Information Technology

Major Federal Networks That Support Homeland Security Functions Gao ID: GAO-04-375 September 17, 2004

A key information systems challenge in homeland security is ensuring that essential information is shared in a timely and secure manner among disparate parties in federal, state, and local governments, and in the private sectors. This requires communications networks that provide information-sharing capabilities between the various levels of government--federal, state, and local. GAO's objective was to identify and describe, through agency reporting, major networks and examples of applications that the agencies considered important in supporting their homeland security functions. (For purposes of this review, GAO defined networks as "the data communication links that enable computer systems to communicate with each other.") GAO corroborated agency-provided information about networks used by multiple agencies. While agencies verified the accuracy of the data about their networks, GAO cannot ensure that agencies provided data on all applicable networks. In commenting on a draft of this report, seven of the nine agencies generally concurred with the facts contained in this report. Technical comments were incorporated as appropriate. Two agencies declined to comment.

Nine agencies identified 34 major networks that support homeland security functions--32 that are operational and 2 that are being developed. Of these 34, 21 are single-agency networks designed for internal agency communications. Six of the 34 are used to share information with state and local governments; 4 share information with the private sector. The Department of Homeland Security is in the process of developing the new Homeland Secure Data Network. It is intended to become a significant vehicle for the sharing of homeland security information with state and local governments and classified information among civilian agencies. Agencies also provided examples of more than 100 major applications that support homeland security mission areas.



GAO-04-375, Information Technology: Major Federal Networks That Support Homeland Security Functions This is the accessible text file for GAO report number GAO-04-375 entitled 'Information Technology: Major Federal Networks That Support Homeland Security Functions' which was released on September 17, 2004. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Requesters: September 2004: INFORMATION TECHNOLOGY: Major Federal Networks That Support Homeland Security Functions: GAO-04-375: GAO Highlights: Highlights of GAO-04-375, a report to the Chairman, Senate Committee on Govern- mental Affairs; the Chairman, House Committee on Government Reform, and the Chairman of its Subcommittee on Technology, Information Policy, Inter-governmental Relations and the Census: Why GAO Did This Study: A key information systems challenge in homeland security is ensuring that essential information is shared in a timely and secure manner among disparate parties in federal, state, and local governments, and in the private sectors. This requires communications networks that provide information-sharing capabilities between the various levels of government”federal, state, and local. GAO‘s objective was to identify and describe, through agency reporting, major networks and examples of applications that the agencies considered important in supporting their homeland security functions. (For purposes of this review, GAO defined networks as ’the data communication links that enable computer systems to communicate with each other.“) GAO corroborated agency-provided information about networks used by multiple agencies. While agencies verified the accuracy of the data about their networks, GAO cannot ensure that agencies provided data on all applicable networks. In commenting on a draft of this report, seven of the nine agencies generally concurred with the facts contained in this report. Technical comments were incorporated as appropriate. Two agencies declined to comment. What GAO Found: Nine agencies identified 34 major networks that support homeland security functions”32 that are operational and 2 that are being developed (see table). Of these 34, 21 are single-agency networks designed for internal agency communications. Six of the 34 are used to share information with state and local governments; 4 share information with the private sector. Numbers of Major Federal Homeland Security Networks: [See PDF for image] Source: GAO analysis of agency data. [A] Excludes classified networks that are not publicly acknowledged. [B] Secret (5), Top Secret (2). [C] Secret. [End of table] The Department of Homeland Security is in the process of developing the new Homeland Secure Data Network. It is intended to become a significant vehicle for the sharing of homeland security information with state and local governments and classified information among civilian agencies. Agencies also provided examples of more than 100 major applications that support homeland security mission areas. The following table describes 3 of 18 applications that GAO selected to illustrate the range of applications used to support the various homeland security mission areas. Three Network Applications That Provide Homeland Security Functions: [See PDF for image] Source: GAO analysis of agency data. [A] Used by other agencies as well. [End of table] www.gao.gov/cgi-bin/getrpt?GAO-04-375. To view the full product, including the scope and methodology, click on the link above. For more information, contact David A. Powner at (202) 512-9286 or pownerd@gao.gov. [End of section] Contents: Letter: Agency Comments and Our Evaluation: Appendixes: Appendix I: Briefing Provided to Staff of Congressional Requesters: Appendix II: Comments from the Department of Agriculture: Appendix III: Comments from the Department of the Treasury: Appendix IV: Comments from the Department of Homeland Security: Appendix V: Comments from the Department of Health and Human Services: Abbreviations: APHIS: Animal and Plant Health Inspection Service: CDC: Centers for Disease Control and Prevention: DHS: Department of Homeland Security: DOD: Department of Defense: DOE: Department of Energy: DOJ: Department of Justice: EPA: Environmental Protection Agency: FBI: Federal Bureau of Investigations: FDA: Food and Drug Administration: FEMA: Federal Emergency Management Agency: FSIS: Food Safety Inspection Service: HHS: Department of Health and Human Services: HSDN: Homeland Secure Data Network: HUMINT: human intelligence: IC: intelligence community: JUTNet: Justice United Telecommunications Network: JWICS: Joint Worldwide Intelligence Communications System: LAN: local area network: NIPRNet: Non-Classified Internet Protocol Router Network: OIG: Office of Inspector General: SBU: sensitive but unclassified: SIPRNet: Secret Internet Protocol Router Network: USDA: Department of Agriculture: VPN: virtual private network: WAN: wide area network: Letter September 17, 2004: The Honorable Susan M. Collins: Chairman, Committee on Governmental Affairs: United States Senate: The Honorable Tom Davis: Chairman, Committee on Government Reform: House of Representatives: The Honorable Adam H. Putnam: Chairman, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census: House of Representatives: As you know, one of the information systems challenges in the homeland security area is ensuring that critical information is shared in a timely and secure manner with a variety of parties in federal, state, and local governments, as well as in the private sector. It is important that federal networks meet the vital communications needs of effective homeland security, and do so in an efficient manner that includes information sharing between the various levels of government. You asked us to identify the major networks and examples of applications that are operational or being developed by federal agencies to share information in support of homeland security functions.[Footnote 1] We conducted work at the federal agencies that have major roles in supporting these homeland security functions and asked agency officials to identify and describe the networks and major applications considered most important in supporting the homeland security functions for which they are responsible. We obtained and analyzed information from 9 agencies on 34 different networks and over 100 applications. We conducted our work from January through July 2004, in accordance with generally accepted government auditing standards. On July 30, we provided your offices with briefing information on the results of this review. The purpose of this letter is to provide the published briefing materials to you. (See app. I.) In summary, we identified 34 major networks that support homeland security functions--32 operational and 2 in development. Twenty-one of the 34 are single-agency networks, indicating that they are used only for internal agency communications. Further, 6 of the 34 networks share information with state and local governments; 4 share information with the private sector. One of the 2 networks under development--the Department of Homeland Security's (DHS) Homeland Secure Data Network-- is intended to become a significant vehicle for future sharing of homeland security information with state and local governments and classified information among civilian agencies. The other network in development, the Department of Justice's JUTNet (Justice United Telecommunications Network), is to replace the department's existing network and transport information among departmental components. Agencies also identified the Internet as a major network for supporting homeland security functions. Cost data were not available for all networks, but of the networks for which data were available, estimates totaled about $1 billion per year for fiscal years 2003 and 2004. In addition, agencies provided descriptions of over 100 applications as examples of those that use existing networks, including the Internet, to share information in support of homeland security. For example, DHS's United States Visitor and Immigrant Status Indicator Technology (US-VISIT) collects, maintains, and shares information on foreign nationals with the Departments of Commerce, Justice, State, and Transportation using its ICENet (Immigration and Customs Enforcement Network). And, the Department of Defense's Modernized Intelligence Data Base supports anti-terrorist activities through near-real-time, synchronized dissemination of military intelligence using its JWICS (Joint Worldwide Intelligence Communications System) network. Agency Comments and Our Evaluation: We received written comments on a draft of this report from the Director, Departmental GAO/OIG Liaison at the Department of Homeland Security, the Chief Counsel to the Inspector General at the Department of Health and Human Services (HHS), the Deputy Assistant Secretary and Chief Information Officer at the Department of the Treasury, and the Chief Information Officer at the Department of Agriculture (USDA). These four agencies generally concurred with the facts contained in our report. DHS officials provided technical comments generally consisting of changes to descriptive information, which we incorporated as appropriate. HHS officials provided information on another network it felt should have been included, which we incorporated as appropriate. It also provided additional examples of applications related to homeland security, which we did not include because we had already reported significant examples of applications. The Departments of Defense and Justice, and the Environmental Protection Agency, provided oral comments stating that they concurred with the facts in the report. The Departments of State and Energy declined to comment. Written comments for DHS, HHS, Treasury, and USDA are reproduced in appendices II through V. Regarding our statement that the initial DHS enterprise architecture does not include many of the networks we identified, DHS stated that the initial enterprise architecture supported internal business processes and systems and that future versions will address federal and other business partners external to DHS. Regarding the Homeland Secure Data Network, the department agreed with our finding that it is a significant initiative for the sharing of classified homeland security information and that it has developed a program plan to allow for future expansion of this effort. Treasury officials raised concerns regarding the sensitivity of information related to the networks and applications described in this report. We have been cognizant of the sensitivity of this information during the course of this engagement and have asked the agencies to review the report for information they deem too sensitive for public release, which they have done. The information in this report has been approved for public release by the agencies responsible for their specific networks. As agreed with your offices, unless you publicly announce its contents earlier, we plan no further distribution of this report until 30 days from the date on the report. At that time, we will send copies of the report to the Chairmen and Ranking Minority Members of other Senate and House committees and subcommittees having authorization and oversight responsibilities for homeland security. We will also send copies to the Secretary of Homeland Security and to the other agencies that participated in our review. In addition, the report will be available at no charge on the GAO Web site at [Hyperlink, http://www.gao.gov]. Should you or your offices have any questions about matters discussed in this report, please contact me at (202) 512-9286 or by e-mail at [Hyperlink, pownerd@gao.gov]. You may also contact M. Yvonne Sanchez, Assistant Director, at (202) 512-6274 or by e-mail at [Hyperlink, sanchezm@gao.gov]. Major contributors to this report also included James C. Houtz, M. Saad Khan, Nicholas H. Marinos, Teresa F. Tucker, and William F. Wadsworth. Signed by: David A. Powner: Director, Information Technology Management Issues: [End of section] Appendixes: Appendix I: Briefing Provided to Staff of Congressional Requesters: [See PDF for image] [End of slide presentation] [End of section] Appendix II: Comments from the Department of Agriculture: United States Department of Agriculture: Office of the Chief Information Officer: 1400 Independence Avenue SW: Washington, DC 20254: August 25, 2004: David A. Powner, Director: Information Technology Management Issues: General Accounting Office: Dear Mr. Powner: The United States Department of Agriculture (USDA) has reviewed draft report number GAO-04-375 entitled "INFORMATION TECHNOLOGY: Major Federal Networks That Support Homeland Security Functions" and is in agreement with the facts as they relate to USDA. Thank you for the opportunity to review and comment on the draft report. If additional information is needed, please contact Marilyn Rolland of my staff on (202) 720-6275. Sincerely, Signed by: Scott Charbo: Chief Information Officer: [End of section] Appendix III: Comments from the Department of the Treasury: DEPARTMENT OF THE TREASURY: WASHINGTON, D.C. 20220: SEP 2 2004: Mr. David A. Powner: Director: Information Technology Management Issues: General Accounting Office: 441 G Street, NW, Room 5T37: Washington, DC 20548: Dear David: Thank you for the opportunity to review and to comment on your draft report entitled "Information Technology" Major Federal Networks That Support Homeland Security Functions" (Report #GAO-04-375). I concur with the GAO's findings and its assessment. In reviewing the document, however, I have a concern over acknowledging the location and path used for the Department of Homeland Security (DHS) specific programs. Publicly documenting, in one document, where major DHS applications are operated and how they are connected may present a significant physical and electronic risk and cause them to become more significant targets. The major Treasury contributor to DHS support is the Treasury Communications System (TCS). TCS's network services are used to transport data related to combating terrorist financial. It also transports information to support the homeland security activities of several law enforcement agencies that transitioned either to DHS or the Department of Justice. It is also the medium of transport for the DHS's Treasury Enforcement Communications System, and the Treasury's PATROIT Act Communications System (Financial Crimes Enforcement Network). The Treasury TCS network is a secure enterprise network providing Treasury secure Internet, Intranet and e-mail services and continues to provide these services to both Treasury and other federal agencies. We are proud of the diverse, redundant, secure, and survivable TCS that we have improved on since 9-11. Finally, I want to underscore my commitment to supporting the Homeland security functions of Treasury and that of DHS. If you have any questions regarding our comments, please contact me at 202-622-1200 or via email at ira.hobbs@ do.treas.gov. Sincerely, Signed for: Ira L. Hobbs: Deputy Assistant Secretary and Chief Information Officer: [End of section] Appendix IV: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: September 8, 2004: Mr. David A. Powner: Director, Information Technology Management Issues: General Accounting Office: Washington, DC 20548: Dear Mr. Powner: Re: Draft Report GAO-04-375, Information Technology, Major Federal Networks that Support Homeland Security Functions (GAO Job Code 310459): Thank you for the opportunity to review the findings referenced in the draft report. In the review of federal networks, GAO highlighted that the initial Department of Homeland Security (DHS) Enterprise Architecture (EA) does not include many of the networks external to DHS that support information sharing between federal agencies and other entities. When the Department was formed in March of 2003, we began our initial efforts around EA. Version 1.0 of the DHS EA was developed in approximately four months from essentially a "clean sheet of paper." The focus of the initial DHS EA was to primarily support transformation of internal DHS business processes and systems. Subsequent versions of our EA will increasingly address federal and other partners external to DHS essential to support the homeland security mission. Version 2.0 of our EA is scheduled for release this fall. Additionally, the report noted that the DHS Homeland Secure Data Network (HSDN) could serve as a significant initiative for sharing of classified homeland security information among civilian agencies. The Department is in agreement with your findings; and to that end has developed the HSDN program plan to allow for the expansion of the network to any federal agency with a need to share classified homeland security information. DHS has begun preliminary discussions with a significant number of federal agencies on the possibility of meeting their technical requirements for classified network services. Administration policy on this topic, allocation of resources, and schedules to meet agreed to requirements are still in the formative stage. The Department anticipates increased clarity and firm plans for other federal agency participation in HSDN to be completed over the next six months. Per our discussion, this assumes incorporation of our technical comments which were provided to you under separate cover. We thank you again for the opportunity to provide comments on the findings in this report. Sincerely, Signed by: Anna F. Dixon: Director: Departmental GAO/OIG Liaison: Office of the Chief Financial Officer: [End of section] Appendix V: Comments from the Department of Health and Human Services: DEPARTMENT OF HEALTH & HUMAN SERVICES: Office of Inspector General: Washington, D.C. 20201: SEP 2 2004: David A. Powner: Director, Information Technology Management Issues: United States Government Accountability Office: Washington, D.C. 20548: Dear Mr. Powner: Enclosed are the Department's comments on your draft report entitled, "Information Technology: Major Federal Networks That Support Homeland Security Functions" (GAO-04-375). The comments represent the tentative position of the Department and are subject to reevaluation when the final version of this report is received. The Department provided several technical comments directly to your staff. The Department appreciates the opportunity to comment on this draft report before its publication. Sincerely, Signed by: Lewis Morris: Chief Counsel to the Inspector General: Enclosure: The Office of Inspector General (OIG) is transmitting the Department's response to this draft report in our capacity as the Department's designated focal point and coordinator for Government Accountability Office reports: OIG has not conducted an independent assessment of these comments and therefore expresses no opinion on them. COMMENTS OF THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) ON THE GOVERNMENT ACCOUNTABILITY OFFICE'S (GAO) DRAFT REPORT "INFORMATION TECHNOLOGY: MAJOR FEDERAL NETWORKS THAT SUPPORT HOMELAND SECURITY FUNCTIONS" (GAO-04-375): HHS appreciates the opportunity to review the GAO draft report. HHS's Food and Drug Administration (FDA) has several networks that support homeland security functions which were not included in the report. FDA maintains four assets in its Critical Infrastructure Protection (CIP) inventory: (1) Regulatory Management System (RMS); (2) FDA Operational and Administrative System Import Support (OASIS); (3) CFSAN Adverse Event Reporting System (CAERS); and (4) CDER Adverse Event Reporting System (AERS). These assets were identified in a collaborative process with FDA, HHS, and the Department of Homeland Security (DHS). In fact, DHS viewed these assets as the top four for all of HHS. Each of these assets runs over the FDA network, much like that of the Centers for Disease Control and Prevention (CDC). In fact, a description of the "FDA Wide Area Network" would be essentially identical to CDC's (page 49 of the report), except for mention of FDA's specific homeland security functions in support of import approval, health warning information alerts, biologics marketing approval, and post-market drug and biologics health warning regulatory communications. GAO Comment: Agencies identified over 100 examples of major applications that support the homeland security missions areas; we selected 18 examples to illustrate the range of applications that are used across Federal agencies. HHS Response: The report did not specifically list the "examples of more than 100 major applications" (page 10, bullet 5); therefore, it is not clear that the systems identified below were included in the GAO assessment/ inventory. * Field Accomplishments and Compliance Tracking System (FACTS) - Automated FDA system for tracking FDA operations such as domestic field and compliance activities, foreign inspections, and domestic and import sample analyses. * Food Firm Registration Module (FFRM) - FDA system which requires domestic and foreign facilities that manufacture/process, pack, or hold food for human or animal consumption to register their facility under Section 305 of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002. Registration is one of several tools which will enable FDA to act quickly in responding to a threatened or actual terrorist attack on the U.S. food supply by giving FDA information about these facilities. In the event of an outbreak of foodborne illness, such information will help FDA and other authorities determine the source and cause of the event, and in the future may enable FDA to quickly notify the facilities that might be affected by the outbreak. * Prior Notice System Interface (PNSI) and the Automated Broker Interface of the Automated Commercial System (ABI/ACS) - Import shipment information submitted to FDA that allows information pertaining to FDA-regulated shipments of food for humans and animals be reviewed in advance of the food being imported into the U.S. (unless the food is excluded from Prior Notice requirements of Section 307 of the Bioterrorism Act of 2002). * The Electronic Laboratory Exchange Network (eLEXNET) - A seamless, integrated, secure system that allows multiple government agencies engaged in food safety activities to compare, communicate, and coordinate laboratory analysis findings. This network provides the necessary infrastructure for an early-warning system that identifies potentially hazardous foods and enables health officials to assess risks and analyze trends. This network is funded by FDA and supported by the U.S. Department of Agriculture and the Department of Defense. * Food Emergency Response Network (FERN) - Cooperative expansion of eLEXNET system to encompass a nationwide network of Federal and State laboratories capable of analyzing foods for agents of concern. * FDA Emergency Operations Network (EON) - EON, with the Incident Management System (IMS) as its cornerstone, provides a central hub for exchanging and relaying emergency-related information among FDA offices and external stakeholders. EON IMS brings together individual commercial off-the-shelf software (COTS) solutions supporting incident tracking, contact management, collaboration and knowledge tool management, Geographic Information System (GIS), and email into an integrated web-based application to facilitate the management and organization of the large volume of incident information. The system is cited specifically in FDA's annual performance plan in support of the agency's counter-terrorism goals and is developed in accordance with HSPD-5, "Management of Domestic Incidents" and establishment of a National IMS. [End of section] (310473): FOOTNOTES [1] We defined "homeland security" and its related functions according to the Department of Homeland Security's National Strategy for Homeland Security (July 2002). It defines homeland security as "a concerted national effort to prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, and minimize the damage and recover from attacks that occur." GAO's Mission: The Government Accountability Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548:

The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.