Homeland Security
Efforts to Improve Information Sharing Need to Be Strengthened Gao ID: GAO-03-760 August 27, 2003The sharing of information by federal authorities to state and city governments is critical to effectively execute and unify homeland security efforts. This report examines (1) what initiatives have been undertaken to improve information sharing and (2) whether federal, state, and city officials believe that the current information-sharing process is effective.
Since September 11, 2001, federal, state, and city governments have established initiatives to improve the sharing of information to prevent terrorism. Many of these initiatives were implemented by states and cities and not necessarily coordinated with other sharing initiatives, including those by federal agencies. At the same time, the Department of Homeland Security (DHS) has initiatives under way to enhance information sharing, including the development of a homeland security blueprint, known as an "enterprise architecture," to integrate sharing between federal, state, and city authorities. GAO surveyed federal, state, and city government officials on their perceptions of the effectiveness of the current information-sharing process. Numerous studies, testimonies, reports, and congressional commissions substantiate our survey results. Overall, no level of government perceived the process as effective, particularly when sharing information with federal agencies. Information on threats, methods, and techniques of terrorists is not routinely shared; and the information that is shared is not perceived as timely, accurate, or relevant. Moreover, federal officials have not yet established comprehensive processes and procedures to promote sharing. Federal respondents cited the inability of state and city officials to secure and protect classified information, the lack of federal security clearances, and a lack of integrated databases as restricting their ability to share information. DHS needs to strengthen efforts to improve the information sharing process so that the nation's ability to detect or prepare for attacks is strengthened.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-03-760, Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened
This is the accessible text file for GAO report number GAO-03-760
entitled 'Homeland Security: Efforts to Improve Information Sharing
Need to Be Strengthened' which was released on August 27, 2003.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
On January 13, 2004, this document was revised to add various footnote
references missing in the text of the body of the document and to
enhance the formatting of Tables 9 and 10.
Report to the Secretary of Homeland Security:
United States General Accounting Office:
GAO:
August 2003:
Efforts to Improve Information Sharing Need to Be Strengthened:
Homeland Security:
GAO-03-760:
GAO Highlights:
Highlights of GAO-03-760, a report to the Secretary of Homeland
Security
Why GAO Did This Study:
The sharing of information by federal authorities to state and city
governments is critical to effectively execute and unify homeland
security efforts. This report examines (1) what initiatives have been
undertaken to improve information sharing and (2) whether federal,
state, and city officials believe that the current information-sharing
process is effective.
What GAO Found:
Since September 11, 2001, federal, state, and city governments have
established initiatives to improve the sharing of information to
prevent terrorism. Many of these initiatives were implemented by
states and cities and not necessarily coordinated with other sharing
initiatives, including those by federal agencies. At the same time,
the Department of Homeland Security (DHS) has initiatives under way to
enhance information sharing, including the development of a homeland
security blueprint, known as an ’enterprise architecture,“ to
integrate sharing between federal, state, and city authorities.
GAO surveyed federal, state, and city government officials on their
perceptions of the effectiveness of the current information-sharing
process. Numerous studies, testimonies, reports, and congressional
commissions substantiate our survey results. Overall, no level of
government perceived the process as effective, particularly when
sharing information with federal agencies. Information on threats,
methods, and techniques of terrorists is not routinely shared; and the
information that is shared is not perceived as timely, accurate, or
relevant. Moreover, federal officials have not yet established
comprehensive processes and procedures to promote sharing. Federal
respondents cited the inability of state and city officials to secure
and protect classified information, the lack of federal security
clearances, and a lack of integrated databases as restricting their
ability to share information.
DHS needs to strengthen efforts to improve the information sharing
process so that the nation‘s ability to detect or prepare for attacks
is strengthened.
What GAO Recommends:
We recommend that the Secretary of Homeland Security work with the
heads of other federal agencies, and state and city officials to
ensure that DHS‘s enterprise architecture fully integrates states and
cities into the information-sharing process; incorporates, where
appropriate, other federal, state, and city information-sharing
initiatives; takes specific actions to evaluate and overcome perceived
barriers to information sharing; and measure progress in improving
information sharing as part of the enterprise architecture initiative.
The Departments of Homeland Security and Defense concurred with our
report. DHS stated that it has made improvements in information
sharing but further progress will require a prudent and deliberate
approach. The Central Intelligence Agency provided only technical
comments. The Department of Justice did not agree with our findings.
However, we believe that our conclusions are well founded.
www.gao.gov/cgi-bin/getrpt?GAO-03-760.
To view the full product, including the scope
and methodology, click on the link above.
For more information, contact Raymond J. Decker at (202) 512-6020 or
deckerrj@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
Information-Sharing Initiatives Are Not Well Coordinated:
Current Information-Sharing Process Not Perceived As Effective:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Scope and Methodology:
Use of a Survey to Supplement Interviews and Review of Documents:
Appendix II: Selected Initiatives to Promote Information Sharing:
Appendix III: Survey Responses Showing Categories of Homeland Security
Information Deemed Needed by the Respondents:
Appendix IV: Survey Responses to Our Questions on the Elements of an
Information-Sharing Process That Are Already in Place:
Appendix V: Survey Responses to Perceived Barriers Faced by States/
Cities in Providing the Federal Government with Information:
Appendix VI: Comments from the Department of Homeland Security:
Appendix VII: Comments from the Department of Defense:
Appendix VIII: Comments from the Department of Justice:
Appendix IX: GAO Contacts and Staff Acknowledgments:
Related GAO Products:
Tables:
Table 1: GAO Surveys Distributed, Survey Responses, and Response Rates:
Table 2: Percentage of Federal, State, and City Respondents That View
Their Sharing Relationships with One Another As Effective or Very
Effective:
Table 3: Perceptions of Information Needed and Regularly Received:
Table 4: Survey Respondents Who Said the Information from the Federal
Government Was Timely, Accurate, or Relevant:
Table 5: Survey Respondents Who Said That Information from State
Agencies Was Timely, Accurate, or Relevant:
Table 6: Survey Respondents Who Said That Information from
City Agencies Was Timely, Accurate, or Relevant:
Table 7: Perceived Barriers Preventing Federal Agencies from Providing
Other Federal Agencies, States, and Cities with Information:
Table 8: Initiatives and Efforts to Share More Information:
Table 9: Needed to Critically-Needed Information and Intelligence and
Frequently to Regularly-Received Information and Intelligence:
Table 10: Survey Respondents Who Agreed That Elements of a Sharing
Framework Exists by Answering "Great" to "Very Great":
Table 11: Great to Very-Great Barriers to Providing Federal Authorities
with Information and Intelligence:
Abbreviations:
CATIC: California Anti-Terrorism Information Center:
DHS: Department of Homeland Security:
FBI: Federal Bureau of Investigation:
JITF-CT: Joint Intelligence Task Force-Combating Terrorism:
JRIES: JITF-CT/RISS.NET Information Exchange System:
JTTF: Joint Terrorism Task Force:
MDA: Maritime Domain Awareness:
SATURN: Statewide Anti-Terrorism Unified Response Network:
United States General Accounting Office:
Washington, DC 20548:
August 27, 2003:
The Honorable Thomas J. Ridge
The Secretary of Homeland Security:
Dear Mr. Secretary:
Information--its timely collection, thorough analysis, and appropriate
dissemination--is critical to unifying the efforts of federal, state,
and local government agencies in preventing terrorist attacks. For this
report, our objectives were to determine (1) what initiatives have been
undertaken to improve information sharing and (2) whether federal,
state, and city officials believe that the current information-sharing
process is effective. To meet these objectives, we gathered information
on national planning efforts and obtained the perceptions of federal,
state, and city governments on how the current information-sharing
process was working.
Specifically, we met with officials who were knowledgeable about
information sharing from federal, state, and city agencies and
officials from associations representing cities, police organizations,
and research groups. Our scope focused on the information-sharing
process between federal, state, and city governments. We did not
include county governments or the private sector (which owns more than
80 percent of the nation's critical infrastructure), although we
recognize that both have important roles in homeland security. We also
did not include the federal government's critical infrastructure
protection efforts, for which GAO has made numerous recommendations
over the last several years. Additionally, most of our fieldwork was
performed before the Department of Homeland Security (DHS) began
operations in January 2003. Thus, some of the federal agencies we
worked with were still part of other cabinet departments at the time of
our research. Additionally, the department's efforts to establish a
homeland security blueprint--referred to as its "enterprise
architecture"[Footnote 1]--are in the early stages of development. We
also reviewed relevant reports, testimonies, and position papers.
Additionally, to supplement this analysis, we conducted a survey of
officials representing the federal intelligence community and law
enforcement agencies; state homeland security offices; all cities with
a population of 100,000 or more; and a sample of cities with a
population between 50,000 and 100,000, to obtain their perceptions
about the current information-sharing process. We did not independently
validate that the perceptions reported in our survey, such as the types
of information that respondents said they needed, accurately represent
the condition of the information-sharing process. However, our survey
results typically corroborated the condition of the current
information-sharing process that was described in our interviews with
knowledgeable officials and in our review of documents. Eighty percent,
or 40 of the 50 state homeland security advisors, completed the survey.
Our overall response rate for the survey was 50 percent and represents
284 government entities. Table 1 summarizes the number of surveys
distributed and the response rates for the federal, state, and city
respondents.
Table 1: GAO Surveys Distributed, Survey Responses, and Response Rates:
Number of surveys; Federal intelligence and law enforcement agencies:
29; State homeland security advisors: 50; Cities: Population of over
100,000: 242; Cities: Population of under 100,000[A]: 243; Totals: 564.
Number of responses; Federal intelligence and law enforcement agencies:
16; State homeland security advisors: 40; Cities: Population of over
100,000: 106; Cities: Population of under 100,000[A]: 122; Totals: 284.
Response rate in percents; Federal intelligence and law enforcement
agencies: 55%; State homeland security advisors: 80%; Cities:
Population of over 100,000: 44%; Cities: Population of under
100,000[A]: 50%; Totals: 50%.
Source: GAO.
Note: Although our results represent a substantial number of
governmental entities, the results do not represent the entire
population of governmental entities involved in information sharing.
[A] Cities with a population of between 50,000 and 100,000 were
selected by random sample.
[End of table]
We conducted our review from June 2002 through May 2003 in accordance
with generally accepted government auditing standards. A complete
discussion of our scope and methodology is contained in appendix I.
Results in Brief:
Federal agencies and state and city governments have undertaken
initiatives to improve the sharing of information that could be used to
fight terrorism and protect the homeland. Many of the initiatives were
implemented by states and cities and are not necessarily coordinated
with other sharing initiatives, including those implemented by the
federal government. Recognizing that information sharing to fight
terrorism is a key factor in homeland security, the U.S. Department
of Homeland Security has a number of initiatives under way to enhance
information-sharing, including the development of a homeland security
blueprint, referred to as an enterprise architecture. Through this
architecture, DHS plans to integrate the sharing of information within
the federal government and between federal agencies, state and city
governments, and the private sector. According to DHS, the department
plans to issue the enterprise architecture in September 2003 and begin
implementation in November 2003.
Recent legislation and various national strategies specify actions to
improve the sharing of information that could be used to fight
terrorism. For example, the Homeland Security Act of 2002[Footnote 2]
requires DHS to coordinate homeland security information sharing with
nonfederal entities, including state and local government personnel,
and requires the President of the United States to prescribe and
implement procedures, issued July 29, 2003, under which federal
agencies share homeland security information with other federal
agencies and appropriate state and local government personnel.[Footnote
3] The July 2002 National Strategy for Homeland Security[Footnote 4]
and the February 2003 National Strategy for the Physical Protection of
Critical Infrastructures and Key Assets[Footnote 5] also call for
actions to improve information sharing.
In the meantime, without this overall coordination, some federal,
state, and city entities have implemented their own information-sharing
initiatives. For example, the Federal Bureau of Investigation (FBI) has
significantly increased the number of its Joint Terrorism Task Forces.
Also, California established an antiterrorism information center
that collects, analyzes, and disseminates information to its law
enforcement officers, other law enforcement agencies, and FBI. In
our survey, 34 of 40 states and 160 of 228 cities stated that they
participate in information-sharing centers. While these initiatives may
increase the sharing of information to fight terrorism, they are not
well coordinated and consequently risk creating partnerships that may
actually limit some participants' access to information and duplicating
efforts of some key agencies in each level of government. Moreover,
while beneficial to these participants, the initiatives do not
necessarily integrate others into a truly national system and may
inadvertently hamper information sharing for this reason. A lack of
effective integration could increase the risk that officials will
overlook, or never even receive, information needed to prevent a
terrorist attack.
Despite various legislation, strategies, and initiatives to improve
information sharing, the documents we reviewed and officials we
interviewed from federal agencies, states, and cities and those that
responded to our survey generally do not consider the current process
of sharing information to protect the homeland to be effective. For
example, only 13 percent of federal government respondents reported
that sharing information with states and cities was "effective" or
"very effective." And, of the 40 states that responded, only 35 percent
reported that sharing with the federal government was "effective" or
"very effective.":
The three levels of government identified three main systemic problems
that account for this perception. First, no level of government was
satisfied that they receive enough information. In general, survey
respondents reported that they are typically receiving less than
50 percent of specified categories of information that they perceive
they need to support their homeland security duties. For example,
98 percent of the large cities that completed our survey reported that
they needed information on the movement of known terrorists; however,
only 15 percent reported that they received this information. Second,
no level of government was satisfied with the timeliness, accuracy, or
relevance of the information they received. States and cities reported
that threat information received is often untimely, inaccurate, or
irrelevant. Third, the federal government still perceives the fight
against terrorism, particularly its prevention, to be generally a
federal responsibility, which potentially undermines the unity of
effort between federal, state, and city governments needed to
effectively secure the homeland. Consequently, the federal government
still has not established comprehensive policies or procedures to
effectively integrate state and city governments into the information-
sharing process or even routinely recognize their role in this process.
For example, 30 of 40 states and 212 of 228 cities responding to our
survey reported that they were not given the opportunity to
participate in national policy making on information sharing. As a
result, opportunities are routinely missed to engage state and city law
enforcement officers in obtaining and providing the federal government
with information that could be vital in the war against terrorism.
The federal agencies in our survey identified several barriers to
sharing threat information with state and city governments. On the
other hand, state and city governments did not perceive that the
barriers identified by the federal agencies were truly
barriers.[Footnote 6] According to our survey, when federal agencies
felt they could not provide states and cities with information, they
cited concerns over state and local officials' ability to secure and
protect classified information, the officials' lack of security
clearances, and the lack of integrated databases. However, we believe
that these perceived barriers could be overcome. For example, state and
local police agencies routinely handle and protect "law enforcement
sensitive" information to build cases against suspected criminals,
suggesting that--with proper training and equipment--these government
agencies could handle other categories of sensitive information. An
information-sharing process in which needed information is not
routinely received or is received but is untimely or irrelevant hampers
the nation's collective ability to effectively unify the efforts of all
levels of government. An unwillingness to share information because of
a perception that barriers prevent sharing further affects information,
collection, analysis, and dissemination at each level of government
charged with homeland security.
We are recommending that the Secretary of Homeland Security, in
developing the enterprise architecture, (1) work in conjunction with
the heads of other federal agencies, state and city authorities, and
the private sector to ensure that the department's enterprise
architecture fully integrates them into the information-sharing
process and (2) take specific actions, including obtaining the private
sector's views regarding information sharing, to evaluate and overcome
the perceived barriers that prevent information sharing today. In
commenting on a draft of this report, the Departments of Defense and
Homeland Security concurred with our report, and the latter indicated
that it has made improvements to information sharing but that further
progress will require a prudent and deliberate approach. The Department
of Justice did not concur with our report and questioned the
reliability of our evidence. However, we used evidence from a variety
of sources including well-respected research organizations, testimony
before committees of the Congress, interviews with intelligence or law
enforcement officers at all levels of government, and our survey, and
consider this evidence to be reliable and our conclusions well founded.
Background:
A constitutional role of the federal government is to provide for the
common defense, which includes preventing terrorist attacks. The
government must prevent and deter attacks on our homeland as well
as detect impending danger before attacks occur. Although it may be
impossible to detect, prevent, or deter every attack, steps can be
taken to reduce the risk posed by the threats to homeland security.
Traditionally, protecting the homeland against these threats was
generally considered a federal responsibility. To meet this
responsibility, the federal government gathers intelligence, which is
often classified as national security information. This information is
protected and safeguarded to prevent unauthorized access by requiring
appropriate security clearances and a "need to know." Generally, the
federal government did not share national level intelligence with
states and cities, since they were not viewed as having a significant
role in preventing terrorism. Therefore, the federal government did not
generally grant state and city officials access to classified
information. However, as we reported in June 2002, the view that states
and cities do not have a significant role in homeland security has
changed since September 11, 2001, and the need to coordinate the
efforts of federal, state, and local governments for homeland security
is now well understood.[Footnote 7]
Preventing Terrorism Has Traditionally Been Viewed As a
Federal Responsibility:
Protecting the United States from terrorism has traditionally been a
responsibility of the federal government and, typically, the views of
states and cities in formulating national policy have not been
considered. In the Homeland Security Act of 2002, Congress found that
the federal government relies on state and local personnel to protect
against terrorist attacks and that homeland security information is
needed by state and local personnel to prevent and prepare for such
attacks. Congress also found that federal, state, and local
governments; and intelligence, law enforcement, and other emergency and
response personnel must act in partnership to maximize the benefits of
information gathering and analysis to prevent and respond to terrorist
attacks. As a result, the act expressed the sense of Congress that
federal, state, and local entities should share homeland security
information to the maximum extent practicable. Federal, state, and
local governments and the private sector were not fully integrated
participants before the September 11, 2001, attacks, but the need to
integrate them became more widely recognized afterward.
In order to develop national policies and strategies to address
terrorism issues, senior policymakers obtain information from the
intelligence community.[Footnote 8] The intelligence community uses a
cyclic process for intelligence production. Simplified, the
intelligence community (1) receives information requirements from
policymakers, (2) collects and analyzes the information from its
sources, (3) creates intelligence products from the information,
(4) disseminates the products to consumers of intelligence, and (5)
receives feedback about the usefulness of the information from
consumers. This process can lead to additional information requirements
and is ongoing.
Since the late 1940s, the federal government generally separated law
enforcement and intelligence functions, although both have a role in
combating terrorism.[Footnote 9] From this separation, law enforcement
and intelligence were created and handled differently, depending on
which community obtained the information and how it was to be used. The
law enforcement community investigates criminal activity and supports
prosecutions by providing information related to events that have
occurred. In contrast, the intelligence community tries to provide
policymakers and military leaders with information so that decisions
can be made to protect and advance national interests. Often, the
intelligence community collects information from sensitive sources or
using special methods and keeps the information classified to protect
their sources and methods and ensure a continual flow in the future.
Executive Order no. 12958, Classified National Security Information, as
amended, prescribes a uniform system for classifying, safeguarding, and
declassifying national security information, including information
related to defense against transnational terrorism. Executive Order no.
12968, Access to Classified Information, states that access to
classified national security information is generally limited to
persons who have been granted a security clearance, been briefed as to
their responsibilities for protecting classified national security
information, have signed a nondisclosure agreement acknowledging those
responsibilities, and have agreed to abide by all appropriate security
requirements. In addition, these persons must have a demonstrated "need
to know" the information in connection with the performance of their
official functions. If these criteria are not met, then the information
is not to be shared.
The federal intelligence community has traditionally not always
considered states or cities to need access to intelligence that could
be used to fight terrorism. As a result, few officials at the state and
local levels have the clearances required for access to intelligence
products. Furthermore, the collection and use of intelligence
information on individuals for domestic law enforcement purposes is
constrained by the application of constitutional protections, statutory
controls, and rules of evidence. For example, the Foreign Intelligence
Surveillance Act of 1978[Footnote 10] had, in effect, been interpreted
as requiring some separation that limited coordination between domestic
law enforcement and foreign intelligence investigations, particularly
with regard to the use of information collected for foreign
intelligence purposes in criminal prosecutions.
September 11, 2001, Attacks Redefined Terrorism Responsibilities:
Although previous terrorist attacks--such as the 1993 World Trade
Center bombing--proved that the United States was not immune to attacks
on its homeland, the enormity of the loss of life and impact of the
terrorist attacks on September 11, 2001, highlighted the increasing
risk of terrorist attacks on U.S. soil. Consequently, federal, state,
and city governments recognized an urgent need to effectively unify
their efforts to enhance homeland security by employing the unique
contribution that each level of government can make on the basis of its
capabilities and knowledge of its own environment. After the September
11, 2001, attacks, policymakers questioned the separation between law
enforcement and intelligence, noting that the distinctions may limit
access to some information needed to effectively execute homeland
security duties. In October 2001, Congress passed the USA PATRIOT
Act,[Footnote 11] to improve the sharing of information between the
intelligence and law enforcement communities, such as by providing
federal investigators with more flexibility in sharing information
obtained under the authority of the Foreign Intelligence Surveillance
Act. In October 2002, the Senate Select Committee on Intelligence:
Joint Investigation inquiry into the attacks found problems in
maximizing the flow of relevant information both within the
Intelligence Community as well as to and from those outside the
community.[Footnote 12] The review found that the reasons for these
information disconnects can be, depending on the case, cultural,
organizational, human, or technological. The committee recommended that
comprehensive solutions, while perhaps difficult and costly, must be
developed and implemented if we are to maximize our potential for
success in the war against terrorism.
At the same time, recognizing a need to balance the protection of
information with the emerging homeland security requirements of those
that had a newly recognized need-to-know, Congress passed the Homeland
Security Act of 2002 to, among other purposes, specifically facilitate
information sharing. In creating the Department of Homeland Security,
the act gives the Secretary the responsibility to coordinate with other
executive agencies, state and local governments, and the private sector
in order to prevent future attacks. Among other responsibilities, the
Secretary is to coordinate the distribution of information between
federal agencies and state and local governments. Furthermore, the act
requires the new department's Under Secretary for Information Analysis
and Infrastructure Protection to disseminate, as appropriate,
information analyzed by the department to other federal, state, and
local government agencies with homeland security roles; to consult with
state and local governments to ensure appropriate exchanges of
information (including law-enforcement-related information) relating
to threats of terrorism; and to coordinate with elements of the
intelligence community and with federal, state, and local law
enforcement agencies, and the private sector, as appropriate.
Additionally, a subtitle of the Homeland Security Act, titled the
Homeland Security Information Sharing Act, requires the President of
the United States to prescribe and implement governmentwide procedures
for determining the extent of sharing, and for the actual sharing, of
homeland security information between federal agencies and state and
local personnel, and for the sharing of classified (and sensitive but
unclassified) information with state and local personnel. To date,
these procedures have not been promulgated, although the President has
recently assigned this function to the Secretary of Homeland
Security.[Footnote 13]
Furthermore, several national strategies that have been developed
include information sharing as major initiatives. Both the National
Strategy for Homeland Security and the National Strategy for the
Physical Protection of Critical Infrastructures and Key Assets include,
as objectives, improving information sharing between intelligence and
law enforcement agencies at all levels of government. In addition, FBI
increased the number of its Joint Terrorism Task Forces, from 35, as of
September 11, 2001, to 66, as of March 2003. Federal, state, and local
law enforcement officials can interact to prevent terrorist attacks and
share information in investigations of terrorist events through the
task forces. State and city governments have also implemented several
initiatives to improve the information-sharing process, both within
their jurisdiction as well as with participants from other levels of
government.
Information-Sharing Initiatives Are Not Well Coordinated:
Congress passed legislation and the President issued strategic plans to
improve the sharing of information to fight terrorism. The Department
of Homeland Security was given the responsibility to coordinate the
distribution of information between federal agencies, and state and
local governments, and private industry. However, the department is in
the early phases of determining how to execute this responsibility. In
the meantime, some federal agencies and state and city governments
undertook initiatives on their own to improve sharing. However, these
actions are not well coordinated and consequently risk duplicating
efforts. In addition, without coordination, these actions may not be
mutually reinforcing and may create information-sharing partnerships
that do not necessarily include all agencies needing access to the
information.
Legislation and Strategies to Improve Information Sharing:
After the September 11, 2001, attacks, Congress took legislative action
to improve information sharing. Several national strategies, such as
the National Strategy for Homeland Security contain actions to improve
sharing as well.
The Homeland Security Act directs the President to prescribe and
implement procedures for sharing homeland security information
between federal agencies and with appropriate state and local
government personnel (a function since assigned by the President to the
Secretary of Homeland Security). The act also created the Department of
Homeland Security, which consolidated 22 federal agencies with homeland
security missions into a single department. Within the department, the
Office of State and Local Government Coordination and the Office of
Private Sector Liaison were created to provide state and local
governments and appropriate private-sector representatives with
regular information, research, and technical support to assist local
efforts at securing the homeland. According to the department, these
offices will give these participants one primary federal contact
instead of many to meet their homeland security needs.
Since September 11, 2001, the administration has developed several
strategies containing actions to improve information sharing and charge
DHS, FBI, and other government components with responsibility to
perform these actions. For example, the National Strategy for Homeland
Security (July 2002), the National Strategy for the Physical Protection
of Critical Infrastructures and Key Assets (Feb. 2003), and the
National Strategy to Secure Cyberspace (Feb. 2003) have, as one of
their priorities, actions to promote information sharing between
federal agencies and with state and city governments, law enforcement
and intelligence agencies, and the private sector.[Footnote 14]
The National Strategy for Homeland Security specifies that the federal
government will "build a national environment that enables the sharing
of essential homeland security information horizontally across each
agency of the federal government and vertically among federal, state,
and local governments, private industry, and citizens" by integrating
all participants and streamlining the sharing process. The strategy
contains initiatives to declassify documents to facilitate sharing,
integrate databases at all levels of government, and provide for a
secure method of sharing information. Similarly, the National Strategy
for the Physical Protection of Critical Infrastructures and Key Assets
has initiatives to facilitate information sharing by improving
processes for domestic threat data collection, analysis, and
dissemination to state and local governments as well as with private
industry. This strategy calls on DHS to lead the effort to (1) define
sharing requirements, (2) establish processes for providing and
receiving information, and (3) develop technical systems to share
sensitive information with public-private stakeholders. The National
Strategy to Secure Cyberspace has initiatives to improve and enhance
public-private information sharing involving cyber attacks by
establishing, among other things, protocols for ensuring that
information voluntarily provided by the private sector is securely
stored and maintained.
The Department of Homeland Security has several initiatives to improve
the sharing of information that could be used to protect the homeland.
In particular, it is developing a homeland security enterprise
architecture that, among other actions, will integrate sharing between
federal agencies and between the federal government, state and city
governments, and the private sector. According to DHS, its enterprise
architecture is a business-based framework for cross-agency improvement
and will provide DHS with a new way of describing, analyzing, and
integrating the data from the agencies, thus enabling DHS to
"connect the dots" to better prevent terrorist attacks and protect
people and infrastructure from terrorism. Architecture working groups
were established to collect, organize, and publish the baseline
information-sharing structure for the major components that were
transitioned to DHS. According to DHS officials, this effort will be
completed by June 2003. The working groups will also be used to
integrate the state and city governments, and the private sector. By
September of 2003, the department anticipates it will have a plan that
provides a phased approach to achieving information sharing between the
federal government, states, cities, and the private sector. The
department anticipates beginning to implement the plan in November
2003.
Initiatives Risk Duplicating Efforts and May Limit Access for
Some Entities:
Other federal agencies, and state and city homeland security
participants have implemented several initiatives to promote
information sharing, yet these initiatives are not well coordinated and
may inadvertently limit access to information to those entities that
are not part of the initiatives. Nonetheless, the initiatives seek to
fulfill a perceived information requirement not yet fully addressed by
the federal intelligence community, and include both technological
solutions as well as management and communication solutions. However,
these initiatives may be duplicating DHS and other federal efforts
already under way, and, in some cases, may create information-sharing
partnerships that actually limit access to information to only those
agencies that are party to the initiatives.
Sensing an urgency to improve their abilities to effectively perform
their homeland security duties, other federal agencies, and state and
city participants have implemented several initiatives to promote
sharing with others from different levels of government.[Footnote 15]
However, it is unclear how these initiatives, while enhancing
individual organization sharing, will contribute to national
information-sharing efforts. The Departments of Defense and Justice
have established initiatives using technology to better gather,
analyze, and share information with other homeland security
participants. These initiatives include expanding existing mechanisms
for sharing; participating in information-sharing centers like FBI's
Joint Terrorism Task Forces; establishing new information-sharing
centers; and working with federal, state, and city agencies to
integrate databases. Also, the new Terrorist Threat Integration Center,
which began operations May 1, 2003, was created to fuse, analyze, and
share terrorist-related information collected domestically and abroad.
It is an interagency joint venture that reports directly to the
Director of Central Intelligence in his capacity as statutory head of
the intelligence community. The center will be comprised of elements of
DHS, FBI's Counterterrorism Division, the Director of Central
Intelligence Counterterrorist Center, the Department of Defense, and
other participating agencies. According to the President, the center is
to "close the seam" between the analysis of foreign and domestic
intelligence and will have access to all sources of information.
In responding to our survey, 85 percent (or 34 of 40) of the responding
states and 70 percent (or 160 of 228) of the responding cities said
they were currently participating in information-sharing centers,
including FBI's Joint Terrorism Task Forces. Nonetheless, according to
the survey results, many participants expressed a need for still more
interaction with other homeland security participants to coordinate
planning, develop contacts, and share information and best practices.
In addition to the federal government, several states and cities have
implemented their own initiatives to improve sharing. For example, the
state of California has established a clearinghouse for all terrorist-
related activities and investigations. The clearinghouse collects,
analyzes, and disseminates information to its law enforcement officers,
other law enforcement agencies, and FBI. The City of New York
established a counterterrorism committee comprising FBI, the New York
State Office of Public Security, and the New York City Police
Department to share information and promote joint training exercises.
Officials from the Central Intelligence Agency acknowledged that
states' and cities' efforts to create their own centers are resulting
in duplication and that some cities may be reaching out to foreign
intelligence sources independently from the federal government. These
officials emphasized that state and local authorities should work
through the Joint Terrorism Task Forces to receive the information they
require. Appendix II contains examples of other initiatives that
various information-sharing participants have expanded and/or
implemented to protect the homeland since September 11, 2001.
In written comments to our survey, some respondents indicated that
avoiding duplication and redundancy were some of the reasons they were
not joining or establishing new information-sharing centers. For
example, rather than establishing local or regional databases--as some
states and cities have done--some respondents recommended creating a
national terrorism intelligence and information network and computer
database. However, in order to build a comprehensive national plan that
integrates multiple sharing initiatives (including those that integrate
databases), the federal government must first be aware of these
efforts. In a speech to the National Emergency Managers Association in
February 2003, the Secretary of Homeland Security asked states to
inform his department of newly created initiatives when they learn of
them. However, it is not clear if states and cities have provided DHS
with this information and whether DHS has taken actions on the basis of
the information.[Footnote 16] As a result, federal efforts to integrate
initiatives may overlook some state or city initiatives that could help
to improve information sharing and enhance homeland security.
Another way that information-sharing initiatives may limit access to
information for some entities is through partnerships that promote
information sharing between the partners but exclude those not
participating. Some federal agencies may try to meet their information
needs by forming partnerships with other agencies outside the purview
of DHS and its ongoing national strategy efforts. Thus, these
organizations may concentrate on local threat information and
unknowingly have vital information that, when combined with national or
regional information, could indicate an impending attack or help
prepare for an attack.
Current Information-Sharing Process Not Perceived As Effective:
In spite of legislation, strategies, and initiatives to improve
information sharing, federal agencies and state and city governments
generally do not consider the current information-and intelligence-
sharing process to be effective. The documents that we reviewed, and
officials from federal agencies, states, and cities we interviewed,
indicated that they did not perceive the sharing process as working
effectively. And, in our survey, fewer than 60 percent of federal,
state, and city respondents rated the current sharing process as
"effective" or "very effective." Respondents identified three systemic
problems. First, they believe that needed information is not routinely
provided. Second, the information that they do receive is not always
timely, accurate, or relevant. Third, they feel that the federal
government still perceives the fight against terrorism to be generally
a federal responsibility and consequently does not integrate state and
city governments into the information-sharing process. An information-
sharing process characterized by such systemic problems or shortcomings
could contribute to a failure to detect a pending attack or prepare for
an attack.
Further Improvement Is Needed in the Information-Sharing Process:
According to recent reports and testimony, further improvement is
needed in the information-sharing process to better protect the
homeland. Federal officials have stated that information-sharing
problems still exist. We have also expressed concerns about information
sharing in previous reports and testimonies, as shown in the following
examples:
* Inquiries into the events of September 11, 2001, have highlighted
ongoing problems with the existing sharing process and the need for
improvement. Both the Senate Select Committee on Intelligence and the
House Permanent Select Committee on Intelligence have, in a joint
inquiry in 2002, stated that much information exists in the files and
databases of many federal, state, and local agencies.[Footnote 17]
However, that information is not always shared or made available in
timely and effective ways to decision makers as well as analysts to
better accomplish their individual missions.
* In October 2002, the Staff Director of the Joint Inquiry Staff that
investigated the September 11, 2001, intelligence issues testified that
information sharing was inconsistent and haphazard.
* On December 15, 2002, the Gilmore Commission[Footnote 18] concluded
that information sharing had only marginally improved since the
September 11, 2001, attacks, and that despite organizational reforms,
more attention, and better oversight, the ability to gather, analyze,
and disseminate critical information effectively remained problematic.
Additionally, the commission reported that current information-sharing
practices neither transfer to local authorities the information they
need, nor adequately assesses the information collected by
local authorities.
We have also expressed concerns about homeland security in previous
reports and testimonies that documented the lack of standard protocols
for sharing information and intelligence; the lack of partnerships
between the federal, state, and local governments; and the lack of a
unified national effort to improve the sharing process. In those
reports, we concluded that more effort is needed to integrate the state
and local governments into the national sharing process. [Footnote 19]
In our report on the integration of watch list databases that contain
information on known terrorists, we found that sharing is more likely
to occur between federal agencies than between federal agencies and
state or local government agencies because of overlapping sets of data
and different policies and procedures.[Footnote 20]
Participants Do Not Perceive Current Information-Sharing Process as
"Effective" or "Very Effective":
Our work involving the interviewing of cognizant officials, reviewing
information-sharing documents, and analyzing the results of our survey
indicated that information-sharing participants do not perceive the
current process as "effective" or "very effective." Without an
effective sharing process, it is not clear how important information
obtained by federal, state, or city agencies could be connected to
relevant information held by other agencies and potentially pointing to
an imminent attack.
In a position paper, the Major Cities Chiefs Association stated that
the federal government needed to better integrate the thousands of
local police officers into the sharing process and by not doing so, the
federal government is not taking advantage of their
capabilities.[Footnote 21] In March 2002, the National Governors
Association stated that law enforcement and public safety officers do
not have access to complete, accurate, and timely information. As a
result, critical information is not always shared at key decision
points, sometimes with tragic consequences.[Footnote 22] The
International Association of Chiefs of Police testified in June 2002
that the current sharing process is not effective because state and
city governments are not fully integrated into a national sharing
process.[Footnote 23]
We conducted our survey nearly a year later and found little change.
Our survey results indicate that participants do not perceive the
current sharing of information to fight terrorism to be "effective" or
"very effective," regardless of the level of government with whom they
shared information. In our survey we asked all respondents to indicate
the extent of effectiveness when they shared information with the other
government levels. For example, we asked the federal respondents to
rate their responses from "not effective" to "very effective" when they
shared information with other state and city governments. Table 2 shows
the different perceived levels of effectiveness within the three levels
of government.
Table 2: Percentage of Federal, State, and City Respondents That View
Their Sharing Relationships with One Another As Effective or Very
Effective:
Percent:
Jurisdiction: Federal; Federal sharing with: 44;
State sharing with: 35; Large-city sharing with: 37;
Small-city sharing with: 29.
Jurisdiction: State/Intrastate; Federal sharing with: 13;
State sharing with: 43; Large-city sharing with: 51;
Small-city sharing with: 42.
Jurisdiction: City/Intracity; Federal sharing with: 13;
State sharing with: 40; Large-city sharing with: 57;
Small-city sharing with: 54.
Source: GAO.
Notes: Although our results represent a substantial number of
governmental entities, the results do not represent the entire
population of governmental entities involved in information sharing.
Number of federal agency respondents = 16; number of state respondents
= 40; number of large-city respondents = 106; and number of small-city
respondents = 122.
[End of table]
As shown in table 2, generally fewer that 60 percent of the respondents
felt that the information-sharing process was "effective" or "very
effective." In particular, only 13 percent of the federal agencies that
completed our survey reported that when sharing information with the
states and cities, the current process was "effective" or "very
effective." One reason for this low percentage may be due to the
historic reluctance of the federal government to share terrorism
information with states and cities. On the other hand, 51 percent of
large-city respondents reported that their sharing relationships with
states was "effective" or "very effective," reflecting a closer
historic relationship that cites have with their states.
Systemic Problems Account for Perception That Process Is Ineffective:
Federal, state, and city authorities do not perceive the current
sharing process as "effective" or "very effective" because they believe
(1) that they are not routinely receiving the information they believe
they need to protect the homeland; (2) that when information is
received, it is not very useful, timely, accurate, or relevant; and
(3) that the federal government still perceives the fight against
terrorism to be generally a federal responsibility. Consequently,
comprehensive policies and procedures to effectively integrate state
and city governments into the process of determining requirements,
analyzing and disseminating information, and providing feedback have
not been established. As a result, opportunities may be routinely
missed to engage state and city officials in obtaining information from
the federal government and providing the federal government with
information that could be important in the war against terrorism.
Participants Are Not Routinely Receiving Needed Information:
The federal, state, and city officials that completed our survey
indicated that certain information was perceived to be extremely
important to execute their homeland security duties, but they reported
that they were not routinely receiving it.[Footnote 24] In the survey,
we listed different types of homeland-security-related information and
asked all respondents to indicate the extent to which they needed and
received the information. With few exceptions, the federal, state, and
city agencies that completed our survey indicated that they are
typically receiving less than 50 percent of the categories of
information they seek.[Footnote 25] While our survey results found that
state and local agencies were generally dissatisfied with the results
of information sharing with the federal government, federal agencies
were just as dissatisfied with the flow of information from state and
city agencies.
As shown in table 3, the majority of the states and cities reported
that they needed many of the types of information listed in our survey
question. For example, 90 to 98 percent of the states and large and
small cities that completed our survey reported that they needed
specific and actionable threat information; yet only 21 to 33 percent
of them reported that they received this information. However, more
than 50 percent of all respondents reported that they were receiving
needed broad threat information.
Table 3: Perceptions of Information Needed and Regularly Received:
Category: Broad threat information;
Federal agencies (n = 16): Percent Needed: 75;
Federal agencies (n = 16): Percent Received: 75;
States (n = 40): Percent Needed: 93;
States (n = 40): Percent Received: 75;
Large cities (n = 106): Percent Needed: 81;
Large cities (n = 106): Percent Received: 77;
Small cities (n = 122): Percent Needed: 72;
Small cities (n = 122): Percent Received: 57.
Category: Specific and actionable threat information;
Federal agencies (n = 16): Percent Needed: 88;
Federal agencies (n = 16): Percent Received: 56;
States (n = 40): Percent Needed: 98;
States (n = 40): Percent Received: 33;
Large cities (n = 106): Percent Needed: 98;
Large cities (n = 106): Percent Received: 28;
Small cities (n = 122): Percent Needed: 90;
Small cities (n = 122): Percent Received: 21.
Category: Movement of WMD by "friendly" authorities;
Federal agencies (n = 16): Percent Needed: 56;
Federal agencies (n = 16): Percent Received: 19;
States (n = 40): Percent Needed: 83;
States (n = 40): Percent Received: 23;
Large cities (n = 106): Percent Needed: 77;
Large cities (n = 106): Percent Received: 6;
Small cities (n = 122): Percent Needed: 66;
Small cities (n = 122): Percent Received: 6.
Category: Movement of WMD by terrorists;
Federal agencies (n = 16): Percent Needed: 88;
Federal agencies (n = 16): Percent Received: 25;
States (n = 40): Percent Needed: 95;
States (n = 40): Percent Received: 15;
Large cities (n = 106): Percent Needed: 98;
Large cities (n = 106): Percent Received: 5;
Small cities (n = 122): Percent Needed: 89;
Small cities (n = 122): Percent Received: 2.
Category: Movement of known terrorists;
Federal agencies (n = 16): Percent Needed: 69;
Federal agencies (n = 16): Percent Received: 31;
States (n = 40): Percent Needed: 98;
States (n = 40): Percent Received: 15;
Large cities (n = 106): Percent Needed: 98;
Large cities (n = 106): Percent Received: 15;
Small cities (n = 122): Percent Needed: 93;
Small cities (n = 122): Percent Received: 3.
Category: Activities of known terrorist support groups;
Federal agencies (n = 16): Percent Needed: 69;
Federal agencies (n = 16): Percent Received: 25;
States (n = 40): Percent Needed: 93;
States (n = 40): Percent Received: 18;
Large cities (n = 106): Percent Needed: 97;
Large cities (n = 106): Percent Received: 15;
Small cities (n = 122): Percent Needed: 90;
Small cities (n = 122): Percent Received: 2.
Category: Notification of ongoing federal investigations;
Federal agencies (n = 16): Percent Needed: 88;
Federal agencies (n = 16): Percent Received: 25;
States (n = 40): Percent Needed: 90;
States (n = 40): Percent Received: 23;
Large cities (n = 106): Percent Needed: 90;
Large cities (n = 106): Percent Received: 23;
Small cities (n = 122): Percent Needed: 87;
Small cities (n = 122): Percent Received: 7.
Category: Notification of federal arrests;
Federal agencies (n = 16): Percent Needed: 81;
Federal agencies (n = 16): Percent Received: 25;
States (n = 40): Percent Needed: 90;
States (n = 40): Percent Received: 33;
Large cities (n = 106): Percent Needed: 92;
Large cities (n = 106): Percent Received: 23;
Small cities (n = 122): Percent Needed: 89;
Small cities (n = 122): Percent Received: 7.
Category: Notification of ongoing state investigations;
Federal agencies (n = 16): Percent Needed: 75;
Federal agencies (n = 16): Percent Received: 13;
Large cities (n = 106): Percent Needed: 92;
Large cities (n = 106): Percent Received: 17;
Small cities (n = 122): Percent Needed: 87;
Small cities (n = 122): Percent Received: 4.
Category: Notification of state arrests;
Federal agencies (n = 16): Percent Needed: 75;
Federal agencies (n = 16): Percent Received: 13;
Large cities (n = 106): Percent Needed: 94;
Large cities (n = 106): Percent Received: 16;
Small cities (n = 122): Percent Needed: 89;
Small cities (n = 122): Percent Received: 4.
Category: Notification of ongoing local investigations;
Federal agencies (n = 16): Percent Needed: 63;
Federal agencies (n = 16): Percent Received: 13;
States (n = 40): Percent Needed: 93;
States (n = 40): Percent Received: 33;
Category: Notification of local arrests;
Federal agencies (n = 16): Percent Needed: 63;
Federal agencies (n = 16): Percent Received: 13;
States (n = 40): Percent Needed: 88;
States (n = 40): Percent Received: 33;
Category: Access to classified national security information;
Federal agencies (n = 16): Percent Needed: 88;
Federal agencies (n = 16): Percent Received: 75;
States (n = 40): Percent Needed: 80;
States (n = 40): Percent Received: 28;
Large cities (n = 106): Percent Needed: 60;
Large cities (n = 106): Percent Received: 13;
Small cities (n = 122): Percent Needed: 43;
Small cities (n = 122): Percent Received: 6.
Category: Access to declassified national security information;
Federal agencies (n = 16): Percent Needed: 75;
Federal agencies (n = 16): Percent Received: 56;
States (n = 40): Percent Needed: 85;
States (n = 40): Percent Received: 45;
Large cities (n = 106): Percent Needed: 75;
Large cities (n = 106): Percent Received: 33;
Small cities (n = 122): Percent Needed: 60;
Small cities (n = 122): Percent Received: 15.
Category: Analysis of information within a regional perspective;
Federal agencies (n = 16): Percent Needed: 81;
Federal agencies (n = 16): Percent Received: 50;
States (n = 40): Percent Needed: 95;
States (n = 40): Percent Received: 25;
Large cities (n = 106): Percent Needed: 97;
Large cities (n = 106): Percent Received: 24;
Small cities (n = 122): Percent Needed: 88;
Small cities (n = 122): Percent Received: 7.
Category: Analysis of information within a national perspective;
Federal agencies (n = 16): Percent Needed: 94;
Federal agencies (n = 16): Percent Received: 63;
States (n = 40): Percent Needed: 90;
States (n = 40): Percent Received: 23;
Large cities (n = 106): Percent Needed: 87;
Large cities (n = 106): Percent Received: 21;
Small cities (n = 122): Percent Needed: 77;
Small cities (n = 122): Percent Received: 8.
Category: Analysis of information within an international perspective;
Federal agencies (n = 16): Percent Needed: 88;
Federal agencies (n = 16): Percent Received: 56;
States (n = 40): Percent Needed: 83;
States (n = 40): Percent Received: 28;
Large cities (n = 106): Percent Needed: 69;
Large cities (n = 106): Percent Received: 17;
Small cities (n = 122): Percent Needed: 64;
Small cities (n = 122): Percent Received: 4.
Source: GAO.
Notes: Although our results represent a substantial number of
governmental entities, the results do not represent the entire
population of governmental entities involved in information sharing.
n = number.
WMD = weapons of mass destruction.
[End of table]
One reason that states and cities may not receive needed threat
information is that the information may not be available. For example,
actionable threat information is rarely available according to federal
intelligence officials we interviewed; however, if available, these
officials told us that they would not hesitate to provide those who
needed it with the information. Nonetheless, if the information is
classified, Executive Order no. 12968 specifies that the information is
not to be shared unless the would-be recipients have the proper
security clearances and a need-to-know. Thus, the issue arises of how
actionable threat information can be shared with state and local
personnel without unauthorized disclosure of classified information by
federal officials.[Footnote 26] Longstanding agency practices may also
account for poor information sharing and may include the institutional
reluctance of federal officials to routinely share information with
local law enforcement officials.
Without the information that they feel they need, states and cities, as
well as the federal government, may not be adequately prepared to deter
future attacks. Consequently, the nation's ability to effectively
manage the risk of future attacks may be undermined. For example, the
National Governors Association, the National League of Cities, and the
National Emergency Management Association have all stated that they
need timely, critical, and relevant classified and nonclassified
information about terrorist threats so that they can adequately prepare
for terrorist attacks. And the Major Cities Chiefs Association stated
that law enforcement officers need background information on terrorism,
the methods and techniques of terrorists, and the likelihood of an
imminent attack. With this information, the association believes that
law enforcement would have the background from which it could take
seemingly random or unconnected events--such as minor traffic
violations--and place them into a larger context, thereby being able to
perceive a bigger picture of potential attack or recognize the need to
pass the information to an appropriate homeland security partner
agency.
Information Received Not Very Timely, Accurate, or Relevant:
Our survey results confirm the perception that the information that
respondents do receive is not often seen as timely, accurate, or
relevant. And, of the three aspects, respondents reported that
timeliness was more of a problem than accuracy or relevancy. This
supports a common complaint we heard from police chiefs--that they
wanted timely information but would often receive information from
national news sources at the same time that the public received it.
This lack of timeliness was often attributed to the federal
government's historic reluctance to share this type of information with
local law enforcement officials. In the survey, we asked all
respondents to indicate the extent to which the information they
received from each other was timely, accurate, and relevant. Generally
no level of government, including the federal government, was satisfied
with the information received from the federal government, as shown in
table 4.
Table 4: Survey Respondents Who Said the Information from the Federal
Government Was Timely, Accurate, or Relevant:
Federal sharing with: Federal (n = 16); Timely: Number: 6; Timely:
Percent: 38; Accurate: Number: 5; Accurate: Percent: 31;
Relevant[A]: Number: 7; Relevant[A]: Percent: 44.
Federal sharing with: State (n = 40); Timely: Number: 15; Timely:
Percent: 38; Accurate: Number: 19; Accurate: Percent: 48;
Relevant[A]: Number: 20; Relevant[A]: Percent: 50.
Federal sharing with: Large cities (n = 106); Timely: Number: 24;
Timely: Percent: 23; Accurate: Number: 41; Accurate: Percent:
39; Relevant[A]: Number: 42; Relevant[A]: Percent: 40.
Federal sharing with: Small cities (n = 122); Timely: Number: 17;
Timely: Percent: 14; Accurate: Number: 26; Accurate: Percent:
21; Relevant[A]: Number: 27; Relevant[A]: Percent: 22.
Source: GAO.
Notes: Although our results represent a substantial number of
governmental entities, the results do not represent the entire
population of governmental entities involved in information sharing.
n = number.
[A] Great to very great extent.
[End of table]
In particular, table 4 highlights these problems for large cities. Only
23 percent of the large cities reported that the information they
received from the federal government was timely, and only 39 percent
reported that it was accurate. Only 40 percent reported that the
information received was relevant.
When state agencies were the source of information, federal and city
agencies were also dissatisfied, as shown in table 5.
Table 5: Survey Respondents Who Said That Information from State
Agencies Was Timely, Accurate, or Relevant:
State sharing with: Federal (n = 16); Timely: Number: 2; Timely:
Percent: 13; Accurate: Number: 1; Accurate: Percent: 6;
Relevant[A]: Number: 1; Relevant[A]: Percent: 6.
State sharing with: Large cities (n = 106); Timely: Number: 32; Timely:
Percent: 30; Accurate: Number: 36; Accurate: Percent: 34;
Relevant[A]: Number: 31; Relevant[A]: Percent: 29.
State sharing with: Small cities (n = 122); Timely: Number: 21; Timely:
Percent: 17; Accurate: Number: 36; Accurate: Percent: 30;
Relevant[A]: Number: 36; Relevant[A]: Percent: 30.
Source: GAO.
Notes: Although our results represent a substantial number of
governmental entities, the results do not represent the entire
population of governmental entities involved in information sharing.
n = number.
[A] Great to very great extent.
[End of table]
Table 5 shows that in general, large and small cities view the
information they receive from their state as more timely, accurate, and
relevant than when compared with the view of federal agencies when they
receive information from the states. Few of the federal agencies that
responded view state information received as timely, accurate, or
relevant.
Similarly, few federal or state agencies that responded to our survey
viewed information received from the cities as timely, accurate, or
relevant, as shown in table 6.
Table 6: Survey Respondents Who Said That Information from
City Agencies Was Timely, Accurate, or Relevant:
Cities sharing with: Federal (n = 16); Timely: Number: 2; Timely:
Percent: 13; Accurate: Number: 2; Accurate: Percent: 13;
Relevant[A]: Number: 1; Relevant[A]: Percent: 6.
Cities sharing with: State (n = 40); Timely: Number: 14; Timely:
Percent: 35; Accurate: Number: 17; Accurate: Percent: 43;
Relevant[A]: Number: 10; Relevant[A]: Percent: 25.
Source: GAO.
Notes: Although our results represent a substantial number of
governmental entities, the results do not represent the entire
population of governmental entities involved in information sharing.
n = number.
[A] Great to very great extent.
[End of table]
Table 6 also shows that states view the information they receive
from cities more favorably than the federal agencies that responded to
our survey.
Fighting Terrorism Still Seen as Generally a Federal Responsibility:
The nation's fight against terrorism is still generally perceived to be
a federal responsibility, at least in terms of preventing (in contrast
to responding to) a terrorist attack. Even though states and cities
develop important information on potential terrorist threats to the
homeland, the federal government still has not established
comprehensive policies or procedures to effectively integrate state and
city governments into the process of determining requirements;
gathering, analyzing, and disseminating information; and providing
feedback. Nor has the federal government routinely recognized states
and cities as customers in the information-sharing process.
Our survey results support the view that preventing terrorism is still
perceived generally as a federal responsibility. We asked respondents
to indicate the extent to which the elements of a sharing framework
for receiving information from the federal government--such as clear
guidance and access to needed databases--were in place at the various
governmental levels.[Footnote 27] The existence of these elements would
indicate to some extent the level that state and city governments were
integrated into the sharing process. Specifically, we found that more
elements of a sharing framework, such as clear guidance for providing
and receiving information, are in place at the federal level than at
the state or city level, indicating that terrorism-related information
is managed more at the federal level.[Footnote 28] Moreover, the lack
of such elements at the state and city level nearly 2 years after the
September 11, 2001, attacks may perpetuate the perception that the
fight against terrorism remains generally a federal responsibility.
State and city governments that completed our survey also indicated
that they do not participate in national policy making regarding
information sharing, which also helps maintain the perception. For
example, 77 percent of the responding states, 92 percent of large
cities, and 93 percent of small cities reported that they did not
participate in this policy-making process. By involving states and
cities, this process would help ensure a more unified and consolidated
effort to protect the homeland, and provide opportunities to improve
information sharing at the state and city levels.
The view that preventing terrorism is generally a federal
responsibility is also reflected in the perception of the existence of
barriers to providing information upwards or downwards. For example,
according to the December 2002 report of the Gilmore Commission, the
prevailing view continues to be that the federal government likes to
receive information but is reluctant to share information with other
homeland security partners. Furthermore, the commission stated that the
federal government must do a better job of designating "trusted agents"
at the state and local levels and in the private sector, and move
forward with clearing those trusted agents.[Footnote 29] In our survey,
we listed a number of barriers and asked all respondents to indicate
the extent to which these barriers hindered sharing with each other.
Table 7 identifies the barriers that federal, state, and city agencies
that responded to our survey believe exist in the current information-
sharing process.
Table 7: Perceived Barriers Preventing Federal Agencies from Providing
Other Federal Agencies, States, and Cities with Information:
Category: Legal barriers; Percent: Federal to federal: 13; Percent:
Federal to state: 13; Percent: Federal to cities: 25.
Category: Authorities lack interest in information to be provided;
Percent: Federal to federal: 6; Percent: Federal to state: 0; Percent:
Federal to cities: 0.
Category: Culture of "information superiority"; Percent: Federal to
federal: 6; Percent: Federal to state: 0; Percent: Federal to cities:
0.
Category: Concerns about jeopardizing ongoing investigations; Percent:
Federal to federal: 13; Percent: Federal to state: 13; Percent: Federal
to cities: 0.
Category: Lack of confidence in ability to limit disclosure of
information; Percent: Federal to federal: 6; Percent: Federal to state:
19; Percent: Federal to cities: 6.
Category: Lack of confidence in ability to manage investigations;
Percent: Federal to federal: 6; Percent: Federal to state: 0; Percent:
Federal to cities: 0.
Category: Concerns of disclosing sources and methods; Percent: Federal
to federal: 6; Percent: Federal to state: 25; Percent: Federal to
cities: 19.
Category: Lack of integrated databases; Percent: Federal to federal:
38; Percent: Federal to state: 38; Percent: Federal to cities: 31.
Category: Lack of clearances; Percent: Federal to federal: NA; Percent:
Federal to state: 44; Percent: Federal to cities: 38.
Category: Difficulty with provision to secure, maintain, and destroy
information; Percent: Federal to federal: NA; Percent: Federal to
state: 44; Percent: Federal to cities: 50.
Source: GAO.
Notes: Percentages include those respondents that answered "great-to-
very great" on this question.
Although our results represent a substantial number of governmental
entities, the results do not represent the entire population of
governmental entities involved in information sharing.
NA = not applicable.
[End of table]
As shown in table 7, federal officials cited several barriers that they
perceive prevent them from sharing information, including concerns
over state and local officials' ability to secure, maintain, and
destroy classified information; their lack of security clearances; and
the absence of integrated databases. However, these perceived barriers
were seen to exist by only a few respondents and could be overcome. For
example, state and local police routinely handle and protect law-
enforcement-sensitive information to support ongoing criminal
investigations, which suggests that--with proper training and
equipment--officials of these governments could handle other types of
sensitive information as well.
As mentioned earlier, the Homeland Security Act requires the President,
in establishing information-sharing procedures, to address the sharing
of classified and sensitive information with state and local personnel.
Congress suggested in the Homeland Security Act that the procedures
could include the means for granting security clearances to certain
state and local personnel, entering into nondisclosure agreements
(for sensitive but unclassified information), and the increased use of
information-sharing partnerships that include state and local
personnel. For example, Congress found that granting security
clearances to certain state and local personnel is one way to
facilitate the sharing of information regarding specific terrorist
threats between federal, state, and local levels of
government.[Footnote 30] We found that the federal government has
issued security clearances to state or local officials in limited
circumstances and is increasing the number of such clearances. The
Federal Emergency Management Agency has provided certain state
emergency management personnel with security clearances for emergency
response purposes, but other federal agencies, including FBI, have not
recognized the validity of these security clearances. For FBI, this
lack of recognition could prevent it from providing state emergency
management personnel with information. At the same time, FBI
has undertaken some initiatives to provide certain state officials with
clearances and could clearly expand this program at the state and
city levels, if officials believe that doing so will address a
perceived impediment to information sharing. And DHS is also developing
a new homeland security level classification for information to improve
sharing.
For their part, states and cities reported few barriers in their
ability to provide the federal government with information, while
federal agencies cited a number of barriers to sharing. As shown in
table 7, state and city agencies perceived that the federal government
faces few barriers in sharing information. Appendix V details the
barriers that states and cities perceive to providing federal
authorities with information.
All categories of survey respondents identified the lack of integrated
information systems as the single most common barrier to information
sharing across all levels of government. The Markle Foundation stated
in its report that federal agencies have seen the information and
homeland security problem as one of acquiring new technology.[Footnote
31] For example, for fiscal year 2003, FBI budgeted $300 million for
new technology, the Transportation Security Administration has budgeted
$1 billion over several years, and the former Immigration and
Naturalization Service (whose function is now within DHS) has a 5-year
plan for $550 million. However, the foundation reports that almost none
of this money is being spent to solve the problem of how to share this
information between federal agencies and with the states and cities.
The foundations' report states that when it comes to homeland security
and using integrated information systems, adequate efforts and
investments are not yet in sight. And in recent testimony, we stated
that DHS must integrate the many existing systems and processes within
government entities and between them and the private sector required to
support its mission.[Footnote 32]
Conclusions:
With the current decentralized information-sharing process in which
actions to improve sharing are not organized, and participants at all
levels of government and the private sector are not well integrated
into the scheme, the nation may be hampered in its ability to detect
potential terrorist attacks and effectively secure the homeland.
Additionally, the lack of coordination of the various information-
sharing initiatives continues to hamper the overall national effort to
effectively share information that could be used to prevent an attack.
DHS has initiated an enterprise architecture to provide a road map to
address information-sharing issues with all levels of government and
the private sector. It is important that this be done in such a way as
to effectively integrate all levels of government and the private
sector into an information-sharing process. Until then, it is not clear
how the department will coordinate the various information-sharing
initiatives to eliminate possible confusion and duplication of effort.
Participants risk duplicating each other's efforts and creating
partnerships that limit access to information by other participants,
thus increasing the risk that decision makers do not receive useful
information; developing initiatives that are not mutually reinforcing;
and potentially unnecessarily increasing the cost of providing homeland
security.
The failure to fully integrate state and city governments into
the information-sharing policy-making process deprives the federal
government of the opportunity to (1) obtain a complete picture of
the threat environment and (2) exploit state and city governments'
information expertise for their own areas, with which they are uniquely
familiar.
Finally, the effectiveness of the information-sharing process to
provide timely, accurate, and relevant information is also in question,
creating a risk that urgent information will not get to the recipient
best positioned to act on it in a timely manner. Until the perceived
barriers to federal information sharing are addressed, the federal
government may unnecessarily, and perhaps inadvertently, be hampering
the state and city governments from carrying out their own homeland
security responsibilities.
States, cities, and the private sector look to the federal government-
-in particular the Department of Homeland Security--for guidance and
support regarding information-sharing issues. If DHS does not
effectively strengthen efforts to improve the information-sharing
process, the nation's ability to detect or prepare for attacks may be
undermined.
Recommendations for Executive Action:
We recommend that, in developing its enterprise architecture, the
Secretary of Homeland Security work with the Attorney General of the
United States; the Secretary of Defense; the Director, Office of:
Management and Budget; the Director, Central Intelligence; and other
appropriate federal, state, and city authorities and the private sector
to ensure that the enterprise architecture efforts:
* incorporate the existing information-sharing guidance that is
contained in the various national strategies and the information-
sharing procedures required by the Homeland Security Act to be
established by the President;
* establish a clearinghouse to coordinate the various information-
sharing initiatives to eliminate possible confusion and duplication of
effort;
* fully integrate states and cities in the national policy-making
process for information sharing and take steps to provide greater
assurance that actions at all levels of government are mutually
reinforcing;
* identify and address the perceived barriers to federal information
sharing; and:
* include the use of survey methods or related data collection
approaches to determine, over time, the needs of private and public
organizations for information related to homeland security and to
measure progress in improving information sharing at all levels of
government.
As you know, 31 U.S.C. 720 requires the head of a federal agency to
submit a written statement of the actions taken on our recommendations
to the Senate Committee on Governmental Affairs and the House Committee
on Government Reform not later than 60 days after the date of this
report. A written statement must also be sent to the House and Senate
Committees on Appropriations with the agency's first request for
appropriations made more than 60 days after the date of this report.
Agency Comments and Our Evaluation:
We presented a draft of this report to the Departments of Homeland
Security, Defense, and Justice; and to the Director of Central
Intelligence. The Departments of Homeland Security, Defense, and
Justice provided written comments. The Central Intelligence Agency
provided technical comments. All the departments, except the Department
of Justice, concurred with our report.
The Department of Homeland Security concurred with our report and
recommendations. The department added that it has made significant
strides to improve information sharing. For example, the department
pointed out that it is in the process of providing secure telephones to
the governors and security clearances to the Homeland Security Advisors
in every state so that relevant classified information can be shared.
The department also pointed out that further progress will require a
thoughtful, prudent, and deliberate approach. However, it cautioned
that issuing the first draft of the national homeland security
enterprise architecture could go beyond the September 2003 target
because of the time it may take to obtain appropriate interagency
coordination. The department's comments are reprinted in their entirety
in appendix VI.
DOD concurred with our recommendations. DOD's comments are reprinted in
their entirety in appendix VII.
The Central Intelligence Agency provided technical comments that we
incorporated into our draft as appropriate.
On the other hand, the Department of Justice did not concur with our
report and raised several concerns. The department stated that our
draft report reaches sweeping and extraordinarily negative conclusions
about the adequacy of the governmental sharing of information to
prevent terrorism and that (1) our conclusions are fundamentally
incorrect and unsupportable by reliable evidence; (2) our review was
beyond our purview; and (3) an evaluation of information sharing
requires a review of intelligence sharing which by long standing
practice the executive branch provides to Congress but not us, thus we
may not be able to provide useful information to Congress. We disagree.
First, we used reliable evidence from a variety of sources, including
the Central Intelligence Agency; the Anser Institute of Homeland
Security; the Joint Inquiry into the Terrorist Attacks of September 11,
2001; reports of the RAND Institute and the Markle Task Force on
National Security in the Information Age; testimony before
congressional committees by federal, state, and local officials;
interviews that we conducted with federal, state, and local agency
officials and associations representing the International Association
of Chiefs of Police, the U.S. Conference of Mayors, the National League
of Cities, and the National Sheriffs Association; and our survey
results. Moreover, over 100 cities with populations in excess of
100,000, over 120 cities with populations of under 100,000, and 40
states responded to our survey, representing a substantial number of
governmental entities providing us with evidence of information-sharing
shortcomings. These organizations are involved in information
collection and analysis, have conducted well respected studies on
information-sharing issues, or have significant experience in providing
for homeland security through law enforcement or emergency management
at the state and the local level, and are recognized as authorities in
their fields of endeavor. Our conclusions are based on this body of
evidence. Our complete scope and methodology is shown in appendix I.
Second, the Department of Justice stated that "our review of
intelligence activities is an arena that is beyond GAO's purview" and
that providing GAO with information on intelligence sharing "would
represent a departure from the long-standing practice of Congress and
the executive branch regarding the oversight of intelligence
activities." The Department of Justice's impression that our review was
a review of intelligence activities is incorrect. As our report clearly
indicates, the oversight of intelligence activities was not an
objective or focus of our review, which did not require our access to
intelligence information or involve our evaluation of the conduct of
actual intelligence activities. Rather, our review considered the use
of intelligence information in general in the context of the broader
information-sharing roles and responsibilities of various homeland
security stakeholders (including the intelligence community). However,
even if our review could be construed as involving intelligence
activities, we disagree that such a review is outside GAO's purview. We
have broad statutory authority to evaluate agency programs and
activities and to investigate matters related to the receipt,
disbursement, and use of public money. To carry out our audit
responsibilities, we have a statutory right of access to agency records
applicable to all federal agencies. Although our reviews in the
intelligence area are subject to certain limited restrictions,[Footnote
33] we regard such reviews as fundamentally within the scope of our
authority.
Third, as to the department's assertion that providing GAO with
information on intelligence sharing practices would represent "a
departure from long-standing practice," we believe our review in this
area furthers congressional oversight but does not require reviewing
intelligence sharing practices. For example, we are not aware that
the views of state and local government officials on information
sharing contained in our report have previously been provided to
Congress in a comprehensive manner, their views are not dependent on
whether we do or do not have access to intelligence sharing practices,
and the department did not indicate that this is the case in asserting
that Congress is already receiving sufficient information from the
executive branch. Moreover, we did not review the extent to which the
executive branch provides useful information to Congress so we cannot
comment on the department's assertion. Nonetheless, as our report
clearly discusses, numerous state and local government officials
believe that they had not received the information that they need from
federal agencies. It would have also been useful, had the department
shared with us its views on information sharing for homeland security.
We believe Congress should have available such information in making
informed decisions in this area. The department's comments are
reprinted in appendix VIII.
We are sending copies of this report to appropriate congressional
committees. In addition, we are sending copies of the report to the
Secretaries of Homeland Security, Defense, Commerce, Agriculture,
Transportation, and the Treasury; the Attorney General; the Director of
Central Intelligence; and the Director, Office of Management and
Budget. We will make copies available to others upon request. In
addition, the report will be available at no charge on the GAO Web site
at http://www.gao.gov.
If you or your staff have any questions about matters discussed in
this report, please contact me at (202) 512-6020 or by E-mail at
deckerrj@gao.gov. GAO contacts and staff acknowledgements are
listed in appendix IX.
Sincerely yours,
Raymond J. Decker, Director Defense Capabilities and Management:
Signed by Raymond J. Decker:
[End of section]
Appendix I: Scope and Methodology:
Our objectives were to determine (1) what initiatives have been
undertaken to improve the sharing of information that could be used to
protect the homeland and (2) whether federal, state, and city officials
believe that the current information-sharing process is effective.
To achieve the first objective, we reviewed documents to determine
legislative initiatives and other initiatives detailed in national
strategies to include the National Strategy for Homeland Security, the
National Strategy for Combating Terrorism, the National Military
Strategic Plan of the United States of America, the National Strategy
for the Physical Protection of Critical Infrastructures and Key Assets,
the National Strategy to Secure Cyberspace, and the National Security
Strategy of the United States of America. We also reviewed federal,
state, and city initiatives to share information. We interviewed
officials from the Department of Justice, the Federal Bureau of
Investigation (FBI), and the Defense Intelligence Agency on their
initiatives to share information with state and city entities, and
discussed information or intelligence-sharing policies and procedures
with officials from the Central Intelligence Agency; the Department of
Defense (DOD), Departments of Commerce, Agriculture, the Treasury, and
Transportation; the U.S. Coast Guard; and DOD's new U.S. Northern
Command. We also surveyed a select group of federal, state, and city
organizations to obtain information on whether they were involved in
information-sharing initiatives.
To determine whether the current information-sharing process is
perceived as effective by federal, state, and city governments, we
interviewed officials from DOD's Office of the Inspector General and
the Defense Intelligence Agency; FBI and the Office of Intelligence
Policy and Review within the Department of Justice; the U.S. Coast
Guard; the Treasury Department and the U.S. Customs Service; the
Department of Commerce; and the U.S. Department of Agriculture. We also
interviewed representatives from the California Department of Justice,
city and county of Los Angeles law enforcement authorities; the
Director of Emergency Management for the District of Columbia; and the
chiefs of police of Baltimore, Maryland; and Dallas, Fort Worth, and
Arlington, Texas. We also interviewed representatives of professional
organizations and research organizations, including the International
Association of Chiefs of Police, the National Sheriffs Association,
Police Executive Research Forum, the U.S. Conference of Mayors, the
National League of Cities, the RAND Institute, the Center for Strategic
and International Studies, and ANSER Institute for Homeland Security.
To supplement our interviews, we reviewed studies and testimonies
before Congress. Among the documents we reviewed are the testimonies of
the President of the International Chiefs of Police before the Senate
Committee on Governmental Affairs, June 26, 2002; the former Central
Intelligence Agency General Counsel before the aforementioned
committee, February 14, 2003; and the Chairman of the Advisory Panel to
Assess the Capabilities for Domestic Response to Terrorism Involving
Weapons of Mass Destruction before the aforementioned committee,
February 14, 2003, and also the U.S. Select Committee on Intelligence
and the House Permanent Select Committee on Intelligence, October 1,
2002. We also reviewed the position papers of the RAND Institute,
International Association of Chiefs of Police, Markle Task Force on
National Security in the Information Age, and others.
Use of a Survey to Supplement Interviews and Review of Documents:
To achieve both objectives, we conducted a survey to augment our
interviews and review of testimonies, documents, and position papers.
We surveyed all 29 federal intelligence and law enforcement agencies;
50 state homeland security offices; and 485 cities, including all
cities with a population of 100,000 or greater, and 242 representing a
random sample of cities with a population of between 50,000 and
100,000. The city surveys were directed to the mayors; however, the
mayors frequently delegated the task of completing the survey to career
employees such as chiefs of police, city managers, directors of
emergency management offices, assistants to the mayors, and others. The
survey was not sent to the private sector, although we recognize that
it has a sizeable role in homeland security by virtue of owning about
80 percent of the critical infrastructure in the United States. The
survey collected information on the types of information needed by
participants, the extent that this information was received and
provided, the sources and usefulness of the information, and the
barriers that prevent participants from sharing. However, the survey
did not attempt to validate the information needs of any level of
government. To ensure the validity of the questions on the survey, we
pretested it with officials from the Office of the Secretary of
Defense, the Defense Intelligence Agency; the homeland security
directors for the states of North Dakota and Florida; the police chiefs
from the cities of Dallas, Fort Worth, and Arlington, Texas; and the
Director of Emergency Management for the District of Columbia. We
subsequently followed up the surveys with several phone calls and E-
mail messages to all federal and state agencies surveyed, and a large
number of cities to increase our response rate.
Of the 485 surveys sent to the cities, 228, or 47 percent, responded.
The 257 cities that did not respond might have answered the survey
differently from those that did; however, we could not determine this.
Therefore, we present the results of those cities that did complete the
surveys knowing that the nonresponders could have answered differently.
Where applicable in the report, we present the results of large and
small cities separately, unless noted otherwise. Also, when presenting
survey results, we judgmentally benchmarked the response level we
believed would be acceptable for an information-sharing process that is
so vital to homeland security. For example, for a process of this
importance, we believe that respondents should perceive that the
overall sharing process is "effective" or "very effective" and not
"moderately effective" or lower.
The scope of this review did not include the federal government's
critical infrastructure protection efforts, for which we have made
numerous recommendations over the last several years. We also did not
include the private sector, although we recognize the importance of
this sector in that it owns about 80 percent of the nation's
infrastructure. Critical infrastructure protection efforts are focused
on improving the sharing of information on incidents, threats, and
vulnerabilities, and the providing of warnings related to critical
infrastructures both within the federal government and between the
federal government and state and local governments, and the private
sector.
We conducted our review from June 2002 through May 2003 in accordance
with generally accepted government auditing standards.
[End of section]
Appendix II: Selected Initiatives to Promote Information Sharing:
In order to judge the extent of initiatives, judge efforts to share
more information, and identify possible duplication of efforts, we
gathered documents that outlined these efforts. Also, in our survey,
respondents identified initiatives and efforts they were involved with.
The following table is not exhaustive, since all respondents did not
complete this survey question; however, it illustrates potential
duplication of efforts between the federal, state, and city
governments.
Table 8: Initiatives and Efforts to Share More Information:
Name: Terrorist Threat Integration Center; Lead agency: Under the
direction of the Director of Central Intelligence; Participants:
Elements of CIA, FBI, DHS, DOD, and other federal agencies; Type and
purpose: Began operation on May 1, 2003. The center will fuse and
analyze terrorist-related information collected domestically and
abroad to form a comprehensive threat picture. It is designed to be in
one central location where information from all sources is shared,
integrated, and analyzed. A senior U.S. government official, who will
report to the Director of Central Intelligence, will head the center.
As soon as an appropriate facility is available, FBI's Counterterrorism
Division, the Director of Central Intelligence's Counterterrorism
Center, and the center will relocate to a single new facility in order
to improve collaboration and enhance the government's ability to
prevent future attacks.
Name: Joint Terrorism Task Force (JTTF); Lead agency: FBI;
Participants: Various local, state law enforcement entities, and other
federal agencies; Type and purpose: Increased from the pre-9/11 number
of 33 to 66, the task forces are to enhance FBI's ability to promote
coordinated terrorism investigations between its field offices and with
its counterparts in federal, state, and local law enforcement agencies,
and other federal agencies. FBI is providing task force agents and
state and local law enforcement personnel with specialized
counterterrorism training.
Name: JTTF Information-Sharing Initiative; Lead agency: FBI;
Participants: FBI, Illinois State Police, St. Louis Metropolitan Police
Department, and other law enforcement entities; Type and purpose:
Piloted in St. Louis, this initiative integrates the investigative
records of federal, state, and local agencies within a single database
in order to provide area law enforcement with a single source for all
criminal investigative records. This database provides investigators
and analysts the ability to search the actual text of investigative
records for names, addresses, phone numbers, scars, marks, and others.
Each agency that enters data into the warehouse will be able to access
it through four levels of security access.
Name: JITF-CT/RISS.NET Information Exchange System (JRIES); Lead
agency: Joint Intelligence Task Force-Combating Terrorism (JITF-CT) of
the Defense Intelligence Agency; Participants: DIA, California
Anti-Terrorism Information Center (CATIC), NYPD; Type and purpose: The
Defense Intelligence Agency's newly created JITF-CT is working with the
California Anti-Terrorism Information Center and the New York Police
Dept.'s Counter Terrorism Division to build a system that connects the
two entities in order to share information and intelligence about
suspected terrorists' activities, cases, and arrests. One of JRIES'
objectives is to provide information sharing functionality between
agencies, which cross federal, state, and local boundaries.
Name: Statewide Anti-Terrorism Unified Response Network (SATURN); Lead
agency: Massachusetts Executive Office of Public Safety; Participants:
Massachusetts; Massachusetts state and local agencies; federal; Type
and purpose: SATURN was developed as a collaborative effort to provide
a unified, effective response to terrorism by bringing together the
public, fire, emergency management, and police officials from
communities across Massachusetts along with key community leaders,
state agencies, and the federal government to educate, prepare for,
respond to, and prevent acts of terrorism. The SATURN network fosters
the necessary communication, information sharing, training, and
planning to enable the Commonwealth to prevent, prepare for, and
respond to acts of terrorism.
Name: Regional Domestic Security Task Force (RDSTF); Lead agency:
Florida (Florida Department of Law Enforcement); Participants: Various
Florida state agencies; Type and purpose: The Florida Department of Law
Enforcement established an RDSTF in each of the seven operational
regions. Composed of subcommittees including Health/Medical, Emergency
Medical Management, Law Enforcement, Fire Services, and Public Affairs,
the RDSTFs work to improve Florida's ability to detect and prevent
potential terrorist threats by collecting and disseminating
intelligence and investigative information; facilitating and promoting
ongoing security audits and vulnerability assessments; and protecting
critical infrastructures.
Name: CATIC; Lead agency: California Department of Justice;
Participants: Federal, state, and local law enforcement; Type and
purpose: CATIC is the state's clearinghouse for all terrorist-related
activities and investigations. CATIC collects, analyzes, and
disseminates information to its 100,000 law enforcement officers, other
law enforcement agencies, and FBI. Officials from the Defense
Intelligence Agency are working to connect the CATIC system with the
New York Police Department's Division of Counter-Terrorism.
Name: Los Angeles County Sheriff's Department: Office of Homeland
Security; Lead agency: Los Angeles County Sheriffís Department;
Participants: Local law enforcement, state, county and federal
agencies; Type and purpose: The Los Angeles County Sheriff's Department
established the Office of Homeland Security to enhance the department's
response to potential threats related to local homeland security. The
Office liaisons with federal, state, county, and local agencies with
missions concerning the prevention and investigation of terrorist
acts; In addition, the department created the Terrorism Early Warning
Group in 1996 as an interdisciplinary group in which local, state, and
federal agencies work together to share information, combine resources,
and enhance the county's ability to identify and respond to acts and
threats of terrorism.
Name: New York Metropolitan Counter-Terrorism Committee; Lead agency:
New York City law enforcement agencies; Participants: Various local,
state, and federal law enforcement agencies; Type and purpose: The
committee comprises FBI, the New York State Office of Public Security,
and the New York Police Department. The purpose of this committee is to
share intelligence, share information regarding investigations,
communicate information amongst its members, and promote joint training
exercises. It has five subcommittees, including Intelligence and
Investigations, which is working toward creating a repository of all
interactions with suspicious individuals by metropolitan law
enforcement agencies.
Name: Maritime Domain Awareness (MDA); Lead agency: U.S. Coast Guard;
Participants: ; Type and purpose: MDA is a concept that captures total
awareness of vulnerabilities, threats, and targets of interest on the
water. MDA is the comprehensive information, intelligence, and
knowledge of all entities within America's waterways that could affect
our safety, security, economy, or environment. According to the U.S.
Coast Guard, MDA will constitute a significant force multiplier as
missions expand against a background of limited resources.
Source: GAO.
[End of section]
[End of table]
Appendix III: Survey Responses Showing Categories of Homeland Security
Information Deemed Needed by the Respondents:
In order to establish a baseline for the information requirements of
federal agencies, and state and city government officials, we provided
survey respondents with a list of potential types of homeland security
information and asked them to indicate what they thought they needed to
meet their homeland security objectives. We then asked the respondents
to tell us how frequently they received the information they perceived
they needed. Table 9 is a summary of the types of information the
respondents reported they needed or critically needed and
the percentage that they frequently or regularly received the
information. For example, 98 percent of state officials reported that
they needed or critically needed specific and actionable threat
information, while they also reported regularly receiving this type of
information only 33 percent of the time.
Table 9: Needed to Critically-Needed Information and Intelligence and
Frequently to Regularly-Received Information and Intelligence:
Percent:
Category: Broad threat information;
Federal agencies: Needed: 75;
Federal agencies: Received: 75;
States: Needed: 93;
States: Received: 75;
Large cities: Needed: 81;
Large cities: Received: 77;
Small cities: Needed: 72;
Small cities: Received: 57.
Category: Specific and actionable threat information;
Federal agencies: Needed: 88;
Federal agencies: Received: 56;
States: Needed: 98;
States: Received: 33;
Large cities: Needed: 98;
Large cities: Received: 28;
Small cities: Needed: 90;
Small cities: Received: 21.
Category: Movement of WMD by "friendly" authorities;
Federal agencies: Needed: 56;
Federal agencies: Received: 19;
States: Needed: 83;
States: Received: 23;
Large cities: Needed: 77;
Large cities: Received: 6;
Small cities: Needed: 66;
Small cities: Received: 6.
Category: Movement of WMD by terrorists;
Federal agencies: Needed: 88;
Federal agencies: Received: 25;
States: Needed: 95;
States: Received: 15;
Large cities: Needed: 98;
Large cities: Received: 5;
Small cities: Needed: 89;
Small cities: Received: 2.
Category: Movement of known terrorists;
Federal agencies: Needed: 69;
Federal agencies: Received: 31;
States: Needed: 98;
States: Received: 15;
Large cities: Needed: 98;
Large cities: Received: 15;
Small cities: Needed: 93;
Small cities: Received: 3.
Category: Activities of known terrorist support groups;
Federal agencies: Needed: 69;
Federal agencies: Received: 25;
States: Needed: 93;
States: Received: 18;
Large cities: Needed: 97;
Large cities: Received: 15;
Small cities: Needed: 90;
Small cities: Received: 2.
Category: Notification of ongoing federal investigations;
Federal agencies: Needed: 88;
Federal agencies: Received: 25;
States: Needed: 90;
States: Received: 23;
Large cities: Needed: 90;
Large cities: Received: 23;
Small cities: Needed: 87;
Small cities: Received: 7.
Category: Notification of federal arrests;
Federal agencies: Needed: 81;
Federal agencies: Received: 25;
States: Needed: 90;
States: Received: 33;
Large cities: Needed: 92;
Large cities: Received: 23;
Small cities: Needed: 89;
Small cities: Received: 7.
Category: Notification of ongoing state investigations;
Federal agencies: Needed: 75;
Federal agencies: Received: 13;
States: Needed: [Empty];
States: Received: [Empty];
Large cities: Needed: 92;
Large cities: Received: 17;
Small cities: Needed: 87;
Small cities: Received: 4.
Category: Notification of state arrests;
Federal agencies: Needed: 75;
Federal agencies: Received: 13;
States: Needed: [Empty];
States: Received: [Empty];
Large cities: Needed: 94;
Large cities: Received: 16;
Small cities: Needed: 89;
Small cities: Received: 4.
Category: Notification of ongoing local investigations;
Federal agencies: Needed: 63;
Federal agencies: Received: 13;
States: Needed: 93;
States: Received: 33;
Large cities: Needed: [Empty];
Large cities: Received: [Empty];
Small cities: Needed: [Empty];
Small cities: Received: [Empty].
Category: Notification of local arrests;
Federal agencies: Needed: 63;
Federal agencies: Received: 13;
States: Needed: 88;
States: Received: 33;
Large cities: Needed: [Empty];
Large cities: Received: [Empty];
Small cities: Needed: [Empty];
Small cities: Received: [Empty].
Category: Access to classified national security information;
Federal agencies: Needed: 88;
Federal agencies: Received: 75;
States: Needed: 80;
States: Received: 28;
Large cities: Needed: 60;
Large cities: Received: 13;
Small cities: Needed: 43;
Small cities: Received: 6.
Category: Access to declassified national security information;
Federal agencies: Needed: 75;
Federal agencies: Received: 56;
States: Needed: 85;
States: Received: 45;
Large cities: Needed: 75;
Large cities: Received: 33;
Small cities: Needed: 60;
Small cities: Received: 15.
Category: Analysis of information within a regional perspective;
Federal agencies: Needed: 81;
Federal agencies: Received: 50;
States: Needed: 95;
States: Received: 25;
Large cities: Needed: 97;
Large cities: Received: 24;
Small cities: Needed: 88;
Small cities: Received: 7.
Category: Analysis of information within a national perspective;
Federal agencies: Needed: 94;
Federal agencies: Received: 63;
States: Needed: 90;
States: Received: 23;
Large cities: Needed: 87;
Large cities: Received: 21;
Small cities: Needed: 77;
Small cities: Received: 8.
Category: Analysis of information within an international perspective;
Federal agencies: Needed: 88;
Federal agencies: Received: 56;
States: Needed: 83;
States: Received: 28;
Large cities: Needed: 69;
Large cities: Received: 17;
Small cities: Needed: 64;
Small cities: Received: 4.
Source: GAO.
Note: Number of federal agency respondents = 16; number of state
respondents = 40; number of large-city respondents = 106; and number of
small-city respondents = 122.
[End of table]
[End of section]
Appendix IV: Survey Responses to Our Questions on the Elements of an
Information-Sharing Process That Are Already in Place:
GAO provided a list of criteria that it believes represents elements of
a sharing framework and asked respondents to identify which best
characterizes their current information-sharing framework. Table 10
shows that at all three levels of government, the sharing framework is
incomplete, with cities--and small cities in particular---having few
elements of a sharing framework operational.
Table 10: Survey Respondents Who Agreed That Elements of a Sharing
Framework Exists by Answering "Great" to "Very Great":
Percent:
Criteria: Clear guidance for receiving from federal authorities;
Federal agencies: 56;
States: 38;
Large cities: 34;
Small cities: 23.
Criteria: Clear guidance for providing to federal authorities;
Federal agencies: 56;
States: 63;
Large cities: 58;
Small cities: 43.
Criteria: Clear and known process for receiving from federal
authorities;
Federal agencies: 81;
States: 45;
Large cities: 46;
Small cities: 33.
Criteria: Clear and known process for providing to federal
authorities;
Federal agencies: 63;
States: 60;
Large cities: 62;
Small cities: 47.
Criteria: Clearly defined person for receiving from federal;
Federal agencies: 81;
States: 73;
Large cities: 72;
Small cities: 62.
Criteria: Clearly defined person for providing to federal;
Federal agencies: 63;
States: 73;
Large cities: 68;
Small cities: 59.
Criteria: Clear what federal authorities should provide to you;
Federal agencies: 38;
States: 38;
Large cities: 25;
Small cities: 22.
Criteria: Clear what you should provide to federal authorities;
Federal agencies: 38;
States: 50;
Large cities: 54;
Small cities: 44.
Criteria: Information received from federal authorities is timely;
Federal agencies: 38;
States: 38;
Large cities: 23;
Small cities: 14.
Criteria: Information provided to federal authorities is timely;
Federal agencies: 56;
States: 68;
Large cities: 62;
Small cities: 48.
Criteria: Information received from federal authorities is accurate;
Federal agencies: 31;
States: 48;
Large cities: 39;
Small cities: 21.
Criteria: Information provided to federal authorities is accurate;
Federal agencies: 56;
States: 80;
Large cities: 70;
Small cities: 61.
Criteria: Information received from federal authorities is relevant;
Federal agencies: 44;
States: 50;
Large cities: 40;
Small cities: 22.
Criteria: Information provided to federal authorities is relevant;
Federal agencies: 56;
States: 58;
Large cities: 60;
Small cities: 39.
Criteria: Federal authorities give feedback when you share information
with them;
Federal agencies: 13;
States: 30;
Large cities: 25;
Small cities: 15.
Criteria: You give feedback when federal authorities share information
with you;
Federal agencies: 31;
States: 65;
Large cities: 46;
Small cities: 41.
Criteria: Have resources to analyze information received from federal
authorities;
Federal agencies: 31;
States: 40;
Large cities: 42;
Small cities: 33.
Criteria: Have the resources to analyze information to give to federal
authorities;
Federal agencies: 38;
States: 38;
Large cities: 42;
Small cities: 33.
Criteria: Routinely share information with federal authorities;
Federal agencies: 69;
States: 65;
Large cities: 60;
Small cities: 36.
Criteria: Federal authorities routinely share information with you;
Federal agencies: 56;
States: 28;
Large cities: 22;
Small cities: 10.
Criteria: You are involved early in federal investigations;
Federal agencies: 13;
States: 25;
Large cities: 25;
Small cities: 22.
Criteria: Federal authorities are involved early in your
investigations;
Federal agencies: 13;
States: 38;
Large cities: 45;
Small cities: 30.
Criteria: Single credible source for receiving information/
intelligence;
Federal agencies: 13;
States: 35;
Large cities: 32;
Small cities: 30.
Criteria: Single credible source for receiving warnings and alerts;
Federal agencies: 6;
States: 50;
Large cities: 42;
Small cities: 39.
Criteria: You have access to federal law enforcement databases;
Federal agencies: 31;
States: 30;
Large cities: 25;
Small cities: 31.
Criteria: You have access to a secure, integrated Homeland Security
database;
Federal agencies: 19;
States: 25;
Large cities: 12;
Small cities: 20.
Criteria: You participate in national policy making process;
Federal agencies: 38;
States: 25;
Large cities: 8;
Small cities: 7.
Criteria: Have clearance needed to access information;
Federal agencies: 81;
States: 40;
Large cities: 32;
Small cities: 26.
Criteria: Can meet provisions to secure, maintain & destroy classified
information;
Federal agencies: 81;
States: 55;
Large cities: 41;
Small cities: 41.
Source: GAO.
Note: Number of federal agency respondents = 16; number of state
respondents = 40; number of large-city respondents = 106; and number of
small-city respondents = 122.
[End of table]
[End of section]
Appendix V: Survey Responses to Perceived Barriers Faced by States/
Cities in Providing the Federal Government with Information:
We asked state, large-city and small-city respondents to identify what
they perceive to be factors that hinder their organizations from
providing federal authorities with homeland security information or
intelligence. In contrast to the several barriers identified by federal
respondents to providing state and local officials with information and
intelligence, table 11 shows that states and city respondents
identified the lack of integrated databases as the only significant
barrier.
Table 11: Great to Very-Great Barriers to Providing Federal Authorities
with Information and Intelligence:
Percent:
Legal barriers; Federal agencies: 13; States: 3;
Large cities: 4; Small cities: 3.
Federal authorities' lack of interest in information to be provided;
Federal agencies: 6; States: 10; Large
cities: 6; Small cities: 7.
Culture of "information superiority"; Federal agencies: 6;
States: 3; Large cities: 4; Small cities: 5.
Concerns about jeopardizing ongoing investigations; Federal
agencies: 13; States: 0; Large cities: 3;
Small cities: 3.
Lack of confidence in ability to limit disclosure of information;
Federal agencies: 6; States: 0; Large
cities: 5; Small cities: 0.
Lack of confidence in ability to manage investigations;
Federal agencies: 6; States: 0; Large cities: 3;
Small cities: 0.
Concerns about disclosing sources and methods; Federal
agencies: 6; States: 0; Large cities: 5;
Small cities: 2.
Lack of integration of databases; Federal agencies: 38;
States: 43; Large cities: 32; Small cities:
29.
Source: GAO.
Note: Number of federal agency respondents = 16; number of state
respondents = 40; number of large-city respondents = 106; and number of
small-city respondents = 122.
[End of table]
[End of section]
Appendix VI: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
July 31, 2003:
Raymond J. Decker Director:
U.S. General Accounting Office Washington, DC 20548:
Dear Mr. Decker:
Thank you for the opportunity to comment on your draft report, HOMELAND
SECURITY. Efforts to Improve Information Sharing Need to be
Strengthened (GAO-03-760). We generally concur with the report and its
recommendations. Information sharing is an essential tenet of the
National Strategy for Homeland Security. Recognizing this need, our
processes to share information with our many partners is a priority for
the Department.
As you noted, most of your fieldwork was performed before the
Department of Homeland Security (DHS) became operational in March 2003.
Since the Department was created on January 24, 2003, and all of its
component agencies and personnel reported to it on March l, 2003, we
have made significant strides to improve information sharing. For
example, DHS is in the process of providing secure phones to the
Governors and security clearances to the Homeland Security Advisors in
every state so that relevant classified and other appropriate sensitive
information can be shared. Even more important to the sharing of threat
information with the state and local first responders who need it,
however, is our increased focus on producing unclassified "tear-line"
reporting whenever possible.
We note that much of the report is based on opinion data. We also note
your footnote on page 21 that you "did not determine if these needs
(for information) were valid." We agree that "One reason that states
and cities may not receive needed threat information is that the
information may not be available." This is often the case.
Not surprisingly, however, after just five months in operation, the
Department is still formulating internal and external interfaces and
protocols on many aspects of the complex issue of information sharing.
The July 29, 2003, Executive Order on Homeland Security Information
Sharing will assist us in these internal and external deliberations. We
would caution that the difficulties of developing and rolling out a
first draft of the national homeland security enterprise architecture
with appropriate inter-agency coordination could go beyond the
September 2003 target that was cited in the report. The
security considerations alone require a thoughtful, prudent and
deliberate approach to this important issue.
We look forward to continuing a dialogue with you as we jointly
cooperate to protect and defend America.
Sincerely,
Gordon England,
Deputy Secretary:
Signed by Gordon England:
[End of section]
Appendix VII: Comments from the Department of Defense:
OFFICE OF THE UNDER SECRETARY OF DEFENSE 5000 DEFENSE PENTAGON
WASHINGTON, DC 20301-5000:
June 24, 2003:
INTELLIGENCE:
Mr. Raymond J. Decker:
Director, Defense Capabilities and Management U.S. General Accounting
Office:
Washington, DC 20548:
Dear Mr. Decker:
This is the Department of Defense (DoD) response to the GAO draft
report, "HOMELAND SECURITY: Efforts to Improve Information Sharing Need
to be Strengthened," dated May 27, 2003 (GAO Code 350240).
The DoD is in general agreement with the report as written. Specific
comments are attached.
Thank you for the opportunity to respond to the GAO draft report and
for the courtesies extended by your staff in the conduct of this
review.
Sincerely,
Carol A. Haave
Deputy Assistant Secretary of Defense (Security and Information
Operations):
Signed by Carol A. Haave:
Enclosure: As stated:
GAO DRAFT REPORT DATED MAY 27, 2003 GAO-03-760 (GAO CODE 350240):
"HOMELAND SECURITY: EFFORTS TO IMPROVE INFORMATION SHARING NEED TO BE
STRENGTHENED":
DEPARTMENT OF DEFENSE COMMENTS TO THE GAO RECOMMENDATIONS:
RECOMMENDATION 1: The GAO recommended that the Secretary of Homeland
Security, in developing its enterprise architecture, work with the
Attorney General of the United States, the Secretary of Defense, the
Director of the Office of Management and Budget, the Director of the
Central Intelligence Agency, and other appropriate federal, state and
city authorities, and the private sector, to ensure that the enterprise
architecture efforts incorporate the existing information-sharing
guidance that is contained in the various national strategies and the
information sharing procedures required by the Homeland Security Act to
be established by the President. (p. 31 /GAO Draft Report):
DOD RESPONSE: Concur:
RECOMMENDATION 2: The GAO recommended that the Secretary of Homeland
Security, in developing its enterprise architecture, work with the
Attorney General of the United States, the Secretary of Defense, the
Director of the Office of Management and Budget, the Director of the
Central Intelligence Agency, and other appropriate federal, state and
city authorities, and the private sector, to ensure that the enterprise
architecture efforts establish a clearinghouse to coordinate the
various information sharing initiatives to eliminate possible confusion
and duplication of effort.
(p. 31 /GAO Draft Report):
DOD RESPONSE: Concur:
RECOMMENDATION 3: The GAO recommended that the Secretary of Homeland
Security, in developing its enterprise architecture, work with the
Attorney General of the United States, the Secretary of Defense, the
Director of the Office of Management and Budget, the Director of the
Central Intelligence Agency, and other appropriate federal, state and
city authorities, and the private sector, to ensure that the enterprise
architecture efforts fully integrate states and cities in the national
policy making process for information sharing and take steps to provide
greater assurance that actions at all levels of government are mutually
reinforcing. (p. 31/GAO Draft Report):
DOD RESPONSE: Concur:
RECOMMENDATION 4: The GAO recommended that the Secretary of Homeland
Security, in developing its enterprise architecture, work with the
Attorney General of the United States, the Secretary of Defense, the
Director of the Office of Management and Budget, the Director of the
Central Intelligence Agency, and other appropriate federal, state and
city authorities, and the private sector, to ensure that the enterprise
architecture efforts identify and address the perceived barriers to
federal information sharing. (p. 31/GAO Draft Report):
DOD RESPONSE: Concur:
RECOMMENDATION 5: The GAO recommended that the Secretary of Homeland
Security, in developing its enterprise architecture, work with the
Attorney General of the United States, the Secretary of Defense, the
Director of the Office of Management and Budget, the Director of the
Central Intelligence Agency, and other appropriate federal, state and
city authorities, and the private sector, to ensure that the enterprise
architecture efforts include the use of survey methods or related data
collection approaches to determine over time, the needs of private and
public organizations for information related to homeland security and
to measure progress in improving information sharing at all levels of
government. (p. 31/GAO Draft Report):
DOD RESPONSE: Concur:
[End of section]
Appendix VIII: Comments from the Department of Justice:
U.S. Department of Justice:
Washington, D.C. 20530:
June 25, 2003:
Raymond J. Decker:
Director, Diffuse Threats Issues Defense Capabilities and Management
U.S. General Accounting Office:
441 G Street, NW Washington, DC 20548:
Dear Mr. Decker:
On May 27, 2003, you provided the Department of Justice (DOJ) with a
copy of the General Accounting Office (GAO) draft report entitled
"HOMELAND SECURITY: Efforts to Improve Information Sharing Needs to be
Strengthened" (GAO 03-760/350240), with a request for comments by June
25, 2003. We appreciate the opportunity to review the draft report.
The draft report reaches sweeping and extraordinarily negative
conclusions about the adequacy of the governmental sharing of
information in order to prevent acts of terrorism. We believe that
these conclusions are fundamentally incorrect and unsupported by
reliable evidence. A critical element in any valid evaluation of
government information sharing for homeland security purposes is a
review of the adequacy of intelligence sharing. As we previously
advised GAO staff, however, the review of intelligence activities is an
arena that is beyond GAO's purview. For this reason, we declined to:
provide GAO with information on intelligence sharing. Additionally, we
understand that the draft report relies substantially upon information
from a survey of agency views. However, for reasons that we also
discussed with GAO staff, neither this Department nor the Central
Intelligence Agency participated in that survey.
To assist Congress in fulfilling its oversight responsibilities, the
executive branch regularly provides information and briefings to the
congressional intelligence committees, and on occasion to other
committees, including information about intelligence sharing within the
federal government and with state and local officials. To provide
information on intelligence sharing to GAO, however, would represent a
departure from the long-standing practice of Congress and the executive
branch regarding the oversight
of intelligence activities. Although as a result of this long-standing
practice GAO may not be able to present the Congress with useful
information on the intelligence activities of the executive branch, we
are confident that Congress is receiving directly sufficient
information on these activities to make informed decisions on the
budget and other legislation.
If you have any questions concerning the Department's comments in this
matter, please feel free to contact Vickie L. Sloan, Director, Audit
Liaison Office, Justice Management Division on (202) 514-0469.
Sincerely,
Paul R. Corts:
Assistant Attorney General for Administration:
Signed by Paul R. Corts:
[End of section]
Appendix IX: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
Raymond J. Decker (202) 512-6020 Brian J. Lepore (202) 512-4523:
Acknowledgments:
In addition to those named above, Lorelei St. James, Patricia Sari-
Spear, Tinh Nguyen, Rebecca Shea, Adam Vodraska, and R.K. Wild made key
contributions to this report.
[End of section]
Related GAO Products:
Information Technology: Terrorist Watch Lists Should Be Consolidated to
Promote Better Integration and Sharing. GAO-03-322. Washington, D.C:
April 15, 2003.
Combating Terrorism: Observations on National Strategies Related to
Terrorism. GAO-03-519T. Washington, D.C: March 3, 2003.
Homeland Security: Effective Intergovernmental Coordination Is Key
to Success. GAO-02-1013T. Washington, D.C: August 23, 2002.
Homeland Security: Key Elements to Unify Efforts Are Underway but
Uncertainty Remains. GAO-02-610. Washington, D.C: June 7, 2002.
Information Sharing: Practices That Can Benefit Critical Infrastructure
Protection. GAO-02-24. Washington, D.C: October 15, 2001.
Combating Terrorism: Selected Challenges and Related Recommendations.
GAO-01-822. Washington, D.C: September 20, 2001.
FBI Intelligence Investigations: Coordination within Justice on
Counterintelligence Criminal Matters Is Limited. GAO-01-780.
Washington, D.C: July 16, 2001.
FOOTNOTES
[1] An enterprise architecture can be viewed as a blueprint that
describes an entity's operational and technical environments. The
blueprint includes descriptive models of the entity's current and
future business and technical environments, along with a roadmap for
transitioning from the current to the future environment.
[2] Public Law 107-296, enacted Nov. 25, 2002.
[3] The President has assigned responsibility for this function to the
Secretary of Homeland Security. Executive Order 13311, Homeland
Security Information Sharing, July 29, 2003.
[4] Office of the President, The National Strategy for Homeland
Security (Washington, D.C: July 2002).
[5] Office of the President, The National Strategy for the Physical
Protection of Critical Infrastructures and Key Assets (Washington,
D.C: February 2003).
[6] The federal government perceived that more barriers exist to
providing states and cities with information than states and cities
perceived.
[7] See U.S. General Accounting Office, Homeland Security: Key Elements
to Unify Efforts Are Underway but Uncertainty Remains, GAO-02-610
(Washington, D.C., June 7, 2002).
[8] The intelligence community consists of the Office of the Director
of Central Intelligence (who is also the head of the intelligence
community); the Central Intelligence Agency; the National Security
Agency; the Defense Intelligence Agency; the National Imagery and
Mapping Agency; the National Reconnaissance Office; other offices
within the Department of Defense for the collection of specialized
national intelligence through reconnaissance programs; the
intelligence elements of the Army, Navy, Marine Corps, and Air Force,
the Federal Bureau of Investigation, the Department of the Treasury,
the Department of Energy, and the Coast Guard; the Bureau of
Intelligence and Research of the Department of State, the elements of
the Department of Homeland Security concerned with the analyses of
foreign intelligence information; and such other elements of any other
department or agency as may be designated by the President, or
designated jointly by the Director of Central Intelligence and the head
of the department or agency concerned, as an element of the
intelligence community.
[9] The National Security Act of 1947 prohibited the Central
Intelligence Agency from having police, subpoena, law enforcement
powers, or internal security functions. The intention of the law was to
hold intelligence separate and distinct from law enforcement
activities. The investigations of improper domestic intelligence
gathering in the 1970s led to further delineation of the separation
between intelligence and law enforcement functions.
[10] Public Law 95-511 (codified, as amended, at 50 U.S.C. §§ 1801-
1811, 1821-1829, 1841-1846, 1861-63).
[11] Public Law 107-56 (enacted Oct. 26, 2001), the Uniting and
Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism Act (USA PATRIOT Act) of 2001.
[12] "Counterterrorism Information Sharing with Other Federal Agencies,
and with State and Local Governments and the Private Sector." Testimony
before the Select Committee on Intelligence, U.S. Senate: Joint
Investigation, by Eleanor Hill, Director, Joint Inquiry Staff,
Oct. 1, 2002.
[13] Executive Order No. 13311, Homeland Security Information Sharing,
July 29, 2003.
[14] See U.S. General Accounting Office, Combating Terrorism:
Observations on National Strategies Related to Terrorism, GAO-03-519T
(Washington, D.C: Mar. 3, 2003) for a list of 10 strategies relating
to terrorism. The National Money Laundering Strategy (July 2002) also
calls for enhanced information sharing with the financial community to
identify methods used by terrorist supporters to raise money.
[15] We did not attempt to build a comprehensive list of all sharing
initiatives. In our discussions with officials from all levels of
government and from our survey, we were able to identify some
initiatives that were ongoing.
[16] In July 2002, the Office of Homeland Security published a
document, State and Local Actions for Homeland Security, in which the
office asked states, cities, and county governments to list initiatives
for homeland security. However, we were unable to meet with the Office
of Homeland Security to determine how this information will be used.
[17] Testimony given by Eleanor Hill, Director of Joint Inquiry, before
the Joint Intelligence Committee, U.S. Congress, from September 18,
2002, and October 17, 2002.
[18] Advisory Panel to Assess Domestic Response Capabilities for
Terrorism Involving Weapons of Mass Destruction, Fourth Annual Report
IV, Implementing the National Strategy (Arlington, Va: Dec. 15, 2002).
The Advisory Panel, chaired by former Virginia Governor James Gilmore,
was established by section 1405 of the National Defense Authorization
Act for Fiscal Year 1999, Public Law 105-261.
[19] U.S. General Accounting Office, Homeland Security: Key Elements to
Unify Efforts Are Underway but Uncertainty Remains. GAO-02-610
(Washington, D.C: June 7, 2002) and National Preparedness: Integrating
New and Existing Technology and Information Sharing into an Effective
Homeland Security Strategy, GAO-02-811T (Washington, D.C: June 7,
2002).
[20] U.S. General Accounting Office, Information Technology: Terrorist
Watch Lists Should Be Consolidated to Promote Better Integration and
Sharing, GAO-03-322 (Washington, D.C: Apr. 15, 2003). This is an
example of a lack of effective integration.
[21] Major Cities Chiefs Association, Terrorism, the Impact on State
and Local Law Enforcement, Intelligence Commanders Conference Report
(June 2002). (http://www.neiassociates.org/mccintelligencereport.pdf)
[22] National Governors' Center for Best Practices, Improving Public
Safety Through Justice Information Sharing (Washington, D.C:
March 2002).
[23] Statement of the President of the International Association of
Chiefs of Police before the Committee on Governmental Affairs, U.S.
Senate, June 26, 2002.
[24] For the purpose of this report, we consider information as
extremely important to providing homeland security if respondents
reported that they "needed" or "critically needed" the types of
information that we listed in our survey. We did not determine if these
needs were valid.
[25] Areas where respondents indicated that they were receiving more
than 50 percent of the information they seek included broad threat
information (ranging from 57 to 75 percent), and, for the federal
government respondents only, analysis of information within a national
and international perspective (63 and 56 percent, respectively), and
access to classified national security information (75 percent).
[26] The Homeland Security Act requires the President to address the
sharing of classified information with state and local personnel in
establishing procedures for facilitating homeland security information
sharing.
[27] In our survey, we listed over 20 elements of a sharing framework
we believe would need to be in place at the various levels of
government and would indicate that the states and cities were
integrated into the sharing process. Some of these elements are
"receiving feedback," "having resources to analyze information," and
"routinely sharing information with others." See app. IV for the survey
results for this question.
[28] On March 4, 2003, the Director of Central Intelligence, the
Attorney General, and the Secretary of Homeland Security signed an
information-sharing memorandum. It is intended to mandate requirements
and procedures for information sharing, use, and handling of analytic
judgments among the federal intelligence community.
[29] Advisory Panel to Assess Domestic Response Capabilities for
Terrorism Involving Weapons of Mass Destruction, Dec. 15, 2002. Trusted
agents would be state, local, and private-sector officials that would
be given national security clearances in order to have better access to
information.
[30] Congress also found that methods exist to declassify, redact, or
otherwise adapt classified information so that it may be shared with
state and local personnel without the need for granting additional
security clearances.
[31] See Markle Foundation, Protecting America's Freedom in the
Information Age: A Report of the Markle Foundation Task Force,
(Washington, D.C: Oct. 2002).
[32] See U.S. General Accounting Office, Homeland Security: Information
Sharing Responsibilities, Challenges, and Key Management Issues, GAO-
03-715T (Washington, D.C: May 8, 2003).
[33] These include narrow legal limitations on our access to certain
"unvouchered" accounts of the Central Intelligence Agency and on our
authority to compel our access to foreign intelligence and
counterintelligence information. For more detail, see our testimony,
U.S. General Accounting Office, Central Intelligence Agency:
Observations on GAO Access to Information on CIA Programs and
Activities, GAO-01-975T, (Washington, D.C., July 18, 2001).
GAO's Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW,
Room LM Washington,
D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.
20548:
