Maritime Security

Information-Sharing Efforts Are Improving Gao ID: GAO-06-933T July 10, 2006

Sharing information with nonfederal officials is an important tool in federal efforts to secure the nation's ports against a potential terrorist attack. The Coast Guard has lead responsibility in coordinating maritime information sharing efforts. The Coast Guard has established area maritime security committees--forums that involve federal and nonfederal officials who identify and address risks in a port. The Coast Guard and other agencies have sought to further enhance information sharing and port security operations by establishing interagency operational centers--command centers that tie together the efforts of federal and nonfederal participants. This testimony is a summary and update to our April 2005 report, Maritime Security: New Structures Have Improved Information Sharing, but Security Clearance Processing Requires Further Attention, GAO-05-394. It discusses the impact the committees and interagency operational centers have had on improving information sharing and identifies any barriers that have hindered information sharing.

Area maritime security committees provide a structure that has improved information sharing among port security stakeholders. At the four port locations GAO visited, federal and nonfederal stakeholders said that the newly formed committees were an improvement over previous information-sharing efforts. The types of information shared included assessments of vulnerabilities at port locations and strategies the Coast Guard intends to use in protecting key infrastructure. GAO's ongoing work indicates that these committees continue to be useful forums for information sharing. Interagency operational centers also allow for even greater information sharing because the centers operate on a 24-hour-a-day basis, and they receive real-time information from data sources such as radars and sensors. The Coast Guard has developed its own centers--called sector command centers--at 35 port locations to monitor information and to support its operations planned for the future. As of today, the relationship between the interagency operational centers and the sector command centers remains to be determined. In April 2005 the major barrier hindering information sharing was the lack of federal security clearances for nonfederal members of committees or centers. In April 2005, Coast Guard issued guidance to field offices that clarified their role in obtaining clearances for nonfederal members of committees or centers. In addition, the Coast Guard did not have formal procedures that called for the use of data to monitor application trends. As of June 2006, guidance was put in place and according to the Coast Guard, was responsible for an increase in security clearance applications under consideration by the Coast Guard. Specifically, as of June 2006, 188 out of 467 nonfederal members of area maritime security committees with a need to know received some type of security clearance. This is an improvement from February 2005, when no security clearances were issued to 359 nonfederal members of area maritime security committees members with a need to know security information.

GAO-06-933T, Maritime Security: Information-Sharing Efforts Are Improving This is the accessible text file for GAO report number GAO-06-933T entitled 'Maritime Security: Information-Sharing Efforts are Improving' which was released on July 10, 2006. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony before the Subcommittee on Government Management, Finance, and Accountability, Committee on Government Reform, House of Representatives: United States Government Accountability Office: GAO: For Release on Delivery Expected at 1:00 p.m. EDT: Monday, July 10, 2006: Maritime Security: Information-Sharing Efforts Are Improving: Statement of Stephen L. Caldwell, Acting Director Homeland Security and Justice Issues: Maritime Security: GAO-06-933T: GAO Highlights: Highlights of GAO-06-933T, a testimony before the Subcommittee on Government Management, Finance, and Accountability of the Committee on Government Reform, U.S. House of Representatives Why GAO Did This Study: Sharing information with nonfederal officials is an important tool in federal efforts to secure the nation‘s ports against a potential terrorist attack. The Coast Guard has lead responsibility in coordinating maritime information sharing efforts. The Coast Guard has established area maritime security committees”forums that involve federal and nonfederal officials who identify and address risks in a port. The Coast Guard and other agencies have sought to further enhance information sharing and port security operations by establishing interagency operational centers”command centers that tie together the efforts of federal and nonfederal participants. This testimony is a summary and update to our April 2005 report, Maritime Security: New Structures Have Improved Information Sharing, but Security Clearance Processing Requires Further Attention, GAO-05- 394. It discusses the impact the committees and interagency operational centers have had on improving information sharing and identifies any barriers that have hindered information sharing. What GAO Found: Area maritime security committees provide a structure that has improved information sharing among port security stakeholders. At the four port locations GAO visited, federal and nonfederal stakeholders said that the newly formed committees were an improvement over previous information-sharing efforts. The types of information shared included assessments of vulnerabilities at port locations and strategies the Coast Guard intends to use in protecting key infrastructure. GAO‘s ongoing work indicates that these committees continue to be useful forums for information sharing. Interagency operational centers also allow for even greater information sharing because the centers operate on a 24-hour-a-day basis, and they receive real-time information from data sources such as radars and sensors. The Coast Guard has developed its own centers”called sector command centers”at 35 port locations to monitor information and to support its operations planned for the future. As of today, the relationship between the interagency operational centers and the sector command centers remains to be determined. In April 2005 the major barrier hindering information sharing was the lack of federal security clearances for nonfederal members of committees or centers. In April 2005, Coast Guard issued guidance to field offices that clarified their role in obtaining clearances for nonfederal members of committees or centers. In addition, the Coast Guard did not have formal procedures that called for the use of data to monitor application trends. As of June 2006, guidance was put in place and according to the Coast Guard, was responsible for an increase in security clearance applications under consideration by the Coast Guard. Specifically, as of June 2006, 188 out of 467 nonfederal members of area maritime security committees with a need to know received some type of security clearance. This is an improvement from February 2005, when no security clearances were issued to 359 nonfederal members of area maritime security committees members with a need to know security information. Figure: Harbor Patrols Coordinated by Interagency Operational Centers: [See PDF for Image] Source: GAO> [End of Figure] [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-933T]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Stephen L. Caldwell at (202) 512-9610 or CaldwellS@gao.gov. [End of Section] Mr. Chairman and Members of the Subcommittee: I am pleased to be here today to discuss the improvements made in the practice of sharing maritime-related security information. Securing the nation's ports against a potential terrorist attack has become one of the nation's security priorities since the terrorist attacks of September 11, 2001. Factors that make ports vulnerable to a terrorist attack include their location near major urban centers, their inclusion of critical infrastructures such as oil refineries and terminals, and their importance to the nation's economy and trade. Although no port- related terrorist attacks have occurred in the United States, terrorists overseas have demonstrated their ability to access and destroy infrastructure, assets, and lives in and around seaports. Ports are sprawling enterprises that often cross jurisdictional boundaries; therefore, the need to share information among federal, state, and local agencies is central to effective prevention and response. Since the September 11 terrorist attacks, the federal government has taken a number of approaches designed to enhance information sharing.[Footnote 1] One of these approaches provides the Coast Guard with the authority to create area maritime security committees at the port level.[Footnote 2] These committees--with representatives from the federal, state, local, and private sectors-- offer a venue to identify and deal with vulnerabilities in and around ports, as well as a forum for sharing information on issues related to port security. Another approach developed to share information is the creation of interagency operational centers at certain port locations.[Footnote 3] These centers are command posts that tie together intelligence and operational efforts of various federal and nonfederal participants. Often information regarding port security is classified, and requires security clearances for those who need access to this information. Lacking access to such information through a security clearance can disadvantage officials in their efforts to respond to or combat a terrorist threat. My testimony today is a summary of and update to our April 2005 report, Maritime Security: New Structures Have Improved Information Sharing, but Security Clearance Processing Requires Further Attention, GAO-05- 394. That report provides additional background and examples related to our findings. Specifically, my testimony provides an examination of the efforts that the Coast Guard and other federal agencies have made in improving information sharing among federal, state, local, and industry stakeholders, including (1) the impact of area maritime security committees on information sharing, (2) the impact of interagency operational centers on information sharing, and (3) the barriers, if any, that have hindered improvements in information sharing among port security stakeholders. To obtain this information, we reviewed the activities of area maritime security committees at four ports, selected to provide a diverse sample of security environments and perspectives. The ports were Baltimore, Maryland; Charleston, South Carolina; Houston, Texas; and Seattle, Washington. To review the activities of the interagency operational centers, we visited and interviewed participants at the three centers in operation at the time of our published report. We also discussed information-sharing issues with nonfederal stakeholders, including private sector officials, officials from port authorities, and local law enforcement. We examined the Coast Guard's procedures for processing security clearances for members of area maritime security committees. We reviewed legislation and congressional committee reports related to information sharing, interviewed agency officials, and reviewed numerous other documents and reports on the issue. We interviewed Coast Guard officials involved in sharing information and received updated information about their efforts in 2006. All of our work has been conducted in accordance with generally accepted government auditing standards. Summary: Judging from the four ports we visited for our 2005 report, area maritime security committees have provided a structure to improve the timeliness, completeness, and usefulness of information sharing between federal and nonfederal stakeholders. Stakeholders said the newly formed committees were an improvement over previous information-sharing efforts because they established a formal structure for communicating information and established new procedures for sharing information. Stakeholders stated that, among other things, the committees have been used as a forum for sharing assessments of vulnerabilities, providing information on illegal or suspicious activities, and providing input on portwide security plans--called area maritime security plans--that describe the joint strategies of the Coast Guard and its partner agencies for protecting key infrastructure against terrorist activities. Nonfederal stakeholders, including state officials, local port authority operators, and representatives of private companies, said the information sharing had increased their awareness of security issues around the port and allowed them to identify and address security issues at their facilities. Likewise, Coast Guard officials said the information they received from nonfederal participants had helped in mitigating and reducing risks. While committees at each of the locations we visited had the same guidance, they varied in such ways as the size of the membership and the types of stakeholders represented. The three interagency operational centers we visited for our 2005 report allow for even greater information sharing because the centers operate 24 hours a day and receive real-time operational information from radars, sensors, and cameras, as well as classified data on personnel, vessels, and cargo, according to center participants. In contrast, the area maritime security committees, while they have a broader membership, primarily provide information through meetings, documents, and other means that are often used for long-term planning purposes rather than day-to-day operations. The three operational interagency centers and two additional centers under construction should fulfill varying missions and operations, and thus share different types of information. For example, the center in Charleston, South Carolina, focuses on port security alone and is led by the Department of Justice (DOJ). In contrast, the center in San Diego supports the Coast Guard's missions beyond port security, including drug interdiction, alien migrant interdiction, and search and rescue activities, and is led by the Coast Guard. The Coast Guard also has developed its own operational centers--called sector command centers-- at 35 port locations, including four sector command centers with enhanced surveillance and collaboration capabilities,[Footnote 4] to monitor maritime information and to support Coast Guard operations. One barrier to sharing information--the lack of security clearances among nonfederal officials--is being addressed by the Coast Guard. In our April 2005 report, we noted that while information sharing has generally improved, a major barrier mentioned most frequently by stakeholders as hindering information sharing was the lack of federal security clearances among port security stakeholders. This lack of security clearances may limit the ability of state, local, and industry officials, such as those involved in area maritime security committees or interagency operational centers, to deter, prevent, and respond to a potential terrorist attack. By February 2005--or over 4 months after the Coast Guard had developed a list of 359 nonfederal area maritime security committee participants as having a need for a security clearance--only 28 had submitted the necessary paperwork for the background check. As of June 2006, Coast Guard identified 467 nonfederal area maritime security committee participants with a need to know security information. Of the 467 nonfederal participants, 197 security clearance applications were received--20 received interim clearances, and 168 received final security clearances. Therefore, according to the Coast Guard, 188 out of 467 area maritime security committee participants with a need to know have received some type of clearance. Although we reported in 2005 that progress in moving these officials through the application process had been slow, it appears that as of June 2006, the Coast Guard's efforts have improved considerably. However, continued management attention and guidance about the security clearance process would strengthen the program, and it would reduce the risk that nonfederal officials may have incomplete information as they carry out their law enforcement activities. Background: Ports Are Important and Vulnerable: Ports play an important role in the nation's economy and security. Ports are used to import and export cargo worth hundreds of billions of dollars; generating jobs, both directly and indirectly, for Americans and our trading partners. Ports, which include inland waterways, are used to move cargo containers, and bulk agricultural, mineral, petroleum, and paper products. Ports are also important to national security by hosting naval bases and vessels and facilitating the movement of military equipment and supplying troops deployed overseas. Since the terrorist attacks of September 11, the nation's 361 seaports have been increasingly viewed as potential targets for future terrorist attacks. Ports are vulnerable because they are sprawling, interwoven with complex transportation networks, close to crowded metropolitan areas, and easily accessible. Ports contain a number of specific facilities that could be targeted by terrorists, including military vessels and bases, cruise ships, passenger ferries, terminals, dams and locks, factories, office buildings, power plants, refineries, sports complexes, and other critical infrastructure. Multiple Jurisdictions Are Involved: The responsibility for protecting ports from a terrorist attack is a shared responsibility that crosses jurisdictional boundaries, with federal, state, and local organizations involved. For example, at the federal level, the Department of Homeland Security (DHS) has overall homeland security responsibility, and the Coast Guard, an agency of the department, has lead responsibility for maritime security. Port authorities provide protection through designated port police forces, private security companies, and coordination with local law enforcement agencies. Private sector stakeholders play a major role in identifying and addressing the vulnerabilities in and around their facilities, which may include oil refineries, cargo facilities, and other property adjacent to navigable waterways. Information Sharing Is Important: Information sharing among federal, state, and local officials is central to port security activities. The Homeland Security Act of 2002 recognizes that the federal government relies on state and local personnel to help protect against terrorist attacks, and these officials need homeland security information to prevent and prepare for such attacks.[Footnote 5] Information sharing between federal officials and nonfederal officials can involve information collected by federal intelligence agencies. In order to gain access to classified information, state and local law enforcement officials generally need to apply for and receive approval to have a federal security clearance. As implemented by the Coast Guard, the primary criterion for granting access to classified information is an individual's need to know, which is defined as the determination made by an authorized holder of classified information that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized governmental function.[Footnote 6] To obtain a security clearance, an applicant must complete a detailed questionnaire that asks for information on all previous employment, residences, and foreign travel and contacts that reach back 7 years. After submitting the questionnaire, the applicant then undergoes a variety of screenings and checks. Area Maritime Security Committees: The Maritime Transportation Security Act, passed in the aftermath of the September 11 attacks and with the recognition that ports contain many potential security targets, provided for area maritime security committees--composed of federal, state, local, and industry members--to be established by the Coast Guard at ports across the country.[Footnote 7] A primary goal of these committees is to assist the local Captain of the Port--the senior Coast Guard officer who leads the committee--to develop a security plan--called an area maritime security plan--to address the vulnerabilities and risks in that port zone.[Footnote 8] The committees also serve as a link for communicating threats and disseminating security information to port stakeholders. As of June 2006, the Coast Guard organized 46 area maritime security committees, covering the nation's 361 ports.[Footnote 9] Interagency Operational Centers: Another approach at improving information sharing and port security operations involves interagency operational centers--command centers that bring together the intelligence and operational efforts of various federal and nonfederal participants. These centers are to provide intelligence information and real-time operational data from sensors, radars, and cameras at one location to federal and nonfederal participants 24 hours a day. These interagency operational centers represent an effort to improve awareness of incoming vessels, port facilities, and port operations. In general, these centers are jointly operated by federal and nonfederal law enforcement officials. The centers can have command and control capabilities that can be used to communicate information to vessels, aircraft, and other vehicles and stations involved in port security operations. Port-Level Information Sharing Supported by National-Level Intelligence: While area maritime security committees and interagency operational centers are port-level organizations, they are supported by, and provide support to, a national-level intelligence infrastructure. National-level departments and agencies in the intelligence and law enforcement communities may offer information that ultimately could be useful to members of area maritime security committees or interagency operational centers at the port level. These intelligence and law enforcement agencies conduct maritime threat identification and dissemination efforts in support of tactical and operational maritime and port security efforts, but most have missions broader than maritime activities as well. In addition, some agencies also have regional or field offices involved in information gathering and sharing.[Footnote 10] Area Maritime Security Committees Have Improved Information Sharing: Ports Reviewed Showed Improvements in Timeliness, Completeness, and Usefulness of Shared Information: Area maritime security committees have provided a structure to improve the timeliness, completeness, and usefulness of information sharing. A primary function served by the committees was to develop security plans for port areas--called area maritime security plans. The goal of these plans was to identify vulnerabilities to a terrorist attack in and around a port location and to develop strategies for protecting a wide range of facilities and infrastructure. In doing so, the committees established new procedures for sharing information by holding meetings on a regular basis, issuing electronic bulletins on suspicious activities around port facilities, and sharing key documents, including vulnerability assessments and the portwide security plan itself, according to committee participants. Also, participants noted that these committees allowed for both formal and informal stakeholder networking, which contributes to improvements in information sharing. Our continuing work on the Coast Guard and maritime security, while not specifically focused on information sharing, has continued to indicate that area maritime security committees are a useful tool for exchanging information. For example, we have done work at eight additional ports and found that stakeholders were still using the committees as a structured means to regularly share information about threat conditions and operational issues. In addition, Coast Guard personnel and port stakeholders are using the area maritime security committees to coordinate security and response training and exercises. Also, in the wake of Hurricane Katrina, Coast Guard officials shared information collaboratively through their area maritime security committees to determine when it was appropriate to close and then reopen a port for commerce. Committees Have Flexibility in Their Structure and in the Way in Which They Share Information: While the committees are required to follow the same guidance regarding their structure, purpose, and processes, each of the committees is allowed the flexibility to assemble and operate in a way that reflects the needs of its port area. Each port is unique in many ways, including the geographic area covered and the type of operations that take place there. These port-specific differences influence the number of members that participate, the types of state and local organizations that members represent, and the way in which information is shared. Interagency Operational Centers Have Also Improved Information Sharing: Centers Process and Share Information on Operations: Information sharing at interagency operational centers represents a step toward further improving information sharing, according to participants at the centers we visited. They said maritime security committees have improved information sharing primarily through a planning process that identifies vulnerabilities and mitigation strategies, as well as through development of two-way communication mechanisms to share threat information on an as-needed basis. In contrast, interagency operational centers can provide a continuous flow of information about maritime activities and involve various agencies directly in operational decisions using this information. Radar, sensors, and cameras offer representations of vessels and facilities. Other data are available from intelligence sources and include data on vessels, cargo, and crew. Greater information sharing among participants at these centers has also enhanced operational collaboration, according to participants. Unlike the area maritime security committees, these centers are operational in nature--that is, they have a unified or joint command structure designed to receive information and act on it. At the centers we visited, representatives from the various agencies work side by side, each having access to databases and other sources of information from their respective agencies. Officials said such centers help leverage the resources and authorities of the respective agencies. For example, if the Coast Guard determines that a vessel should be boarded and inspected, other federal and nonfederal agencies might join in the boarding to assess the vessel or its cargo, crew, or passengers for violations relating to their areas of jurisdiction or responsibility. Variations across Centers Affect Information Sharing: The types of information and the way information is shared vary at the centers we visited, depending on their purpose and mission, leadership and organization, membership, technology, and resources, according to officials at the centers. In our report of April 2005, we detailed three interagency operational centers at Charleston, South Carolina; Norfolk, Virginia; and San Diego, California. As of June 2006, the Coast Guard has two additional interagency command centers under construction in Jacksonville, Florida, and Seattle, Washington. Both are being established as Sector Command Centers--joint with the U.S. Navy--and are expected to be operational in 2006. Of the interagency centers we visited, the Charleston center had a port security purpose, so its missions were all security related. It was led by DOJ, and its membership included 4 federal agencies and 16 state and local agencies. The San Diego center had a more general purpose, so it had multiple missions to include not just port security, but search and rescue, environmental response, drug interdiction, and other law enforcement activities. It was led by the Coast Guard, and its membership included 2 federal agencies and 1 local agency. The Norfolk center had a port security purpose, but its mission was focused primarily on force protection for the Navy. It was led by the Coast Guard, and its membership included 2 federal agencies and no state or local agencies. As a result, the Charleston center shared information that focused on law enforcement and intelligence related to port security among a very broad group of federal, state, and local agency officials. The San Diego center shared information on a broader scope of activities (beyond security) among a smaller group of federal and local agency officials. The Norfolk center shared the most focused information (security information related to force protection) among two federal agencies. The centers also shared different information because of their technologies and resources. The San Diego and Norfolk centers had an array of standard and new Coast Guard technology systems and access to Coast Guard and various national databases, while the Charleston center had these as well as additional systems and databases. For example, the Charleston center had access to and shared information on Customs and Border Protection's databases on incoming cargo containers from the National Targeting Center. In addition, Charleston had a pilot project with the Department of Energy to test radiation detection technology that provided additional information to share. The Charleston center was funded by a special appropriation that allowed it to use federal funds to pay for state and local agency salaries. This arrangement boosted the participation of state and local agencies, and thus information sharing beyond the federal government, according to port stakeholders in Charleston. While the San Diego center also had 24-hour participation by the local harbor patrol, that agency was paying its own salaries. Coast Guard Continues to Develop Sector Command Centers at Ports: In April 2005, we reported that the Coast Guard planned to develop up to 40 of its own operational centers--called sector command centers--at additional ports. These command centers would provide local port activities with a unified command and improve awareness of the maritime domain through a variety of technologies. As of June 2006, the Coast Guard reported to us that 35 sector command centers have been created, and that these centers are the primary conduit for daily collaboration and coordination between the Coast Guard and its port partner agencies. The Coast Guard also reported that it has implemented a maritime monitoring system--known as the Common Operating Picture system--that fuses data from different sources.[Footnote 11] According to the Coast Guard, this system is the primary tool for Coast Guard commanders in the field to attain maritime domain awareness. In April 2005, we also reported that the Coast Guard requested in fiscal year 2006 over $5 million in funding to improve awareness of the maritime domain by continuing to evaluate the potential expansion of sector command centers to other port locations, and requested additional funding to train personnel in Common Operating Picture deployment at command centers and to modify facilities to implement the picture in command centers.[Footnote 12] In June 2006, the Coast Guard reported to us that no additional funding for this program was requested for fiscal year 2007. Coast Guard Report on Interagency Operational Centers: Congress directed the Coast Guard to report on the existing interagency operational centers, covering such matters as the composition and operational characteristics of existing centers and the number, location, and cost of such new centers as may be required to implement maritime transportation security plans and maritime intelligence activities.[Footnote 13] This report, called for by February 2005, was issued by the Coast Guard in April 2005. While the report addresses the information sought by Congress, the report did not define the relationship between interagency operational centers and the Coast Guard's own sector command centers. Port stakeholders reported to us the following issues as important factors to consider in any expansion of interagency operational centers: (1) purpose and mission--the centers could serve a variety of overall purposes, as well as support a wide number of specific missions; (2) leadership and organization--the centers could be led by several potential departments or agencies and be organized a variety of ways; (3) membership--the centers could vary in membership in terms of federal, state, local, or private sector participants and their level of involvement; (4) technology deployed--the centers could deploy a variety of technologies in terms of networks, computers, communications, sensors, and databases; and (5) resource requirements- -the centers could also vary in terms of resource requirements, which agency funds the resources, and how resources are prioritized. Other Ad Hoc Arrangements for Interagency Information-Sharing: Our work identified other interagency arrangements that facilitate information sharing and interagency operations in the maritime environment. One example is a predesignated single-mission task force, which becomes operational when needed. DHS established the Homeland Security Task Force, South-East--a working group consisting of federal and nonfederal agencies with appropriate geographic and jurisdictional responsibilities that have the mission to respond to any mass migration of immigrants affecting southeast Florida. When a mass migration event occurs, the task force is activated and becomes a full-time interagency effort to share information and coordinate operations to implement a contingency plan. Another example of an interagency arrangement for information sharing can occur in single-agency operational centers that become interagency to respond to specific events. For example, the Coast Guard has its own command centers for both District Seven and Sector Miami, located in Miami, Florida. While these centers normally focus on a variety of Coast Guard missions and are not normally interagency in structure, they have established protocols with other federal agencies, such as the U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement, to activate a unified or incident command structure should it be needed. These Coast Guard centers make it possible to host interagency operations because they have extra space and equipment that allow for surge capabilities and virtual connectivity with each partner agency. Interagency Information-Sharing Concerns Go Beyond Maritime Area: While our findings on maritime information sharing are generally positive, we have some concerns regarding interagency information sharing that go far beyond the maritime issue area. In January 2005, we designated information sharing for homeland security as a high-risk area because the federal government still faces formidable challenges in gathering, identifying, analyzing, and disseminating key information within and among federal and nonfederal entities.[Footnote 14] While we recognize the efforts that some agencies have undertaken to break out of information "silos" and better share information, we reported in 2006 that more than 4 years after September 11, the nation still lacks comprehensive policies and processes to improve the sharing of information that is critical to protecting our homeland.[Footnote 15] We made several recommendations to the Director of National Intelligence, who is now primarily responsible for this effort, to ensure effective implementation of congressional information sharing mandates. We continue to review agencies and programs that have the goal of improving information sharing among federal, state, and local partners. For example, we have ongoing work assessing DHS' efforts to enhance coordination and collaboration among interagency operations centers that operate around the clock to provide situational awareness. We plan to report on this later this year. Also, we have just begun work on state fusion centers--which are locations where homeland security- related information can be collected and analyzed--and their links to their relevant federal counterparts, which we plan to report on in 2007. Coast Guard Making Progress Granting Security Clearances: Lack of Security Clearances May Limit Ability to Confront Terrorist Threats: According to the Coast Guard and state and local officials we contacted for our 2005 report, the shared partnership between the federal government and state and local entities may fall short of its potential to fight terrorism because of the lack of security clearances. If state and local officials lack security clearances, the information they possess may be incomplete. According to Coast Guard and nonfederal officials, the lack of access to classified information may limit these officials' ability to deter, prevent, and respond to a potential terrorist attack. While security clearances for nonfederal officials who participate in interagency operational centers are sponsored by DOJ and DHS, the Coast Guard sponsors security clearances for members of area maritime security committees. For the purposes of our 2005 report, we examined in more detail the Coast Guard's efforts to address the lack of security clearances among members of area maritime security committees. Coast Guard Continues to Take Steps to Grant Additional Clearances to State, Local, and Industry Officials: In April 2005, we reported that as part of its effort to improve information sharing at ports, the Coast Guard initiated a program in July 2004 to sponsor security clearances for members of area maritime security committees, but nonfederal officials have been slow in submitting their applications for a security clearance. We also reported that as of February 2005, only 28 of 359 nonfederal committee members who had a need to know had submitted the application forms for a security clearance. As shown in table 1, as of June 2006, of the 467 nonfederal committee members who had a need to know, 197 had submitted security clearance applications--20 received interim clearances, and 168 were granted a final clearance, which allows access to classified material. Table 1: Comparison of February 2005 Coast Guard Data Regarding Security Clearances and June 2006 Coast Guard Data Regarding Security Clearances: Security clearance totals: Nonfederal committee members verified as needing clearances; February 2005: 359; June 2006: 467. Security clearance totals: Members who had submitted security clearance case paperwork; February 2005: 28 (8 percent of 359); June 2006: 197 (42 percent of 467). Security clearance totals: Members granted interim clearances pending final investigations from Office of Personnel Management; February 2005: 24 (7 percent of 359); June 2006: 20 (4 percent of 467). Security clearance totals: Members with final clearances at Secret level; February 2005: 0 (0 percent of 359); June 2006: 168 (36 percent of 467). Source: Coast Guard. [End of table] Data Are Being Used to More Effectively Manage the Security Clearance Program: A key component of a good management system is to have relevant, reliable, and timely information available to assess performance over time and to correct deficiencies as they occur. The Coast Guard has two databases that contain information on the status of security clearances for state, local, and industry officials. The first database is a commercial off-the-shelf system that contains information on the status of all applications that have been submitted to the Coast Guard Security Center, such as whether a security clearance has been issued or whether personnel security investigations have been conducted. We reported in April 2005 that the Coast Guard was testing the database for use by field staff, but had not granted field staff access to the database. As of June 2006, the Coast Guard granted access to this database--named Checkmate--to field staff. The second database--an internally developed spreadsheet on the area maritime committee participants--summarizes information on the status of the security clearance program, such as whether officials have submitted their application forms and whether they have received their clearances. We reported in 2005 that these Coast Guard has databases could be used to manage the state, local, and industry security clearance program, but that formal procedures for using the data as a management tool to follow up on possible problems at the national or local level to verify the status of clearances had not been developed by the Coast Guard. While it is unclear that the Coast Guard developed formal procedures, as of June 2006, the Coast Guard reported that it has developed guidance for using its data on committee participants. According to the Coast Guard, the guidance released to field commands regarding the state, local, and industry security clearance program clarified the process for nonfederal area maritime security committee members to receive clearances and specifically outlined responsibilities for working with applicants on completing required paperwork, including the application packages. The Coast Guard reported that as a result of this guidance, the number of received and processed security clearance packages for area maritime security committee members has increased. Concluding Observations: As we reported in April 2005, and reaffirm today, effective information sharing among members of area maritime security committees and participants in interagency operational centers can enhance the partnership between federal and nonfederal officials, and it can improve the leveraging of resources across jurisdictional boundaries for deterring, preventing, or responding to a possible terrorist attack at the nation's ports. The Coast Guard has recognized the importance of granting security clearances to nonfederal officials as a means to improve information sharing, and although we reported in 2005 that progress in moving these officials through the application process had been slow, it appears that as of June 2006 the Coast Guard's efforts to process security clearances to nonfederal officials has improved considerably. However, continued management attention and guidance about the security clearance process would strengthen the program, and it would reduce the risk that nonfederal officials may have incomplete information as they carry out their law enforcement activities. Mr. Chairman and members of the subcommittee, this completes my prepared statement. I would be happy to respond to any questions that you or other members of the subcommittee may have at this time. GAO Contacts and Staff Acknowledgments: For information about this testimony, please contact Stephen L. Caldwell Acting Director, Homeland Security and Justice Issues, at (202) 512-9610, or at caldwells@gao.gov. Contact points for our Office of Congressional Relations and Public Affairs may be found at the last page of this statement. Individuals making key contributions to this testimony include Susan Quinlan, David Alexander, Neil Asaba, Juliana Bahus, Christine Davis, Kevin Heinz, Lori Kmetz, Emily Pickrell, Albert Schmidt, Amy Sheller, Stan Stenersen, and April Thompson. [End of section] Related GAO Products: Coast Guard: Observations on Agency Performance, Operations, and Future Challenges. GAO-06-448T. Washington, D.C.: June 15, 2006. Maritime Security: Enhancements Made, but Implementation and Sustainability Remain Key Challenges. GAO-05-448T. Washington, D.C.: May 17, 2005. Maritime Security: New Structures Have Improved Information Sharing, but Security Clearance Processing Requires Further Attention. GAO-05- 394. Washington, D.C.: April 15, 2005. Coast Guard: Observations on Agency Priorities in Fiscal Year 2006 Budget Request. GAO-05-364T. Washington, D.C.: March 17, 2005. Coast Guard: Station Readiness Improving, but Resource Challenges and Management Concerns Remain. GAO-05-161. Washington, D.C.: January 31, 2005. Homeland Security: Process for Reporting Lessons Learned from Seaport Exercises Needs Further Attention. GAO-05-170. Washington, D.C.: January 14, 2005. Port Security: Better Planning Needed to Develop and Operate Maritime Worker Identification Card Program. GAO-05-106. Washington, D.C.: December 10, 2004. Maritime Security: Better Planning Needed to Help Ensure an Effective Port Security Assessment Program. GAO-04-1062. Washington, D.C.: September 30, 2004. Maritime Security: Partnering Could Reduce Federal Costs and Facilitate Implementation of Automatic Vessel Identification System. GAO-04-868. Washington, D.C.: July 23, 2004. Maritime Security: Substantial Work Remains to Translate New Planning Requirements into Effective Port Security. GAO-04-838. Washington, D.C.: June 30, 2004. Coast Guard: Key Management and Budget Challenges for Fiscal Year 2005 and Beyond. GAO-04-636T. Washington, D.C.: April 7, 2004. Homeland Security: Summary of Challenges Faced in Targeting Oceangoing Cargo Containers for Inspection. GAO-04-557T. Washington, D.C.: March 31, 2004. Homeland Security: Preliminary Observations on Efforts to Target Security Inspections of Cargo Containers. GAO-04-325T. Washington, D.C.: December 16, 2003. Posthearing Questions Related to Aviation and Port Security. GAO-04- 315R. Washington, D.C.: December 12, 2003. Maritime Security: Progress Made in Implementing Maritime Transportation Security Act, but Concerns Remain. GAO-03-1155T. Washington, D.C.: September 9, 2003. Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened. GAO-03-760. Washington D.C.: August 27, 2003. Container Security: Expansion of Key Customs Programs Will Require Greater Attention to Critical Success Factors. GAO-03-770. Washington, D.C.: July 25, 2003. Homeland Security: Challenges Facing the Department of Homeland Security in Balancing its Border Security and Trade Facilitation Missions. GAO-03-902T. Washington, D.C.: June 16, 2003. Transportation Security: Post-September 11th Initiatives and Long-Term Challenges. GAO-03-616T. Washington, D.C.: April 1, 2003. Port Security: Nation Faces Formidable Challenges in Making New Initiatives Successful. GAO-02-993T. Washington, D.C.: August 5, 2002. Combating Terrorism: Preliminary Observations on Weaknesses in Force Protection for DOD Deployments through Domestic Seaports. GAO-02- 955TNI. Washington, D.C.: July 23, 2002. FOOTNOTES [1] For the purposes of this testimony, "homeland security information sharing" is defined as an exchange of information, including intelligence, critical infrastructure, and law enforcement information, among federal, state, and local governments, and the private sector (industry) to establish timely, effective, and useful communications to detect, prevent, and mitigate potential terrorist attacks. [2] The Maritime Transportation Security Act of 2002 (MTSA), P.L.107- 295, contains many of the homeland security requirements related specifically to port security. The area maritime security committees are authorized by section 102 of MTSA, as codified at 46 U.S. C. � 70112(a)(2) and implemented at 33 C.F.R. Part 103. [3] We use the term "interagency operational centers" to refer to centers where multiple federal (and in some cases, state and local) agencies are involved in monitoring maritime security and planning related operations. Members of these interagency operational centers include the Department of Homeland Security (through the U.S. Coast Guard), the Department of the Navy, and the Department of Justice. [4] The four sector command centers with enhanced surveillance and collaboration capabilities are Miami, Florida; San Diego, California; Charleston, South Carolina; and Hampton Roads, Virginia. The Coast Guard told us that the long-term goal is to provide all sector command centers with enhanced surveillance and collaboration capabilities. [5] P.L. 107-296, � 891 (Nov. 25, 2002). [6] Executive Order 12968, Access to Classified Information, Section 1.1(h). [7] See 46 U.S.C. � 70112(a)(2). Prior to MTSA, some port locations had harbor safety committees that had representatives from federal, state, and local organizations. In addition, port security committees had been organized and still exist at ports where substantial out-load and in- load of military equipment occurs. [8] See 33 C.F.R. � 103.500. [9] Because some ports are located close to one another, some committees cover several ports. For example, the Puget Sound area maritime security committee includes the ports of Seattle, Tacoma, Bremerton, Port Angeles, and Everett. [10] For a more detailed description of the departments and agencies/ components involved in maritime information sharing at the national and port levels, see appendix II of Maritime Security: New Structures Have Improved Information Sharing, but Security Clearance Processing Requires Further Attention. GAO-05-394, (Washington, D.C.: Apr. 15, 2005). [11] The Coast Guard reported to us that some of the data systems included in its maritime monitoring system include data from the Department of Defense, Shipboard Command and Control System; data from Integrated Deepwater Systems; imagery from aircraft; data from Vessel Traffic Service, Ports and Waterways Safety Stems, Joint Harbor Operations Commands, Automated Identification Systems, Inland Rivers Vessel Movement Center, and the Vessel Monitoring System. However, according to the Coast Guard, not all of these data are available to all units; full integration is a future goal of the Coast Guard. [12] The Common Operational Picture is primarily a computer software package that fuses data from different sources, such as radar, sensors on aircraft, and existing information systems. [13] See the Coast Guard and Maritime Transportation Act of 2004, P.L. 108-293, � 807 (August 9, 2004). While the statute uses the term "joint operational centers," we are using the term "interagency operational centers" to denote centers where multiple agencies participate. According to Coast Guard officials, the term "joint" refers to command centers where the Coast Guard and Navy are involved in carrying out the responsibilities of the center. [14] GAO, High-Risk Series: An Update, GAO-05-207 (Washington D.C.: January 2005). [15] GAO, Information Sharing: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information, GAO-06-385 (Washington, D.C.: March 2006). GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: