to RISS, this is done in a secure environment.
GAO Has Designated Information Sharing as High Risk
The need to improve information sharing as part of a national effort to
improve homeland security and preparedness has been widely recognized, not
only to improve our ability to anticipate and respond to threats and
emergencies, but to avoid unnecessary expenditure of scarce resources. In
January 2005, ^8 and more recently in January 2007,^9 we identified
establishing appropriate and effective information-sharing mechanisms to
improve homeland security as a high-risk area. The Office of Management
and Budget (OMB) has also issued guidance that stresses the importance of
information sharing and avoiding duplication of effort.^10 Nonetheless,
although this area has received increased attention, the federal
government faces formidable challenges in sharing information among
stakeholders in an appropriate and timely manner.
As we concluded in October 2005, agencies can help address these
challenges by adopting and implementing key practices, related to OMB's
guidance, to improve collaboration, such as establishing joint strategies
and addressing needs by leveraging resources and developing compatible
policies, procedures, and other means to operate across agency
boundaries.^11 Based on our research and experience, these practices are
also relevant for collaboration between federal agencies and other levels
of government (e.g., state, local). Until these coordination and
collaboration practices are implemented, agencies face the risk that
effective information sharing will not occur.
^8 GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January
2005).
^9 GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.: January
2007).
^10 For example, Office of Management and Budget, Management of Federal
Information Resources, Circular A-130 (Washington, D.C.: Nov. 30, 2000)
and Preparation, Submission, and Execution of the Budget, Circular A-11
(Washington, D.C.: June 30, 2006).
^11 GAO, Results-Oriented Government: Practices That Can Help Enhance and
Sustain Collaboration among Federal Agencies, GAO-06-15 (Washington, D.C.:
October 2005).
Congress and the Administration have made several efforts to address the
challenges associated with information sharing. In particular, as we
reported in March 2006, the President initiated an effort to establish an
Information Sharing Environment that is to combine policies, procedures,
and networks and other technologies that link people, systems, and
information among all appropriate federal, state, local, and tribal
entities and the private sector.^12 In November 2006, in response to
congressional direction, the Administration issued a plan for implementing
this environment and described actions that the federal government
intends--in coordination with state, local, tribal, private sector, and
foreign partners--to carry out over the next 3 years.
Efforts to Coordinate HSIN with Key State and Local Information-Sharing
Initiatives Have Been Limited
DHS did not fully adhere to the previously mentioned key practices in
coordinating its efforts on HSIN with key state and local
information-sharing initiatives. The department's limited use of these
practices is attributable to a number of factors: in particular, after the
events of September 11, 2001, the department expedited its schedule to
deploy HSIN capabilities, and in doing so, it did not develop an inventory
of key state and local information initiatives. Until the department fully
implements key coordination and collaboration practices and guidance, it
faces, among other things, the risk that effective information sharing is
not occurring. DHS has efforts planned and under way to improve
coordination and collaboration, including implementing the recommendations
in our recent report.^13
12 GAO, Information Sharing: The Federal Government Needs to Establish
Policies and Processes for Sharing Terrorism-Related and Sensitive but
Unclassified Information, GAO-06-385 (Washington, D.C.: March 2006).
Key Practices Were Not Effectively Implemented
In developing HSIN, DHS did not fully adhere to the practices related to
OMB's guidance. First, although DHS officials met with RISS program
officials to discuss exchanging terrorism-related documents, joint
strategies for meeting mutual needs by leveraging resources have not been
fully developed. DHS did not engage the RISS program to determine how
resources could be leveraged to meet mutual needs. According to RISS
program officials, they met with DHS twice (on September 25, 2003, and
January 7, 2004) to demonstrate that their RISS ATIX application could be
used by DHS for sharing homeland security information. However,
communication from DHS on this topic stopped after these meetings, without
explanation. According to DHS officials, they did not remember the
meetings, which they attributed to the departure from DHS of the staff who
had attended.
In addition, although DHS initially pursued a limited strategy of
exchanging selected terrorism-related documents with the RISS program, the
strategy was impeded by technical issues and by differences in what each
organization considers to be terrorism information. For example, the
exchange of documents between HSIN and the RISS program stopped on August
1, 2006, because of technical problems with HSIN's upgrade to a new
infrastructure. As of May 3, 2007, the exchange of terrorism-related
documents had not yet resumed, according to HSIN's program manager. This
official also stated that the program is currently working to fix the
issue with the goal of having it resolved by June 2007.
Finally, DHS has yet to fully develop coordination policies, procedures,
and other means to operate across agency boundaries with the RISS program.
DHS has not fully developed such means to operate with the RISS program
and leverage its available technological resources. Although an operating
agreement was established to govern the exchange of terrorism-related
documents, according to RISS officials, it did not cover the full range of
information available through the RISS program.
^13 GAO-07-455.
DHS's Expedited Schedule Was Major Cause for Limited Coordination, Increasing
the Risk of Ineffective Information Sharing and Duplication
The extent of DHS's adherence to key practices (and the resulting limited
coordination) is attributable to DHS's expedited schedule to deploy an
information-sharing application that could be used across the federal
government in the wake of the September 11 attacks; in its haste, DHS did
not develop a complete inventory of key state and local information
initiatives. According to DHS officials, they still do not have a complete
inventory of key state and local information-sharing initiatives. DHS's
Office of Inspector General also reported that DHS developed HSIN in a
rapid and ad hoc manner, and among other things, did not adequately
identify existing federal, state, and local resources, such as RISSNET,
that it could have leveraged.^14
Further, DHS did not fully understand the RISS program. Specifically, DHS
officials did not acknowledge the RISS program as a state and local based
program with which to partner, but instead considered it to be one of many
vendors providing a tool for information sharing. In addition, DHS
officials believed that the RISS program was solely focused on law
enforcement information and did not capture the broader terrorism-related
or other information of interest to the department.
Because of this limited coordination and collaboration, DHS is at
increased risk that effective information sharing is not occurring. The
department also faces the risk that it is developing and deploying
capabilities on HSIN that duplicate those being established by state and
local agencies. There is evidence that this has occurred with respect to
the RISS program. Specifically:
^14 Department of Homeland Security Office of Inspector General, Office of
Information Technology, HSIN Could Support Information Sharing More
Effectively, DHS/OIG-06-38 (Washington, D.C.: June 2006).
0M HSIN and RISS ATIX currently target similar user groups. DHS
and the RISS program are independently striving to make their
applications available to user communities involved in the
prevention of, response to, mitigation of, and recovery from
terrorism and disasters across the country. For example, HSIN and
RISS ATIX are being used and marketed for use at state fusion
centers^15 and other state organizations, such as emergency
management agencies across the country.
0M HSIN and RISS applications have similar approaches for sharing
information with their users. For example, on each application,
users from a particular community--such as emergency
management--have access to a portal or community area tailored to
the user's information needs. The community-based portals have
similar features focused on user communities. Both applications
provide each community with the following features:^16
0M Web pages. Tailored for communities of interest
(e.g., law enforcement, emergency management,
critical infrastructure sectors), these pages contain
general and community-specific news articles, links,
and contact information.
0M Bulletin boards. Participants can post and discuss
information.
0M Chat tool. Each community has its own online,
real-time, interactive collaboration application.
0M Document library. Participants can store and
search relevant documents.
^15 A fusion center is defined as a "collaborative effort of two or more
agencies that provide resources, expertise, and information to the center
with the goal of maximizing their ability to detect, prevent, investigate,
and respond to criminal and terrorist activity."
^16 Beyond the collaboration tools listed, RISSNET also provides access to
other law enforcement resources, such as analytical criminal
data-visualization tools and criminal intelligence databases.
DHS Has Improvements Planned and Under Way, Including Implementing Our Recent
Recommendations
According to DHS officials, including the HSIN program manager, the
department has efforts planned and under way to improve coordination. For
example, the department is in the process of developing an integration
strategy that is to include enhancing HSIN so that other applications and
networks can interact with it. This would promote integration by allowing
other federal agencies and state and local governments to use their
preferred applications and networks--such as RISSNET and RISS ATIX--while
allowing DHS to continue to use HSIN.
Other examples of improvements either begun or planned include the
following:
0M The formation of an HSIN Mission Coordinating Committee, whose
roles and responsibilities are to be defined in a management
directive. It is expected to ensure that all HSIN users are
coordinated in information-sharing relationships of mutual value.
0M The recent development of engagement, communications, and
feedback strategies for better coordination and communication with
HSIN, including, for example, enhancing user awareness of
applicable HSIN contact points and changes to the system.
0M The reorganization of the HSIN program management office to
help the department better meet user needs. According to the
program manager, this reorganization has included the use of
integrated process teams to better support DHS's operational
mission priorities as well as the establishment of a strategic
framework and implementation plan for meeting the office's key
activities and vision.
0M The establishment of a HSIN Advisory Committee to advise the
department on how the HSIN program can better meet user needs,
examine DHS's processes for deploying HSIN to the states, assess
state resources, and determine how HSIN can coordinate with these
resources.
In addition to these planned improvements, DHS has agreed to
implement the recommendations in our recent report. Specifically,
we recommended that the department ensure that HSIN is effectively
coordinated with key state and local government
information-sharing initiatives. We also recommended that this
include (1) identifying and inventorying such initiatives to
determine whether there are opportunities to improve information
sharing and avoid duplication, (2) adopting and institutionalizing
key practices related to OMB's guidance on enhancing and
sustaining agency coordination and collaboration, and (3) ensuring
that the department's coordination efforts are consistent with the
Administration's recently issued Information Sharing Environment
plan.^17 In response to these recommendations, DHS described
actions it was taking to implement them. (The full recommendations
and DHS's written response to them are in the report.)
In closing, DHS has not effectively coordinated its primary
information-sharing system with two key state and local
initiatives. Largely because of the department's hasty approach to
delivering needed information-sharing capabilities, it did not
follow key coordination and collaboration practices and guidance
or invest the time to inventory and fully understand how it could
leverage state and local approaches. Consequently, the department
faces the risk that effective information sharing is not occurring
and that its HSIN application may be duplicating existing state
and local capabilities. This also raises the issue of whether
similar coordination and duplication issues exist with the other
federal homeland security networks and associated systems and
applications under the department's purview.
DHS recognizes these risks and has improvements planned and under
way to address them, including stated plans to implement our
recommendations. These are positive steps and should help address
shortfalls in the department's coordination practices on HSIN.
However, these actions have either just begun or are planned, with
milestones for implementation yet to be defined. Until all the key
coordination and collaboration practices are fully implemented and
institutionalized, DHS will continue to be at risk that the
effectiveness of its information sharing is not where it needs to
be to adequately protect the homeland and that its efforts are
unnecessarily duplicating state and local initiatives.
Madame Chair, this concludes my testimony today. I would be happy
to answer any questions you or other members of the subcommittee
may have.
^17 As mentioned earlier, this plan is aimed at establishing, in 3 years,
the networks and other technologies that link people, systems, and
information among all appropriate federal state, local, and tribal
entities and the private sector.
Contacts and Acknowledgements
If you have any questions concerning this testimony, please contact David
Powner, Director, Information Technology Management Issues, at (202)
512-9286 or [email protected] . Other individuals who made key
contributions include Gary Mountjoy, Assistant Director; Barbara Collier;
Joseph Cruz; Matthew Grote; and Lori Martinez.
(310845)
GAO's Mission
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548
To order by Phone: Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061
To Report Fraud, Waste, and Abuse in Federal Programs
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: [email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470
Congressional Relations
Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548
Public Affairs
Paul Anderson, Managing Director, [email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
References
Visible links
15. http://www.gao.gov/cgi-bin/getrpt?GAO-07-822T
*** End of document. ***