Combating Terrorism
Evaluation of Selected Characteristics in National Strategies Related to Terrorism Gao ID: GAO-04-408T February 3, 2004Following the terrorist attacks of September 11, 2001, the Bush administration developed and published seven national strategies that relate, in part or in whole, to combating terrorism and homeland security. These were National Security Strategy of the United States of America; National Strategy for Homeland Security; National Strategy for Combating Terrorism; National Strategy to Combat Weapons of Mass Destruction; National Strategy for the Physical Protection of Critical Infrastructure and Key Assets; National Strategy to Secure Cyberspace; and the 2002 National Money Laundering Strategy. In view of heightened concerns about terrorism and homeland security, GAO was asked to identify and define the desirable characteristics of an effective national strategy and to evaluate whether the national strategies related to terrorism address those characteristics. The purpose of this testimony is to report on GAO's findings on this matter.
National strategies are not required by either executive or legislative mandate to address a single, consistent set of characteristics. However, based on a review of numerous sources, GAO identified a set of desirable characteristics to aid responsible parties in further developing and implementing the strategies--and to enhance their usefulness in resource and policy decisions and to better assure accountability. The characteristics GAO identified are: (1) purpose, scope, and methodology; (2) problem definition and risk assessment; (3) goals, subordinate objectives, activities, and performance measures; (4) resources, investments, and risk management; (5) organizational roles, responsibilities, and coordination; and (6) integration and implementation. GAO found considerable variation in the extent to which the seven strategies related to combating terrorism and homeland security address the desirable characteristics. A majority of the strategies at least partially address the six characteristics. However, none of the strategies addresses all of the elements of resources, investments, and risk management; or integration and implementation. Even where the characteristics are addressed, improvements could be made. For example, while the strategies identify goals, subordinate objectives, and specific activities, they generally do not discuss or identify priorities, milestones, or performance measures-- elements that are desirable for evaluating progress and ensuring effective oversight. On the whole, the National Strategy for Homeland Security and the National Strategy for the Physical Protection of Critical Infrastructure and Key Assets address the greatest number of desirable characteristics, while the National Security Strategy and the National Strategy to Combat Weapons of Mass Destruction address the fewest.
GAO-04-408T, Combating Terrorism: Evaluation of Selected Characteristics in National Strategies Related to Terrorism
This is the accessible text file for GAO report number GAO-04-408T
entitled 'Combating Terrorism: Evaluation of Selected Characteristics
in National Strategies Related to Terrorism' which was released on
February 03, 2004.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Subcommittee on National Security, Emerging Threats, and International
Relations, Committee on Government Reform, House of Representatives:
United States General Accounting Office:
GAO:
For Release on Delivery Expected at 10:00 a.m. EST:
Tuesday, February 3, 2004:
Combating Terrorism:
Evaluation of Selected Characteristics in National Strategies Related
to Terrorism:
Statement of Randall A. Yim, Managing Director:
Homeland Security and Justice Issues:
GAO-04-408T:
GAO Highlights:
Highlights of GAO-04-408T, testimony before the Subcommittee on
National Security, Emerging Threats, and International Relations,
Committee on Government Reform, House of Representatives
Why GAO Did This Study:
Following the terrorist attacks of September 11, 2001, the Bush
administration developed and published seven national strategies that
relate, in part or in whole, to combating terrorism and homeland
security. These were the:
* National Security Strategy of the United States of America.
* National Strategy for Homeland Security.
* National Strategy for Combating Terrorism.
* National Strategy to Combat Weapons of Mass Destruction.
* National Strategy for the Physical Protection of Critical
Infrastructure and Key Assets.
* National Strategy to Secure Cyberspace.
* 2002 National Money Laundering Strategy.
In view of heightened concerns about terrorism and homeland security,
GAO was asked to identify and define the desirable characteristics of
an effective national strategy and to evaluate whether the national
strategies related to terrorism address those characteristics. The
purpose of this testimony is to report on GAO‘s findings on this
matter.
What GAO Found:
National strategies are not required by either executive or
legislative mandate to address a single, consistent set of
characteristics. However, based on a review of numerous sources, GAO
identified a set of desirable characteristics to aid responsible
parties in further developing and implementing the strategies”and to
enhance their usefulness in resource and policy decisions and to
better assure accountability. The characteristics GAO identified are:
(1) purpose, scope, and methodology; (2) problem definition and risk
assessment; (3) goals, subordinate objectives, activities, and
performance measures; (4) resources, investments, and risk management;
(5) organizational roles, responsibilities, and coordination; and (6)
integration and implementation.
GAO found considerable variation in the extent to which the seven
strategies related to combating terrorism and homeland security
address the desirable characteristics. A majority of the strategies at
least partially address the six characteristics. However, none of the
strategies addresses all of the elements of resources, investments,
and risk management; or integration and implementation. Even where the
characteristics are addressed, improvements could be made. For
example, while the strategies identify goals, subordinate objectives,
and specific activities, they generally do not discuss or identify
priorities, milestones, or performance measures”elements that are
desirable for evaluating progress and ensuring effective oversight. On
the whole, the National Strategy for Homeland Security and the
National Strategy for the Physical Protection of Critical
Infrastructure and Key Assets address the greatest number of desirable
characteristics, while the National Security Strategy and the National
Strategy to Combat Weapons of Mass Destruction address the fewest.
What GAO Recommends:
www.gao.gov/cgi-bin/getrpt?GAO-04-408T.
To view the full product, including the scope and methodology, click
on the link above. For more information, contact Randall A. Yim at
(202) 512-6787 or YimR@gao.gov.
[End of section]
Mr. Chairman and Members of the Subcommittee:
I appreciate the opportunity to be here today to participate in this
hearing that examines the various national strategies published by the
Bush Administration following the terrorist attacks of September 11,
2001. These strategies represent the administration's guidance to the
federal state, local, private, and international sectors, for combating
terrorism and securing the homeland and, equally important, for
sustaining efforts into the future. Specifically, these seven
strategies cover a broad range of related topics--from preparing
against terrorist attacks to combating weapons of mass destruction,
protecting our physical infrastructure, securing cyberspace, and
blocking terrorist financing. The new strategies accompany the federal
government's biggest reorganization in more than 50 years, resulting in
the creation of a new Department of Homeland Security (DHS) to address
the new threat environment.
Based upon heightened concerns about terrorism and homeland security,
the Subcommittee asked us (1) to identify and define the
characteristics of an effective national strategy and (2) to evaluate
whether the strategies related to terrorism address those
characteristics. This work expands upon our testimony to the
Subcommittee in March 2003 and a related report in May 2003, as well as
prior work for this Subcommittee and other committees over the past 7
years.[Footnote 1]
After providing some background on the strategies related to terrorism,
my statement will identify a set of desirable characteristics for any
effective national strategy and compare and contrast the extent to
which each of the strategies we address contains such characteristics.
We believe these desirable characteristics would help shape the
policies, programs, priorities, resource allocations, and standards
that would enable federal agencies and other stakeholders to implement
the strategies and achieve the identified results. We hope that the
value of our review lies in assisting the evolution and implementation
of these national strategies, so that homeland security efforts
nationwide are clear, sustainable, and integrated into agency,
governmental, and private sector missions; and, further, that these
efforts are balanced with other important priorities, and transparent
enough to ensure accountability.
We recognize the difficulty of the tasks presented to the strategy
developers--and that national strategies are only starting points for
federal agencies and other parties responsible for developing more
detailed implementation plans. In some areas, so much needed to be done
quickly that even general strategic statements added value. Some of the
differences in detail in the national strategies may be attributed to
their different breadths of scope and/or the maturity levels in their
underlying program activities. We hope it is instructive to compare and
contrast these strategies not only to each other, but also with other
complex strategic planning efforts, so that the value of the strategies
as guidance is enhanced and the timeframe for further refinements and
implementation is expedited, given the critical nature of our homeland
security efforts.
The new or updated national strategies released in the past 2 years
that relate to combating terrorism and homeland security, in part or in
whole, are:
* The National Security Strategy of the United States of America,
September 2002.
* The National Strategy for Homeland Security, July 2002.
* The National Strategy for Combating Terrorism, February 2003.
* The National Strategy to Combat Weapons of Mass Destruction, December
2002.
* The National Strategy for the Physical Protection of Critical
Infrastructure and Key Assets, February 2003.
* The National Strategy to Secure Cyberspace, February 2003.
* The 2002 National Money Laundering Strategy, July 2002.
As agreed with your staff, we will report separately on the classified
National Military Strategic Plan for the War on Terrorism.
Summary:
National strategies are not required by executive or legislative
mandate to address a single, consistent set of characteristics, and
they contain varying degrees of detail based on their different scopes.
Furthermore, we found there was no commonly accepted set of
characteristics used for an effective national strategy. Nonetheless,
after consulting numerous sources, we identified a set of desirable
characteristics that we believe would provide additional guidance to
responsible parties for developing and implementing the strategies--and
to enhance their usefulness as guidance for resource and policy
decision-makers and to better ensure accountability. Those
characteristics are: (1) a statement of purpose, scope, and
methodology; (2) problem definition and risk assessment; (3) goals,
subordinate objectives, activities, and performance measures; (4)
resources, investments, and risk management; (5) organizational roles,
responsibilities, and coordination; and (6) integration and
implementation. We identified these desirable characteristics by
consulting statutory requirements pertaining to certain strategies we
reviewed, as well as legislative and executive branch guidance for
other national strategies. In addition, we studied the Government
Performance and Results Act of 1993 (GPRA); general literature on
strategic planning and performance; and guidance from the Office of
Management and Budget (OMB) on the President's Management Agenda. We
also gathered published recommendations made by national commissions
chartered by Congress; past GAO work; and various research
organizations that have commented on national strategies.
The seven national strategies related to homeland security and
combating terrorism vary considerably in the extent to which they
address the desirable characteristics that we identified. All seven
strategies we reviewed partially address goals, subordinate objectives,
activities, and performance measures. Four of the strategies address
problem definition and risk assessment, while one strategy partially
addresses that characteristic. And a majority of the strategies at
least partially address the four other characteristics: purpose, scope,
and methodology; resources, investments, and risk management;
organizational roles, responsibilities, and coordination; and
integration and implementation. However, none of the strategies
addresses all of the elements of resources, investments, and risk
management; or integration and implementation. Furthermore, even where
the strategies address certain elements of the characteristics, there
is room for improvement. For example, while the strategies identify
goals, subordinate objectives, and specific activities, they generally
do not discuss or identify priorities, milestones, or performance
measures--elements that we consider to be desirable for evaluating
progress, achieving results, and ensuring effective oversight. On the
whole, the National Strategy for Homeland Security and the National
Strategy for the Physical Protection of Critical Infrastructure and Key
Assets address the greatest number of the desirable characteristics,
while the National Security Strategy and the National Strategy to
Combat Weapons of Mass Destruction address the fewest. Table 1 shows
the extent that the strategies address, partially address, or do not
address our characteristics.
Table 1: National Strategies and the Extent they Address GAO's
Desirable Characteristics:
National Strategy (short titles): National Security;
Purpose, scope, and methodology: Does not address;
Problem definition and risk assessment: Does not address;
Goals, subordinate objectives, activities, and performance measures:
Partially addresses;
Resources, investments, and risk management: Does not address;
Organizational roles, responsibilities, and coordination: Does not address;
Integration and implementation: Does not address.
National Strategy (short titles): Homeland Security;
Purpose, scope, and methodology: Addresses;
Problem definition and risk assessment: Addresses;
Goals, subordinate objectives, activities, and performance measures:
Partially addresses;
Resources, investments, and risk management: Partially addresses;
Organizational roles, responsibilities, and coordination: Addresses;
Integration and implementation: Partially addresses.
National Strategy (short titles): Combating Terrorism;
Purpose, scope, and methodology: Partially addresses;
Problem definition and risk assessment: Addresses;
Goals, subordinate objectives, activities, and performance measures:
Partially addresses;
Resources, investments, and risk management: Does not address;
Organizational roles, responsibilities, and coordination: Partially
addresses;
Integration and implementation: Partially addresses.
National Strategy (short titles): Weapons of Mass Destruction;
Purpose, scope, and methodology: Does not address;
Problem definition and risk assessment: Does not address;
Goals, subordinate objectives, activities, and performance measures:
Partially addresses;
Resources, investments, and risk management: Does not address;
Organizational roles, responsibilities, and coordination: Partially
addresses;
Integration and implementation: Partially addresses.
National Strategy (short titles): Physical Infrastructure;
Purpose, scope, and methodology: Addresses;
Problem definition and risk assessment: Addresses;
Goals, subordinate objectives, activities, and performance measures:
Partially addresses;
Resources, investments, and risk management: Partially addresses;
Organizational roles, responsibilities, and coordination: Partially
Addresses;
Integration and implementation: Partially addresses.
National Strategy (short titles): Secure Cyberspace;
Purpose, scope, and methodology: Partially addresses;
Problem definition and risk assessment: Addresses;
Goals, subordinate objectives, activities, and performance measures:
Partially addresses;
Resources, investments, and risk management: Partially addresses;
Organizational roles, responsibilities, and coordination: Partially
Addresses;
Integration and implementation: Partially addresses.
National Strategy (short titles): Money Laundering;
Purpose, scope, and methodology: Partially addresses;
Problem definition and risk assessment: Partially addresses;
Goals, subordinate objectives, activities, and performance measures:
Partially addresses;
Resources, investments, and risk management: Partially addresses;
Organizational roles, responsibilities, and coordination: Partially
addresses;
Integration and implementation: Partially addresses.
Source: GAO analysis.
Note: Per our methodology, a strategy "addresses," a characteristic
when it explicitly cites all elements of a characteristic, even if it
lacks specificity and details and thus could be improved upon. A
strategy "partially addresses" a characteristic when it explicitly
cites some, but not all elements of a characteristic. Within our
designation of "partially addresses" there is a wide variation between
a strategy that addresses most of the elements of a characteristic and
a strategy that addresses few of the elements of a characteristic. A
strategy "does not address" a characteristic when it does not
explicitly cite or discuss any elements of a characteristic, and/or any
implicit references are either too vague or general. See appendix I for
more details on our methodology.
[End of table]
Background:
Seven National Strategies Related to Combating Terrorism Released Since
September 11 Attacks:
In the wake of the terrorist attacks on September 11, 2001, seven new
national strategies were developed and published to help guide U.S.
efforts to combat terrorism. Of these, five were newly published
strategies that related to specific aspects of homeland security and
combating terrorism, such as weapons of mass destruction, protecting
physical infrastructure, and securing cyberspace. Two strategies, the
National Security Strategy of the United States of America and the 2002
National Money Laundering Strategy, were updated from pre-September 11
versions to specifically include terrorism. "Terrorism" may be
generally defined as politically motivated violence to coerce a
government or civilian population. "Combating terrorism" refers to the
full range of policies, programs, and activities to counter terrorism,
both at home and abroad. There is a further distinction within
"combating terrorism," with "homeland security" referring to domestic
efforts and "combating terrorism overseas" referring to international
efforts.[Footnote 2] Some of these national strategies were specific to
combating terrorism, while others involved terrorism to lesser degrees.
Table 2 describes the new national strategies related to combating
terrorism.
Table 2: National Strategies Related to Combating Terrorism:
Strategy: National Security Strategy of the United States of America; *
Issued by the President, September 2002; Description of strategy: The
National Security strategy provides a broad framework for strengthening
U.S. security in the future. It identifies the national security goals
of the United States, describes the foreign policy and military
capabilities necessary to achieve those goals, evaluates the current
status of these capabilities, and explains how national power will be
structured to utilize these capabilities. It devotes a chapter to
combating terrorism that focuses on the disruption and destruction of
terrorist organizations, the winning of the "war of ideas," the
strengthening of homeland security, and the fostering of cooperation
with allies and international organizations to combat terrorism.
Strategy: National Strategy for Homeland Security; * Issued by the
President, July 2002; Description of strategy: The Homeland Security
strategy addresses the threat of terrorism in the United States by
organizing the domestic efforts of federal, state, local, and private
organizations. It aligns and focuses homeland security functions into
six critical mission areas, set forth as (1) intelligence and warning,
(2) border and transportation security, (3) domestic counterterrorism,
(4) protecting critical infrastructure and key assets, (5) defending
against catastrophic threats, and (6) emergency preparedness and
response. Additionally, it describes four foundations that cut across
all the mission areas, across all levels of government, and across all
sectors of society as being (1) law, (2) science and technology, (3)
information sharing and systems, and (4) international cooperation. It
also addresses the costs of homeland security and future priorities.
Strategy: National Strategy for Combating Terrorism; * Issued by the
President, February 2003; Description of strategy: The Combating
Terrorism strategy elaborates on the terrorism aspects of the National
Security strategy by expounding on the need to destroy terrorist
organizations, win the "war of ideas," and strengthen security at home
and abroad. Unlike the Homeland Security strategy that focuses on
preventing terrorist attacks within the United States, the Combating
Terrorism strategy focuses on identifying and defusing threats before
they reach the borders of the United States. In that sense, although it
has defensive elements, this strategy is an offensive strategy to
complement the defensive Homeland Security strategy.
Strategy: National Strategy to Combat Weapons of Mass Destruction; *
Issued by the President, December 2002; Description of strategy: The
Weapons of Mass Destruction strategy presents a national strategy to
combat weapons of mass destruction (WMD) through three major efforts:
(1) nonproliferation, (2) counterproliferation, and (3) consequence
management in WMD incidents. The plan addresses the production and
proliferation of WMD among nations, as well as the potential threat of
terrorists using WMD agents.
Strategy: National Strategy for the Physical Protection of Critical
Infrastructures and Key Assets; * Issued by the President, February
2003; Description of strategy: The Physical Infrastructure strategy
provides a statement of national policy to remain committed to
protecting critical infrastructures and key assets from terrorist
attacks and is based on eight guiding principles, including
establishing responsibility and accountability, encouraging and
facilitating partnering among all levels of government and between
government and industry, and encouraging market solutions wherever
possible and government intervention when needed. The strategy also
establishes three strategic objectives. The first is to identify and
assure the protection of the most critical assets, systems, and
functions, in terms of national level public health and safety,
governance, and economic and national security and public confidence.
The second is to ensure protection of infrastructures and assets facing
specific, imminent threats. The third is to pursue collaborative
measures and initiatives to ensure the protection of other potential
targets that may become attractive over time.
Strategy: National Strategy to Secure Cyberspace; * Issued by the
President, February 2003; Description of strategy: The Secure
Cyberspace strategy is intended to provide an initial framework for
both organizing and prioritizing efforts to protect our nation's
cyberspace. Also, it is to provide direction to federal departments and
agencies that have roles in cyberspace security and to identify steps
that state and local governments, private companies and organizations,
and individual Americans can take to improve the nation's collective
cybersecurity. The strategy is organized according to five national
priorities, with major actions and initiatives identified for each.
These priorities are: (1) a National Cyberspace Security Response
System, (2) a National Cyberspace Security Threat and Vulnerability
Reduction Program, (3) a National Cyberspace Security Awareness and
Training Program, (4) Securing Governments' Cyberspace, and (5)
National Security and International Cyberspace Security Cooperation. In
describing the threats to, and vulnerabilities of, our nation's
cyberspace, the strategy highlights the potential for damage to U.S.
information systems from attacks by terrorist organizations.
Strategy: 2002 National Money Laundering Strategy; * Issued by the
Secretary of the Treasury and the Attorney General, July 2002;
Description of strategy: The Money Laundering strategy is intended to
support planning for the efforts of law enforcement agencies,
regulatory officials, the private sector, and overseas entities to
combat the laundering of money generated from criminal activities.
Although the 2002 strategy still addresses general criminal financial
activity, that plan outlines a major governmentwide strategy to combat
terrorist financing. The strategy discusses the need to adapt
traditional methods of combating money laundering to unconventional
tools used by terrorist organizations to finance their operations.
Source: Published national strategies and GAO analysis.
[End of table]
National Strategies Are Broad but Vary in Scope and Detail:
These seven national strategies differ from other federal government
planning documents, such as agency-specific strategic plans that GPRA
requires.[Footnote 3] These strategies are national in scope, cutting
across levels of government and sectors and involving a large number of
organizations and entities (i.e., the federal, state, local, and
private sectors). In addition, national strategies frequently have
international components, and they may be part of a structure of
overlapping or supporting national strategies. Furthermore, the federal
government does not control many of the sectors, organizations,
entities, and resources involved in implementing the national
strategies.
We found that the strategies we studied are organized in a rough
hierarchy, with the National Security strategy providing an overarching
strategy for national security as a whole, including terrorism. The
Homeland Security and Combating Terrorism strategies provide,
respectively, a more specific, defensive approach to combating
terrorism at home and an offensive approach to combating terrorism
overseas.[Footnote 4] The other strategies provide further levels of
detail on the specific functions related to weapons of mass
destruction, cyber security, protection of physical infrastructure, and
money laundering. While the national strategies we studied generally
overlap in their coverage of terrorism, some contain elements unrelated
to terrorism. For example, both the Secure Cyberspace and Money
Laundering strategies include domestic criminal elements that are not
necessarily associated with national security or terrorism.[Footnote 5]
In addition, other executive branch guidance in the form of executive
orders or presidential directives elaborates on the national strategies
and provides further direction to the implementing parties. Most
recently, for instance, the Homeland Security Presidential Directives 7
and 8, issued in December 2003, refine the national strategies with
respect to critical infrastructure and national preparedness,
respectively. In fact, those presidential directives identify specific
priorities and milestones and assign certain responsibilities, which
address some of our concerns on the lack of specificity and delineation
of clear lines of responsibility in the national strategies. Further
down the hierarchy, agency-specific strategic plans and performance
plans; federal or agency-level enterprise architectures; and state,
local, private and international sector plans provide even further
details and guidance to implementing parties. In addition, these plans
and reports may address goals and objectives beyond terrorism and
homeland security. Figure 1 shows the hierarchy among the national
strategies and other plans and guidance.
Figure 1: Hierarchy of National Strategies and Other Plans
and Guidance for Combating Terrorism and Homeland Security:
[See PDF for image]
Source: GAO
[End of figure]
GAO Developed A Set of Desirable Characteristics for National
Strategies:
Because national strategies are not governed by a single, consistent
set of requirements, we consulted a variety of public and private
sector sources to identify a set of desirable characteristics. Those
sources included legislative and executive branch mandates pertaining
to the strategies we reviewed, as well as some nonterrorism-related
strategies. We also studied GPRA; general literature on strategic
planning and performance; and guidance from OMB on the President's
Management Agenda. We also gathered published recommendations made by
national commissions chartered by Congress; past GAO work; and various
research organizations that have commented on national strategies.
Based upon this methodology, we identified six characteristics to be
desirable for a national strategy, which are described later in this
testimony.
No Single Set of Requirements in Place for Characteristics That
National Strategies Should Contain:
National strategies are not required, either by executive or
legislative mandate, to address a single, consistent set of
characteristics. Furthermore, we found that there is no commonly
accepted set of characteristics used to develop an effective national
strategy. Thus to identify desirable characteristics for all national
strategies, including those related to terrorism, we consulted numerous
sources. First, we identified statutory or executive requirements
specific to some of the individual strategies for insight into whether
those requirements could be generalized as desirable characteristics
for all national strategies. Two of the seven strategies we reviewed--
the National Security and Money Laundering strategies--are required by
statutes that mandate specific content elements.[Footnote 6]
The statute mandating the Money Laundering strategy generally calls for
the strategy to contain provisions on setting goals, objectives, and
priorities; coordinating prevention efforts; specifying detection and
prosecution initiatives; and enhancing intergovernmental cooperation
(at the federal, state, and local levels) and partnerships between the
private sector and law enforcement agencies.[Footnote 7] In addition,
that statute calls for providing 3-year program projections and budget
priorities; an assessment of how the budget is to be utilized and its
sufficiency; the development of improved communication systems; and
evaluations of the effectiveness of policies to combat money laundering
and related financial crimes.
The statute mandating the National Security strategy calls for the
document to provide a comprehensive description and discussion of U.S.
worldwide interests, goals, and objectives vital to national security;
detail the foreign policy, worldwide commitments, and national defense
capabilities necessary to deter aggression and implement the strategy;
identify the proposed short-and long-term uses of national power to
protect our interests and achieve our goals and objectives; and assess
the adequacy of our capabilities to carry out the national
strategy.[Footnote 8]
However, the requirements set forth in these two statutes, in addition
to being different from one another, do not impose any requirements on
the five other national strategies we reviewed.
We Developed Characteristics Desirable for National Strategies:
Given that there is no established set of requirements for all national
strategies--or even the seven related specifically to homeland security
and combating terrorism--we developed a set of desirable
characteristics by reviewing several sources of information. First, we
gathered statutory requirements pertaining to some of the strategies we
were asked to assess--namely, the Money Laundering and the National
Security strategies, as mentioned earlier--and legislative and
executive branch guidance for other strategies, such as the National
Drug Control Strategy. We also reviewed GPRA; general literature on
strategic planning and performance; and guidance from OMB on the
President's Management Agenda. Furthermore, we studied our past reports
and testimonies for findings and recommendations pertaining to
desirable elements of a national strategy. Similarly, we researched
recommendations by national commissions chartered by Congress in recent
years on combating terrorism and protecting the homeland--namely, the
Bremer, Gilmore, and Hart-Rudman Commissions[Footnote 9] --and various
research organizations that have commented on national
strategies.[Footnote 10] Simultaneously, we consulted widely within GAO
to incorporate the most up-to-date thinking on strategic planning;
integration across and between government and its partners;
implementation; and other related subjects. This included consulting
our economists and methodologists to include cost-benefit analysis and
other economic criteria. Furthermore, we consulted outside experts from
the Bremer and Hart-Rudman Commissions. We used our judgment to develop
desirable characteristics based upon their underlying support in
legislative or executive guidance and the frequency with which they
were cited in other sources. We then grouped similar items together in
a logical sequence from conception to implementation. This was GAO's
first effort to develop desirable characteristics for a national
strategy, so they may evolve over time. Table 3 provides a summary of
the six characteristics.
Table 3: Summary of Desirable Characteristics for a National Strategy,
from Conception to Implementation:
Desirable characteristic: Purpose, scope, and methodology;
Description: Addresses why the strategy was produced, the scope of its
coverage, and the process by which it was developed.
Desirable characteristic: Problem definition and risk assessment;
Description: Addresses the particular national problems and threats the
strategy is directed towards.
Desirable characteristic: Goals, subordinate objectives, activities,
and performance measures; Description: Addresses what the strategy is
trying to achieve, steps to achieve those results, as well as the
priorities, milestones, and performance measures to gauge results.
Desirable characteristic: Resources, investments, and risk management;
Description: Addresses what the strategy will cost, the sources and
types of resources and investments needed, and where resources and
investments should be targeted based on balancing risk reductions with
costs.
Desirable characteristic: Organizational roles, responsibilities, and
coordination; Description: Addresses who will be implementing the
strategy, what their roles will be compared to others, and mechanisms
for them to coordinate their efforts.
Desirable characteristic: Integration and implementation; Description:
Addresses how a national strategy relates to other strategies' goals,
objectives, and activities, and to subordinate levels of government and
their plans to implement the strategy.
Source: GAO data.
[End of table]
We believe a national strategy should ideally contain all of these
characteristics. Although the authors of national strategies might
organize these characteristics in a variety of ways and/or use
different terms, we present them in this order because they flow
logically from conception to implementation. Specifically, the
strategy's purpose leads to the definition of the problems and risks it
intends to address, which in turn leads to specific actions for
tackling those problems and risks, allocating and managing the
appropriate resources, identifying different organizations' roles and
responsibilities, and finally to integrating action among all relevant
parties and implementing the strategy.
We describe the desirable characteristics in more detail in the
following section, where we evaluate the extent to which the strategies
address them. See appendix I for additional details on these
characteristics and our scope and methodology in developing them.
National Strategies Address Some, but Not All, of Desirable
Characteristics GAO Identified:
The seven national strategies related to homeland security and
combating terrorism vary considerably in the extent to which they
address the desirable characteristics that we identified. All seven
strategies we reviewed partially address goals, subordinate objectives,
activities, and performance measures. Four of the strategies address
problem definition and risk assessment, while one strategy partially
addresses that characteristic. And a majority of the strategies at
least partially address the four other characteristics: purpose, scope,
and methodology; resources, investments, and risk management;
organizational roles, responsibilities, and coordination; and
integration and implementation. However, none of the strategies
addresses all of the elements of resources, investments, and risk
management; or integration and implementation. Furthermore, even where
the strategies address certain elements of the characteristics, there
is room for improvement. For example, while the strategies identify
goals, subordinate objectives, and specific activities, they generally
do not discuss or identify priorities, milestones, or performance
measures--elements that we consider to be desirable for evaluating
progress, achieving results, and ensuring effective oversight. On the
whole, the National Strategy for Homeland Security and the National
Strategy for the Physical Protection of Critical Infrastructure and Key
Assets address the greatest number of the desirable characteristics,
while the National Security Strategy and the National Strategy to
Combat Weapons of Mass Destruction address the fewest.
We recognize that strategies themselves are not endpoints, but rather,
starting points. In our view, the strengths of some strategies are
useful in suggesting ways to enhance the value of other strategies,
fill in gaps, speed implementation, guide resource allocations, and
provide oversight opportunities. As with any strategic planning effort,
implementation is the key. The ultimate measure of these strategies'
value will be the extent they are useful as guidance for policy and
decision-makers in allocating resources and balancing homeland security
priorities with other important, nonhomeland security objectives. It
will be important over time to obtain and incorporate feedback from the
"user" community as to how the strategies can better provide guidance
and how Congress and the administration can identify and remedy
impediments to implementation, such as legal, international,
jurisdictional, or resource constraints.
Purpose, Scope, and Methodology:
This characteristic addresses why the strategy was produced, the scope
of its coverage, and the process by which it was developed. For
example, a strategy might discuss the specific impetus that led to its
being written (or updated), such as statutory requirements, executive
mandates, or other events like terrorist attacks. Furthermore, a
strategy would enhance clarity by including definitions of key,
relevant terms (such as "combating terrorism," and "homeland security"
in this context). In addition to describing what it is meant to do and
the major functions, mission areas, or activities it covers, a national
strategy would ideally address its methodology. For example, a strategy
might discuss the principles or theories that guided its development,
what organizations or offices drafted the document, whether it was the
result of a working group, or which parties were consulted in its
development.
Five of the national strategies we evaluated address at least some
elements of this characteristic, with four at least partially
discussing their overall purpose and scope, and three addressing, to
varying degrees, their methodology. For example, the Homeland Security
strategy explicitly identifies its fundamental objectives, coverage,
and how it was developed. It describes itself as a framework to answer
four basic questions--such as what is homeland security, and what goals
it should pursue--and identifies six "critical mission areas," or
homeland security functions, such as intelligence and warning, and
border and transportation security. The Physical Infrastructure, Secure
Cyberspace, and Money Laundering strategies also use explicit language
to define their purposes and scope. For example, the Physical
Infrastructure strategy identifies its scope as 13 critical sectors
(such as agriculture, water, and public health) and five types of key
assets (e.g., national monuments and dams). Concerning methodology, the
Homeland Security strategy explicitly lays out the principles behind
its creation and the numerous parties consulted in its development.
Similarly, the Physical Infrastructure strategy explicitly discusses
the guiding principles behind, and the consultations involved in, its
creation. The Combating Terrorism and Secure Cyberspace strategies also
describe their guiding principles--and the latter discusses, in even
greater detail, the stakeholders involved in its development. And the
Money Laundering strategy provides its background and highlights
changes from the previous version to include terrorist financing.
However, three of the strategies discuss their purpose and scope only
in vague terms, and four strategies do not address their methodology at
all. For instance, regarding its purpose and scope, the Weapons of Mass
Destruction strategy says only that, "The United States must pursue a
comprehensive strategy to counter the WMD threat in all of its
dimensions," without providing any further details. Similarly, while
the National Security strategy emphasizes the importance of pursuing
freedom, peace, and prosperity, it does not state its own purpose or
scope. The Combating Terrorism strategy also uses vague language, such
as "the world must respond and fight this evil," but does not
explicitly describe its purpose and scope. In addition, these three
strategies, plus the Money Laundering strategy, do not discuss who was
involved in their development. In our view, a complete description of
the purpose, scope, and methodology in a national strategy could make
the document more useful to the organizations responsible for
implementing the strategy, as well as to oversight organizations, such
as the Congress.
Problem Definition and Risk Assessment:
This characteristic addresses the particular national problems and
threats the strategy is directed towards. Specifically, this means a
detailed discussion or definition of the problems the strategy intends
to address, their causes, and operating environment. In addition, this
characteristic entails a risk assessment, including an analysis of the
threats to, and vulnerabilities of, critical assets and
operations.[Footnote 11] If the details of these analyses are
classified or preliminary, an unclassified version of the strategy
could at least include a broad description of the analyses and stress
the importance of risk assessment to implementing parties. A discussion
of the quality of data available regarding this characteristic, such as
known constraints or deficiencies, would also be useful.
Five of the strategies at least partially address this characteristic.
Specifically, five define national problems and the environments in
which they occur, while three discuss the importance of assessing
risks, threats, and vulnerabilities. For example, the Combating
Terrorism strategy contains an explicit section on "the nature of the
terrorist threat today," which provides some historical background to
terrorism, the structure of its leadership, and underlying conditions
such as poverty, corruption, religious conflict, and ethnic strife.
Similarly, the Homeland Security, Physical Infrastructure, Secure
Cyberspace, and Money Laundering strategies define the problems in
their sectors and describe the nature of the terrorist threat.
Concerning risk assessment, three of them--the Homeland Security,
Physical Infrastructure, and Secure Cyberspace strategies--stress the
importance of national, comprehensive vulnerability assessments of all
critical infrastructures and key assets, setting the stage for risk
management. The Homeland Security strategy contains an explicit "threat
and vulnerability" section that provides many details, such as defining
the different ways and means for terrorist attacks. This strategy also
stresses the importance of comprehensive vulnerability assessments of
all critical infrastructures and key assets, saying they "are important
from a planning perspective in that they enable authorities to evaluate
the potential effects of an attack on a given facility or sector, and
then to invest accordingly in protecting such facilities and sectors.":
However, two strategies do not address this characteristic. The
National Security strategy says the war against terrorism is global and
that "The enemy is not a single political regime or person or religion
or ideology," but provides no further definition of the problems it
seeks to address. Similarly, the Weapons of Mass Destruction strategy
states that such weapons represent a great security challenge when in
the possession of hostile states and terrorists, and that some
terrorism-supporting states already possess such weapons, but provides
no details defining the threat. Furthermore, while some of the
strategies say that intelligence gathering must be strengthened, the
strategies generally do not address limitations in collecting data.
That is, few of the strategies discuss the difficulties of collecting
intelligence on terrorist organizations, plans, and tactics. In our
view, more specific information on both problem definition and risk
assessment in many of the strategies would give the responsible parties
better guidance to implement those strategies. For example, we recently
recommended that future Money Laundering strategies link to periodic
assessments of threats and risks, which would provide a basis for
ensuring that clear priorities are established and focused on the areas
of greatest need.[Footnote 12]
Without necessarily prescribing in detail the "solution," better
problem definition and risk assessment also provide greater latitude to
responsible parties to develop innovative approaches that are tailored
to the needs of specific regions or sectors--and are able to be
implemented as a practical matter, given fiscal, human capital, and
other limitations. For example, better problem definition or risk
assessment can foster regional approaches or cooperative agreements,
and stimulate the development of national systems or management
standards to link the capabilities of the responsible parties in a more
effective manner. Such assessments help identify desired goals and
"end-states" without "one-size-fits-all" solutions.
Goals, Subordinate Objectives, Activities, and Performance Measures:
This characteristic addresses what the national strategy strives to
achieve and the steps needed to garner those results, as well as the
priorities, milestones, and performance measures to gauge results. At
the highest level, this could be a description of an ideal "end-state,"
followed by a logical hierarchy of major goals, subordinate objectives,
and specific activities to achieve results. In addition, it would be
helpful if the strategy discussed the importance of implementing
parties' establishing priorities, milestones, and performance measures
to help ensure accountability. Ideally, a national strategy would set
clear desired results and priorities, specific milestones, and outcome-
related performance measures while giving implementing parties
flexibility to pursue and achieve those results within a reasonable
timeframe. If significant limitations on performance measures exist,
other parts of the strategy might address plans to obtain better data
or measurements, such as national standards or indicators of
preparedness. For example, national strategies related to terrorism
might discuss the lack of national indicators or standards for
emergency preparedness against attacks.
All seven national strategies partially address this characteristic by
identifying their individual, high-level goals, subordinate
objectives, and specific activities to achieve results.[Footnote 13]
For example, the Homeland Security strategy identifies three major
goals--prevent terrorist attacks, reduce vulnerability, and minimize
damage and recover from attacks--which are underpinned by six
objectives (called critical mission areas), such as intelligence and
warning, and border and transportation security. Those objectives in
turn, have anywhere from 5 to 12 accompanying activities apiece. Figure
2 illustrates an example of an overall goal, subordinate objective, and
specific activity in the Homeland Security strategy.
Figure 2: The Homeland Security strategy contains an overall goal on
recovering from terrorist attacks, a subordinate objective on emergency
preparedness and response, and a specific initiative to prepare for
chemical, biological, and nuclear decontamination:
[See PDF for image]
Source: GAO.
[End of figure]
Similarly, the Combating Terrorism strategy contains four overarching
goals: defeat terrorists and their organizations; deny sponsorship,
support, and sanctuary to terrorists; diminish the underlying
conditions that terrorists seek to exploit; and defend U.S. citizens
and interests at home and abroad. These goals are broken down into 15
objectives, such as identifying terrorists and terrorist organizations,
and are further supported by one to four activities each. Concerning
milestones, the Money Laundering strategy provides a few deadlines for
specific activities, such as the Departments of Treasury and Justice
conducting a study by April 2003 on how the Internet could be used by
terrorist groups to raise money. In addition, the Homeland Security
strategy calls for DHS to develop and coordinate implementation of a
comprehensive national plan to protect infrastructure against terrorist
attacks, building on baseline protection plans due by the end of fiscal
year 2002.[Footnote 14] Regarding performance measures, the Homeland
Security and Money Laundering strategies provide some general language
on the subject. For example, the former says that, "Every department or
agency will create benchmarks and other performance measures by which
we can evaluate our progress and allocate future resources." And the
latter says that methods for measuring performance should be consistent
with the President's Management Agenda, and that the Department of the
Treasury will develop a "traffic light" scorecard to track performance
and assess how well the strategies' initiatives are being implemented.
However, the strategies do not address this characteristic in that they
generally lack priorities, milestones, or performance measures.
Regarding priorities, only the Homeland Security strategy identifies a
priority order by stressing the importance of four specific activities
in the fiscal year 2003 budget. Five strategies do not designate
specific priorities; and the Money Laundering strategy, as highlighted
in our recent report, identifies more priorities than can be achieved
in a reasonable timeframe and does not rank them in order of
importance.[Footnote 15] Concerning performance measures, only two of
them--the Homeland Security and Money Laundering strategies--
explicitly stress the importance of measuring performance or identify
specific measures. As we said in an earlier testimony, the Homeland
Security strategy's initiatives often do not provide a baseline set of
performance goals and measures upon which to assess and improve
preparedness.[Footnote 16] Similarly, we recently recommended that
future Money Laundering strategies require the principal agencies to
develop outcome-related performance measures that are linked to goals
and objectives.[Footnote 17] Also, we previously reported that neither
the Physical Infrastructure nor the Secure Cyberspace strategies
indicate timeframes or milestones for their overall implementation or
for accomplishing specific actions or initiatives; nor do they
establish performance measures for which entities can be held
responsible.[Footnote 18] We believe a better identification of
priorities, milestones, and performance measures would aid implementing
parties in achieving results in specific timeframes--and would enable
more effective oversight and accountability.
Resources, Investments, and Risk Management:
This characteristic addresses what the strategy will cost, the sources
and types of resources and investments associated with the strategy,
and where those resources and investments should be targeted. Ideally,
a strategy would also identify criteria and appropriate mechanisms to
allocate resources, such as grants, in-kind services, loans, and user
fees, based on identified needs. Alternatively, the strategy might
identify appropriate "tools of government," such as regulations, tax
incentives, and standards, to mandate or stimulate nonfederal
organizations to use their unique resources. Furthermore, a national
strategy would ideally elaborate on the risk assessment mentioned
earlier and give guidance to implementing parties to manage their
resources and investments accordingly--and begin to address the
difficult but critical issues about who pays, and how such efforts will
be funded and sustained in the future.
Four of the strategies we evaluated partially address this
characteristic by identifying numerous resource and investment needs to
achieve their goals and objectives, and by discussing, to varying
degrees, risk management. The Homeland Security strategy goes even
farther, devoting a chapter to this topic in which it identifies a
general principle to allocate homeland security investments based upon
balancing risk reductions and costs. For example, the strategy states,
"Decisions on homeland security activities and spending must achieve
two overarching goals: to devote the right amount of scarce resources
to homeland security and to spend these resources on the right
activities." In addition, the Homeland Security strategy cites the
concept that "the federal government will provide an incentive to
minimize costs and reward innovation by permitting maximum flexibility
in meeting those objectives." While the Homeland Security strategy
cites these principles, it still provides relatively few details on the
types and levels of resources associated with implementation. The
Physical Infrastructure strategy also partially addresses this
characteristic by identifying planning and resource allocation as one
of its five objectives--and by stressing the importance of incentives
for private organizations, and market solutions where appropriate. And
the Secure Cyberspace strategy is one of only two strategies (the other
being the Homeland Security strategy) to link some of its investment
requests--such as completing the installation of the Cyber Warning and
Information Network in key government operation centers--to the fiscal
2003 budget. The Money Laundering strategy also briefly discusses the
importance of cost-benefit analysis of asset forfeiture strategies "so
that future programs can allocate resources where they are most needed
and productive." Figure 3 shows spending for combating terrorism by
federal agency.
Figure 3: Budget Authority for Combating Terrorism by Agency for Fiscal
Year 2004 (total budget authority is $52,732 million):
[See PDF for image]
Source: OMB 2003 Report on Combating Terrorism.
Note: "Other Agencies" includes the Departments of Energy ($1,588
million), Agriculture ($368 million), Transportation ($283 million),
Commerce ($153 million), Veterans Affairs ($145 million), Interior
($115 million), Treasury ($90 million), Labor ($67 million), Housing
and Urban Development ($2 million), and 18 other independent agencies
(totaling $2,432 million).
[End of figure]
Regarding risk management, the Homeland Security strategy makes
explicit reference to the subject, such as when it says, "The national
effort to enhance homeland security will yield tremendous benefits and
entail substantial financial and other costs." The Physical
Infrastructure and Secure Cyberspace strategies also mention risk
management, building on their aforementioned sections on risk
assessment. In the former, for instance, increased sharing of risk-
management expertise between the public and private sectors is an
activity identified under the planning and resource allocation
objective.
On the other hand, three of the strategies--the National Security,
Combating Terrorism, and Weapons of Mass Destruction strategies--do not
explicitly address either resource and investment needs or risk
management. And of those that partially address this characteristic,
only two--the Homeland Security and Physical Infrastructure strategies-
-provide explicit guidance or principles concerning resource
allocation. Along those lines, none of the strategies provides cost
estimates for implementation in the aggregate, nor for specific goals,
objectives, or activities. In addition, none of the strategies contains
distinct chapters or sections, or detailed discussions of risk
management. In our view, more guidance on resource, investment, and
risk management would help implementing parties allocate resources and
investments according to priorities and constraints, track costs and
performance, and shift such investments and resources as appropriate.
Such guidance would also assist Congress and the administration in
developing more effective federal programs to stimulate desired
investments, enhance preparedness, and leverage finite resources.
Organizational Roles, Responsibilities, and Coordination:
This characteristic addresses which organizations will implement the
strategy, their roles and responsibilities, and mechanisms for
coordinating their efforts. It helps answer the fundamental question
about who is in charge, not only during times of crisis, but also
during all phases of homeland security and combating terrorism efforts:
prevention, vulnerability reduction, and response and recovery. This
characteristic entails identifying the specific federal departments,
agencies, or offices involved and, where appropriate, the different
sectors, such as state, local, private, or international sectors. A
strategy would ideally clarify implementing organizations'
relationships in terms of leading, supporting, and partnering.[Footnote
19] In addition, a strategy could describe the organizations that will
provide the overall framework for accountability and oversight, such as
the National Security Council, Homeland Security Council, OMB,
Congress, or other organizations. Furthermore, a strategy might also
identify specific processes for coordination and collaboration between
sectors and organizations--and address how any conflicts would be
resolved. For example, a strategy might also provide for some mechanism
to ensure that the parties are prepared to fulfill their assigned
responsibilities and use their available resources appropriately to
enhance their capabilities and preparedness.
Six strategies at least partially address this characteristic.
Specifically, two of them--the Homeland Security and Physical
Infrastructure strategies--contain distinct chapters on "organizing,"
which discuss roles and responsibilities among the federal, state,
local, private, and international sectors.[Footnote 20] Furthermore,
those two strategies, plus the Secure Cyberspace and Money Laundering
strategies, frequently designate lead, and sometimes support, roles by
objective, sector, or even specific activity.[Footnote 21] Regarding
accountability and oversight, the Combating Terrorism strategy
identifies the creation of an international standard as one of its
objectives, and the Homeland Security and Physical Infrastructure
strategies highlight the importance of accountability. And concerning
coordination between implementing parties, the Homeland Security and
Money Laundering strategies designate some specific tools or processes
(e.g., steering committee or task force), and the Physical
Infrastructure strategy identifies the need to create collaborative
mechanisms for government-industry planning; it also designates DHS as
the primary liaison and facilitator for cooperation between all
relevant parties.
On the other hand, the National Security strategy does not address this
characteristic at all, and there is room for improvement in the other
six strategies as well. For example, many of the references to U.S.
roles and responsibilities in the National Security and Combating
Terrorism strategies simply designate "the United States," rather than
a specific federal agency, level of government, or sector. Thus those
two strategies do not identify lead, support, and partner roles like
the other strategies do. In addition, none of the strategies defines an
overarching accountability or oversight framework, and five of the
strategies do not identify specific tools or processes for
coordination. For example, we recently recommended that future Money
Laundering strategies address, among other things, strengthening the
leadership structure and establishing a mechanism to resolve disputes
among agencies and ensure accountability for implementation.[Footnote
22] Also, we previously reported that neither the Physical
Infrastructure nor the Secure Cyberspace strategies adequately define
the roles, responsibilities, and relationships among the key critical
infrastructure protection organizations, including state and local
governments and the private sector.[Footnote 23] The inclusion of these
subjects in a national strategy would be useful to agencies and other
stakeholders in fostering coordination and clarifying specific roles,
particularly where there is overlap, and thus enhancing both
implementation and accountability.
Integration and Implementation:
This characteristic addresses both how a national strategy relates to
other strategies' goals, objectives, and activities--and to subordinate
levels of government and their plans to implement the strategy. For
example, a national strategy could discuss how its scope complements,
expands upon, or overlaps with other national strategies, such as
transportation infrastructure recapitalization or energy reliability.
Similarly, related strategies could highlight their common or shared
goals, subordinate objectives, and activities. In addition, a national
strategy could address its relationship with relevant documents from
implementing organizations, such as the strategic plans, annual
performance plans, or annual performance reports required of federal
agencies by GPRA. A strategy might also discuss, as appropriate,
various strategies and plans produced by the state, local, private, or
international sectors. It could also provide guidance such as the
development of national standards to link together more effectively the
roles, responsibilities, and capabilities of the implementing parties.
Five of the strategies address certain elements of this characteristic.
Specifically, in terms of integration, the Homeland Security strategy
states that it complements the National Security strategy in providing
a framework for other security-related strategies and, in this vein,
lays out goals, objectives, and mission areas that are shared with
other strategies. The Combating Terrorism, Weapons of Mass Destruction,
and Secure Cyberspace strategies also address integration by discussing
the importance of other strategies and their complementary
relationships. The Homeland Security and Physical Infrastructure
strategies also provide some language on this subject, such as the
latter's statement that DHS will collaborate with state and local
governments as well as other federal agencies and the private sector to
implement structures and processes for protecting assets and
infrastructure. Regarding implementation, the Homeland Security
strategy contains a distinct section on the subject, acknowledging that
executive branch agencies need to issue detailed plans for the
strategy's initiatives. And the Money Laundering strategy, for many of
its activities, lists specific "action items" for agencies to
implement. Two other strategies--the Physical Infrastructure and Secure
Cyberspace strategies--make some general references to implementation.
For example, the former says that "DHS and designated federal lead
departments and agencies will prepare detailed implementation plans to
support the activities outlined.":
However, one of the strategies we reviewed--the National Security
strategy--does not address this characteristic. It does not define its
relationship to the other strategies; nor does it (along with the
Combating Terrorism, Weapons of Mass Destruction, Secure Cyberspace,
and Money Laundering strategies) address their relationship with other
plans by federal, state, local, and other implementing parties.
Furthermore, three strategies--the National Security, Combating
Terrorism, and Weapons of Mass Destruction strategies--do not
explicitly address implementation, and none of the strategies provides
detailed guidance on the subject. We believe more information on this
characteristic in a national strategy would build on the aforementioned
organizational roles and responsibilities--and thus further clarify the
relationships between various implementing parties, both vertically and
horizontally. This, in turn, would foster effective implementation and
accountability.
Concluding Observations:
The seven national strategies addressing homeland security and
combating terrorism that we discuss in this testimony were developed to
help the United States respond to an array of potential threats brought
sharply into focus after the terrorist attacks of September 11, 2001.
We recognize that these strategies were issued to meet a variety of
homeland security needs and, furthermore, that they were not required,
for the most part, to address the characteristics that we consider to
be desirable. In addition, we do not expect all of the strategies to
provide the same degree of detail because of their different scopes;
for example, we consider it appropriate for the National Security
strategy to contain fewer specifics than the Physical Infrastructure or
Money Laundering strategies. Nonetheless, in our view, it would be
useful for all of the strategies to address each of the
characteristics, which logically flow from conception to
implementation, in order to provide guidance to the federal agencies
and other parties responsible for achieving results, evaluating
progress, and ensuring accountability. Even where the strategies
address our characteristics, we have identified potential areas for
improvement. The numerous examples that I have cited today of the
characteristics' inclusion in the national strategies may serve as a
model for future versions of these and other strategies.
The ultimate value of these strategies will be determined through time
as the strategies are implemented by the federal, state, local,
private, and international sectors--and as homeland security actions
are embedded or integrated into ongoing governmental and private sector
missions in sustainable and balanced ways. To achieve these goals, it
will continue to be important to solicit the feedback and input from
all responsible parties--legislative, federal, state, local, private,
and international--and to incorporate this information to better
achieve the parties' shared goals of improved homeland security and
national preparedness. We will continue our work for the Subcommittee
to evaluate these national strategies and their implementation. In the
coming weeks, we look forward to reporting on (1) the extent that these
strategies address recommendations by national commissions and GAO, (2)
the extent to which implementing agencies are incorporating the
national strategies into their own plans, and (3) the challenges faced
in implementing these national strategies.
Mr. Chairman, this concludes my prepared statement. I will be pleased
to respond to any questions that you or other members of the
Subcommittee may have.
[End of section]
GAO Contact and Staff Acknowledgments:
GAO Contact:
Randall Yim at (202) 512-6787:
GAO Acknowledgments:
Individuals making key contributions to this statement include Stephen
L. Caldwell, Sharon Caudle, Josey Ballenger, Heather MacLeod, Jared
Hermalin, Wayne A. Ekblad, Amy Bernstein, and Christine Davis.
[End of section]
Appendix I: Scope and Methodology:
This appendix describes how we developed the characteristics that we
consider to be desirable for a national strategy and how we used them
to evaluate the national strategies related to combating terrorism and
homeland security.
Developing Desirable Characteristics for a National Strategy:
There are no legislative or executive mandates identifying a uniform
set of required or desirable characteristics for all national
strategies, including those related to combating terrorism and homeland
security. While two of the seven strategies we reviewed--the National
Security and Money Laundering strategies--are required by statutes to
include specific content elements, the requirements set forth in these
two statutes, in addition to being different from one another, do not
levy any requirements on the five other national strategies we
reviewed.
Given that there is no established set of requirements for all national
strategies--or even the seven related specifically to combating
terrorism and homeland security--we identified a set of desirable
characteristics by reviewing several sources of information. First, we
gathered statutory requirements pertaining to some of the strategies we
were asked to assess--namely, the Money Laundering and National
Security strategies, as mentioned earlier--as well as legislative and
executive branch guidance for other strategies, such as the National
Drug Control Strategy. We also consulted the Government Performance and
Results Act (GPRA) of 1993; general literature on strategic planning
and performance;[Footnote 24] and guidance from the Office of
Management and Budget (OMB) on the President's Management Agenda. In
addition, we studied our past reports and testimonies for findings and
recommendations pertaining to desirable elements of a national
strategy. Similarly, we researched recommendations by national
commissions chartered by Congress in recent years on combating
terrorism and protecting the homeland--namely, the Bremer, Gilmore, and
Hart-Rudman Commissions--and various research organizations that have
commented on national strategies, such as the ANSER Institute on
Homeland Security, RAND Corporation, and Brookings Institution.
Simultaneously, we consulted widely within GAO to incorporate the most
up-to-date thinking on strategic planning, integration across and
between government and its partners, implementation, and other related
subjects. This included consulting our economists and methodologists to
include cost-benefit analysis and other economic factors. Furthermore,
we consulted outside experts from the Bremer and Hart-Rudman
Commissions.
We used our judgment to develop desirable characteristics based on
their underlying support in legislative or executive guidance and the
frequency with which they were cited in other sources. We then grouped
similar items together in a logical sequence, from conception to
implementation. This is our first effort to develop desirable
characteristics for an effective national strategy, so they may evolve
over time. The desirable characteristics are:
* Purpose, scope, and methodology.
* Problem definition and risk assessment.
* Goals, subordinate objectives, activities, and performance measures.
* Resources, investments, and risk management.
* Organizational roles, responsibilities, and coordination.
* Integration and implementation.
Later in this appendix, we provide a more detailed description of the
six characteristics, plus examples of elements that a strategy might
include to address them. We believe a national strategy should ideally
contain all of these characteristics. Although the authors of national
strategies might organize them in a variety of ways and/or use
different terms, we present the characteristics in this order as a
logical flow from conception to implementation. Specifically, the
strategy's purpose leads to the definition of the problems and risks it
intends to address, which in turn leads to specific actions for
tackling those problems and risks, allocating and managing the
appropriate resources, identifying different organizations' roles
responsibilities and, finally, to integrating action among all relevant
parties and implementing the strategy.
One challenge we encountered in identifying and applying these
characteristics was determining the appropriate level of specificity a
national strategy might contain. We found that there was no consensus
on this issue among the sources and experts we consulted. Furthermore,
the strategies we reviewed vary in their scope of coverage--some are
broad strategies, while others focus on implementation--and thus their
level of detail varies.[Footnote 25] We recognize that by their nature,
national strategies are intended to provide broad direction and
guidance--rather than be prescriptive, detailed mandates--to the
relevant implementing parties. Thus it is unrealistic to expect all of
the national strategies to provide details on each and every key
characteristic we identified. Nonetheless, we believe the more detail a
strategy provides, the easier it is for the responsible parties to
implement it and achieve its goals. Table 4 provides the desirable
characteristics and examples of their elements.
Table 4: GAO Desirable Characteristics for a National Strategy:
Desirable Characteristic: Purpose, scope, and methodology;
Brief description: Addresses why the strategy was produced, the scope
of its coverage, and the process by which it was developed;
Examples of elements:
* Statement of broad or narrow purpose, as appropriate;
* How it compares and contrasts with other national strategies;
* What major functions, mission areas, or activities it covers;
* Principles or theories that guided its development;
* Impetus for strategy, e.g. statutory requirement or event;
* Process to produce strategy, e.g. interagency task force;
state, local, or private input;
* Definition of key terms.
Desirable Characteristic: Problem definition and risk assessment;
Brief description: Addresses the particular national problems and
threats the strategy is directed towards;
Examples of elements:
* Discussion or definition of problems, their causes, and operating
environment;
* Risk assessment, including an analysis of threats and
vulnerabilities;
* Quality of data available, e.g. constraints, deficiencies, and
"unknowns".
Desirable Characteristic: Goals, subordinate objectives, activities,
and performance measures;
Brief description: Addresses what the strategy is trying to achieve,
steps to achieve those results, as well as the priorities, milestones,
and performance measures to gauge results;
Examples of elements:
* Overall results desired, i.e. "end- state";
* Hierarchy of strategic goals and subordinate objectives;
* Specific activities to achieve results;
* Priorities, milestones, and outcome-related performance measures;
* Specific performance measures;
* Process for monitoring and reporting on progress;
* Limitations on progress indicators.
Desirable Characteristic: Resources, investments, and risk management;
Brief description: Addresses what the strategy will cost, the sources
and types of resources and investments needed, and where resources and
investments should be targeted by balancing risk reductions and costs;
Examples of elements:
* Resources and investments associated with the strategy;
* Types of resources required, such as budgetary, human capital,
information technology, research and development, contracts;
* Sources of resources, e.g., federal, state, local, and private;
* Economic principles, such as balancing benefits and costs;
* Resource allocation mechanisms, such as grants, in-kind services,
loans, or user fees;
* "Tools of government," e.g., mandates or incentives to spur action;
* Importance of fiscal discipline;
* Linkage to other resource documents, e.g. federal budget;
* Risk management principles.
Desirable Characteristic: Organizational roles, responsibilities, and
coordination;
Brief description: Addresses who will be implementing the strategy,
what their roles will be compared to others, and mechanisms for them
to coordinate their efforts;
Examples of elements:
* Roles and responsibilities of specific federal agencies,
departments, or offices;
* Roles and responsibilities of state, local, private, and
international sectors;
* Lead, support, and partner roles and responsibilities;
* Accountability and oversight framework;
* Potential changes to current organizational structure;
* Specific processes for coordination and collaboration;
* How conflicts will be resolved.
Desirable Characteristic: Integration and implementation;
Brief description: Addresses how a national strategy relates to other
strategies' goals, objectives and activities - and to subordinate
levels of government and their plans to implement the strategy;
Examples of elements:
* Integration with other national strategies (horizontal);
* Integration with relevant documents from implementing organizations
(vertical);
* Details on specific federal, state, local, or private strategies and
plans;
* Implementation guidance;
* Details on subordinate strategies and plans for implementation,
e.g., human capital, and enterprise architecture.
Source: GAO.
[End of table]
The following sections provide more detail on the six characteristics
and our support of each of them.
Purpose, Scope, and Methodology:
This characteristic addresses why the strategy was produced, the scope
of its coverage, and the process by which it was developed. For
example, a strategy might discuss the specific impetus that led to its
being written (or updated), such as statutory requirements, executive
mandates, or other events like terrorist attacks. Furthermore, a
strategy would enhance clarity by including definitions of key,
relevant terms (such as "homeland security" and "combating terrorism,"
in this context). In addition to describing what it is meant to do and
the major functions, mission areas, or activities it covers, a national
strategy would ideally address its methodology. For example, a strategy
might discuss the principles or theories that guided its development,
what organizations or offices drafted the document, whether it was the
result of a working group, or which parties were consulted in its
development.
We found support for this characteristic in legislation mandating two
of the seven national strategies as well as by related legislation,
executive orders, and GAO and policy research organization
publications. For example, provisions relating to "purpose, scope, and
methodology" appear in the statutes mandating the National
Security[Footnote 26] and Money Laundering strategies[Footnote 27]
(e.g., the statute requiring the Money Laundering strategy sets forth
12 areas that the strategy shall address.) Other legislative and
executive branch guidance justifying the inclusion of this
characteristic in our typology include: statutory requirements and
related government publications describing the required purpose, scope,
and methodology for the National Drug Control Strategy;[Footnote 28]
GPRA legislation calling for a comprehensive mission statement in
agency strategic plans;[Footnote 29] and an executive order determining
the purpose and scope of a national council/strategy on information
infrastructure.[Footnote 30] In addition, at least two of our
testimonies have directly addressed the relevant purpose and scope
issues to be included within a homeland security strategy (e.g., the
strategy is to be "national" in scope; its purpose is to include
setting overall priorities and goals for homeland security). [Footnote
31] But, we also pointed out in a 2002 testimony, that based upon
interviews with officials at a dozen federal agencies, a broadly
accepted definition of homeland security does not exist and that
further clarification is needed.[Footnote 32] The Gilmore Commission
and ANSER Institute for Homeland Security have also addressed aspects
of "purpose, scope, and methodology" issues that need to be addressed
in a national strategy (e.g., the Gilmore Commission indicates that the
strategy should be functionally comprehensive and address the full
spectrum of the nation's efforts against terrorism).[Footnote 33]
Problem Definition and Risk Assessment:
This characteristic addresses the particular national problems and
threats the strategy is directed towards. Specifically, this means a
detailed discussion or definition of the problems the strategy intends
to address, their causes, and operating environment. In addition, this
characteristic entails a risk assessment, including an analysis of the
threats to, and vulnerabilities of, critical assets and
operations.[Footnote 34] If the details of these analyses are
classified or preliminary, an unclassified version of the strategy
could at least include a broad description of the analyses and stress
the importance of risk assessment to implementing parties. A discussion
of the quality of data available regarding this characteristic, such as
known constraints or deficiencies, would also be useful.
Again, we found support for this characteristic in a variety of
sources. While we have not identified any legislation that requires use
of this characteristic in the national strategies on combating
terrorism and homeland security that we reviewed, the importance of
this characteristic is supported by the Homeland Security Act of 2002,
as well as other legislation, presidential directives, and GAO and
policy research organization publications. For example, the Homeland
Security Act of 2002 directs the Department of Homeland Security (DHS)
to conduct comprehensive assessments of vulnerabilities, including risk
assessments;[Footnote 35] GPRA requires the identification of key
factors external to an agency that can significantly impact that
agency's attainment of its goals and objectives; [Footnote 36] Homeland
Security Presidential Directive (HSPD) 7, which addresses critical
infrastructure protection, contains a background section that defines
problem areas, and assesses the national risk potential if such problem
areas are not effectively addressed. Likewise, an earlier critical
infrastructure directive, Presidential Decision Directive (PDD) 63
defines the growing concern about the nation's vulnerability.[Footnote
37] Additionally, we testified in 2002 that use of common definitions
promotes more effective intergovernmental operations and more accurate
monitoring of expenditures, thereby eliminating problematic
concerns.[Footnote 38] We also said that a national homeland security
strategy should be based on a comprehensive national threat and risk
assessment.[Footnote 39] The Gilmore Commission, ANSER, and RAND have
all suggested the need to conduct threat assessments to the
homeland.[Footnote 40]
Goals, Subordinate Objectives, Activities, and Performance Measures:
This characteristic addresses what the national strategy strives to
achieve and the steps needed to garner those results, as well as the
priorities, milestones, and performance measures to gauge results. At
the highest level, this could be a description of an ideal "end-state,"
followed by a logical hierarchy of major goals, subordinate objectives,
and specific activities to achieve results. In addition, it would be
helpful if the strategy discussed the importance of implementing
parties' efforts to establish priorities, milestones, and performance
measures which help ensure accountability. Ideally, a national strategy
would set clear desired results and priorities, specific milestones,
and outcome-related performance measures while giving implementing
parties flexibility to pursue and achieve those results within a
reasonable timeframe. If significant limitations on performance
measures exist, other parts of the strategy might address plans to
obtain better data or measurements, such as national standards or
indicators of preparedness.[Footnote 41] For example, national
strategies related to terrorism might discuss the lack of national
indicators or standards for emergency preparedness against attacks.
As in the case of the first characteristic, we found support for this
characteristic in legislation mandating the Money Laundering and
National Security strategies, as well as support derived from related
legislation, presidential directive, the President's Management
Agenda, and GAO and policy research organization publications. Both the
National Security strategy and the Money Laundering strategy statutes
emphasize the need for goals and objectives, as well as operational
initiatives to promote those goals and objectives. There is also
related legislative and executive supporting guidance for this
characteristic in the following: the National Drug Control Strategy
legislation, which requires a complete list of goals, objectives, and
priorities;[Footnote 42] the Homeland Security Act of 2002, which
requires DHS to develop, in connection with a national terrorism
countermeasures strategy, comprehensive, research-based definable
goals and annual measurable objectives and specific targets to
accomplish and evaluate such goals;[Footnote 43] GPRA, which requires
federal agencies to set goals and objectives in their strategic
plans;[Footnote 44] PDD 63, which includes a statement of presidential
intent and national goals; [Footnote 45] and the President's Management
Agenda of FY2002,[Footnote 46] which describes OMB's work regarding
program objectives. Additionally, we testified that a national strategy
should establish goals, objectives, and performance measures.[Footnote
47] The Gilmore Commission, Brookings Institution and ANSER Institute
for Homeland Security also commented on the need for setting priorities
(goals), measurable outcomes and assessment of activities toward these
ends.
Resources, Investments, and Risk Management:
This characteristic addresses what the strategy will cost, the sources
and types of resources and investments needed, and where those
resources and investments should be targeted. Ideally, a strategy would
also identify appropriate mechanisms to allocate resources, such as
grants, in-kind services, loans, and user fees, based on identified
needs. Alternatively, a strategy might identify appropriate "tools of
government," such as regulations, tax incentives, and standards, to
mandate or stimulate nonfederal organizations to use their unique
resources. Furthermore, a national strategy might elaborate on the risk
assessment mentioned earlier and give guidance to implementing parties
to manage their resources and investments accordingly--and begin to
address the difficult but critical issues about who pays, and how such
efforts will be funded and sustained in the future. Furthermore, a
strategy might include a discussion of the type of resources required,
such as budgetary, human capital, information, information technology
(IT), research and development (R&D), procurement of equipment, or
contract services. A national strategy might also discuss linkages to
other resource documents, such as federal agency budgets or human
capital, IT, R&D, and acquisition strategies. Finally, a national
strategy might also discuss in greater detail how risk management will
aid implementing parties in prioritizing and allocating resources,
including how this approach will create society-wide benefits and
balance these with society-wide costs. Related to this, a national
strategy might discuss the economic principle of risk-adjusted return
on resources.
In similar fashion, we found support for this characteristic in
legislation mandating the Money Laundering and National Security
strategies. Additionally, this characteristic receives related
legislative and executive support, and is further supported by GAO and
research policy organization publications. The Money Laundering
strategy legislation requires a 3-year projection for program and
budget priorities and a "complete assessment" of how the proposed
budget is intended to satisfy strategy implementation.[Footnote 48] The
National Security strategy legislation requires an evaluation of
whether the nation's "capabilities" (political, economic, and military)
are adequate to support the implementation process.[Footnote 49]
Related legislative and executive branch supporting guidance for this
characteristic derives from: the budget and resource balance provisions
of the National Drug Control Strategy; HSPD-8 provisions targeting
resource priorities against perceived risk of attack;[Footnote 50] and
the integration of performance monitoring and budgetary decision-making
in the President's Management Agenda of Fiscal Year 2002.[Footnote 51]
GAO has also discussed the importance of this characteristic in recent
testimonies, suggesting that the executive branch should link resources
to threats, using a risk management approach and that carefully
constructed investment strategies are needed to make appropriate use of
limited fiscal and human resources.[Footnote 52] The Hart-Rudman
Commission and the Gilmore Commission have similarly discussed the need
for a homeland security strategy to be appropriately
resourced;[Footnote 53] ANSER likewise has indicated the need for a
strategy to be supported by a comprehensive budget plan that aligns
resources with national priorities.[Footnote 54]
Organizational Roles, Responsibilities, and Coordination:
This characteristic addresses what organizations will implement the
strategy, their roles and responsibilities, and mechanisms for
coordinating their efforts. It helps to answer the fundamental question
about who is in charge, not only during times of crisis, but also
during all phases of homeland security efforts: prevention,
vulnerability reduction, and response and recovery. This characteristic
entails identifying the specific federal departments, agencies, or
offices involved and, where appropriate, the different sectors, such as
state, local, private, or international sectors. A strategy would
ideally clarify implementing organizations' relationships in terms of
leading, supporting, and partnering.[Footnote 55] In addition, a
strategy should describe the organizations that will provide the
overall framework for accountability and oversight, such as the
Homeland Security Council, OMB, Congress, or other organizations.
Furthermore, a strategy might also identify specific processes for
coordination and collaboration between sectors and organizations--and
address how any conflicts would be resolved.
We found support for this characteristic in the Money Laundering
strategy legislation, which provides that the strategy must address the
coordination of regulatory and enforcement efforts; the enhancement of
cooperation between federal, state, and local officials, as well as
private sector entities; and the improvement of communications
systems.[Footnote 56] This characteristic also enjoys broad support
from related legislation, executive orders, presidential directives,
and recent GAO and policy research organization publications. For
example, the Homeland Security Act of 2002 charges DHS with various
functions, including coordination with nonfederal entities and
promotion of public-private partnerships, among other things.[Footnote
57] In addition, the statute mandating the National Drug Control
Strategy calls for cooperative efforts between federal, state, and
local governments and private sector initiatives.[Footnote 58]
Furthermore, HSPD-6, HSPD-7, PPD 63, and National Security Decision
Directive (NSDD) 207 each seek to delineate the roles and
responsibilities of various federal agencies and department heads; and
Executive Order 13228 and HSPD-1 seek to coordinate implementation of
the national strategy.[Footnote 59] In addition, we emphasized that a
national strategy should define the roles of federal, state, and local
governments as well as the private sector, and that a national strategy
needs to provide both direction and guidance to governments and the
private sector so that missions and contributions can be more
appropriately coordinated.[Footnote 60] The Gilmore Commission, ANSER,
and the Brookings Institution have also discussed the need for clearly
assigning roles, responsibilities, accountability, liaison, and
coordination among intergovernmental agencies, multilateral
institutions, and international organizations.[Footnote 61]
Integration and Implementation:
This characteristic addresses both how a national strategy relates to
other strategies' goals, objectives, and activities (horizontal
integration)--and to subordinate levels of government and other
organizations and their plans to implement the strategy (vertical
integration). For example, a national strategy could discuss how its
scope complements, expands upon, or overlaps with other national
strategies. Similarly, related strategies could highlight their common
or shared goals, subordinate objectives, and activities. In addition, a
national strategy could address its relationship with relevant
documents from implementing organizations, such as the strategic plans,
annual performance plans, or annual performance reports GPRA requires
of federal agencies. A strategy might also discuss, as appropriate,
various strategies and plans produced by the state, local, private or
international sectors. A strategy could also provide guidance such as
the development of national standards to link together more effectively
the roles, responsibilities, and capabilities of the implementing
parties.
We found support for this characteristic in the Money Laundering
strategy legislation, which requires the strategy to address how to
enhance intergovernmental cooperation and the flow of information
between federal, state, and local governments; the coordination of
regulatory and enforcement efforts; and the role of the private sector
in a more integrated approach.[Footnote 62] Related legislative and
executive support derives from the National Drug Control Strategy
legislation, presidential directive and executive order. The National
Drug Control Strategy statutory requirements call for improving the
timely flow of information to federal agencies by enhancing the
compatibility of automated information and communication
systems.[Footnote 63] In addition, HSPD-7 addresses coordination and
integration,[Footnote 64] and Executive Order 13228 states that
executive departments and agencies shall, to the extent permitted by
law, make available to the Homeland Security Council all necessary
information relating to terrorist threats and activities within the
United States.[Footnote 65] We indicated that the national strategy
would benefit from addressing how intergovernmental and private sector
initiatives can be operationally coordinated and integrated and,
specifically, that an "overarching, integrated framework" can help deal
with issues of potential duplication, overlap and conflict.[Footnote
66] Similarly, the Gilmore Commission defined a "New Normalcy" of
vertical and horizontal information and intelligence sharing and ANSER
has called for federal program integration where possible.[Footnote 67]
Applying the Desirable Characteristics to the National Strategies:
After developing the characteristics, we reviewed the content of each
national strategy to determine the extent to which it satisfied each of
the six desirable characteristics. We did this by first summarizing the
structure of each strategy in terms of its overall goals, subordinate
objectives, and specific initiatives. Next, we carefully read through
each strategy to apply our characteristics and recorded our results on
individual matrixes so we could compare characteristics across the
strategies. Finally, we summarized our results on a matrix "snapshot,"
using our judgment to rate each national strategy on each
characteristic. Strategies could obtain one of three potential scores:
"addresses," "partially addresses" or "does not address." Per our
methodology, a strategy "addresses," a characteristic when it
explicitly cites all elements of a characteristic, even if it lacks
specificity and details and thus could be improved upon. A strategy
"partially addresses" a characteristic when it explicitly cites some,
but not all elements of a characteristic. Within our designation of
"partially addresses" there is a wide variation between a strategy that
addresses most of the elements of a characteristic and a strategy that
addresses few of the elements of a characteristic. A strategy "does not
address" a characteristic when it does not explicitly cite or discuss
any elements of a characteristic, and/or any implicit references are
either too vague or general.
To verify our work, the members of the project team independently
reviewed the matrix summaries at every stage and made adjustments
accordingly. Specifically, the project team verified that examples of
where strategies "address" or "partially address" characteristics were
valid and, furthermore, that we properly characterized the strategies
as not addressing the characteristics. In addition, we asked other
internal teams who are familiar with the strategies from past reports
and testimonies to verify our summary analysis.
[End of section]
GAO Related Products:
Management (including Intergovernmental Coordination, Fiscal &
Strategic Planning):
Terrorist Financing: U.S. Agencies Should More Systematically Assess
the Use of Alternative Financing Mechanisms. GAO-04-163. Washington,
D.C.: November 14, 2003.
Combating Money Laundering: Opportunities Exist to Improve the National
Strategy. GAO-03-813. Washington, D.C.: September 26, 2003.
Combating Terrorism: Interagency Framework and Agency Programs to
Address Overseas Threat. GAO-03-165. Washington, D.C.: May 23, 2003.
Combating Terrorism: Observations on National Strategies Related to
Terrorism. GAO-03-519T. Washington, D.C.: March 3, 2003.
Major Management Challenges and Program Risks: Department of Homeland
Security. GAO-03-102. Washington, D.C.: January 1, 2003.
Homeland Security: Management Challenges Facing Federal Leadership.
GAO-03-260. Washington, D.C.: December 20, 2002.
Homeland Security: Information Technology Funding and Associated
Management Issues. GAO-03-250. Washington, D.C.: December 13, 2002.
Combating Terrorism: Funding Data Reported to Congress Should Be
Improved. GAO-03-170. Washington, D.C.: November 26, 2002.
Homeland Security: Effective Intergovernmental Coordination is Key to
Success. GAO-02-1013T. Washington, D.C.: August 23, 2002.
Homeland Security: Critical Design and Implementation Issues. GAO-02-
957T. Washington, D.C.: July 17, 2002.
Homeland Security: Proposal for Cabinet Agency has Merit, But
Implementation Will be Pivotal to Success. GAO-02-886T. Washington,
D.C.: June 25, 2002.
Homeland Security: Key Elements to Unify Efforts Are Underway but
Uncertainty Remains. GAO-02-610. Washington, D.C.: June 7, 2002.
Homeland Security: Responsibility and Accountability for Achieving
National Goals. GAO-02-627T. Washington, D.C.: April 11, 2002.
Homeland Security: Challenges and Strategies in Addressing Short-and
Long-Term National Needs. GAO-02-160T. Washington, D.C.: November 7,
2001.
Homeland Security: A Risk Management Approach Can Guide Preparedness
Efforts. GAO-02-208T. Washington, D.C.: October 31, 2001.
Homeland Security: A Framework for Addressing the Nation's Issues. GAO-
01-1158T. Washington, D.C.: September 21, 2001.
Combating Terrorism: Selected Challenges and Related Recommendations.
GAO-01-822. Washington, D.C.: September 20, 2001.
Combating Terrorism: Linking Threats to Strategies and Resources. GAO/
T-NSIAD-00-218. Washington, D.C.: July 26, 2000.
Combating Terrorism: How Five Countries Are Organized to Combat
Terrorism. GAO/NSIAD-00-85. Washington, D.C.: April 7, 2000.
Emergency Preparedness and Response:
Bioterrorism: A Threat to Agriculture and the Food Supply. GAO-04-259T.
Washington, D.C.: November 19, 2003.
Homeland Security: Challenges in Achieving Interoperable
Communications for First Responders. GAO-04-231T. Washington, D.C.:
November 6, 2003.
September 11: Overview of Federal Disaster to the New York City Area.
GAO-04-72. Washington, D.C.: October 31, 2003.
Homeland Security: Reforming Federal Grants to Better Meet Outstanding
Needs. GAO-03-1146T. Washington, D.C.: September 3, 2003.
Hospital Preparedness: Most Urban Hospitals Have Emergency Plans but
Lack Certain Capacities for Bioterrorism Response. GAO-03-924.
Washington, D.C.: August 6, 2003.
Bioterrorism: Information Technology Strategy Could Strengthen Federal
Agencies' Abilities to Respond to Public Health Emergencies. GAO-03-
139. Washington, D.C.: May 30, 2003.
Bioterrorism: Adequacy of Preparedness Varies Across State and local
Jurisdictions. GAO-03-373. Washington, D.C.: April 7, 2003.
Homeland Security: Intergovernmental Coordination and Partnerships
Will Be Critical to Success. GAO-02-899T. Washington, D.C.: July 1,
2002.
National Preparedness: Integration of Federal, State, Local, and
Private Sector Efforts is Critical to an Effective National Strategy
for Homeland Security. GAO-02-621T. Washington, D.C.: April 11, 2002.
Combating Terrorism: Enhancing Partnerships Through a National
Preparedness Strategy. GAO-02-549T. Washington, D.C.: March 28, 2002.
Combating Terrorism: Critical Components of a National Strategy to
Enhance State and Local Preparedness. GAO-02-548T. Washington, D.C.:
March 25, 2002.
Combating Terrorism: Intergovernmental Partnership in a National
Strategy to Enhance State and Local Preparedness. GAO-02-547T.
Washington, D.C.: March 22, 2002.
Homeland Security: Progress Made; More Direction and Partnership
Sought. GAO-02490T. Washington, D.C.: March 12, 2002.
Combating Terrorism: Key Aspects of a National Strategy to Enhance
State and Local Preparedness. GAO-02-473T. Washington, D.C.: March 1,
2002.
Combating Terrorism: Considerations for Investing Resources in Chemical
and Biological Preparedness. GAO-02-162T. Washington, D.C.: October 17,
2001.
Bioterrorism: Review of Public Health and Medical Preparedness
Programs. GAO-02-149T. Washington, D.C.: October 10, 2001.
Combating Terrorism: Observations on Options to Improve the Federal
Response. GAO-01-660T. Washington, D.C.: April 24, 2001.
Combating Terrorism: Issues in Managing Counterterrorist
Programs. GAO/T-NSIAD-00-145. Washington, D.C.: April 6, 2000. :
Border and Transportation Security:
Homeland Security: Preliminary Observations on Efforts to Target
Security Inspections of Cargo Containers. GAO-04-325T. Washington,
D.C.: December 16, 2003.
Aviation Security: Efforts to Measure Effectiveness and Strengthen
Security Programs. GAO-04-285T. Washington, D.C.: November 20, 2003.
Aviation Security: Efforts to Measure Effectiveness and Address
Challenges. GAO-04-232T. Washington, D.C.: November 5, 2003.
Homeland Security: Overstay Tracking is a Key Component of a Layered
Defense. GAO-04-170T. Washington, D.C.: October 16, 2003.
Coast Guard: New Communication System to Search and Rescue Faces
Challenges. GAO-03-1111. Washington, D.C.: September 30, 2003.
Airport Passenger Screening: Preliminary Observations on Progress Made
and Challenges Remaining. GAO-03-1173. Washington, D.C.: September 24,
2003.
Homeland Security: Risks Facing Key Border and Transportation Security
Program Need to be Addressed. GAO-03-1083. Washington, D.C.: September
19, 2003.
Maritime Security: Progress Made in Implementing Maritime
Transportation Security Act, but Concerns Remain. GAO-03-1155T.
Washington, D.C.: September 9, 2003.
Transportation Security: Federal Action Needed to Enhance Security
Efforts. GAO-03-1154T. Washington, D.C.: September 9, 2003.
Aviation Security: Progress Since September 11TH and the Challenges
Ahead. GAO-03-1150T. Washington, D.C.: September 9, 2003.
Land Border Ports of Entry: Vulnerabilities and Inefficiencies in the
Inspections Process. GAO-03-1084R. Washington, D.C.: August 18, 2003.
Container Security: Expansion of Key Customs Programs Will Require
Greater Attention to Critical Success Factors. GAO-03-770. Washington,
D.C.: July 25, 2003.
Border Security: New Policies and Increased Interagency Coordination
Needed to Improve Visa Process. GAO-03-1013T. Washington, D.C.: July
15, 2003.
Transportation Security: More Federal Coordination Needed to Help
Address Security Challenges. GAO-03-843. Washington, D.C.: June 30,
2003.
Homeland Security: Challenges Facing the Department of Homeland
Security in Balancing Its Trade Facilitation and Border Protection
Missions. GAO-03-902T. Washington, D.C.: June 16, 2003.
Transportation Security: Post 9/11 Initiatives and Long-Term
Challenges. GAO-03-616T. Washington, D.C.: April 1, 2003.
Border Security: Challenges in Implementing Border Technology. GAO-03-
546T. Washington, D.C.: March 12, 2003.
Aviation Security: Vulnerabilities and Potential Improvements for the
Air Cargo Security System. GAO-03-344. Washington, D.C.: December 20,
2002.
Port Security: Nation Faces Formidable Challenges in Making New
Initiatives Successful. GAO-02-993T. Washington, D.C.: August 5, 2002.
Information Analysis and Infrastructure Protection:
Critical Infrastructure Protection: Challenges in Securing Control
Systems. GAO-04-140T. Washington, D.C.: October 1, 2003.
Homeland Security: Information Sharing Responsibilities, Challenges,
and Key Management Issues. GAO-03-1165T. Washington, D.C.: September
17, 2003.
Homeland Security: Counterfeit Identification and Identification Fraud
Raise Security Concerns. GAO-03-1147T. Washington, D.C.: September 9,
2003.
Homeland Security: Efforts to Improve Information Sharing Need to Be
Strengthened. GAO-03-760. Washington, D.C.: August 27, 2003.
Homeland Security: Information Sharing Responsibilities, Challenges
and Key Management Issues. GAO-03-715T. Washington, D.C.: May 8, 2003.
Information Technology: Terrorist Watch Lists Should Be Consolidated to
Promote Better Integration and Sharing. GAO-03-322. Washington, D.C.:
April 15, 2003.
Critical Infrastructure Protection: Challenges for Selected Agencies
and Industry Sectors. GAO-03-233. Washington, D.C.: February 28, 2003.
Protecting Information Systems Supporting the Federal Government and
the Nation's Critical Infrastructure. GAO-03-121. Washington, D.C.:
January 30, 2003.
Homeland Security: Information Sharing Activities Face Continued
Management Challenges. GAO-02-1122T. Washington, D.C.: October 1, 2002.
National Preparedness: Technology and Information Sharing Challenges.
GAO-02-1048R. Washington, D.C.: August 30, 2002.
Critical Infrastructure Protection: Federal Efforts Require a More
Coordinated and Comprehensive Approach to Protecting Information
Systems. GAO-02-474. Washington, D.C.: July 15, 2002.
Homeland Security: Key Elements of a Risk Management Approach. GAO-02-
150T. Washington, D.C.: October 12, 2001.
Science and Technology; Chemical, Biological, Radiological, and Nuclear
Countermeasures:
Nuclear Security: Federal and State Action Needed to Improve Security
of Sealed Radioactive Sources. GAO-03-804. Washington, D.C.: August 6,
2003.
Nuclear Regulatory Commission: Oversight of Security at Commercial
Nuclear Power Plants Needs to be Strengthened. GAO-03-752. Washington,
D.C.: September 4, 2003.
Nuclear Nonproliferation: U.S. and International Assistance Efforts to
Control Sealed Radioactive Sources Need Strengthening. GAO-03-638.
Washington, D.C.: May 16, 2003.
Homeland Security: Title III of the Homeland Security Act of 2002. GAO-
02-927T. Washington, D.C.: July 9, 2002.
FOOTNOTES
[1] See U.S. General Accounting Office, Combating Terrorism:
Observations on National Strategies Related to Terrorism, GAO-03-519T
(Washington, D.C.: Mar. 3, 2003) and Combating Terrorism: Interagency
Framework and Agency Programs to Address the Overseas Threat,
GAO-03-165 (Washington, D.C.: May 2003). In addition, a list of related
GAO products is at the end of this statement.
[2] For a more detailed discussion of the definition of terrorism,
combating terrorism, and homeland security, see GAO-03-165.
[3] P.L. 103-62 (Aug. 3, 1993).
[4] We recognize that our characterization of these two strategies
simplifies a complex relationship. Both strategies contain both
defensive and offensive elements. For example, while we characterize
the Homeland Security strategy as mainly defensive, it includes some
offensive initiatives to target and attack terrorist financing, and to
track foreign terrorists and bring them to justice. Similarly, while we
characterize the Combating Terrorism strategy as mainly offensive, it
includes some defensive objectives to implement the Homeland Security
strategy and to protect U.S. citizens abroad.
[5] For example, the Secure Cyberspace strategy also covers
nonterrorism-related computer hacking, and the Money Laundering
strategy deals with all types of crimes associated with money
laundering, such as drug trafficking.
[6] Section 801(b) of the Homeland Security Act of 2002 requires DHS to
develop a process for receiving meaningful input from states and
localities to assist in the development of a national strategy "for
combating terrorism and other homeland security activities," but does
not establish specific content elements as do the laws pertaining to
the Money Laundering and National Security strategies.
[7] 31 U.S.C. 5341.
[8] 50 U.S.C. 404a.
[9] Even before the terrorist attacks of September 11, 2001, Congress
was concerned with the issue of homeland security and had chartered
three national commissions, which examined terrorist threats and the
government's response to terrorism, and made numerous recommendations.
The full names of these commissions are the National Commission on
Terrorism (also known as the Bremer Commission), the Advisory Panel to
Assess Domestic Response Capabilities for Terrorism Involving Weapons
of Mass Destruction (the Gilmore Commission), and the U.S. Commission
on National Security/21st Century (the Hart-Rudman Commission).
[10] The research organizations whose work and commentary on homeland
security, combating terrorism, and national strategies since 2000 that
we primarily reviewed include the ANSER Institute on Homeland Security,
RAND Corporation, and Brookings Institution.
[11] This risk assessment is the first phase of a two-part risk
management process. Risk assessment includes a threat assessment, a
vulnerability assessment, and a criticality assessment. For a more in-
depth discussion of these subjects, see U.S. General Accounting Office,
Homeland Security: Key Elements of a Risk Management Approach,
GAO-02-150T (Washington, D.C.: Oct.12, 2002). The second aspect of risk
management is discussed below in the "Resources, Investments and Risk
Management" characteristic. It consists of taking the information from
the risk assessment and making management decisions about resource
allocations to minimize risks and maximize returns on resources
expended.
[12] See U.S. General Accounting Office, Combating Money Laundering:
Opportunities Exist to Improve the National Strategy, GAO-03-813
(Washington, D.C.: Sept. 2003).
[13] The strategies differ in their terminology for goals, objectives,
and activities. For example, some strategies refer to their top-level
vision as "goals," while others describe that as "objectives." The same
is true at the next level of support--some are called objectives, while
others are "priorities" or "critical mission areas"--and at the most
detailed level of activities (alternatively called "priorities" or
"initiatives"). For the purpose of consistency in this testimony, we
are using the terms "goals," "subordinate objectives," and "activities"
(in order of broad to specific).
[14] The Homeland Security Act of 2002 requires DHS to develop a
comprehensive national plan for securing the key resources and critical
infrastructure of the United States (P.L. 107-296, sec. 201(d)(5).
Consistent with the Act, section (27) of the Homeland Security
Presidential Directive 7 requires the Secretary of Homeland Security to
complete a comprehensive, integrated National Plan for Critical
Infrastructure and Key Resources Protection that outlines national
goals, objectives, milestones, and key initiatives by December 2004.
[15] See GAO-03-813.
[16] See U.S. General Accounting Office, Homeland Security: Effective
Intergovernmental Coordination is Key to Success GAO-02- 1011T
(Washington, D.C.: August 2002).
[17] See GAO-03-813.
[18] See U.S. General Accounting Office, Homeland Security: Information
Sharing Responsibilities, Challenges, and Key Management Issues, GAO-
03-1165T (Washington, D.C.: September 2003).
[19] By "partnering," we refer to shared, or joint, responsibilities
between implementing parties where there is otherwise no clear or
established hierarchy of lead and support functions.
[20] The Homeland Security strategy places many responsibilities on
DHS, which had not been created yet when the strategy was published.
[21] The unclassified Weapons of Mass Destruction strategy outlines
only a few specific responsibilities for the Homeland Security Council,
National Security Council, and Department of State. However, its
classified version contains more relevant details, which cannot be
addressed in this unclassified statement.
[22] See GAO-03-813.
[23] See GAO-03-1165T.
[24] Examples of such literature include John M. Bryson's book
Strategic Planning for Public and Nonprofit Organizations: A Guide to
Strengthening and Sustaining Organizational Achievement (Jossey-Bass,
1995) and Edward Filiberti's article, National Strategic Guidance: Do
We Need a Standard Format? (Parameters, U.S. Army War College, Autumn
1995).
[25] For example, the strategies range from the high-level, "grand"
strategy (e.g., the National Security strategy) to the mid-level
strategies specific to terrorism (e.g., the Homeland Security and
Combating Terrorism strategies) and, finally, to the more detailed,
sector-or function-specific strategies geared towards implementation
(e.g., the Secure Cyberspace, and Money Laundering strategies).
[26] 50 U.S.C. 404a.
[27] 31 U.S.C. 5341.
[28] See Section 1005 of the Anti-Drug Abuse Act of 1988, P.L. 100-690
(Nov. 18, 1988).
[29] See P.L. 103-62, sec. 3 (Aug. 3, 1993).
[30] Executive Order 12864 (Sept. 15, 1993).
[31] See U.S. General Accounting Office, Homeland Security: Key
Elements to Unify Efforts Are Underway but Uncertainty Remains, GAO-02-
610 (Washington, D.C.: June, 2002), p. 9; and Homeland Security:
Proposal for Cabinet Agency Has Merit, But Implementation Will be
Pivotal to Success, GAO-02-886T (Washington, D.C.: June 25, 2002),
p. 4.
[32] See U.S. General Accounting Office, Homeland Security: Progress
Made; More Direction and Partnership Sought, GAO-02-490T (Washington,
D.C.: Mar. 12, 2002), p. 9.
[33] Second Annual Report to The President and The Congress Of the
Advisory Panel to Assess Domestic Response Capabilities for Terrorism
Involving Weapons of Mass Destruction (aka Gilmore Commission), II.
Toward A National Strategy For Combating Terrorism (Dec. 15, 2000), p.
4; Ruth David, Homeland Security: Building A National Strategy, The
Bridge, 32, 1 (Spring, 2002), p. 2.
[34] This risk assessment is the first phase of a two-part risk
management process. Risk assessment includes a threat assessment, a
vulnerability assessment, and a "criticality" analysis. For a more in-
depth discussion of these subjects, see Homeland Security: Key Elements
of a Risk Management Approach, GAO-02-150T (Washington, D.C.: Oct.12,
2002). The second aspect of risk management is discussed in the
"Resources, Investments and Risk Management" characteristics. It
consists of taking the information from the risk assessment and making
management decisions about resource allocations to minimize risks and
maximize returns on resources expended.
[35] P.L. 107-296, sec. 201(d)(2).
[36] P.L. 103-62, sec. 3.
[37] See Homeland Security Presidential Directive/HSPD-7, Critical
Infrastructure Identification, Prioritization and Protection, Dec. 17,
2003, and Presidential Decision Direction/NSC-63, Critical
Infrastructure Protection, May 22, 1998. HSPD-7 states that it
supersedes PDD/NS C-63 to the extent of any inconsistency.
[38] See GAO-02-490T.
[39] See U.S. General Accounting Office, Homeland Security: A Framework
for Addressing the Nation's Efforts, GAO-01-1158T (Washington, D.C.:
September 21, 2001), p. 1.
[40] First Annual Report to The President and The Congress Of the
Advisory Panel To Assess Domestic Response Capabilities For Terrorism
Involving Weapons Of Mass Destruction (aka Gilmore Commission), I.
Assessing the Threat (December 15, 1999), p. 55; Ruth David, Homeland
Security: Building a National Strategy, The Bridge, 32, 1 (Spring,
2002), p. 4; Bruce Hoffman, Combating Terrorism: In Search of a
National Strategy RAND Corporation, CT-175, March 2001, pp. 3,6-7.
[41] For more information on the importance of national indicators for
measuring problems, see U.S. General Accounting Office, Forum on Key
National Indicators: Assessing the Nation's Position and Progress
(GAO-03-672SP, May 2003).
[42] See Section 1005 of the Anti-Drug Abuse Act of 1988, P.L. 100-690
(Nov. 18, 1988).
[43] See P.L. 107-296, sec. 302(2).
[44] See P.L. 103-62, sec. 3.
[45] See Presidential Decision Directive 63, Critical Infrastructure
Protection, May 22, 1998.
[46] Office of Management & Budget, The President's Management Agenda,
Fiscal Year 2002, p. 29
[47] See U.S. General Accounting Office, Combating Terrorism:
Intergovernmental Partnership in a National Strategy to Enhance State
and Local Preparedness, GAO-02-547T (Washington, D.C.: March 22, 2002),
p. 3, and GAO-03-519T, p. 17.
[48] 31 U.S.C. 5341(b)(6), (7).
[49] 50 U.S.C. 404a(b)(3), (4).
[50] Homeland Security Presidential Directive/HSPD-8, National
Preparedness, sec. (6), Dec. 17, 2003.
[51] Office of Management & Budget, The President's Management Agenda,
Fiscal Year 2002, p. 29.
[52] See U.S. General Accounting Office, National Preparedness:
Integration of Federal, State, Local, and Private Sector Efforts is
Critical to an Effective National Strategy for Homeland Security,
GAO-02-621T (Washington, D.C.: April 11, 2002), p. 3; and GAO-03-519T,
pp. 7-8.
[53] The U.S. Commission on National Security/21st Century (aka The
Hart-Rudman Commission), Seeking A National Strategy: A Concert for
Preserving Security and Promoting Freedom: Phase II Report (Ap. 15,
2000), p. 16; Second Annual Report to The President and The Congress Of
the Advisory Panel to Assess Domestic Response Capabilities For
Terrorism Involving Weapons Of Mass Destruction (aka Gilmore
Commission), II. Toward A National Strategy For Combating Terrorism
(Dec. 15, 2000), pp. iv, 5; Fourth Annual Report to the President and
the Congress of the Advisory Panel to Assess Domestic Response
Capabilities for Terrorism Involving Weapons of Mass Destruction (aka
Gilmore Commission), IV. Implementing the National Strategy (Dec.15,
2002), p. 37.
[54] Ruth David, Homeland Security: Building a National Strategy, The
Bridge, 32, 1 (Spring, 2002), p. 3; David McIntyre, The National
Strategy for Homeland Security: Finding the Path Among the Trees, ANSER
Institute for Homeland Security, (July 19, 2002), pp. 4-5.
[55] By "partnering," we refer to shared, or joint, responsibilities
among implementing parties where there is otherwise no clear or
established hierarchy of lead and support functions.
[56] 31 U.S.C. 5341(b)(2), (4), (5) and (11).
[57] See P.L. 107-296, sec. 102(c), (f).
[58] Anti-Drug Abuse Act of 1988, P.L. 100-690, sec. 1005(b)(2).
[59] See generally Homeland Security Presidential Directive/HSPD-6,
Integration and Use of Screening Information, Sept. 16, 2003; Homeland
Security Presidential Directive/HSPD-7, Critical Infrastructure
Identification, Prioritization, and Protection, Dec. 17, 2003;
Presidential Decision Directive/NSC-63, Critical Infrastructure
Protection, May 22, 1998; National Security Decision Directive/NSDD-
207, The National Program for Combating Terrorism, Jan. 20, 1986;
Executive Order 13228, Establishing the Office of Homeland Security and
the Homeland Security Council, Oct. 8, 2001; and Homeland Security
Presidential Directive/HSPD-1, Organization and Operation of the
Homeland Security Council, Oct. 29, 2001.
[60] See GAO-03-519T, pp. 15-16; and GAO-02-621T, p. 3.
[61] First Annual Report to The President and The Congress of the
Advisory Panel To Assess Domestic Response Capabilities For Terrorism
Involving Weapons of Mass Destruction (aka Gilmore Commission), I:
Assessing the Threat (December 15, 1999), pp. x-xi; Ruth David,
Homeland Security: Building a National Strategy, The Bridge, 32,1
(Spring, 2002), p. 5; Michael E. O'Hanlon et al., Protecting the
American Homeland: One Year On, Brookings Institution, 2003, p. xxv.
[62] 31 U.S.C. 5341(b)(4), (5), and (11).
[63] Anti-Drug Abuse Act of 1988, P.L. 100-690, sec. 1005(b)(6).
[64] See Homeland Security Presidential Directive/HSPD-7, Critical
Infrastructure Identification, Prioritization, and Protection, Dec.
17, 2003.
[65] Executive Order 13228, Establishing the Office of Homeland
Security and the Homeland Security Council, sec. 3(b)(ii), Oct. 8,
2001.
[66] See GAO-02-1122T, p. 12; and GAO-03-260, p. 38.
[67] Fifth Annual Report to The President and The Congress of the
Advisory Panel To Assess Domestic Response Capabilities For Terrorism
Involving Weapons of Mass Destruction (aka Gilmore Commission), V:
Forging America's New Normalcy, December, 15, 2003, pp. i, iv; David
McIntyre, the National Strategy for Homeland Security: Finding the Path
Among the Trees, The ANSER Institute for Homeland Security, 2002, p. 7.
