Homeland Security
Agency Plans, Implementation, and Challenges Regarding the National Strategy for Homeland Security Gao ID: GAO-05-33 January 14, 2005The National Strategy for Homeland Security sets forth a plan to improve homeland security through the cooperation of federal, state, local, and private sector organizations on an array of functions. These functions are organized into the six distinct "critical mission areas" of (1) intelligence and warning, (2) border and transportation security, (3) domestic counterterrorism, (4) protecting critical infrastructures and key assets, (5) defending against catastrophic threats, and (6) emergency preparedness and response. Within each of these mission areas, the strategy identifies "major initiatives" to be addressed. In all, the strategy cites 43 initiatives across the six mission areas. GAO reviewed the strategy's implementation to (1) determine whether its initiatives are being addressed by key departments' strategic planning and implementation activities, whether the initiatives have lead agencies identified for their implementation, and whether the initiatives were being implemented in fiscal year 2004 by such agencies and (2) identify ongoing homeland security challenges that have been reflected in GAO products since September 11, 2001, by both mission area and issues that cut across mission areas.
Key federal departments--Defense (DOD), Energy (DOE), Health and Human Services (HHS), Homeland Security (DHS), Justice (DOJ), and State--have addressed the strategy's 43 initiatives to some extent in their strategic planning and implementation activities. All 43 of the initiatives were included in some of the planning or implementation activities of at least one of these six departments. Most of the initiatives (42 of the 43) also had departments identified as the lead agencies for their implementation, which helps to ensure accountability for implementation. However, many of these 42 initiatives had multiple lead agencies, indicating that interagency coordination of roles and activities will be important, particularly on those initiatives involving domestic counterterrorism and critical infrastructure protection. All of the initiatives were being implemented in fiscal year 2004 by at least one department. While GAO determined that implementation was occurring, it did not assess the status or quality of the various departments' implementation of the initiatives. While departments have incorporated these initiatives into their planning and implementation activity, the United States faces significant challenges in fully implementing the strategy in a coordinated and integrated manner. Some of the most difficult challenges being confronted are those that cut across the various critical mission areas, such as balancing homeland security funding needs with other national requirements, improving risk management methods for resource allocation and investments, developing adequate homeland security performance measures, developing a national enterprise architecture for homeland security, and clarifying the roles and responsibilities among the levels of government and the private sector. GAO has also identified a large diversity of other challenges in each of the six critical mission areas since September 11.
GAO-05-33, Homeland Security: Agency Plans, Implementation, and Challenges Regarding the National Strategy for Homeland Security
This is the accessible text file for GAO report number GAO-05-33
entitled 'Homeland Security: Agency Plans, Implementation, and
Challenges Regarding the National Strategy for Homeland Security' which
was released on February 14, 2005.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Chairman, Subcommittee on National Security, Emerging
Threats, and International Relations, Committee on Government Reform,
House of Representatives:
United States Government Accountability Office:
GAO:
January 2005:
Homeland Security:
Agency Plans, Implementation, and Challenges Regarding the National
Strategy for Homeland Security:
GAO-05-33:
GAO Highlights:
Highlights of GAO-05-33, a report to the Chairman, Subcommittee on
National Security, Emerging Threats, and International Relations,
Committee on Government Reform, House of Representatives:
Why GAO Did This Study:
The National Strategy for Homeland Security sets forth a plan to
improve homeland security through the cooperation of federal, state,
local, and private sector organizations on an array of functions. These
functions are organized into the six distinct ’critical mission areas“
of (1) intelligence and warning, (2) border and transportation
security, (3) domestic counterterrorism, (4) protecting critical
infrastructures and key assets, (5) defending against catastrophic
threats, and (6) emergency preparedness and response. Within each of
these mission areas, the strategy identifies ’major initiatives“ to be
addressed. In all, the strategy cites 43 initiatives across the six
mission areas.
GAO reviewed the strategy‘s implementation to:
* determine whether its initiatives are being addressed by key
departments‘ strategic planning and implementation activities, whether
the initiatives have lead agencies identified for their implementation,
and whether the initiatives were being implemented in fiscal year 2004
by such agencies and
* identify ongoing homeland security challenges that have been
reflected in GAO products since September 11, 2001, by both mission
area and issues that cut across mission areas.
What GAO Found:
Key federal departments”Defense (DOD), Energy (DOE), Health and Human
Services (HHS), Homeland Security (DHS), Justice (DOJ), and State”have
addressed the strategy‘s 43 initiatives to some extent in their
strategic planning and implementation activities. All 43 of the
initiatives were included in some of the planning or implementation
activities of at least one of these six departments. Most of the
initiatives (42 of the 43) also had departments identified as the lead
agencies for their implementation, which helps to ensure accountability
for implementation. However, many of these 42 initiatives had multiple
lead agencies, indicating that interagency coordination of roles and
activities will be important, particularly on those initiatives
involving domestic counterterrorism and critical infrastructure
protection. All of the initiatives were being implemented in fiscal
year 2004 by at least one department. While GAO determined that
implementation was occurring, it did not assess the status or quality
of the various departments‘ implementation of the initiatives.
While departments have incorporated these initiatives into their
planning and implementation activity, the United States faces
significant challenges in fully implementing the strategy in a
coordinated and integrated manner. Some of the most difficult
challenges being confronted are those that cut across the various
critical mission areas, such as balancing homeland security funding
needs with other national requirements, improving risk management
methods for resource allocation and investments, developing adequate
homeland security performance measures, developing a national
enterprise architecture for homeland security, and clarifying the roles
and responsibilities among the levels of government and the private
sector. GAO has also identified a large diversity of other challenges
in each of the six critical mission areas since September 11.
Proposed Fiscal Year 2005 Homeland Security Funding by Agency (budget
authority in millions of dollars):
[See PDF for image]
[End of figure]
www.gao.gov/cgi-bin/getrpt?GAO-05-33.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Norman J. Rabkin (202)
512-3610 or rabkinn@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
Scope and Methodology:
Agency Plans, Implementation, and Challenges:
Concluding Observations:
Agency Comments and Our Evaluation:
Appendix I: Objectives, Scope, and Methodology:
Appendix II: Intelligence and Warning:
Definition and Major Initiatives:
Agencies with Major Roles in Intelligence and Warning:
Alignment of Department Activities with the Major Initiatives:
Challenges in Intelligence and Warning:
Appendix III: Border and Transportation Security:
Definition and Major Initiatives:
Agencies with Major Roles in Border and Transportation Security:
Alignment of Department Activities with the Major Initiatives:
Challenges in Border and Transportation Security:
Border Security:
Transportation Security:
Appendix IV: Domestic Counterterrorism:
Definition and Major Initiatives:
Agencies with Major Roles in Domestic Counterterrorism:
Alignment of Department Activities with the Major Initiatives:
Challenges in Domestic Counterterrorism:
Appendix V: Protecting Critical Infrastructures and Key Assets:
Definition and Major Initiatives:
Agencies with Major Roles in Critical Infrastructure Protection:
Alignment of Department Activities with the Major Initiatives:
Challenges in Critical Infrastructure Protection:
Appendix VI: Defending Against Catastrophic Threats:
Definition and Major Initiatives:
Agencies with Major Roles in Defending against Catastrophic Threats:
Alignment of Department Activities with the Major Initiatives:
Challenges in Defending Against Catastrophic Threats:
Appendix VII: Emergency Preparedness and Response:
Definition and Major Initiatives:
Agencies with Major Roles in Emergency Preparedness and Response:
Alignment of Department Activities with the Major Initiatives:
Challenges in Emergency Preparedness and Response:
Appendix VIII: Crosscutting Issues:
Crosscutting Challenges:
Appendix IX: Department Summary Across Critical Mission Areas:
Appendix X: Homeland Security Presidential Directives:
Appendix XI: Comments from the Department of Defense:
GAO Comment:
Appendix XII: Comments From the Department of Health and Human
Services:
GAO Comment:
Appendix XIII: Comments From the Department of Homeland Security:
GAO Comment:
Appendix XIV: Comments From the Department of Justice:
GAO Comments:
Appendix XV: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
Staff Acknowledgments:
Related GAO Products:
Tables:
Table 1: Department Leadership, Planning, or Implementation Activity in
the Intelligence and Warning Mission Area's Five Initiatives:
Table 2: Department Leadership, Planning, or Implementation Activity in
the Border and Transportation Security Mission Area's Six Initiatives:
Table 3: Department Leadership, Planning, or Implementation Activity in
the Domestic Counterterrorism Mission Area's Six Initiatives:
Table 4: Department Leadership, Planning, or Implementation Activity in
the Critical Infrastructure Protection Mission Area's Eight
Initiatives:
Table 5. Department Leadership, Planning, or Implementation Activity in
the Defending Against Catastrophic Threats Mission Area's Six
Initiatives:
Table 6: Department Leadership, Planning, or Implementation Activity in
the Emergency Preparedness and Response Mission Area's Twelve
Initiatives:
Table 7: Detailed Department Leadership and Planning/Implementation
Activities in the Intelligence and Warning Mission Area's Five
Initiatives:
Table 8: Detailed Department Leadership and Planning/Implementation
Activities in the Border and Transportation Mission Area's Six
Initiatives:
Table 9: Detailed Department Leadership and Planning/Implementation
Activities in the Domestic Counterterrorism Mission Area's Six
Initiatives:
Table 10: Detailed Department Planning/Implementation Activities in the
Protecting Critical Infrastructures and Key Assets Critical Mission
Area's Eight Initiatives:
Table 11: Detailed Department Planning/Implementation Activities in the
Defending Against Catastrophic Threats Mission Area's Six Initiatives:
Table 12: Detailed Department Planning/Implementation Activities in the
Emergency Preparedness and Response Mission Area's Twelve Initiatives:
Table 13: Summary of Department Leads, Planning, and Implementation
across the Six Critical Mission Areas of the National Strategy for
Homeland Security:
Figures:
Figure 1: Proposed Fiscal Year 2005 Homeland Security Funding by
Critical Mission Area:
Figure 2: Proposed Fiscal Year 2005 Homeland Security Funding by
Department:
Figure 3: The Five Threat Levels of the Homeland Security Advisory
System:
Figure 4: Proposed Fiscal Year 2005 Homeland Security Funding for
Intelligence and Warning:
Figure 5: U.S. Customs and Border Patrol Marine Officers on the Waters
of the Rio Grande, along the United States and Mexico Border:
Figure 6: Proposed Fiscal Year 2005 Homeland Security Funding for
Border & Transportation Security:
Figure 7: An FBI Evidence Response Team in Action at the Scene of a
Terrorism-Related Exercise:
Figure 8: Proposed Fiscal Year 2005 Homeland Security Funding for
Domestic Counterterrorism:
Figure 9: A U.S. Immigration and Customs Enforcement Helicopter Patrols
the Skies over the Nation's Capital:
Figure 10: Proposed Fiscal Year 2005 Homeland Security Funding for
Critical Infrastructure Protection:
Figure 11: First Responders Practice Emergency Decontamination:
Figure 12: Proposed Fiscal Year 2005 Homeland Security Funding for
Defending Against Catastrophic Threats:
Figure 13: Hazardous Materials Response Unit in Action at an Exercise:
Figure 14: Proposed Fiscal Year 2005 Homeland Security Funding for
Emergency Preparedness:
Abbreviations:
APHIS: Animal and Plant Health Inspection Service:
ATSA: Aviation and Transportation Security Act:
CAPPS: Computer-Assisted Passenger Prescreening Program:
CBP: Customs and Border Patrol:
CBRN: chemical, biological, radiological, or nuclear:
CIA: Central Intelligence Agency:
CIP: Critical Infrastructure Protection:
CSI: container security initiative:
C-TPAT: Customs-Trade Partnership against Terrorism:
CWC: Chemical Weapons Convention:
DBT: design basis threat:
DHS: Department of Homeland Security:
DIA: Defense Intelligence Agency:
DOD: Department of Defense:
DOE: Department of Energy:
DOJ: Department of Justice:
EPA: Environmental Protection Agency:
FBI: Federal Bureau of Investigation:
FPS: Federal Protective Service:
GAO: Government Accountability Office:
GPRA: Government Performance and Results Act:
GSA: General Services Administration:
HHS: Department of Health and Human Services:
HSAS: Homeland Security Advisory System:
HSC: Homeland Security Council:
HSPD: Homeland Security Presidential Directive:
IAIP: Information Analysis and Infrastructure Protection:
ICE: Immigration and Customs Enforcement:
IT: information technology:
MANPADS: Man-Portable Air Defense System:
MTSA: Maritime Transportation Security Act:
NIH: National Institutes of Health:
NCR: National Capital Region:
NMLS: National Money Laundering Strategy:
NNSA: National Nuclear Security Administration:
NRC: Nuclear Regulatory Commission:
NSPD: National Security Presidential Directive:
ODP: Office of Domestic Preparedness:
OJP: Office of Justice Programs:
OMB: Office of Management and Budget:
PDD: Presidential Decision Directive:
PSV: post-shipment verification:
UAV: unmanned aerial vehicle:
USDA: United States Department of Agriculture:
USPS: United States Postal Service:
US-VISIT: United States Visitor and Immigrant Status Indicator:
VA: Veterans Administration:
WMD: weapons of mass destruction:
SSN: Social Security Number:
TSA: Transportation Security Act:
TTIC: Terrorist Threat Integration Center:
United States Government Accountability Office:
Washington, DC 20548:
January 14, 2005:
The Honorable Christopher Shays:
Chairman, Subcommittee on National Security, Emerging Threats, and
International Relations:
Committee on Government Reform:
House of Representatives:
Dear Mr. Chairman:
In an effort to increase homeland security following the September 11,
2001, terrorist attacks on the United States, President Bush issued the
National Strategy for Homeland Security in July 2002 and signed
legislation creating the Department of Homeland Security (DHS) in
November 2002.[Footnote 1] The strategy sets forth overall objectives
to prevent terrorist attacks within the United States, reduce America's
vulnerability to terrorism, and minimize the damage and assist in the
recovery from attacks that may occur. To accomplish these overall
objectives, the strategy describes six critical mission areas and 43
initiatives. Since the strategy was issued, the President has also
issued additional documents--known as Homeland Security Presidential
Directives (or HSPDs)--that provide more detailed guidance on the
mission areas and initiatives. The creation of DHS, which began
operations in March 2003, represents a fusion of 22 federal agencies to
coordinate and centralize the leadership of many homeland security
activities under a single department. In addition to DHS, the
Departments of Defense (DOD), Energy (DOE), Health and Human Services
(HHS), Justice (DOJ), and State play an important role in implementing
the strategy. These six key departments represent 94 percent of
proposed federal spending for homeland security in fiscal year 2005.
With the strategy now more than 2 years old, and DHS more than a year
old, you asked that we review the implementation of the strategy and
organize our work by critical mission area. In response, we have:
* determined whether the initiatives in the strategy were being
addressed by the key department's strategic planning and related
activities; whether the initiatives had "lead" agencies identified for
their implementation, and whether multiple departments were
implementing the initiatives in fiscal year 2004; and:
* identified homeland security challenges as reflected in our products
since September 11, 2001, by both mission area and issues that cut
across mission areas.
This report establishes one framework from which to assess federal
department implementation of the National Strategy for Homeland
Security. Since agency homeland security activities are ongoing, this
report is intended to identify a baseline from which to assess progress
toward meeting homeland security objectives. In this report, we first
provide the proposed fiscal year 2005 homeland security-related budget
by mission area and department. Then, we discuss the homeland security
planning and implementation activities of the six departments under
review, as well as remaining homeland security challenges, by mission
area. The appendixes that follow provide more detailed assessments of
each of these sections and are also arranged by mission area. (See app.
I for more information on the scope and methodology.) Further, this
report should be considered in the context of several companion efforts
to provide baseline information. In February 2004, we testified on the
desired characteristics of national strategies and whether various
strategies--including the National Strategy for Homeland Security--
contained those desired characteristics.[Footnote 2] In March, we
summarized strategic homeland security recommendations made by
congressionally chartered commissions and us.[Footnote 3] We organized
this analysis by critical mission area, as defined in the strategy. In
July, we reported on our recommendations to DHS and the department's
progress in implementing such recommendations.[Footnote 4] We organized
this analysis by DHS directorate or division. In September, we compared
9/11 Commission recommendations with those of the National Strategy for
Homeland Security and the National Strategy to Combat Terrorism. We
also provided a preliminary analysis of department planning and
implementation activities with respect to the six mission
areas.[Footnote 5] Together, these baseline efforts are intended to aid
congressional oversight of federal homeland security activities.
Results in Brief:
Key federal departments have addressed the strategy's initiatives in
their strategic planning and implementation activities. All 43
initiatives indicated in the strategy were included in the activities
of at least one of the six departments we reviewed. For most of the
initiatives (42 of 43), the strategy or HSPDs identified lead agencies,
thereby helping to ensure accountability for implementation. All 43
initiatives were being implemented in fiscal year 2004 by at least one
department. Thirty-three of the 43 initiatives (77 percent) were being
planned or implemented by 3 or more departments. While we determined
that implementation was occurring, we did not assess the status or
quality of the various departments' implementation of the initiatives.
While departments have incorporated these initiatives into their
planning and implementation activity, the United States still faces
significant challenges in implementing the strategy in a well
coordinated and integrated manner. A review of our products since
September 11, 2001, shows that some of the most difficult challenges
being confronted are those that cut across the various critical mission
areas. These challenges include:
* balancing homeland security needs with other national requirements,
* improving risk management methods for resource allocation and
investments,
* developing adequate homeland security performance measures,
* clarifying the roles and responsibilities among the levels of
government and the private sector, and:
* developing a national blueprint--called an enterprise architecture--
to help integrate different organization's efforts to improve homeland
security.
In addition to these and other crosscutting challenges, we have
identified a large diversity of challenges related specifically to each
of the six mission areas described in the strategy and provide details
on them in the remainder of the report.
We provided a draft of this report to DHS, DOD, DOE, DOJ, HHS, State,
and the Homeland Security Council for comment. All except State and the
Homeland Security Council provided comments, which generally consisted
of technical comments that we incorporated as appropriate. None of the
departments disagreed with the substance of the report.
Background:
The National Strategy for Homeland Security sets out a plan to improve
homeland security through the cooperation and partnering of federal,
state, local, and private sector organizations on an array of
functions.[Footnote 6] The strategy organizes these functions into six
critical mission areas:[Footnote 7]
* Intelligence and Warning involves the identification, collection,
analysis, and distribution of intelligence information appropriate for
preempting or preventing a terrorist attack.
* Border and Transportation Security emphasizes the efficient and
reliable flow of people, goods, and material across borders while
deterring terrorist activity.
* Domestic Counterterrorism focuses on law enforcement efforts to
identify, halt, prevent, and prosecute terrorists in the United States.
* Protecting Critical Infrastructure and Key Assets stresses securing
the nation's interconnecting sectors and important facilities, sites,
and structures.
* Defending Against Catastrophic Threats emphasizes the detection,
deterrence, and mitigation of terrorist use of weapons of mass
destruction.
* Emergency Preparedness and Response highlights damage minimization
and recovery from terrorist attacks.
Since the strategy was issued in July 2002, the President has also
issued 12 HSPDs that provide additional guidance related to these
mission areas. For example, HSPD-4 focuses on defending against
catastrophic threats and HSPD-7 focuses on protecting critical
infrastructure. These HSPDs provided some of the details that were not
in the strategy, particularly with respect to agency roles and
milestones. See appendix X for a complete list and description of these
HSPDs.
The strategy also identifies the major initiatives to be addressed
within each of these six mission areas. For example, within the
Intelligence and Warning mission area, 5 initiatives are indicated: (1)
enhancing the analytic capabilities of the FBI; (2) building new
capabilities through the Information Analysis and Infrastructure
Protection Directorate of DHS; (3) implementing the Homeland Security
Advisory System; (4) utilizing dual-use analysis to prevent attacks;
and (5) employing "red team" techniques.[Footnote 8] Within the Border
and Transportation Security mission area, 6 initiatives are cited: (1)
ensuring accountability in border and transportation security, (2)
creating "smart borders", (3) increasing the security of international
shipping containers, (4) implementing the Aviation and Transportation
Security Act of 2001, (5) recapitalizing the U.S. Coast Guard, and (6)
reforming immigration services. In all, the strategy cites 43
initiatives across the six mission areas. See appendix IX for a
complete list of all the initiatives by mission area.
The latest available funding data from the Office of Management and
Budget (OMB) for the six mission areas is illustrated in figure 1.
Figure 1: Proposed Fiscal Year 2005 Homeland Security Funding by
Critical Mission Area:
[See PDF for image]
Note: Budget authority in millions of dollars.
[End of figure]
The National Strategy for Homeland Security specifies a number of
federal departments, as well as nonfederal organizations, that have
important roles in implementing the mission areas and related
initiatives. In terms of federal departments, DHS is intended to have a
prominent role in implementing all of the mission areas. Other key
federal departments specified in the strategy include, in alphabetical
order, the Department of Defense, the Department of Energy, the
Department of Health and Human Services, the Department of Justice, and
the Department of State (State). These departments have their own
strategic plans, which indicate how they will implement their homeland
security programs (as well as other programs unrelated to homeland
security). Together, DHS and these other five departments constitute
94 percent of the proposed $47.4 billion budget for homeland security-
related activities in fiscal year 2005. OMB did not report funding for
the Central Intelligence Agency (CIA) although it has activities
related to the Intelligence and Warning mission area. As explained
further in appendix II, we did not include the CIA in our analysis
because of the lack of funding data and because the strategy provides
little discussion of the agency. Figure 2 shows the proposed fiscal
year 2005 funding for these departments as well as the proposed
homeland security funding for all other agencies.
Figure 2: Proposed Fiscal Year 2005 Homeland Security Funding by
Department:
[See PDF for image]
Notes: Budget authority in millions of dollars.
[End of figure]
Other agencies includes the Departments of Agriculture ($651 million),
Veterans Affairs ($297 million), Transportation ($243 million),
Commerce ($150 million), and Treasury ($87 million), as well as the
National Science Foundation ($344 million), National Aeronautics and
Space Administration ($207 million), Social Security Administration
($155 million), Environmental Protection Agency ($97 million), U.S.
Army Corps of Engineers ($84 million), General Services Administration
($80 million), and several smaller agencies. Additionally, OMB reported
the Intelligence Community figure in aggregate; it did not break it out
by individual departments (e.g., Central Intelligence Agency).
The National Strategy for Homeland Security and the related HSPDs
typically identify a specific federal department as being a "lead"
agency for specific initiatives. However, the language varies in
precision. In some cases, the documents use clear language to identify
which department will lead efforts across the government. In other
cases, the lead is more implied than stated. Sometimes, more than one
department is identified as a lead agency--which can occur because some
of the initiatives in the strategy are large in scope, and different
departments lead different parts of the initiatives. The identification
of lead agency is important in order to specify which agencies are
accountable for the implementation of the initiatives, particularly if
implementation requires the efforts of several different agencies
exercising different statutory authorities. By clearly identifying the
lead agency, the strategies and the HSPDs enable the federal, state,
local, and private stakeholders to determine who is responsible and
accountable for the implementation, and thus more effectively direct
their inquiries and integrate their own actions, particularly where
multiagency coordination is required. See appendix IX for a complete
list of the initiatives and the departments identified as lead
agencies.
Congress, because of concerns about terrorism in recent years,
chartered four commissions to examine terrorist threats and the
government's response to such threats, as well as to make
recommendations to federal, state, local, and private organizations.
These national commissions included the following:
* The Bremer Commission: the National Commission on Terrorism, chaired
by Ambassador Paul Bremer, which issued its report in June 2000.
* The Gilmore Commission: the Advisory Panel to Assess Domestic
Response Capabilities for Terrorism Involving Weapons of Mass
Destruction, chaired by Governor James S. Gilmore, III, which issued
its final report in December 2003.
* The Hart-Rudman Commission: the U.S. Commission on National Security/
21st Century, chaired by Senators Gary Hart and Warren B. Rudman, which
issued its final report in February 2001.
* The 9/11 Commission: the National Commission on Terrorist Attacks
upon the United States, chaired by Governor Thomas H. Kean, which
issued its final report in July 2004.
Scope and Methodology:
To determine whether the key federal departments addressed strategy
initiatives in their planning and implementation activity, we
identified the 43 major initiatives and the six key federal departments
for review. We evaluated each department's high-level strategic
planning documents related to homeland security to determine if they
had planning or implementation activities related to each initiative.
To satisfy the planning and implementation criteria, we generally
required departments to provide documentary support for one such
activity, per initiative. Where classified or undocumented activities
were involved, we worked with department officials to verify the
activity. We provided the results of our analyses to planning officials
from the various departments for their verification. Additionally, we
reviewed the language in the strategy and HSPDs to determine which
departments had been identified as lead agencies in implementing the
initiatives. In some cases, the leadership language was clear; in other
cases, it was less precise or implied. We were then able to determine
whether departments demonstrated planning or implementation activities
in both lead and nonlead initiatives. Our analysis is necessarily a
snapshot of activity as of particular points in time. The agencies
reviewed provided us with information as to their planning and
implementation as of various dates, including fiscal year 2004. We
recognize that the agencies continue to plan and implement their
strategies and programs and have and may continue to progress beyond
the status portrayed in this analysis. Finally, our work did not assess
the status or quality of the work being planned or implemented.
To determine homeland security challenges facing the nation, we
reviewed our reports issued since September 11. This included over 250
products cutting across the gamut of homeland security activities. We
summarized and categorized the challenges by critical mission area and
subtopic where appropriate (e.g., the Border and Transportation
Security mission area was subdivided into border security and
transportation security). While our summary is limited to challenges we
identified, we have noted in the text where the congressionally
chartered commissions have raised similar issues. We recognize that
these commissions, Congress, the executive branch, and other
organizations have identified additional challenges in each of the
mission areas.
We conducted our work between February and November 2004 in accordance
with generally accepted government auditing standards. For more details
on our objectives, scope, and methodology, see appendix I.
Agency Plans, Implementation, and Challenges:
The following sections provide summaries of each mission area, as well
as issues that cut across all six mission areas. These summaries
include an analysis of federal departments' strategic planning and
implementation activities and the challenges faced by these departments
and the nation as a whole.
Intelligence and Warning:
The strategy identifies five initiatives under the Intelligence and
Warning mission area. All of the initiatives are covered by at least
two departments planning or implementation activities (see table 1).
Examples include DOJ and DOE activities to enhance the analytic
capabilities of the Federal Bureau of Investigation (FBI); DHS, State,
and DOE activities to utilize dual-use analysis to prevent attacks; and
DHS, DOD, and DOE activities to employ red-team techniques.
Four of the five initiatives have a department identified as a lead
agency. Neither the strategy nor the HSPDs identified a lead agency on
the fifth initiative, which relates to the employment of red-team
techniques. According to DHS strategic planning officials, it is
important that a number of agencies conduct red-team techniques to test
their own specific programs, so no agency would necessarily have the
overall lead. See appendix II for a more detailed discussion on the
implications of not having an overall lead agency identified for red-
team techniques. For this mission area, the lead agency specifications
are clear (rather than implied), and there are no multiple leads on any
of the initiatives.
All five initiatives were being implemented in fiscal year 2004 as
reported by two or more departments (see table 7). DHS and DOJ cited
2004 implementation activity for each of the initiatives for which they
were identified as lead agencies.
Table 1: Department Leadership, Planning, or Implementation Activity in
the Intelligence and Warning Mission Area's Five Initiatives:
[See PDF for image]
[End of table]
Refer to appendix II for more specific details regarding department
planning and implementation activities, including a discussion of
fiscal year 2004 implementation. As explained further in appendix II,
we did not include CIA in our analysis because of the lack of funding
data and because the strategy provides little discussion of the agency.
Our work in the Intelligence and Warning mission area since 2001 has
highlighted a number of challenges that need to be addressed. Many of
these challenges are directly related to initiatives in this mission
area. These challenges include:
* improving analysis capabilities at the FBI through better strategic
information management,
* developing productive information-sharing relationships among the
federal government and state and local governments and the private
sector,
* overcoming the limitations in the sharing of classified national
security information across sectors,
* ensuring that the private sector receives better information on
potential threats,
* consolidating watch lists to promote better information and sharing,
and:
* maintaining a viable and relevant homeland security advisory system.
These challenges are discussed in greater detail in appendix II. Many
of these challenges were also discussed by one or more of the Bremer,
Gilmore, Hart-Rudman, and 9/11 Commissions.
Border and Transportation Security:
There are six initiatives under the Border and Transportation Security
mission area. All of the initiatives are covered by at least two
departments' planning or implementation activities (see table 2).
Examples include DHS, DOD, HHS, State, and DOE activities to ensure
accountability in border and transportation security; DHS, DOD, State,
and DOE activities to increase the security of international shipping
containers; and DHS, DOJ, and State activities to reform immigration
services.
All six initiatives have a department identified as a lead agency. One
initiative (i.e., creating smart borders) has multiple lead agencies
identified in the strategy and HSPDs. DHS is a lead on the most
initiatives: a clear lead on two initiatives and an implied lead on
four other initiatives.
All six initiatives were being implemented in fiscal year 2004 as
reported by one or more departments (see table 8). DHS and State cited
2004 implementation activity in each of the initiatives for which they
were identified as leads. DOJ had been identified as a lead agency with
respect to creating smart borders and reforming immigration services,
but with the transfer of the Immigration and Naturalization Service to
DHS, DOJ officials indicated that the department was no longer serving
as a lead on that initiative.
Table 2: Department Leadership, Planning, or Implementation Activity in
the Border and Transportation Security Mission Area's Six Initiatives:
[See PDF for image]
[End of table]
Refer to appendix III for more specific details regarding department
planning and implementation activities, including a discussion of
fiscal year 2004 implementation.
Border and Transportation Security is another mission area where our
work has indicated there are challenges to be addressed. Again, many of
these challenges are directly related to initiatives in this mission
area. These challenges include:
* striking an acceptable balance between security and the flow of
commercial activity, travel, and tourism;
* processing people at our nation's land ports of entry and determining
the proper role of biometric technologies for security applications;
* deploying the best available technologies for detecting radioactive
and nuclear materials at U.S. ports of entry;
* developing a clear and comprehensive policy on the use of visas as an
antiterrorism tool and improving the management and oversight of
programs to track visitors;
* implementing an effective system to prescreen passengers prior to
their arrival at the airport, as well as achieving and sustaining
improvements in airline passenger and baggage screening; and:
* strengthening perimeter security at airports and countering the
threat of hand-held missiles to commercial aviation.
These and other challenges are discussed in greater detail in appendix
III. Many of these challenges were also discussed by one or more of the
Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions.
Domestic Counterterrorism:
The Domestic Counterterrorism mission area has six initiatives. All of
the initiatives are covered by at least one department's planning or
implementation activities (see table 3). Examples include DHS, DOJ,
DOD, HHS, and DOE activities to improve intergovernmental law
enforcement coordination; DHS, DOJ, DOD, and State activities to
facilitate apprehension of potential terrorists; and DHS, DOJ, and
State activities to target and attack terrorist financing.
Each of the six initiatives has a department that is identified as a
lead agency. All indicated leads from the strategy and HSPDs are clear
leads. For three of the six initiatives, multiple departments have been
identified as leads.
All 6 initiatives were being implemented in fiscal year 2004 as
reported by one or more departments (see table 9). DOJ cited 2004
implementation activity on each of the six initiatives for which it was
identified as a lead. DHS and State also cited implementation activity
on all initiatives for which they were identified as lead agencies.
Table 3: Department Leadership, Planning, or Implementation Activity in
the Domestic Counterterrorism Mission Area's Six Initiatives:
[See PDF for image]
[End of table]
Refer to appendix IV for more specific details regarding department
planning and implementation activities, including a discussion of
fiscal year 2004 implementation.
Domestic Counterterrorism is another mission area where our recent work
has highlighted continuing challenges. These challenges threaten to
undermine law enforcement agencies' ability to aggressively detect,
deter, prevent, eradicate, and adjudicate terrorist activity. These
challenges include:
* transforming the FBI from an investigative organization into a
proactive entity focused on detecting and preventing terrorist
activity,
* modifying the FBI's related workforce and business practices to focus
on counterterrorism and intelligence-related priorities,
* improving interagency coordination to leverage existing law
enforcement resources to investigate money laundering and terrorist
financing,
* monitoring the use of alternate financing mechanisms by terrorists,
* identifying and apprehending terrorists already present in the United
States, and:
* recognizing counterfeit documentation and the use of identity fraud
at U.S. borders and other security checkpoints.
These challenges are discussed in greater detail in appendix IV. Many
of these challenges were also discussed by one or more of the Bremer,
Gilmore, Hart-Rudman, and 9/11 Commissions.
Protecting Critical Infrastructures and Key Assets:
The strategy identifies eight initiatives under the Protecting Critical
Infrastructures and Key Assets--commonly referred to as Critical
Infrastructure Protection (CIP)--mission area. All of the initiatives
are covered by at least four departments' planning or implementation
activities (see table 4). Examples include DHS, DOJ, DOD, HHS, and DOE
activities to unify America's infrastructure protection effort in DHS;
DHS, DOD, HHS, and DOE activities to develop a national infrastructure
protection plan and, all six departments' activities to secure
cyberspace.
Each of the eight initiatives has a department identified as a lead
agency. In the case of five of the eight initiatives, the leads are
clear; only in the case of three initiatives (i.e., enabling effective
partnership with state and local governments and the private sector,
securing cyberspace, and partnering with the international community to
protect our transnational infrastructure) are there implied leads. For
three of the eight initiatives, multiple lead agencies have been
identified. For example, DOD, HHS, and DOE are all sector leads on the
same initiative--building and maintaining a complete and accurate
assessment of America's critical infrastructure and key assets. These
departments have the sector leads as follows, DOD for defense
industrial base, HHS for public health, and DOE for the energy sector.
All eight initiatives were being implemented in fiscal year 2004 as
reported by two or more departments (see table 10). DHS, DOD, HHS,
State, and DOE cited implementation activity on all initiatives for
which they were identified as lead agencies.
Table 4: Department Leadership, Planning, or Implementation Activity in
the Critical Infrastructure Protection Mission Area's Eight
Initiatives:
[See PDF for image]
[End of table]
Refer to appendix V for more specific details regarding department
planning and implementation activities, including a discussion of
fiscal year 2004 implementation.
Our work related to CIP has identified several challenges. Overcoming
the challenges presented in this mission area is made even more
difficult because increasing the security of one type of target, such
as aircraft or federal buildings, increases the possibility that
terrorists may choose another type of target, such as trains or ports.
The challenges include:
* refining the federal government's role in managing CIP;
* developing a comprehensive and coordinated national CIP plan that
delineates the roles, defines interims objectives and milestones, sets
time frames, and establishes performance measures;
* developing productive information-sharing relationships within the
federal government and among federal, state, and local governments and
the private sector;
* improving the federal government's capabilities to analyze incident,
threat, and vulnerability information related to critical
infrastructures and key assets;
* improving the security of government facilities through a variety of
methods, including better training and procedures to detect counterfeit
documents and identity fraud; and:
* analyzing the strengths, interdependencies, and vulnerabilities of
several specific industries, including the financial services sector,
the shipping and postal system, drinking water, agriculture, the
chemical industry, nuclear power plants, and nuclear weapons sites.
These challenges are discussed in greater detail in appendix V. Many of
these challenges were also discussed by one or more of the Bremer,
Gilmore, Hart-Rudman, and 9/11 Commissions.
Defending Against Catastrophic Threats:
There are six initiatives under the Defending against Catastrophic
Threats mission area. All of the initiatives are covered by at least
two departments' planning or implementation activities (see table 5).
Examples include DHS, DOD, State, and DOE activities to prevent
terrorist use of nuclear weapons through better sensors and procedures;
DHS, DOD, HHS, and DOE activities to detect chemical and biological
materials and attacks; and DHS, DOD, HHS, State, and DOE activities to
harness the scientific knowledge and tools to counter terrorism.
Each of the six initiatives has a department identified as a lead
agency. On half the initiatives, multiple departments have been
identified as leads. In the case of three initiatives, the leads are
clear; in the case of the remaining three initiatives, several leads
are implied.
All six initiatives were being implemented in fiscal year 2004 as
reported by one or more departments (see Table 11). DHS cited
implementation activity in five of the six initiatives for which it was
identified as a lead. It is not yet implementing the Select Agent
Program. DOD, HHS, State, and DOE cited implementation activity on all
the initiatives for which they were identified as the lead agency.
Table 5: Department Leadership, Planning, or Implementation
Activity in the Defending Against Catastrophic Threats Mission Area's
Six Initiatives:
[See PDF for image]
[End of table]
Refer to appendix VI for more specific details regarding department
planning and implementation activities, including a discussion of
fiscal year 2004 implementation.
The challenges the nation faces in defending itself against
catastrophic threats--such as the terrorist use of chemical,
biological, radiological, or nuclear (CBRN) weapons--are quite broad
and could have devastating consequences if not effectively addressed.
Our recent work in this mission area has highlighted challenges that
include:
* strengthening efforts to keep weapons of mass destruction (WMD) and
dual-use items (items having both commercial and military applications)
out of the hands of terrorists,
* controlling the sale of excess items that can be used to produce and
deliver biological agents, and:
* designating lead agencies for setting priorities for information
systems related to terrorism.
These challenges are discussed in greater detail in appendix VI. Many
of these challenges were also discussed by one or more of the Bremer,
Gilmore, Hart-Rudman, and 9/11 Commissions.
Emergency Preparedness and Response:
For the Emergency Preparedness and Response mission area, the strategy
identifies 12 initiatives. All of the initiatives are covered by at
least two departments' planning or implementation activities (see table
6). Examples include DHS, DOD, HHS, and DOE activities to create a
national incident management system; DHS and HHS activities to enable
seamless communications among all responders; and, DHS, DOD, HHS, and
DOE activities to augment America's pharmaceutical and vaccine
stockpiles.
Each of the 12 initiatives has a department identified as a lead
agency. For 3 of the 12 initiatives, multiple lead agencies have been
identified. All leads, with three exceptions, are clear leads.
All 12 initiatives were being implemented in fiscal year 2004 by two or
more departments (see table 12). DHS, DOD and HHS cited implementation
activity in 2004 for all initiatives for which they were identified as
lead agencies.
Table 6: Department Leadership, Planning, or Implementation Activity in
the Emergency Preparedness and Response Mission Area's Twelve
Initiatives:
[See PDF for image]
[End of table]
Refer to appendix VII for more specific details regarding department
planning and implementation activities, including a discussion of
fiscal year 2004 implementation.
Our recent work has shown that there are many challenges in the
Emergency Preparedness and Response mission area regarding efforts to
effectively minimize the damage and successfully recover from terrorist
attacks. We identified the following challenges:
* adopting an "all hazards" approach to emergency preparedness and
response;
* providing better governmental planning and coordination with regard
to first responder issues;
* preparing first responders for incidents involving catastrophic
terrorism;
* restructuring the federal grant system for first responders;
* strengthening public health in a variety of areas, including better
information sharing, preparations for catastrophic terrorism such as
bioterrorism, and more hospital equipment;
* improving regional response planning involving multiple
municipalities, states, and countries;
* establishing and implementing preparedness standards and measures;
* ensuring adequate communications among first responders and with the
public; and:
* defining the roles and responsibilities of DOD in defending the
homeland and providing military support to civil authorities.
These challenges are discussed in greater detail in appendix VII. Many
of these challenges were also discussed by one or more of the Bremer,
Gilmore, Hart-Rudman, and 9/11 Commissions.
Crosscutting Issues:
Our recent work has also identified homeland security challenges that
cut across the various mission areas. While it is important that the
major mission challenges be individually addressed, it is equally
important that these challenges be addressed from a comprehensive
national homeland security perspective (i.e., some mission areas
overlap, some challenges are common across mission areas, some
corrective actions have ramifications, and there are both positive and
negative challenges across mission area boundaries). Coordinated
actions may substantially enhance multiple mission performance. The
National Strategy for Homeland Security and the corresponding strategic
plans of the agencies accountable for achieving the national strategy's
objectives must address and resolve the sometimes competing issues
among homeland security mission areas and between homeland security and
other important national priorities and objectives. These crosscutting
issues are often the most difficult to address. Some of these
challenges that we have identified are governmentwide in nature--they
cut across the federal, state, and local governments, and sometimes
private sectors. Such governmentwide challenges that we have identified
include:
* balancing homeland security needs with other national requirements by
formulating realistic budget and resource plans that support the
implementation of an efficient and effective homeland security program;
* providing timely and transparent homeland security funding
information that sets forth detailed information concerning the
obligation of the funding provided;
* improving risk management methods for resource allocation and
investments by developing a commonly accepted framework and supporting
tools to guide agency analysts in providing information to management;
* establishing baseline performance goals and measures upon which to
assess and improve prevention efforts, evaluate vulnerability
reduction, and gauge responsiveness to damage and recovery needs at all
levels of government;
* clarifying the roles and responsibilities within and between the
levels of government and the private sector through the development and
implementation of an overarching framework and criteria to guide the
process;
* developing a national blueprint--called an enterprise architecture--
to help integrate different organizations' efforts to improve homeland
security; and:
* improving governmentwide information technology management through
the consistent application of effective strategic planning and
performance measurement practices.
These challenges are discussed in greater detail in appendix VIII. Many
of these challenges were also discussed by one or more of the Bremer,
Gilmore, Hart-Rudman, and 9/11 Commissions.
In addition to the challenges discussed earlier, DHS--as the department
most responsible for Homeland Security--faces a number of challenges.
Because of this, in January 2003, we designated the overall
implementation and transformation of DHS as high-risk.[Footnote 9] We
gave it this designation for three reasons. First, the size and
complexity of the effort make the challenge especially daunting,
requiring sustained attention and time to achieve the department's
mission in an effective and efficient manner. Second, the components
being merged into DHS already face a wide array of existing challenges
that must be addressed. Finally, if DHS cannot effectively carry out
its mission, it exposes the nation to potentially very serious
consequences. We are currently in the process of reviewing the
challenges faced by DHS and the progress it has made to address these
challenges. The results of this review will be published in a
forthcoming GAO report.
Concluding Observations:
All 43 initiatives of the National Strategy for Homeland Security were
included in plans and implementation activities in fiscal year 2004 by
at least one of the six key departments we reviewed. Further, 33 of the
43 initiatives (77 percent) were being planned or implemented by at
least three of the six departments. Additionally, we found that the
strategy and HSPDs identified lead agencies for 42 of the 43
initiatives. For these 42 initiatives where a lead had been identified,
13 initiatives had leads that were implied rather than clear. While DHS
was identified as the lead for the most initiatives (37), there were
multiple leads for 12 of these 42 initiatives. Given the large number
of initiatives being implemented by multiple agencies, the fact that
some of the leads were implied rather than clear, and the fact that
about a third of the initiatives had multiple leads, coordination
across federal departments will be a key factor required for the
successful implementation of the strategy. Such coordination would
ensure that federal departments are working to support the lead agency,
are complementing one anothers' leadership when there are multiple lead
agencies, and are not unnecessarily duplicating one anothers' programs
when there are multiple departments implementing the same initiatives.
When implementing the strategy's initiatives, these federal departments
face a number of challenges that cut across all the mission areas. In
terms of resources, the nation must find the appropriate balance
between homeland security and other priorities. Finding this balance
will require an improved risk management framework for resource
allocation and investments. It will also require an improved set of
performance and results measures to gauge our progress. Further,
finding that balance must take into consideration nonfederal resources,
but the strategy and HSPDs have not in many cases defined the roles and
responsibilities of the state, local, and private sectors. Finally, an
enterprise architecture would help coordinate the larger effort across
the myriad of organizations involved in implementing the strategy.
One of the key challenges for the Congress is to provide oversight to
ensure that federal departments are coordinating their activities as
they attempt to implement the National Strategy for Homeland Security.
Agency Comments and Our Evaluation:
We provided a draft of this report to DOD, DOE, DOJ, HHS, DHS, the
State Department, and the Homeland Security Council for comment. We
received written comments from DOD, HHS, DHS, and DOJ, which appear in
appendixes XI -XIV respectively. In addition to providing their written
comments, these departments and DOE provided technical comments, which
we incorporated as appropriate. State and the Homeland Security Council
declined to provide any comments on this report. DOD stated that the
report was "a thorough and accurate report." DHS indicated our
summation of the strategic planning, implementation, and leads of the
six departments to be "particularly useful." DOE, DOJ, and HHS neither
concurred nor disagreed with the report. In addition, agencies provided
comments on the many GAO reports that cumulatively describe the range
of implementation challenges featured in this capping report. These
comments can be found in the appropriate reports, as cited in our
footnotes and listed in the Related GAO Products section.
As agreed with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after its issue date. At that time, we will provide copies of this
report to appropriate departments and interested congressional
committees. We will also make copies available to others upon request.
In addition, the report will be available at no charge on GAO's Web
site at http://www.gao.gov.
If you or your staff have any questions about this report, please
contact me on 512-6787. Other contacts and staff acknowledgments are
listed in appendix XV.
Sincerely yours,
Signed by:
Norman J. Rabkin, Managing Director:
Homeland Security and Justice Issues:
[End of section]
Appendix I: Objectives, Scope, and Methodology:
The first objective focuses on the extent to which key federal
departments with homeland security responsibilities address the 43
initiatives of the National Strategy for Homeland Security in their
planning and implementation activities.
We selected departments based on a review of their fiscal year 2005
budget requests for homeland security-related issues. The six
departments with the largest budget requests were selected--together
they account for 94 percent of the fiscal year 2005 budget requests for
homeland security. The six departments are the Departments of Defense
(DOD), Energy (DOE), Health and Human Services (HHS), Homeland Security
(DHS), Justice (DOJ), and State.
We defined three time-oriented indicators to distinguish the timing of
the departments' strategic planning or implementation activities with
respect to each of the 43 initiatives of the six mission areas.
* "Prior implementation" was defined as a departmental program or
activity that occurred prior to fiscal year 2004.
* "Recent planning" was defined as either (1) a program or activity
specifically indicated by the participating department as being
developed in its latest high-level planning documents (which include
the department's strategic plan, annual plan, or performance plan) or
(2) a program or activity, not listed in these planning documents, but
indicated by department officials as being under development since July
2002 (when the strategy was issued).
* "2004 implementation," in turn, was defined as a departmental program
or activity that occurred during all, or part, of fiscal year 2004.
A department could satisfy (a) neither of these indicators
(demonstrating no strategic planning and implementation activities on a
given initiative, within the prescribed time periods) or (b)
combinations of one through three of these indicators, for each
initiative (e.g., one department may have engaged in prior
implementation that was carried over into fiscal year 2004
implementation; a second department may have engaged in recent
planning, followed by 2004 implementation; and a third department may
have only engaged in prior implementation, as its activity was
completed or terminated.)
We obtained and reviewed each department's latest strategic planning
documents (i.e., their strategic plan, annual plan, and performance
plan) to determine whether these documents provided specific
information about the department's prior implementation and recent
planning activities, with respect to each mission area initiative. We
scored a department as engaging in prior implementation activity or
recent planning if these documents demonstrated at least one such
activity with respect to each initiative. We also reviewed the
documents to determine if any programs or activities had been
transferred to another department or agency. In some cases, this may
account for prior implementation activity but no further planning or
implementation activity.
Since the latest departmental strategic documents do not sufficiently
address fiscal year 2004 implementation activities, we contacted
strategic planning officials at each the six departments and asked them
to provide evidentiary support for their 2004 implementation
activities, with respect to each relevant initiative. We scored a
department as implementing activities on a given initiative if the
department could demonstrate at least one such activity occurring
during fiscal year 2004 with respect to that initiative. We also
requested department strategic planning officials to review our
findings regarding planning and implementation and to make any
modifications or additions necessary. Evidentiary support was requested
for any such change. Very few changes were provided across all six
departments. Departments provided the data during fiscal year 2004. We
did not verify the accuracy of the data or the progress of particular
activities.
In addition to identifying departmental engagement in planning and
implementation activities, we also sought to determine departmental
leadership responsibility on each initiative. To satisfy the leadership
role, departments had to satisfy at least one of the following two
indicators:
* leadership of the entire critical mission area initiative or:
* leadership in specific functional area(s) encompassed within that
initiative.
We identified departmental leadership roles on specific initiatives,
based on a review of the provisions in the strategy and Homeland
Security Presidential Directives (HSPD) one through 12. In only a few
instances did a department indicate to us that subsequent legislation,
regulation, or transfer of activities absolved them of their leadership
roles. Because the language of the strategies and HSPDs was not always
precise, we identified departments as either (a) "clear" (explicit)
leads, (b) "implied" leads, or (c) no leads for each initiative. In the
mission area tables, in both the letter and appendixes, departments
with a clear lead on a given initiative are indicated by a hard-line
box; departments with an implied lead on a given initiative are
indicated by a broken-line box; departments not having any lead on a
given initiative have no box designations. Drafts of this section of
the report were submitted to the departments for their review.
The second objective focuses on identifying the challenges the nation
faces in homeland security implementation. This work is based
exclusively on a review of challenges identified in GAO products issued
since September 11, 2001. During this time period, we were able to
identify over 250 relevant GAO products related to homeland security.
These, and others, can be found in our Related Products section at the
end of the report. The challenges identified are arrayed throughout the
report by mission area and subtopical area.
We conducted our work between February and November 2004 in accordance
with generally accepted government auditing standards.
[End of section]
Appendix II: Intelligence and Warning:
This appendix sets forth the definition and major initiatives of the
Intelligence and Warning mission area and discusses the agencies with
major roles, their funding, and the alignment of their strategic plans
and implementation activities with the initiatives, and a summary of
the key challenges faced by the nation. This appendix presents baseline
information that can be used by Congress to provide oversight and track
accountability for the initiatives in the Intelligence and Warning
mission area.
Definition and Major Initiatives:
The National Strategy for Homeland Security categorizes homeland
security activities into six critical mission areas, the first of which
is Intelligence and Warning. This mission area includes intelligence
programs and warning systems that can detect terrorist activity before
it manifests itself in an attack so that proper preemptive, preventive,
and protective action can be taken. Specifically, this mission area is
made up of efforts to identify, collect, analyze, and distribute source
intelligence information or the resultant warnings from intelligence
analysis. Activities in this mission area often dovetail into the
mission areas of domestic counterterrorism and, in some cases, critical
infrastructure protection, as agencies move to take immediate action or
develop long-term protective measures based on threat or vulnerability
information.[Footnote 10] Figure 3 is an example of one of the
initiatives found in the Intelligence and Warning mission area.
The strategy identifies the following initiatives in the Intelligence
and Warning mission area:
* enhancing the analytic capabilities of the FBI,
* building new capabilities through the Information Analysis and
Infrastructure protection Division of the Department of Homeland
Security,
* implementing the Homeland Security Advisory System,
* utilizing dual-use analysis to prevent attacks, and:
* employing red team techniques.
Figure 3: The Five Threat Levels of the Homeland Security Advisory
System:
[See PDF for image]
[End of figure]
Agencies with Major Roles in Intelligence and Warning:
Of the six departments under review, the Department of Homeland
Security and the Department of Justice have major roles in the
Intelligence and Warning mission area. Within DHS, the Information
Analysis and Infrastructure Protection Directorate (IAIP) analyzes
terrorism-related threat information relevant to homeland security,
associates threat analysis with infrastructures and people, and
provides warnings and advisories to agencies, state and local
governments, and select critical infrastructure owners and operators.
The U.S. Secret Service, also a component of DHS, provides intelligence
and advanced analysis for protective operations. The Department of
Justice has two components involved in Intelligence and Warning
activities--the Federal Bureau of Investigation (FBI) shares
intelligence with other federal agencies, as well as with state and
local authorities; while the Office of Justice Programs (OJP) funds
counterterrorism training for senior law enforcement personnel at the
state and local level.
The Office of Management and Budget (OMB) reported that the total
fiscal year 2005 funding request for the Intelligence and Warning
mission area is $474 million, with the bulk of this funding going to
DHS (61 percent), primarily for IAIP and the U.S. Secret Service. Other
agencies with significant funding in this mission area include DOJ (19
percent), primarily for the FBI, and the Intelligence Community (15
percent) for the Terrorist Threat Integration Center (TTIC).[Footnote
11] Figure 4 summarizes the fiscal year 2005 budget request for the
Intelligence and Warning mission area by agency.
Figure 4: Proposed Fiscal Year 2005 Homeland Security Funding for
Intelligence and Warning:
[See PDF for image]
Notes: Budget authority in millions of dollars.
[End of figure]
"All other agencies" includes the Departments of Agriculture ($20
million) and Treasury ($.6 million), as well as the Intelligence
Community Management Account ($72 million). OMB reported the
Intelligence Community figure in aggregate; it did not break it out by
individual agencies (e.g., Central Intelligence Agency).
OMB's reported data does not include funding for three departments that
have activities under way in this mission area. These departments--
Defense, State, and Energy--have either planning or implementation
activity on specific initiatives, as discussed in the next section of
this appendix. On the basis of our previous work, we have noted several
qualifications to OMB's figures to explain this discrepancy.[Footnote
12] According to OMB officials, there is not always a clear distinction
between homeland security activities and other related activities. The
OMB staff must make judgment calls about how to characterize funding by
mission areas. For example, some homeland security activities have
multiple purposes, so funding for these activities can be allocated
among several accounts covering multiple mission areas. Moreover, some
of the departments' activities, such as planning, coordination, or
providing advice may support Intelligence and Warning activities, but
are not included in the amounts shown.
This appendix does not have any discussion of the Central Intelligence
Agency (CIA) or the Intelligence Community as a whole, although they
have activities related to the Intelligence and Warning mission area.
There are two reasons for this omission. First, OMB's reported data do
not include funding for the CIA. Second, the strategy itself is
relatively silent on the CIA in terms of specific initiatives in this
mission area. For example, the strategy only mentions the CIA once in
the Intelligence and Warning mission area--the CIA was to provide
intelligence analysts to assist the FBI enhance its analytic
capabilities. Most of the initiatives in the strategy, as discussed in
the next section, are led by DHS or DOJ. Similarly, there is little
information on the Intelligence Community. While OMB reported data
include $72 million in spending by the Intelligence Community
Management Account, it does not break this amount out by specific
departments or agencies. While the strategy mentions the Intelligence
Community with respect to this mission area, it does not identify
specific departments or agencies with specific initiatives. One
potential reason for relatively little discussion of CIA and the
Intelligence Community is the unclassified nature of the cost data and
the strategy.
Alignment of Department Activities with the Major Initiatives:
This section provides more detailed information about the Intelligence
and Warning mission area initiatives, and the departments involved in
conducting activities related to these initiatives. This includes a
discussion of specific departmental planning and implementation
activities, lead agency designation, and implementation activities in
fiscal year 2004, with respect to each initiative. The data are
summarized in table 7.
Table 7: Detailed Department Leadership and Planning/Implementation
Activities in the Intelligence and Warning Mission Area's Five
Initiatives:
[See PDF for image]
[End of table]
Summary of Departmental Activities on the Initiatives:
All five Intelligence and Warning initiatives are being addressed in at
least two of the key departments' planning and implementation
activities (see table 7). For example, DHS, DOD, and DOE implemented
Homeland Security Advisory System initiative activities during fiscal
year 2004. More specifically, DHS implemented the system and issued
advisories; DOD personnel interacted with DHS; and DOE aligned its
security system and condition alert level to meet the Homeland Security
Advisory System requirements of DHS. In addition, DHS, DOD, and DOE
implemented new intelligence and warning capabilities through the IAIP
initiative of DHS during fiscal year 2004. Specifically, DHS conducted
assessments of critical infrastructures and key assets using the IAIP
system; DOD worked in conjunction with DHS on the IAIP system; and DOE
enacted a Safeguard and Security Program (using infrastructure
information and analysis to gauge vulnerability assessments) and plays
a role in disseminating threat information to energy sector industries.
The Department of Health and Human Services (HHS) also has activities
related to Intelligence and Warning, but these activities are not
directly included under the initiatives as laid out by the strategy.
For example HHS operates the Laboratory Response Network, the Epidemic
Information Exchange, and the Food and Drug Administration's food
inspection activities. In addition, it supports the DHS-managed
BioWatch program. While the strategy does not list these as specific
initiatives, they provide surveillance of infectious diseases and could
provide early warning of a bioterrorism attack. For more on HHS's role,
particularly with respect to bioterrorism, see appendix VI, on
Defending against Catastrophic Threats.
While we have identified department activities related to these
initiatives, we did not determine the quality, status, or progress of
such activities with respect to stated goals or targets within this
mission area.
Identification of Lead Agencies on the Initiatives:
For four of the five initiatives, a lead agency is identified either in
the strategy or Homeland Security Presidential Directives (HSPDs). The
one initiative where there was no lead identified was "the employment
of red-team techniques." Red team techniques are techniques where the
U.S. government would create a team (sometimes known as a red cell) to
play the role of terrorists in terms of identifying vulnerabilities and
planning attacks. Three departments (DHS, DOD, and DOE) had implemented
activities related to this initiative. According to DHS strategic
planning officials, it is important that a number of agencies conduct
red-team techniques to test their own specific programs, so no agency
would necessarily have the overall lead. However, terrorists are
opportunistic and may purposefully plan attacks that take advantage of
the seams between department programs or jurisdictions. Thus, there is
some value in employing red-team techniques that look across federal
departments, as well as across the state, local, and private sectors.
Without an overall lead agency identified for this initiative, it is
unclear which federal department will be accountable for employing red-
team techniques at the interagency level against the nation as a whole.
As shown in table 7, DHS is the lead on the most initiatives in this
critical mission area--three out of the five initiatives (including
building new capabilities through the Information Analysis and
Infrastructure Protection Division, implementing the Homeland Security
Advisory System, and utilizing dual-use analysis to prevent attacks).
It is understandable that DHS would be the department with the most
initiative leads given that DHS's strategic goals and objectives are to
be directed toward preventing terrorist attacks in the United States
and reducing America's vulnerability to terrorism--both of which
require Intelligence and Warning system information to achieve their
aims. The Department of Justice is a lead on one initiative, enhancing
the analytic capabilities of the FBI. This, too, is understandable
given that the FBI is an agency (or component) of DOJ.
The strategy and HSPDs did not identify multiple leads on any of the
five Intelligence and Warning initiatives (see table 7). In addition,
these strategic documents clearly named all leads. DHS is named as a
clear lead on three Intelligence and Warning initiatives; DOJ is
identified as a clear lead on one initiative.
Fiscal Year 2004 Implementation of the Initiatives:
In fiscal year 2004, implementation activity occurred with respect to
each of the five Intelligence and Warning initiatives (see table 7).
DHS implemented activity in each of the three initiatives for which it
was identified as a lead. DOJ implemented activity in the one
initiative for which it was named as the lead (enhancing the analytic
capabilities of the FBI).
Additionally, several of the departments under review implemented
multiple Intelligence and Warning initiative activities for which they
were not identified as a lead. During fiscal year 2004, DOE cited
implementation activities in four of the five Intelligence and Warning
initiatives for which it did not have a lead (prior to fiscal year
2004, it cited implementation activity with respect to three of the
five initiatives.) DOD cited fiscal year 2004 implementation activities
in 3 of 5 initiatives for which it did not have a lead. DHS cited
planning and implementation activities during fiscal year 2004 on the
one initiative for which it did not have lead responsibilities; and
State cited both prior implementation and 2004 implementation activity
on the one initiative for it was not cited as a lead in the strategy or
HSPDs.
Challenges in Intelligence and Warning:
With the element of surprise on their side, terrorists have the
potential to do massive damage to an unwitting and unprepared target.
It therefore follows that the United States must take appropriate
action to develop and implement an effective Intelligence and Warning
system that is capable of detecting planned terrorist activity, so that
proper preemptive, preventive, and protective action can be taken. Our
recent work in the Intelligence and Warning mission area has identified
a number of challenges. These challenges include enhancing the
analytical capabilities of the FBI, improving the coordination and
mechanisms for sharing intelligence information across levels of
government and the private sector, consolidating terrorist watch lists,
and strengthening the homeland security advisory system.
Enhancing the FBI's Analytical Capabilities:
The strategy has an initiative to enhance the FBI's analytic
capabilities in order to address the agency's top priority--preventing
terrorist attacks. The FBI is, therefore, "creating an analytical
capability that can combine lawfully obtained domestic information with
information lawfully derived from investigations, thus facilitating
prompt investigation of possible terrorist activity within the United
States." To accomplish this, the FBI has changed its priorities and
accelerated modernization of its information technology (IT) systems.
However, we reported in September 2003 that the FBI will be facing a
number of challenges as it begins this modernization without having yet
developed a modernization blueprint, commonly referred to as an
enterprise architecture (a plan that defines how an organization
operates today, intends to operate tomorrow, and intends to invest in
IT systems to transition to this future state).[Footnote 13]
Architectures are essential to effectively managing such complex
endeavors and are recognized as hallmarks of successful public and
private organizations. The challenge for the FBI will be to make
architecture development an institutional management priority; until
this is accomplished and the architecture is developed and implemented,
the FBI faces the challenge of ensuring systems currently being
developed and deployed will be consistent with the yet-to-be-developed
architecture. Our research and experience at federal agencies has shown
that attempting a major modernization effort without a well-defined and
enforceable architecture results in systems that are duplicative and
not well integrated, are unnecessarily costly to operate and maintain,
and do not effectively optimize mission performance. Additional
challenges related to the FBI's transformation are contained in
appendix IV, on domestic counterterrorism. The Bremer, Hart-Rudman,
Gilmore, and 9/11 Commissions all made recommendations related to this
challenge.
Improving Intelligence Information Sharing:
According to the strategy, "homeland security intelligence and
information must be fed instantaneously into the Nation's domestic
anti-terrorism efforts, and "this effort must be structured to provide
all pertinent homeland security intelligence and law enforcement
information--from all relevant sectors including state and local law
enforcement as well as federal agencies--to those able to take
preventive or protective action." Since September 11, federal, state,
and local governments have established initiatives to meet the
challenge of sharing information to prevent terrorism. DHS has
initiatives under way to enhance information sharing (including the
development of a homeland security enterprise architecture to integrate
sharing among federal, state, and local authorities). In addition, the
FBI increased the number of its Joint Terrorism Task Forces, the
Defense Intelligence Agency (DIA) entered into an information-sharing
partnership with the state of California and the city of New York; and
Massachusetts has established an antiterrorism network of state, local,
and federal agencies. However, our August 2003 report[Footnote 14]
noted that these initiatives, while beneficial for the partners,
presented challenges because they (1) were not well coordinated,
(2) rsked limiting participants' access to information, and (3)
potentially duplicated the efforts of some key agencies at each level
of government. We also found that despite various legislation,
strategies, and initiatives, federal agencies, states, and cities did
not consider the information sharing process to be effective. For
example, information on threats, methods, and techniques of terrorists
was not routinely shared, and the information that was shared was not
perceived as timely, accurate, or relevant. Additionally, federal
agencies were challenged by the inability of state or city governments
to properly handle classified information and their lack of security
clearances. The Gilmore and 9/11 Commissions made recommendations
related to this challenge.
Better Dissemination of Threat Information to the Private Sector:
The strategy discusses the need for threat-vulnerability integration,
providing that "mapping terrorist threats and capabilities--both
current and future--against specific facility and sectoral
vulnerabilities will enable authorities to determine which
organizations pose the greatest threat and which facilities are most at
risk." However, in a March 2003 report we noted that one of the
nation's challenges is to develop and implement methods for effectively
sharing information between government and the private sector.[Footnote
15] For example, officials in several commercial industries have said
that they need better threat information from law enforcement agencies,
as well as better coordination among agencies providing threat
information. Specifically, these officials stated that they did not
receive sufficient specific threat information, and frequently received
threat information from multiple government agencies. Similarly, DOJ
observed that chemical facilities need more specific information about
potential threats in order to design their security systems and
protocols. Threat information also forms the foundations for some of
the tools available to industry to assess facility vulnerabilities.
Threat information is the foundation for hypothesizing about threat
scenarios, which form the basis for determining site vulnerabilities.
In reviewing security considerations involving commercial seaports, we
found that similar challenges existed. Specifically, on the basis of
visits to several of the commercial seaports designated by DOD as
critical for use by the military for overseas deployments, we reported
in October 2002 that although the organizations responsible for seaport
security increased emphasis on security planning since September 11,
there remained no single mechanism to analyze, coordinate, and
disseminate threat information on a routine basis on the broad range of
threats at each port. Most threat information was coordinated on an
informal basis, increasing the risk that threats--both traditional and
nontraditional ones--may not be recognized or that threat information
may not be communicated in a timely manner to all relevant
organizations, including private sector organizations, at the ports.
The Gilmore and 9/11 Commissions made recommendations related to this
challenge.
Consolidating Terrorist Watch Lists:
The strategy recognizes the need for "fully accessible sources of
information related to suspected terrorists" through the establishment
of a consolidated terrorism watch list. In April 2003 we reported that
changing the federal government's diffused and nonstandard approach to
developing and using terrorist watch lists--which are essential tools
for performing, among other things, the nation's border security
mission--involve addressing key management, technical, and legal
challenges.[Footnote 16] One of these challenges involves defining and
implementing a new approach that overcomes individual agencies' unique
culture and mission requirements. For example, a key reason for the
varying extent to which watch list sharing is done involves cultural
differences among the government and private sector agencies involved
in securing our borders. Another challenge to be overcome involves the
tendency of the watch lists to have overlapping but not identical sets
of data, which makes their consolidation difficult. Additionally, the
extent to which such sharing is accomplished electronically is
constrained by fundamental differences in the watch lists' systems
architecture (that is, the hardware, software, network, and data
characteristics of the systems). Finally, while legal requirements have
historically been another challenge to sharing, recent legislation has
begun to address this barrier. For example, Congress passed the USA
PATRIOT ACT, which has significantly changed the legal framework for
information sharing when fully implemented, it should diminish the
effect of existing legal barriers. The 9/11 Commission made
recommendations related to this challenge.
Strengthening the Homeland Security Advisory System:
The strategy calls for the implementation of the Homeland Security
Advisory System as a means of disseminating information regarding the
risk of terrorist acts to federal, state, and local authorities; the
private sector; and the American people. Utilizing five color-coded
threat levels, the system was established by HSPD-3 in March 2002.
However, in a March 2004 testimony, we reported that DHS faces
challenges in strengthening the advisory system and keeping it relevant
and viable. For example, the system has generated questions concerning
the quality and timeliness of the threat information being
disseminated.[Footnote 17] Specifically, DHS had not yet officially
documented communication protocols for threat information and guidance
to federal agencies and states, with the result that some federal
agencies and states first learn about changes in the national threat
level from the media. An additional challenge relates to the
comprehensiveness of information provided with regard to actions to be
taken in response to changes in the threat level. For example, public
warnings did not include guidance on actions to be taken in response to
a specific threat. Moreover, federal agencies responding to our
inquiries indicated that an additional challenge involves their
inability to determine appropriate protective measures to be
implemented because of a lack of specific threat information. For
example, federal agencies indicated to us that, particularly, region-,
sector-, site-, or event-specific threat information--to the extent
that it is available--would be helpful. Since the time of our report,
DHS has provided more specific warnings by both sector (e.g., the
financial sector) and location (e.g., New York and Washington, D.C.).
The Gilmore Commission made recommendations related to this challenge.
[End of section]
Appendix III: Border and Transportation Security:
This appendix sets forth the definition and major initiatives of the
Border and Transportation Security mission area and discusses the
agencies with major roles, their funding, the alignment of their
strategic plans and implementation activities with the major
initiatives, and a summary of the key challenges faced by the nation.
This appendix presents baseline information that can be used by
Congress to provide oversight and track accountability for the
initiatives in the Border and Transportation Security mission area.
Definition and Major Initiatives:
The National Strategy for Homeland Security categorizes homeland
security activities into six critical mission areas, the second of
which is Border and Transportation Security. This mission area includes
programs designed to fully integrate homeland security measures into
existing domestic transportation systems and focuses on promoting the
efficient and reliable flow of people, goods, and services across
borders, while preventing terrorists from using transportation
conveyances or systems to deliver implements of destruction. Activities
in this mission area often dovetail into domestic counterterrorism as
agencies take law enforcement action to address potential threats to
the homeland that may originate along our borders or in our
transportation systems. Also, because transportation is a critical
infrastructure sector, this mission area is also closely related to the
critical infrastructure protection mission area. For example, homeland
security actions at seaports would involve activities in both mission
areas.[Footnote 18] Figure 5 shows an example of the type of activities
found in the Border and Transportation Security mission area.
The strategy identifies the following major initiatives in the border
and transportation mission area:
* ensuring accountability in border and transportation security,
* creating smart borders,
* increasing the security of international shipping containers,
* implementing the Aviation and Transportation Security Act of 2001,
* recapitalizing the U.S. Coast Guard, and:
* reforming immigration services.
Figure 5: U.S. Customs and Border Patrol Marine Officers on the Waters
of the Rio Grande, along the United States and Mexico Border:
[See PDF for image]
[End of figure]
Agencies with Major Roles in Border and Transportation Security:
Of the six agencies under review, DHS and State have major roles in
Border and Transportation Security. Within DHS, the U.S. Customs and
Border Protection (CBP) conducts inspections at ports of entry to
detect and prevent people and goods from entering the country
illegally, while the Bureau of Immigration and Customs Enforcement
(ICE) investigates and enforces laws against the unlawful presence of
people and goods in the country; the Transportation Security
Administration (TSA) performs some aviation security activities, while
overseeing others, and coordinates the development of security measures
for nonaviation modes of transportation; and the U.S. Coast Guard leads
security activities at the nation's ports. State plays a role in this
mission area through its administration of the visa program to ensure
against travel into the United States by terrorists or others whose
presence may undermine U.S. national security. Although not one of six
agencies we reviewed, the Department of Agriculture (USDA) also has a
role in border and transportation security. Specifically, USDA's Animal
and Plant Health Inspection Service (APHIS) performs agricultural
quarantine activities and risk analysis at U.S. ports of entry.
OMB reported that the total fiscal year 2005 funding request for border
and transportation security is $17 billion, with the majority of this
going to DHS (almost $16 billion, or 93 percent), largely for CBP, TSA,
and the Coast Guard. Other DHS bureaus, as well as other agencies--such
as USDA and State--have significant funding in this mission area as
well.[Footnote 19] Figure 6 summarizes the fiscal year 2005 budget
request for the border and transportation security mission area by
agency.
Figure 6: Proposed Fiscal Year 2005 Homeland Security Funding for
Border & Transportation Security:
[See PDF for image]
Notes: Budget authority in millions of dollars.
"All other agencies includes USDA ($169 million) and the Department of
Transportation ($19 million).
[End of figure]
OMB's reported data do not include funding for three departments that
have activities under way in this mission area. These departments--DOD,
HHS, and DOE--have either planning or implementation activity on
specific initiatives, as discussed in the next section of this
appendix. On the basis of previous work, we have noted several
qualifications to OMB's figures to explain this discrepancy.[Footnote
20] According to OMB officials, there is not always a clear distinction
between homeland security activities and other related activities. OMB
staff must make judgment calls about how to characterize funding by
mission areas. For example, some homeland security activities have
multiple purposes, and funding for these activities is comingled in
accounts that can cover multiple mission areas. In addition, some of
the departments' activities, such as planning, coordination, or
providing advice may support Border and Transportation Security
activities but are not included in the amounts shown.
Alignment of Department Activities with the Major Initiatives:
This section provides more detailed information about the Border and
Transportation Security mission area initiatives and the departments
involved in conducting activities related to these initiatives. This
includes a discussion of specific departmental planning and
implementation activities, lead agency designations, and
implementation activities in fiscal year 2004, with respect to each
initiative. The data are summarized in table 8.
Table 8: Detailed Department Leadership and Planning/Implementation
Activities in the Border and Transportation Mission Area's Six
Initiatives:
[See PDF for image]
[End of table]
Summary of Departmental Activities on the Initiatives:
All six Border and Transportation Security initiatives are being
addressed in at least two of the key departments' planning and
implementation activities (see table 8). At least three departments
cited activity in four of the six initiatives. For example, DHS, DOD,
State, and DOE implemented shipping container security initiative (CSI)
activities in fiscal year 2004. DHS deployed Customs and Border
Protection officers to Malaysia to conduct CSI activity; DOD provided
an intelligence perspective on container and port security
vulnerabilities, aiding in the development and deployment of
technologies; State engaged in diplomatic efforts with additional
countries to conclude further CSI agreements; and DOE worked with
Lithuania to install nuclear detection equipment at the Vilnius
Airport, as well as other airports and other locations in other foreign
countries. Additionally, DHS, HHS, and State demonstrated
implementation activities in fiscal year 2004 with respect to creating
smart borders. DHS developed, acquired, and deployed biometrically
enabled, travel document reader technology, at air, sea, and land ports
of entry; the Food and Drug Administration within HHS established
guidance requiring the registration of domestic and foreign facilities
that manufacture, process or hold food for consumption in the United
States; and State deployed biometric collection capability to consular
posts worldwide.
All six departments have been engaged in Border and Transportation
Security initiatives.
While we have identified department activities relates to these
initiatives, we did not determine the quality, status, or progress of
such activities with respect to stated goals or targets within this
mission area.
Identification of Lead Agencies on the Initiatives:
For all six initiatives, a lead agency is identified either in the
strategy or HSPDs. As shown in table 8, DHS is the lead on the most
initiatives in the mission area--six of six initiatives. It is
understandable that DHS would be the department with the most
initiative leads, given that the initiatives (a) emphasize DHS's twin
goals of preventing terrorist attacks and reducing border
vulnerability; and (b) reflect a transfer of the Customs Service,
Immigration and Naturalization Service, and Coast Guard to DHS. State
is also identified as a lead on the initiative to create smart borders.
Given the initiative's emphasis on visa issuance and consular office
participation in detecting potential terrorists, it seems appropriate
that State would be identified in a leadership capacity. DOJ had been
identified as a lead agency with respect to two initiatives, creating
smart borders and guarding America's critical infrastructure and key
assets against "inside" threats. However, given the transfer of the
Immigration and Naturalization Service and the National Infrastructure
Protection Center programs to the Department of Homeland Security, DOJ
officials indicated the department no longer serves as the lead on
these two initiatives.
Creating smart borders is the only initiative for which there are
multiple leads in the Border and Transportation Security area (see
table 8). The two department leads in this initiative are DHS and
State. Additionally, departmental documents show that DHS is a clear
lead on two initiatives and an implied lead on three initiatives. State
is a clear lead on its single initiative.
Fiscal Year 2004 Implementation of the Initiatives:
In fiscal year 2004 implementation activity occurred with respect to
all six Border and Transportation Security initiatives (see table 8).
DHS implemented activity in all five initiatives for which it was
identified as a lead. State implemented activity in the one initiative
where it was designated a lead.
Additionally, several of the departments under review implemented
multiple Border and Transportation Security initiatives for which they
were not identified as a lead agency in the strategy and HSPD. During
fiscal year 2004, DOD cited implementation activities in three
initiatives for which it did not have any lead responsibilities (prior
to fiscal year 2004, DOD cited planning/implementation activity with
respect to four of the six initiatives). State cited fiscal year 2004
and prior year implementation activity on three initiatives, for which
it was not identified as the lead; HHS cited 2004 implementation
activity on two initiatives without lead responsibilities; and DOE
cited both 2004 and prior implementation with respect to one
initiative.
DOJ has not demonstrated fiscal year implementation activity in any
initiative within this critical mission area; a DOJ official indicated
that this is due to program transfers. In accordance with the Homeland
Security Act of 2002, DOJ transferred its Immigration and
Naturalization Service programs to DHS.
Challenges in Border and Transportation Security:
The strategy calls for ensuring the "efficient and reliable flow of
people, goods, and services across borders, while preventing terrorists
from using transportation conveyances or systems to deliver implements
of destruction." Our recent work in the Border and Transportation
Security mission area has identified a number of challenges. Among the
challenges faced is striking a balance between increased border
security with concerns for facilitating legitimate travel and the flow
of goods, the need to address problems associated with processing
people at the nation's ports of entry, training border security
personnel to detect counterfeit documents and fictitious identities,
determining the proper role for biometric technologies for security
applications, developing a clear and comprehensive visa process, and
improving the management of key programs. The challenges that we have
identified in ensuring that our transportation system is secure include
implementing an effective system to prescreen airline passengers;
achieving and sustaining improvements in airline passenger, baggage,
and cargo screening; strengthening perimeter security and access
controls at airports; adequately addressing rail and mass transit
security issues; and recapitalizing the U.S. Coast Guard.
Border Security:
Balancing Security Concerns with Economic Needs:
The strategy recognizes the long-standing challenge of balancing our
nation's security and commercial needs and states that the "efficient
flow of people, goods, and conveyances engaged in legitimate economic
and social activities" must not be impeded. Primary responsibility for
ensuring the balance between security and commercial needs falls on
DHS's CBP. In a June 2003 testimony, we reported that CBP faces many
challenges in trying to accomplish its mission.[Footnote 21] Concerning
the efficient flow of people, challenges include detecting false
admissibility documents, unifying and enhancing inspector training,
providing timely intelligence to the field, and successfully
implementing the new entry-exit system. With respect to cargo, CBP has
attempted to select and inspect the highest-risk incoming cargo while
enabling legitimate cargo to be cleared in a timely manner. These
efforts pose a range of challenges, from the availability of threat
assessments and actionable intelligence to the capability of
nonintrusive inspection technology to detect potentially harmful
contraband. Additional challenges faced by CBP include the need to
improve its trade compliance program and to successfully implement its
new trade-processing information system. The Gilmore, Hart-Rudman, and
9/11 Commissions made recommendations related to this challenge.
Effectively Processing People at Land Ports of Entry:
The strategy calls for DHS to "verify and process the entry of people
in order to prevent the entrance of contraband, unauthorized aliens,
and potential terrorists." However, in a June 2003 testimony and an
August 2003 report, we indicated that CBP, the entity within DHS that
is responsible for carrying out this task, faces several challenges at
land ports of entry related to the determination of traveler
admissibility and other vulnerabilities in the inspection
process.[Footnote 22] In 2003, we testified that CBP inspectors faced a
variety of challenges at the ports, including the need to make quick
decisions on whether to immediately admit a traveler into the country
or refer the traveler for more intensive inspection. This task is made
more challenging because (1) United States and certain Canadian
citizens may enter this country without presenting a travel document if
they make an oral claim of citizenship that satisfies the inspector and
(2) travelers who are required to show an identity document can present
a variety of documents, some of which can be easily counterfeited. In
fact, in October 2003, we testified about the challenges posed by
identity fraud and how counterfeit identification can be easily
produced and used to create fraudulent identities. We also identified
other challenges for CBP at the borders, including ensuring that
inspectors are adequately trained in conducting inspections and
detecting fraudulent documents and challenges regarding the collection,
analysis, and use of intelligence information in the field. The
Gilmore, Hart-Rudman, and 9/11 Commissions made recommendations related
to this challenge.
Effectively Employing Biometric Technologies:
The strategy states that the "United States will require visitors to
present travel documentation that includes biometric indicators."
However, in a November 2002 report and in March and September 2003
testimonies, we reported that challenges exist in determining the
proper role of biometric technologies for security
applications.[Footnote 23] The first challenge involves recognizing
that the use of biometric technology not a panacea for the border
security problem. Instead, it is just a piece of the overall decision
support system that helps determine whether or not a person is allowed
to enter the United States. For example, while biometrics may be useful
in reducing document fraud, it may not have much effect on the ability
of people to enter the United States through other than official ports
of entry. Another major challenge involves questions regarding the
technical and operational effectiveness of biometric technologies in
applications as large as border control. Additional challenges to be
addressed include determining (1) the system's effect on existing
border control procedures and people; (2) the costs and benefits of the
system, including secondary costs resulting from changes in processes
or personnel to accommodate the biometrics; and (3) the system's effect
on privacy, convenience, the economy, and relations with other
countries. The 9/11 Commission made recommendations related to this
challenge.
Deploying Effective Technologies for the Detection of Weapons of Mass
Destruction:
The strategy states that the nation will "develop and deploy non-
intrusive inspection technologies to ensure rapid and more thorough
screening of goods and conveyances." We reported in October
2002,[Footnote 24] however, that challenges exist with regard to the
acquisition and deployment of radiation detection equipment. In
particular, we have concerns that DHS has not yet deployed the best
available technologies for detecting radioactive and nuclear materials
at U.S. border crossings and ports of entry. Specifically, we have
found that CBP's primary radiation detection equipment--radiation
pagers--have certain limitations and may be inappropriate for the task.
For example, according to U.S. radiation detection vendors and DOE
laboratory specialists, pagers are more effectively used in conjunction
with other radiation detection equipment, such as portal monitors and
radio isotope identifiers. A further challenge is the need for a
comprehensive plan for installing and using radiation detection
equipment at all U.S. border crossings and ports of entry. A
comprehensive plan would address, among other things, vulnerabilities
and risks; identify the complement of radiation detection equipment
that should be used at each type of border entry point--air, rail,
land, and sea--and whether the equipment could be immediately deployed;
identify longer-term radiation detection needs; and develop measures to
ensure that the equipment is adequately maintained. Finally, there is a
challenge that goes beyond simply deploying equipment--personnel must
be effectively trained in radiation science, the proper use of the
detection equipment, and how to identify and respond to alarms.
Using Visas as an Antiterrorism Tool:
The strategy calls on DHS to "build an immigration services
organization that administers immigration laws in an efficient,
expeditious, fair, and humane manner" while ensuring "that foreign
visitors comply with entry conditions." In carrying out its goal of
reforming our nation's immigration services, DHS faces a number of
challenges.
The first involves the development of a clear policy on how to balance
national security concerns with the desire to facilitate legitimate
travel when issuing visas. Specifically, we reported in October 2002
that this process should be strengthened for use as an antiterrorism
tool.[Footnote 25] We also identified the need for more coordination
and information sharing to realize the full potential of the visa
process. In addition, there is a need for more human resources and more
training for consular officers.
An additional challenge concerns the lack of a governmentwide policy on
the interagency visa revocation process. This process is an important
tool for preventing potential terrorists from entering the country and
identifying potential terrorists who have already entered. However, we
testified in June 2003 that weaknesses in the process we first
identified in June 2003 have not been eliminated, especially those
related to the timely transmission of information among government
agencies.[Footnote 26] Our review of visas revoked for terrorism
concerns from October through December 2002 showed that delays occurred
in screening names of suspected terrorists for visa holders,
transmitting recommendations to revoke individuals' visas, revoking
visas after receiving recommendations to do so, and posting lookouts.
We also found delays in notifying immigration officials of the need to
investigate individuals with revoked visas who may be in the country
and in initiating field investigations of those individuals. Finally,
challenges exist because of unresolved legal and policy issues
regarding the removal of individuals from the United States based
solely on their visa revocation. For example, there needs to be clear,
comprehensive policies governing visa processes and procedures so that
all agencies involved agree on the level of security screening for
foreign nationals both at our consulates abroad and at ports of entry.
A third challenge concerns the Visa Waiver Program. This involves
discussing the process established by the Departments of Justice and
State for determining whether a country is eligible to participate in
the program. For example, one of the laws passed since the terrorist
attacks of September 11, requires participating countries to issue
passports that contain biometric identifiers, such as fingerprints.
However, it is unclear whether these requirements will be fully
implemented by the deadlines called for in the law. In our November
2002 report,[Footnote 27] we also pointed out that the national
security challenges created by eliminating the Visa Waiver Program are
difficult to determine, but that doing so could affect U.S. relations
with other countries, U.S. tourism, and State Department resources
abroad. For example, if the program were eliminated, we estimated that
the department's initial costs to process the additional workload would
range between $739 million and $1.28 billion, and annual recurring
costs would likely range between $522 million and $810 million. It
could take 2 to 4 years or longer to put the necessary people and
facilities in place to handle the increased workload, according to
State officials.
An additional challenge involves reducing the time taken to adjudicate
visas for science students and scholars. Specifically, we reported in
February 2004[Footnote 28] that the time it takes to adjudicate a visa
for a science student or scholar depends largely on whether an
applicant must undergo a security check that is designed to protect
against sensitive technology transfers. We took a random sample of
these security checks for science students and scholars sent from posts
abroad between April and June 2003 and found it took an average of 67
days for security checks to be processed and for State to notify the
post. Officials from the State Department and FBI acknowledged there
have been lengthy waits, but reported having measures under way that
they believe will improve the process. However, additional challenges
remain, such as interoperability issues between State's and FBI's
computer systems.
Finally, a challenge exists in balancing national security concerns
with the expeditious processing of visa applications. Specifically, we
reviewed[Footnote 29] the visa operations at U.S. posts in Canada and
provided information on the perceptions of consular staff that
adjudicate U.S. visas regarding the importance of national security in
the visa process, including impediments that could interfere with
efforts to make security a top priority in visa processing. Consular
officers and managers at U.S. posts in Canada said that despite rising
workloads and increasingly labor-intensive visa-processing
requirements, they were placing an emphasis on security in visa
operations. Some officers reported that new post-September 11
processing requirements for visas could reduce the time available for
face-to-face interviews. While most officers believed that they had
enough time to screen applicants carefully for possible security risks,
some of the newer officers at posts in Canada expressed concern about
their ability to remain vigilant if the workload increased.
The Bremer and 9/11 Commissions made recommendations related to the
challenges found in this section.
Improving the US-VISIT Program:
Integral to the effort to reform immigration services and the
strategy's call for a "border of the future," is the implementation of
the United States Visitor and Immigrant Status Indicator (US-VISIT)
program, which is designed to collect, maintain, and share information,
including biometric identifiers, on selected nationals who travel to
the United States. We testified in March 2004[Footnote 30] that this
implementation is challenging because of the type of program it is and
the way it is being managed. US-VISIT is to perform a critical,
multifaceted mission, its scope is large and complex, it must meet a
demanding implementation schedule, and its potential cost is enormous.
One critical aspect of the program's mission is to prevent the entry of
persons who pose a threat to the United States. DHS estimated that the
program would cost $7.2 billion through fiscal year 2014, but this
estimate did not include all costs and underestimated some others. In
addition, several factors related to the program's management increase
the risk of not delivering mission value commensurate with costs or not
delivering defined program capabilities on time and within budget.
Also, the requirements for interim facilities at high-volume land ports
of entry are not only demanding, they are based on assumptions that, if
altered, could significantly affect facility plans. Despite these
challenges, the first increment was deployed at the beginning of 2004.
DHS's fiscal year 2004 US-VISIT expenditure plan and related
documentation at least partially satisfies all conditions imposed by
Congress. US-VISIT largely met its commitments for implementing an
initial operating capability in early January 2004, including the
deployment of entry capability to 115 air and 14 seaports of entry.
However, challenges remain because DHS has not employed rigorous,
disciplined management controls typically associated with successful
programs. More specifically, testing of the initial phase of the
implemented system was not well managed and was completed after the
system became operational. In addition, multiple test plans were
developed during testing, and only the final test plan, completed after
testing, included all required content. Such controls, while
significant for the initial phases of US-VISIT, are even more critical
for the later phases, as the size and complexity of the program will
only increase. Finally, as we reported in May 2004,[Footnote 31] DHS's
plans for future US-VISIT resource needs at the land ports of entry are
based on questionable assumptions, making future resource needs
uncertain. The 9/11 Commission made recommendations related to this
challenge.
Transportation Security:
Effectively Prescreening Aviation Passengers:
Developing an effective system to prescreen passengers before they even
arrive at the airport is one of the challenges alluded to in the
strategy's discussion of the implementation of the Aviation and
Transportation Security Act (ATSA) of 2001. DHS's solution to this
challenge was the development of the Computer-Assisted Passenger
Prescreening Program (CAPPS II), which was designed to identify
passengers requiring additional security attention. As we said in a
February 2004 report and in a March 2004 testimony,[Footnote 32] key
activities in the development of this program have been delayed or not
addressed. We also identified three additional challenges TSA faces
that may impede the success of CAPPS II. These challenges are
developing the international cooperation needed to obtain passenger
data, managing the possible expansion of the program's mission beyond
its original purpose, and ensuring that identity theft cannot be used
to negate the security benefits of the system. Recently the
Transportation Security Administration scrapped the CAPPS II program
and created a follow-on program called Secure Flight, which could face
many of the same challenges we identified. The 9/11 Commission made
recommendations related to this challenge.
Improving Airline Passenger and Baggage Screening:
Another of the challenges alluded to in the strategy's discussion of
ATSA is the effective and efficient screening of passengers and
baggage. This has been a long-standing concern, and although
significant actions have been taken, we testified in February and March
2004 that challenges in achieving and sustaining improvements
remain.[Footnote 33] For example, while TSA met its mandate to
establish a federal screener workforce by November 2002, it continues
to face challenges in hiring and deploying passenger and baggage
screeners. Additionally, while TSA is making progress in measuring the
performance of passenger screeners, it has collected limited
performance data related to its baggage screening operations. Moreover,
testing of screeners has identified weaknesses in their ability to
detect threat objects, while essential training is hampered by staffing
shortages and a lack of adequate technical capability to access online
training programs. Still another challenge involves deploying and
leveraging screening equipment and technologies. For example, TSA
continues to face operational and funding challenges in its efforts to
achieve a mandate to screen all baggage using explosive detection
systems. The 9/11 Commission made recommendations related to this
challenge.
Strengthening Airport Perimeter Security and Access Controls:
Another key requirement of ATSA, as discussed in the strategy, is the
"protection of critical infrastructure assets," including airports. In
June 2004[Footnote 34] we reported that while TSA has begun evaluating
the security of airport perimeters and access controls, the agency has
not yet determined how the results will be used to address the
challenges faced. Specifically, these challenges include addressing
concerns with perimeter and access control security that have been
raised in compliance inspections and vulnerability assessments; setting
priorities for funding airport security needs, developing a plan for
implementing new technologies to meet security needs, and implementing
certain mandated actions to reduce the security threats posed by
airport workers.
Countering Threats Posed by Hand-Held Missiles:
Another consideration for ensuring the security of our aviation system
involves the issue of aircraft protection, specifically countering the
threats posed by Man-Portable Air Defense Systems (MANPADS). These
hand-held missile systems have been used by terrorists against
commercial aircraft.
In January 2004, we reported[Footnote 35] that DHS faces significant
challenges in adapting a military counter-MANPADS system to commercial
aircraft, such as establishing system requirements, developing
technology and design to sufficient maturity, and setting reliable cost
estimates. Our work on the best practices of product developers in
government and industry has found that such challenges can be
successfully overcome by using a knowledge-based approach.
Additionally, in a May 2004 report,[Footnote 36] we found that further
improvements are needed in U.S. efforts to keep MANPADS out of the
hands of terrorists. Although the State Department made important
progress in 2003 to control the global proliferation of MANPADS, its
ability to assess further progress is limited because multilateral
forums have no mechanisms to monitor members' implementation of
commitments. DOD has sold thousands of Stinger missiles (a U.S.
MANPADS) to 17 countries and Taiwan, but DOD agencies responsible for
end-use monitoring are not required to maintain records on the number
and destination of Stinger sales. In addition, DOD officials overseas
use inconsistent practices when inspecting Stinger inventories because
DOD lacks procedures for conducting these inspections. For example, DOD
has no requirements for DOD organizations responsible for end-use
monitoring to keep records on the number and destinations of these
Stingers.
Effectively Addressing Rail and Mass Transit Security Issues:
The strategy recognizes "the importance of security for all forms of
transportation." As we testified[Footnote 37] in March and September
2003, certain characteristics of mass transit systems make them
inherently vulnerable to terrorist attacks and a challenge to secure.
By design, mass transit systems are open (i.e., have multiple access
points and, in some case, no barriers) so that they can move large
numbers of people quickly. In contrast, the aviation system is housed
in closed and controlled locations with few entry points. The openness
of mass transit systems can leave them vulnerable because transit
officials cannot monitor or control who enters or leaves the systems.
In addition, other characteristics of some transit systems--high
ridership, expensive infrastructure, economic importance, and location
(e.g., large metropolitan areas or tourist destinations)--also make
them attractive targets because of the potential for mass casualties
and economic damage. Moreover, some of these same characteristics make
mass transit systems difficult to secure. For example, the number of
riders that pass through a mass transit system--especially during peak
hours--makes some security measures, such as metal detectors,
impractical. In addition, the multiple access points along extended
routes make the costs of securing each location prohibitive.
Further complicating transit security is the challenge faced by transit
agencies in balancing security concerns with accessibility,
convenience, and affordability. Because transit riders often could
choose another means of transportation, such as personal automobile,
transit agencies must compete for riders. To remain competitive,
transit agencies must offer convenient, inexpensive, and high-quality
service. Therefore, security measures that limit accessibility, cause
delays, increase fares, or otherwise cause inconvenience could push
people away from mass transit and back into their cars.
The size and diversity of the freight rail system make it a challenge
to adequately secure. The freight rail system's extensive
infrastructure crisscrosses the nation and extends beyond our borders
to move millions of tons of freight each day. There are over 100,000
miles of rail in the United States. The extensiveness of the
infrastructure creates an infinite number of targets for terrorists. In
addition, protecting freight rail assets from attack is made more
difficult because of the tremendous variety of freight hauled by
railroads. For example, railroads carry freight as diverse as dry bulk
(grain) and hazardous materials.[Footnote 38] The transport of
hazardous materials is of particular concern because serious incidents
involving these materials have the potential to cause widespread
disruption or injury. In 2001, over 83 million tons of hazardous
materials were shipped by rail in the United States across the rail
network, which extends through every major city as well as thousands of
small communities. The 9/11 Commission made recommendations related to
this challenge.
Effectively Implementing the Maritime Transportation Security Act:
The strategy calls for "targeted improvements in the areas of maritime
domain awareness, command and control systems, and shore-side
facilities." In response to concerns regarding port security, Congress
passed the Maritime Transportation Security Act (MTSA), mandating
specific security preparations for America's maritime ports. Passed in
November 2002, MTSA imposed an ambitious schedule of requirements on a
number of federal agencies. MTSA called for a comprehensive security
framework--one that included planning, personnel security, and careful
monitoring of vessels and cargo. Agencies responsible for implementing
the security provisions of MTSA and have made progress in meeting their
requirements. However, in a September 2003 testimony, we identified
challenges that merit attention and further oversight.[Footnote 39]
The main security-related challenge involves the implementation of a
vessel identification system. MTSA called for the development of an
automatic identification system. Coast Guard implementation calls for a
system that would allow port officials and other vessels to determine
the identity and position of vessels entering or operating within the
harbor area. Such a system would provide an "early warning" of an
unidentified vessel or a vessel that was in a location where it should
not be. To implement the system effectively, however, requires
considerable land-based equipment and other infrastructure that is not
currently available in many ports. As a result, for the foreseeable
future, the system will be available in less than half of the 25
busiest U.S. ports.
Challenges also exist regarding the proposed approach for meeting
MTSA's requirement that the Secretary of DHS approve security plans for
all vessels operating in U.S. waters. Vessel security plans include
taking such steps as responding to assessed vulnerabilities,
designating security officers, conducting training and drills, and
ensuring that appropriate preventive measures will be taken against
security incidents. To implement this MTSA requirement, the Coast Guard
has stated, in general, that it is not the Coast Guard's intent to
individually approve vessel security plans for foreign vessels. The
Coast Guard provides that it will deem a flag-state approval of a
vessel security plan to constitute the MTSA-required approval of MTSA
vessel security plans. However, MTSA does not mention any role for
foreign nations in the required approval of vessel security plans, and
some concerns have been raised about the advisability of allowing flag
states--some with a history of lax regulation--to ensure the security
of vessels traveling to the United States.
Another security-related challenge involves the Coast Guard's efforts
to address MTSA's security planning requirements through a series of
security assessments of individual ports. Security assessments are
intended to be in-depth examinations of security threats,
vulnerabilities, consequences, and conditions throughout a port,
including not just transportation facilities but also factories and
other installations that pose potential security risks. The Coast Guard
had begun these assessments before MTSA was passed and decided to
continue the process, changing it as needed to meet MTSA planning
requirements, which include developing area security plans based on the
evaluation of specific facilities throughout the port. Issues were
found in the scope and quality of the assessments and their usefulness
to port stakeholders. The Gilmore Commission made recommendations
related to this challenge.
Improving Container Cargo Security:
The strategy states that "containers are an indispensable but
vulnerable link in the chain of global trade" and has an initiative to
"increase the security of international shipping containers." As we
stated in our July 2003 report,[Footnote 40] CBP has taken steps to
address the challenge of terrorist threats to oceangoing cargo
containers through a targeting strategy. CBP faces continuing
challenges in targeting containers for inspections. CBP needs upon
which to target containers for inspection. CBP does not have a national
system for reporting and analyzing inspection statistics, and the data
are generally not readily available by risk level (e.g., low, medium,
high), were not uniformly reported, were difficult to interpret, and
were incomplete. Further, we testified in March 2004, space limitations
and safety concerns about inspection equipment constrain some ports in
their utilization of screening equipment, which has affected the
efficiency of examinations.[Footnote 41] The Gilmore Commission made
recommendations related to this challenge.
Directly related to the challenge of improving cargo container security
are the challenges associated with the CBP's implementation of its
Container Security Initiative, which allows CBP officials to screen for
high-risk containers at key overseas ports, and its Customs-Trade
Partnership against Terrorism (C-TPAT), which is designed to improve
global supply chain security in the private sector. Both of these
programs were launched quickly in an effort to secure ocean containers
bound for the United States. However, a number of challenges must be
overcome if these programs are going to accomplish the desired outcome
and achieve long-term effectiveness. One of the these challenges is the
development of human capital plans that clearly describe how CSI and C-
TPAT will recruit, train, and retain staff to meet their growing
demands as they expand to other countries and implement new program
elements. Another challenge involves the expansion of efforts already
initiated to develop performance measures for CSI and C-TPAT that
include outcome-oriented indicators. Finally, strategic plans must be
developed that clearly lay out CSI and C-TPAT goals, objectives, and
detailed implementation strategies.
Recapitalizing the U.S. Coast Guard:
The continued recapitalization of the U.S. Coast Guard is specifically
called for in the homeland security strategy. In 2002, the Coast Guard
began its largest and most complex recapitalization challenge in its
history, the Integrated Deepwater System program. As part of the
Deepwater program, the Coast Guard is estimated to spend about $17
billion over 20 years to replace or modernize its fleet of cutters,
aircraft, and communications equipment used for missions generally
beyond 50 miles from shore. Just 3 years into the program, the Coast
Guard has already experienced management challenges. In March
2004,[Footnote 42] we reported that key components needed for the Coast
Guard to manage the program and oversee the system integrator's
performance have not been effectively implemented. For example, we
reported that the Coast Guard's integrated product teams have struggled
to effectively collaborate and accomplish their missions, and
management has not measured the extent of competition among suppliers
or held the system integrator accountable for taking steps to increase
competition in order to control future costs. In addition, in June
2004,[Footnote 43] we expressed concern that the Coast Guard had not
updated Deepwater's original 2002 acquisition schedule. We noted that
maintaining a current acquisition schedule for programs of similar
scope--such as those of the Department of Defense--is a fundamental and
necessary practice. The Coast Guard's lack of an updated acquisition
schedule makes it difficult to determine the degree to which the
program is on track with its original schedule, lessens the Coast
Guard's ability to monitor the contractor's performance, and may
prevent the Department of Homeland Security and Congress from basing
budget decisions on accurate information. As the Deepwater program
matures, paying increased attention to address these outstanding
program management and contractor oversight concerns will help the
Coast Guard better meet current and future management challenges. The
Gilmore Commission made recommendations related to this challenge.
[End of section]
Appendix IV: Domestic Counterterrorism:
This appendix sets forth the definition and major initiatives of the
Domestic Counterterrorism mission area and discusses the federal
funding allocated, the agencies with major roles and the alignment of
their strategic plans and implementation activities with the major
initiatives, and a summary of the challenges faced by the nation. This
appendix presents baseline information that can be used by Congress to
provide oversight and track accountability for the initiatives in the
Domestic Counterterrorism mission area.
Definition and Major Initiatives:
The National Strategy for Homeland Security categorizes homeland
security activities into six mission areas, the third of which is
Domestic Counterterrorism. This mission area includes the efforts of
the nation's law enforcement agencies in identifying, halting,
preventing, and prosecuting terrorists in the United States. Included
in this mission area is the pursuit of individuals directly involved in
terrorist activity, as well as their sources of support--the people and
organizations that knowingly fund or provide material support or
resources to the terrorists. It should be noted that this mission area
is closely related to the Intelligence and Warning mission area in that
activities that develop the basis for law enforcement action occur in
that mission area and are carried out in this one.[Footnote 44] Figure
7 shows an example of the type of activities carried out in the
Domestic Counterterrorism mission area.
The strategy identifies the following major initiatives in the domestic
counterterrorism mission area:
* improving intergovernmental law enforcement coordination,
* facilitating apprehension of potential terrorists,
* continuing ongoing investigations and prosecutions,
* completing FBI restructuring to emphasize prevention of terrorist
attacks,
* targeting and attacking terrorist financing, and:
* tracking foreign terrorists and bring them to justice.
Figure 7: An FBI Evidence Response Team in Action at the Scene of a
Terrorism-Related Exercise:
[See PDF for image]
[End of figure]
Agencies with Major Roles in Domestic Counterterrorism:
Of the six departments under review, DOJ and DHS have major roles in
Domestic Counterterrorism. Within DOJ, the FBI works to detect and
prevent terrorist acts through analysis and fieldwork to identify
terrorists, their supporters, and materials that may be used to
perpetrate a terrorist act, to include terrorist financing; tracks
foreign terrorists and keeps them from entering the United States; and
leads the multi-agency Joint Terrorism Task Forces (JTTF). In addition,
DOJ's 94 United States Attorneys lead the Anti-Terrorism Advisory
Councils, which enhance cooperation and information sharing among
federal, state, and local law enforcement; first responders; industry;
academia; and others. Within DHS, ICE, working with other law
enforcement agencies, enforces laws related to the illegal presence of
people and goods within the United States; detains those suspected of
immigration-related violations and removes those convicted of
immigration-related violations; and pursues criminal aliens, cases of
identity theft or benefit fraud, human trafficking, money laundering,
and other violations of such laws.
OMB reported that the total fiscal year 2005 funding request for the
domestic counterterrorism mission area is just over $3.4 billion. DOJ
accounts for $1.9 billion (57 percent) of these funds, primarily for
the FBI. DHS accounts for another $1.4 billion (41 percent) of the
funding request, mostly for ICE.[Footnote 45] Figure 8 summarizes the
fiscal year 2005 budget request for the domestic counterterrorism
mission area by agency.
Figure 8: Proposed Fiscal Year 2005 Homeland Security Funding for
Domestic Counterterrorism:
[See PDF for image]
Notes: Budget authority in millions of dollars.
"All other agencies" includes the Departments of Transportation ($21
million) and Treasury ($46 million), as well as the Social Security
Administration ($4 million).
[End of figure]
OMB's reported data do not include funding for four departments that
have activities under way in this mission area. These departments--
Defense, Energy, Health and Human Services, and State--have either
planning or implementation activity on specific initiatives, as
discussed in the next section of this appendix. On the basis of our
previous work, we have noted several qualifications to OMB's figures to
explain this discrepancy.[Footnote 46] According to OMB officials,
there is not always a clear distinction between homeland security
activities and other related activities. The OMB staff must make
judgment calls about how to characterize funding by mission areas. For
example, some homeland security activities have multiple purposes ,and
funding for these activities is allocated to different accounts that
can cover multiple mission areas. In addition, some of the departments'
activities, such as planning, coordination, or providing advice, may
support Domestic Counterterrorism activities but are not included in
the amounts shown.
Alignment of Department Activities with the Major Initiatives:
This section provides more detailed information about the Domestic
Counterterrorism critical mission area initiatives, and the departments
involved in conducting activities related to these initiatives. This
includes a discussion of specific departmental planning and
implementation activities, lead agency designations, and
implementation activities in fiscal year 2004, with respect to each
initiative. The data are summarized in table 9.
Table 9: Detailed Department Leadership and Planning/Implementation
Activities in the Domestic Counterterrorism Mission Area's Six
Initiatives:
[See PDF for image]
[End of table]
Summary of Departmental Activities on the Initiatives:
All six Domestic Counterterrorism initiatives are being addressed in
the key departments' planning and implementation activities. As shown
in table 9, at least one department cited activity in each of the six
initiatives. At least four departments cited activity in three of the
six initiative areas. For example, DHS, DOJ, DOD, and State implemented
activities in the initiative, facilitating the apprehension of
potential terrorists, during fiscal year 2004. DHS's ICE operated the
Student and Exchange Visitor Information System computer network to
identify and track nonimmigrants, foreign students, and exchange
visitors while in the United States; DOJ's FBI continued to make
improvements in the Integrated Automated Fingerprint Identification
System; DOD expanded maritime interception and intelligence operations;
and State bolstered the security of nations at high risk of terrorist
transit by developing and installing Terrorist Interdiction Program
software at their borders and training immigration officials in its
use. Additionally, DHS, DOJ, and State demonstrated implementation
activities in fiscal year 2004 related to targeting and attacking
terrorist financing. DHS implemented Cornerstone, a comprehensive
economic security program, targeting alternative financing mechanisms
that terrorists use to earn, move, and store funds. DOJ brought to bear
several units and task forces to address terrorist financing and
conducted criminal and intelligence investigations and prosecutions
with respect to charities and banking; State cited diplomatic efforts
to encourage countries to ratify and implement United Nations Security
Council Resolution 1373, targeting terrorists' financing.
All six departments have been engaged in Domestic Counterterrorism
initiatives. In contrast with DHS and DOJ, HHS only addressed a single
initiative in this mission area (i.e., improving intergovernmental law
enforcement coordination.) This limited initiative participation is
understandable, given that the Domestic Counterterrorism mission area
is primarily directed toward law enforcement. This is not a primary
mission for HHS.
While we have identified department activities related to these
initiatives, we did not determine the quality, status, or progress of
such activities with respect to stated goals or targets within this
mission area.
Identification of Lead Agencies on the Initiatives:
For all six initiatives, a lead agency is identified either in the
strategy or the Homeland Security Presidential Directives. As shown in
table 9, DOJ is a lead on the most initiatives--all six mission area
initiatives. It is understandable for DOJ to have lead roles in each of
these six initiatives given that the Domestic Counterterrorism critical
mission area is primarily directed toward law enforcement-related
initiatives (e.g., improving intergovernmental law enforcement
coordination, facilitating the apprehension of potential terrorists,
continuing ongoing investigations and prosecutions, and tracking
foreign terrorists and bringing them to justice).
Additionally, DHS is a lead on three of the six initiatives (i.e.,
facilitating the apprehension of potential terrorists, continuing
ongoing investigations and prosecutions, and tracking foreign
terrorists and bringing them to justice); and State is a lead on one of
six initiatives (facilitating the apprehension of potential
terrorists). Three of the departments under review have not been
identified as a lead on any Domestic Counterterrorism initiatives (DOD,
HHS, and DOE) by the strategy and HSPDs since their missions are not
primarily directed toward law enforcement.
The strategy and HSPDs identified multiple leads on three initiatives
(see table 9). DHS, DOJ, and State are all leads on the initiative,
facilitating the apprehension of potential terrorists; DHS and DOJ are
both leads on the remaining two initiatives (continuing ongoing
investigations and prosecutions and tracking foreign terrorists and
bringing them to justice). In addition, department strategic planning/
implementation documents demonstrated that all identified leads in this
mission area are clear leads.
Fiscal Year 2004 Implementation of the Initiatives:
In fiscal year 2004 implementation activity occurred with respect to
each of the six initiatives (see table 9). DOJ implemented activity in
2004 on all 6 initiatives for which it was the lead; it also engaged in
prior implementation in each of these six initiatives. DHS implemented
prior and 2004 activity in each of the three initiatives for which it
was identified as a lead (see illustrations above); and State cited
both prior and fiscal year 2004 activity in the single initiative for
which it was identified as a lead.
Additionally, several of the departments under review implemented
multiple Domestic Counterterrorism initiatives for which they were not
identified as a lead agency either in the strategy or in HSPDS. During
fiscal year 2004, DOE cited implementation activities in two
Counterterrorism initiatives, for which it was not identified as a lead
(prior to fiscal year 2004, it conducted implementation activities in
these same two initiatives.) DOD cited 2004 implementation activities
in two of the six initiatives, without lead identification; and DHS and
State both cited fiscal year 2004 implementation activities in two
initiatives for which they were not identified as leads.
Challenges in Domestic Counterterrorism:
The attacks of September 11, and the catastrophic loss of life and
property that resulted have redefined the mission of federal, state,
and local law enforcement authorities. Accordingly, while organizations
like the FBI continue to investigate and prosecute criminal activity,
they are now assigning highest priority to preventing and interdicting
terror activity within the United States. Our recent work in the
Domestic Counter-terrorism mission area has identified a number of
challenges. These challenges include the need to transform the
workforce and business practices of the FBI in order to focus on
counterterrorism and intelligence-related priorities; attaining the
level of interagency coordination necessary to leverage existing law
enforcement resources for investigating money laundering and terrorist
financing; developing databases for the collection and dissemination of
alien information; and ensuring that law enforcement and other
officials have the necessary training and expertise to detect
counterfeit identification documents and identity fraud.
Transforming the FBI to Focus on Counterterrorism:
The strategy sets forth the nation's highest law enforcement objective
as the prevention of terrorist attacks--a significant shift from pre-9/
11 objectives. In order to focus the mission of the federal law
enforcement community on prevention, in March 2004, we
reported[Footnote 47] that it is necessary for the federal government
to restructure the FBI and other federal law enforcement agencies,
reallocating certain resources and energies to the new prevention
efforts. While the FBI has made significant progress in its
transformation, it continues to face challenges in transforming its
workforce and business practices to focus on counterterrorism and
intelligence-related priorities. Additional challenges continue in the
areas of human capital management and information technology, as well
as in the intelligence and language services areas. The 9/11 Commission
made recommendations related to this challenge.
Effectively Investigating Terrorist Financing:
The strategy provides that a "cornerstone" of the nation's domestic
"counterterrorism effort involves a concerted interagency effort to
target and interdict the financing of terrorist organizations and
operations." Although terrorist financing is generally characterized by
different motives than money laundering--a process by which the
monetary proceeds from criminal activities are transformed into funds
and assets that appear to have come from legitimate sources--the
techniques used to obscure the origin of funds and their ultimate use
are often quite similar. Therefore, Treasury, law enforcement agencies,
other federal investigators, prosecutors, and financial regulators
often employ similar measures and techniques in trying to detect and
prevent both money laundering and terrorist financing.
In September 2003,[Footnote 48] we reported that the annual National
Money Laundering Strategy (NMLS)--which was required by 1998 federal
legislation--has had mixed results in guiding the efforts of law
enforcement in the fight against money laundering and, more recently,
terrorist financing. For example, although expected to have a central
role in coordinating law enforcement efforts, interagency task forces
created specifically to address money laundering and related financial
crimes generally had not yet been structured and operating as intended
and had not reached their expectations for leveraging investigative
resources or creating investigative synergies. Also, most of the NMLS
initiatives designed to enhance interagency coordination of money
laundering investigations had not yet achieved their expectations.
While the annual NMLS has fallen short of expectations, federal law
enforcement agencies recognize the challenge of developing and using
interagency coordination mechanisms to leverage existing resources to
investigate money laundering and terrorist financing.
Additionally, regarding investigative efforts against sources of
terrorist financing, our February 2004[Footnote 49] report noted that a
memorandum of agreement signed in May 2003 by the Attorney General and
the Secretary of Homeland Security represents a partnering commitment
by two of the nation's law enforcement agencies--the FBI and ICE, a
component of DHS. Since the agreement was signed, progress has been
made in waging a coordinated campaign against sources of terrorist
financing. Continued progress will depend largely on the ability of the
agencies to overcome the challenges associated with establishing and
maintaining effective interagency relationships and meeting various
other operational and organizational challenges, such as ensuring that
the financial crimes expertise and other investigative competencies of
both agencies are appropriately and effectively utilized.
The Bremer, Hart-Rudman, and 9/11 Commissions made recommendations
related to the challenges presented in this section.
Monitoring Alternative Financing Mechanisms:
In addition to the challenge presented by interagency coordination
issues, challenges exist in the monitoring of terrorists' use of
alternative financing mechanisms. As we recommended in November 2003,
the FBI, which leads terrorist financing investigations and maintains
case data, should systematically collect and analyze data on
terrorists' use of alternative financing mechanisms.[Footnote 50]
Alternative financing mechanisms are outside the mainstream financial
system and include the use of commodities (cigarettes, counterfeit
goods, illicit drugs, etc.), bulk cash, charities, and informal banking
systems to earn, move, and store assets. Cutting off terrorists'
funding is an important means of disrupting their operations. As
initial U.S. and foreign government deterrence efforts focused on
terrorists' use of the formal banking or mainstream financial systems,
terrorists may have been forced to increase their use of various
alternative financing mechanisms. When agencies inform the FBI that an
investigation has a terrorist component, the FBI opens a terrorism
case. However, the FBI's data analysis programs do not designate the
source of funding (i.e., specific charity, commodity, etc.) Without
such data, the FBI will be challenged to conduct systematic analysis of
trends and patterns focusing on alternative financing mechanisms from
its case data. Without such an assessment, the FBI does not have
analyses that could aid in assessing risk and prioritizing efforts. In
response to our recommendation, the FBI conducted a onetime survey of
its field offices to gather information about terrorist financing
investigations since October 2001. Additionally, the FBI has instructed
its field offices to update some of this information when new terrorist
financing investigations are initiated. FBI officials told us that
information from the surveys was entered into a database, and they
believe that this database enables them to track information on
alternative methods of terrorist financing and identify emerging
trends, patterns, and funding sources. However, we have not evaluated
the quality of the information provided. In addition, the FBI has not
indicated how it has used this capability to perform an analysis of
terrorist financing investigations. The Bremer, Hart-Rudman, and 9/11
Commissions also made recommendations related to this challenge.
Detecting Identity Fraud:
The strategy has an initiative to "coordinate suggested minimum
standards for state driver's licenses." In September and October
2003,[Footnote 51] we testified about the challenges to homeland
security posed by identity fraud and how counterfeit identification can
be easily produced and used to create fraudulent identities.
Specifically, we conducted tests over the past several years that
demonstrate how counterfeit identification documents can be used to
obtain genuine state driver's licenses. In conducting these tests, we
created fictitious identities and counterfeit identification documents
using off-the-shelf computer graphic software that is available to any
purchaser. These documents were then used to fraudulently obtain
genuine driver's licenses in other states. Our work identified three
basic challenges: (1) government officials and others generally did not
recognize that the documents we presented were counterfeit; (2) many
government officials were not alert to the possibility of identity
fraud, and some failed to follow security procedures; and (3) identity
verification procedures are inadequate. The weaknesses we found during
this investigation clearly show that border inspectors need to have the
means to verify the identity and authenticity of the documents that are
presented to them. In addition, government officials who review
identification need additional training in recognizing counterfeit
documents. Further, these officials also need to be more vigilant when
reviewing identification documents to the possibility of identification
fraud. As we reported in October 2003,[Footnote 52] directly related to
the issue of detecting counterfeit documents and fictitious identities,
is the importance of having sound practices for avoiding the improper
issuance of Social Security numbers (SSNs) and ensuring the identity of
those who receive them. Although originally created as a means of
tracking worker earnings, the SSN has become a national identifier that
is central to a range of transactions and services associated with
American life, including obtaining a driver's license, opening a bank
account, and establishing credit. Accordingly, SSNs are key pieces of
information in creating false identities. In prior work we recommended
that the Social Security Administration verify the documents of all SSN
applicants and reassess its policies for issuing replacement cards,
which allowed an individual to obtain up to 52 per year. The recently
passed Intelligence Reform and Terrorism Prevention Act of 2004 has
specific provisions to address our recommendations. Additionally, the
9/11 Commission made recommendations related to this challenge.
[End of section]
Appendix V: Protecting Critical Infrastructures and Key Assets:
This appendix sets forth the definition and major initiatives of the
Protecting Critical Infrastructures and Key Assets mission area and
discusses the agencies with major roles, their funding, the alignment
of their strategic plans and implementation activities with the major
initiatives, and a summary of the challenges faced by the nation. This
appendix provides baseline information that can be used by Congress to
provide oversight and track accountability for the initiatives in the
Protecting Critical Infrastructures and Key Assets mission area.
Definition and Major Initiatives:
The National Strategy for Homeland Security categorizes homeland
security activities into six mission areas, the fourth of which is
protecting critical infrastructures and key assets. This mission area-
-commonly referred to as Critical Infrastructure Protection (CIP)--
includes programs that improve protection of the interconnecting
sectors that make up the nation's critical infrastructure. The sectors
are agriculture, banking and finance, chemical and hazardous materials,
emergency services, defense industrial base, energy, food, government,
information technology and telecommunications, postal and shipping,
public health and health care, transportation, and drinking water and
water treatment systems. Programs associated with the physical or cyber
security of federal assets also belong in this mission area. Finally,
programs designed to protect the nation's key assets--unique
facilities, sites, and structures whose disruption or destruction could
have significant consequences--are also included in this mission
area.[Footnote 53] In addition to the homeland security strategy, the
National Strategy for the Physical Protection of Critical
Infrastructures and Key Assets and the National Strategy to Secure
Cyberspace provide detailed discussions of Critical Infrastructure
Protection. Figure 9 shows an example of the type of activities carried
out in the Critical Infrastructure Protection mission area.
The homeland security strategy identifies the following major
initiatives in the critical infrastructure protection mission area:
* unifying America's infrastructure protection effort in the Department
of Homeland Security,
* building and maintaining a complete and accurate assessment of
America's critical infrastructure and key assets,
* enabling effective partnership with state and local governments and
the private sector,
* developing a national infrastructure protection plan,
* securing cyberspace,
* harnessing the best analytic and modeling tools to develop effective
protective solutions,
* guarding America's critical infrastructure and key assets against
"inside" threats, and:
* partnering with the international community to protect our
transnational infrastructure.
Figure 9: A U.S. Immigration and Customs Enforcement Helicopter Patrols
the Skies over the Nation's Capital:
[See PDF for image]
[End of figure]
Agencies with Major Roles in Critical Infrastructure Protection:
Of the six departments under review, DHS, DOD, DOE, and DOJ have major
roles in Critical Infrastructure Protection. DHS has primary
responsibility for emergency services, government, information and
telecommunications, transportation, chemicals, and postal and shipping
sectors. Examples of specific functions performed by DHS include the
protection of federally owned or leased properties throughout the
country by the Federal Protective Service, the Secret Service's role in
coordinating site security plans at designated special security events,
and the National Cyber Response Coordination Group's role as a
coordinating body for cyber emergencies of national scope. DOD is
active in this mission area, primarily in areas of physical security of
military and military-related activities, installations, and
personnel. DOE's role involves the development and implementation of
policies and procedures for safeguarding the nation's power plants,
research labs, weapons production facilities, and cleanup sites from
terrorists. DOJ, primarily through work done by the FBI and the
Computer Crime and Intellectual Property Section of the Criminal
Division, is active in this mission area in preventing, where possible,
the exploitation of the Internet, computer systems, or networks as the
principal instruments or targets of terrorist organizations.
OMB reported that the total fiscal year 2005 funding request for the
critical infrastructure protection mission area is $14 billion. DOD has
the largest share of this funding ($7.6 billion, or 54 percent) for
programs focusing on physical security and improving the military's
ability to prevent or mitigate the consequences of attacks against its
personnel and installations. DHS accounts for $2.6 billion (18 percent)
of 2005 funding. A total of 26 other agencies report funding to protect
their own assets and to work with states, localities, and the private
sector to reduce vulnerabilities in their areas of expertise.[Footnote
54] Figure 10 summarizes the fiscal year 2005 budget request for the
CIP mission area by agency.
Figure 10: Proposed Fiscal Year 2005 Homeland Security Funding for
Critical Infrastructure Protection:
[See PDF for image]
Notes: Budget authority in millions of dollars.
"All other agencies" includes USDA ($166 million) and the Department of
Transportation ($189 million), as well as the National Aeronautics and
Space Administration ($207 million), the National Science Foundation
($317 million), the Social Security Administration ($151 million), and
several others ($866 million). Total does not add up to 100 because of
rounding.
[End of figure]
Alignment of Department Activities with the Major Initiatives:
This section provides more detailed information about the CIP mission
area initiatives and the departments involved in conducting activities
related to these initiatives. This includes a discussion of specific
departmental planning and implementation activities, lead agency
designations, and implementation activities in fiscal year 2004, with
respect to each initiative. The data are summarized in table 10.
Table 10: Detailed Department Planning/Implementation Activities in the
Protecting Critical Infrastructures and Key Assets Critical Mission
Area's Eight Initiatives:
[See PDF for image]
[End of table]
Summary of Departmental Activities on the Initiatives:
All eight CIP initiatives are being addressed by key departments'
planning and implementation activities. At least three departments
(DHS, DOD, and HHS) cited activity in each of the eight initiatives
(see table 10). For example, DHS, HHS, State, and DOE each implemented
activities in fiscal year 2004 with respect to guarding America's
critical infrastructure and key assets against inside threats. DHS
started the Transportation Worker Identification Credential program to
enhance access security across the nation's transportation system; the
Food and Drug Administration within HHS, issued guidance to the food
industry that suggested preventive measures, including employee
background checks, which could increase the security of food while
under an establishment's control; State developed diplomatic agreements
with Mexico and Canada to permit background checks of truck drivers;
and DOE conducted selected polygraph examinations and financial
disclosures of those working in the energy field. Additionally, DHS,
DOJ, DOD, HHS, State, and DOE each demonstrated implementation
activities in fiscal year 2004 with respect to securing cyberspace. For
example, DHS's Information Analysis and Infrastructure Protection
Directorate refined, updated, and monitored the implementation of a
national plan to protect physical and cyber critical infrastructures;
DOJ operated a Special Technologies and Applications Section within the
Cyber Division to support counterterrorism, counterintelligence, and
criminal investigations involving computer intrusions; DOD prepared a
departmentwide plan for CIP and physical and cyber assets; HHS's
Centers for Disease Control and Prevention issued a fiscal year 2004
cyber security plan that includes activities and metrics; State took
steps to strengthen the network's intrusion and detection capabilities;
and DOE drafted a comprehensive Critical Infrastructure Plan, including
plans for securing cyberspace.
All six departments have been engaged in CIP initiatives. While we have
identified department activities related to these initiatives, we did
not determine the quality, status, or progress of such activities with
respect to stated goals or targets within this critical mission area.
Identification of Lead Agencies on the Initiatives:
For all eight initiatives, a lead agency was identified either in the
homeland security strategy or HSPDs. As shown in table 10, DHS is a
lead on all eight initiatives. It seems appropriate that DHS would be
the department with the most initiative leads, given that the "national
vision" put forth in the strategy calls for DHS "to work with the
federal departments and agencies, state and local governments, and the
private sector to implement a comprehensive national plan to protect
critical infrastructure and key assets." It also seems appropriate that
State would have a lead on matters of international critical
infrastructure protection, given its overseas mission (partnering with
the international community to protect our transnational
infrastructure). The four remaining departments each have a lead on one
mission area initiative. DOD, HHS, and DOE are all leads on the same
initiative--building and maintaining a complete and accurate assessment
of America's critical infrastructure and key assets. These departments
have the sector leads as follows: DOD for defense industrial base, HHS
for public health, and DOE for the energy sector. DOJ has a leading
role in securing cyberspace, owing to its investigative and
prosecutorial role in reducing threats in cyberspace.
In all, the homeland security strategy and HSPDs identified multiple
leads on three of the eight mission area initiatives. The five
initiative exceptions that do not have multiple leads are unifying
America's infrastructure protection effort in DHS, enabling effective
partnership with state and local governments and the private sector,
developing a national infrastructure protection plan, harnessing the
best analytic and modeling tools to develop effective protective
solutions, and guarding America's critical infrastructure and key
assets against inside threats. DOD, HHS, and DOE are identified as
clear leads on a single initiative; DHS is identified as a clear lead
on six of its eight initiative leads; and DOJ and State are implied
leads on the single initiatives they lead.
DOJ had been identified as a lead agency with respect to enabling
effective partnerships with state and local governments and the private
sector. However, given the transfer of the National Infrastructure
Protection Center programs to the Department of Homeland Security, DOJ
officials indicated that the department no longer serves as a lead on
that initiative.
Fiscal Year 2004 Implementation of the Initiatives:
In fiscal year 2004, implementation activity occurred with respect to
all eight initiatives (see table 10). DHS implemented activity in all
eight initiatives for which it was identified as a lead; DOJ, DOD, HHS,
State, and DOE implemented activity in fiscal year 2004 in each of the
initiatives for which they had been identified as a lead.
Additionally, several of the departments under review implemented
multiple CIP initiatives for which they were not identified as a lead
in the strategy and HSPD. During fiscal year 2004, HHS cited
implementation activity on six mission area initiatives for which it is
was not given a lead role (it cited prior implementation on one of
these initiatives); DOE cited 2004 implementation activity on six
initiatives for which it is not the lead (with prior implementation on
five); DOJ cited 2004 implementation activity on two initiatives for
which it was not a lead (with prior implementation on four); and State
cited 2004 and prior implementation on two initiatives, for which it
was not identified as a lead.
Our analysis further indicates that three departments transferred
programs, systems, or centers to the newly formed DHS, within this
critical mission area. DOJ transferred the Key Asset Identification
program, a component of the National Infrastructure Protection Center,
to DHS. In accordance with the Homeland Security Act of 2002, DOD
transferred the National Communication System. DOE transferred the
National Infrastructure Simulation and Analysis Center and some related
programs oriented toward protecting key infrastructure facilities and
their components.
Challenges in Critical Infrastructure Protection:
As the National Strategy for Homeland Security points out, "protecting
America's critical infrastructures and key assets is a formidable
challenge" because "our open and technologically complex society
presents an almost infinite array of potential targets, and our
critical infrastructure changes as rapidly as the marketplace." In
fact, the mission area is so diverse that two additional strategies--
the National Strategy for the Physical Protection of Critical
Infrastructures and Key Assets and the National Strategy to Secure
Cyberspace--were issued to supplement the homeland security strategy.
Our recent work in the CIP mission area has identified a number of
challenges. These challenges include those related to the federal
government's role in managing CIP. Among these are developing a
comprehensive and coordinated national CIP plan that delineates the
roles and responsibilities of federal and nonfederal CIP entities,
defines interims objectives and milestones, sets time frames for
achieving objectives, and establishes performance measures. In addition
to identifying the challenges related to the overall management of CIP,
our work has identified numerous challenges within specific
infrastructure sectors. Included here are improving the security of
government facilities; implementing better training and procedures to
detect counterfeit documents and identity fraud; analyzing the
strengths, interdependencies, and vulnerabilities of the financial
services sector and developing strategies for responses to terrorist
events; improving the safety and security of the postal system;
strengthening security with regard to drinking water utilities;
addressing the terrorist threat to agriculture and food; and addressing
security issues with regard to chemical plants, nuclear power plants,
and nuclear weapons sites.
Effectively Managing Critical Infrastructure Protection:
The homeland security strategy specifically calls for the development
of a "national infrastructure protection plan." The challenges
identified in this mission area include those related to the federal
government's role in managing CIP. To ensure the coverage of the
critical infrastructure sectors identified in the homeland security
strategy, HSPD-7[Footnote 55] designated a sector-specific agency for
each sector. This agency is responsible for infrastructure protection
activities within its assigned area and for coordinating and
collaborating with other relevant agencies--as well as state and local
governments, and the private sector--to carry out its mission. In
addition, DHS's Information Analysis and Infrastructure Protection
Directorate (IAIP) has the responsibility to (1) develop a
comprehensive national CIP plan consistent with the Homeland Security
Act of 2002; (2) recommend CIP measures in coordination with other
federal agencies and in cooperation with state and local government
agencies and authorities, the private sector, and other entities; and
(3) disseminate, as appropriate, information analyzed by the department
both within DHS and to other federal agencies and private sector
entities. Regarding the national CIP plan, according to HSPD-7, it is
to be produced by December 2004 and outline national goals, objectives,
milestones, and key initiatives. IAIP is also tasked with coordinating
with other federal agencies to administer the Homeland Security
Advisory System to provide specific warning information along with
advice on appropriate protective measures and countermeasures.
Over the last several years, we have reviewed various aspects of
federal and private sector CIP efforts and issued numerous related
reports. In an April 2004 testimony,[Footnote 56] we made numerous
recommendations related to the federal CIP efforts, including issues
involving the functions and responsibilities transferred to DHS, that
represent challenges to DHS and other federal agencies. Among these
challenges are:
* developing a comprehensive and coordinated national CIP plan that
delineates roles and responsibilities of federal and nonfederal CIP
entities, defines interim objectives and milestones, sets time frames
for achieving objectives, and establishes performance measures;
* developing fully productive information-sharing relationships within
the federal government and among the federal government and state and
local governments and the private sector; and.
* improving the federal government's capabilities to analyze incident,
threat, and vulnerability information obtained from numerous sources
and share appropriate, timely warnings and other information concerning
both cyber and physical threats to federal entities, state and local
governments, and the private sector.
The Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions all made
recommendations related to the challenges presented in this section.
Improving Security at Government Facilities:
The homeland security strategy identifies government operations as a
critical infrastructure sector. In addition, the National Strategy for
the Physical Protection of Critical Infrastructures and Key Assets,
which provides guidance in implementing the Homeland Security Strategy,
states that the General Services Administration (GSA) is the principal
agency responsible for the management of federal government facilities.
Additional departments and agencies are similarly involved in the
management of federally owned or operated facilities, including DOD and
the Department of Veterans Affairs (VA). Furthermore, a challenge
identified in the strategy is that most government organizations occupy
buildings that are also used by a variety of nongovernmental tenants,
such as shops and restaurants where the public is able to move about
freely. The strategy also states that private owners of these
properties may not want or have the ability to modify their procedures
to accommodate the increased or special security countermeasures
required by their federal tenants, such as installing surveillance
cameras in lobbies, redesigning entry points to restrict the flow of
traffic, or setting up x-ray machines and metal detectors at these
entrances. To overcome protection challenges associated with government
facilities, DHS plans to:
* develop a process to screen nonfederal tenants and visitors entering
private sector facilities that house federal organizations,
* determine the criticality and vulnerability of government facilities,
* develop long-term construction standards for facilities requiring
specialized security measures, and:
* implement new technological security measures at federally occupied
facilities.
In part because of the challenges associated with protecting government
facilities, we designated federal real property as a high-risk area in
January 2003.[Footnote 57] As the government's security efforts
intensify, the government will be faced with important questions
regarding the level of security needed to adequately protect federal
facilities and how the security community should proceed. Furthermore,
real property managers will have to dedicate significant staff time and
other human capital resources to security issues and thus may have less
time to manage other problems. Another broader effect is the impact
that increased security will have on the public's access to government
offices and other assets. Debate arose in the months after September
11, and continues to this day on the challenge of providing the proper
balance between public access and security.
Finally, as we testified in April 2002 and again in September
2003,[Footnote 58] an additional challenge to ensuring the proper
security of federal buildings is the ease with which counterfeit
identification or identity fraud can be used to breach security. Our
work identified three basic challenges in this regard: (1) government
officials and others generally did not recognize that the documents we
presented were counterfeit; (2) many government officials were not
alert to the possibility of identity fraud, and some failed to follow
security procedures; and (3) identity verification procedures are
inadequate. The weaknesses we found during these investigations clearly
show those government officials who review identification need
additional training in recognizing counterfeit documents. Further,
these officials also need to be more vigilant when searching for
identification fraud.
Both the Gilmore and 9/11 Commissions made recommendations related to
the challenges discussed above.
Addressing Issues Involving the Federal Protective Service:
As the agency with primary responsibility for carrying out the
protection of thousands of federal facilities, the Federal Protective
Service (FPS), which transferred from the GSA to DHS in March 2003,
plays a critical role in the federal government's defense against
terrorism. However, in July 2004, we reported that FPS faces
significant challenges in carrying out its responsibilities.[Footnote
59] One challenge involves the agency's expanding mission and increased
responsibility. FPS already has responsibility for securing
approximately 8,800 GSA government-occupied facilities and plans to
take on additional DHS facilities. It may also seek authority to
protect other federal facilities. Additionally, the agency's mission
has expanded to include other homeland security functions, such as
supporting efforts to apprehend foreign nationals suspected of illegal
activity. In light of these changes, however, it does not have a
transformation strategy to address its expanding mission as well as the
other challenges it is facing. Among these other challenges are
resolving issues related to the agency's funding and the transfer of
its mission-support functions to DHS.
Addressing Vulnerabilities of the Financial Services Sector:
As stated in the homeland security strategy, the financial services
sector is essential to sustaining the economy of the United States.
Accordingly, the entities and networks that constitute the U.S.
financial system are among the critical infrastructure that face
increasing threats from terrorist and other disruptions. Transactions
involving trillions of dollars occur in the U.S. financial markets
annually. After the large-scale impact on market participants that
resulted from the September 11 attacks, law enforcement and other
government organizations reported that key institutions and
communications networks that support the financial markets have been
specifically identified as targets.
As we reported in February 2003, and September 2004, the government
entities responsible for key financial market participants have begun
to take actions to ensure that financial institutions are taking steps
to minimize disruptions from terrorist attacks, but challenges
remain.[Footnote 60] For example, although banking and securities
regulators have issued standards for the financial market participants
that perform key roles in the clearance and settlement process through
which the payments and ownership transfers resulting from securities
trading are made, these regulators had not conducted a formal analysis
of the readiness of financial market participants to better ensure that
trading in critical U.S. financial markets could also resume smoothly
and in a timely manner after a major disaster.[Footnote 61] Among the
challenges that these regulators face is that thousands of entities are
active in the financial markets, and they must ensure that sufficient
numbers take adequate steps to allow fair and orderly trading to
resume. Ensuring sufficient actions are taken by the private sector
organizations that participate in the financial markets is also a
challenge for securities r, and thus the extent to which they implement
business continuity plans that would allow them to resume activities is
a business decision.
Another challenge facing the financial sector is implementing the
strategy--developed by industry representatives under the sponsorship
of the U.S. Department of the Treasury--that discusses additional
efforts necessary to identify, assess, and respond to sectorwide
threats. For example, the sector is expected to analyze its
infrastructure's strengths, interdependencies, and vulnerabilities and
develop strategies for responses to events. However, we reported in
January 2003 that the financial services sector has not developed
specific interim objectives;[Footnote 62] detailed tasks, time frames,
or responsibilities for implementation; or a process for monitoring
progress. Without completing such steps, a greater risk exists that the
financial sector's efforts will be less focused, efficient, and
effective.
Improving Postal and Shipping Security:
Another critical infrastructure sector identified in the homeland
security strategy is postal and shipping. In our May 2003
testimony,[Footnote 63] we reported that one of the challenges faced in
this sector is that it is particularly vulnerable to being used as a
means of delivering terrorist attacks. For example, anthrax was sent
through the mail in October 2001, resulting in the death of five
people, including two postal workers in Washington, D.C., and
potentially exposed hundreds more to this lethal substance. Moreover,
use of the mail as a vehicle for transmitting anthrax or similar
weapons threatens the nation's mail stream and places the American
public at risk. To help address this challenge, DHS has a role in mail
security as part of its overall homeland security mission, in support
of the two agencies that have key roles--the United States Postal
Service (USPS) and GSA. Under the Homeland Security Act of 2002, DHS is
responsible for, among other things, protecting certain buildings,
grounds, and property owned or secured by the federal government and
identifying and assessing current and future threats to the homeland.
In addition, the National Strategy for the Physical Protection of
Critical Infrastructures and Key Assets states DHS has a role in
determining the criticality and vulnerability of government facilities,
including federal mail centers. Following the anthrax attacks, USPS
established increased security procedures to protect mail destined for
federal agencies in the Washington, D.C., area, including the
irradiation of mail. At the same time, federal agencies have taken
various steps to increase the security of their mail centers in order
to protect federal workers and buildings from possible exposure to
anthrax and other types of dangerous material, such as explosives. In
our December 2003 review of mail security in the executive branch, we
determined that a lack of information from USPS on mail security
incidents, as well as on mail security policies and practices, reduced
the ability of federal agencies to make well-informed decisions
regarding mail practices or their future plans for mail screening. In
addition, we found that agencies' fear of cross-contamination
influenced their decision to implement practices which were not
recommended by the USPS or other government and industry sources of
mail-screening information. USPS and GSA have recognized that agencies
need more information and have taken steps in the right direction. We
recommended that USPS and GSA further work together as appropriate to
establish mechanisms for providing federal agencies with USPS mail
security policies and procedures, the risks associated with various
classes of mail and the rationales behind these assessments, and USPS's
future plans in federal mail security, and include DHS as appropriate
in addressing these recommendations.
Strengthening Drinking Water Security:
The homeland security strategy also identifies water as a critical
infrastructure sector. Damage or destruction of drinking water systems
by terrorists could disrupt not only the availability of safe drinking
water, but also the delivery of vital services that depend on these
water supplies, such as fire suppression. In our October 2003
report,[Footnote 64] we identified several key physical assets within
this sector that are highly vulnerable to terrorist attacks.
Specifically, the distribution system, source water supplies, critical
information systems, and chemicals stored on-site that are used in the
treatment process have been identified as potential targets of
terrorism. Additionally, our work has identified vulnerability
challenges that may involve multiple system components or even an
entire drinking water system. Chief among these challenges are (1) a
lack of redundancy in vital systems, which increases the likelihood
that an attack could render a system inoperable; and (2) the difficulty
many systems face because of a lack of information on the most serious
threats to which they are exposed.
Additional challenges relate to the criteria for determining how
federal funds should be allocated among drinking water systems to
improve their security, and the methods for distributing those funds,
as well as specific activities the federal government should support to
improve drinking water security. With regard to the allocation of
federal funds, our work indicates that utilities serving high-density
areas deserve at least a high priority for federal funding. Other
utilities warranting priority are those serving critical assets, such
as military bases, national icons, and key academic institutions.
Regarding specific security-enhancing activities most deserving of
federal support, we found that challenges that must be overcome include
implementing physical and technological upgrades to improve security;
researching and developing technologies to prevent, detect, or respond
to an attack (particularly near-real-time monitoring technologies);
providing education and training to support simulation exercises;
conducting specialized training and multidisciplinary consulting
teams; and strengthening key relationships between water utilities and
other agencies that may have key roles in an emergency response.
Addressing Agriculture and Food Supply Security:
Another critical infrastructure sector identified in the homeland
security strategy is the nation's food supply. While our food supply is
generally safe and plentiful, each year tens of millions of Americans
become ill and thousands die from eating unsafe food. The current
federal food safety system is challenged by its fragmentation, which
results in inefficient, inconsistent, and overlapping programs and
operations. We have long recommended the establishment of a single food
safety agency to administer a uniform, risk-based inspection system.
Since the terrorist attacks of September 11, ensuring the security of
our food--that is, protecting it from deliberate contamination--has
become an added challenge for the federal agencies responsible for
protecting the food and agriculture sectors of our economy.
As we have reported in numerous reports and testimonies over the last
decade,[Footnote 65] our fragmented federal food safety system hampers
the efficiency and effectiveness of food safety efforts. Federal
agencies have overlapping oversight responsibilities, which result in
inefficient use of inspection resources and enforcement. This system is
now further challenged by the realization that American farms and food
are vulnerable to deliberate contamination. Fundamental changes are
needed to improve the effectiveness and efficiency of the federal food
safety system and to protect the nation's food supply from acts of
deliberate contamination.
One challenge involves the fact that bioterrorism attacks could be
directed at many different targets in the farm-to-table continuum,
including crops, livestock, and food products in the processing and
distribution chain. For example, experts believe that terrorists would
attack livestock and crops if their primary intent were to cause severe
economic dislocation. On the other hand, if their motives were to harm
humans, they could decide to contaminate finished food products. While
agencies have taken steps to better protect the food supply, for the
most part, the nation must still rely on the current food safety system
to respond to bioterrorism acts against it.[Footnote 66] An additional
challenge relates to the broad authority that agencies have to regulate
the safety of the U.S. food supply but not the security of it. As a
result, federal agencies are beginning to explore the extent to which
food processors are voluntarily implementing security measures to
protect against deliberate contamination.[Footnote 67] Finally, a
challenge involves protecting against animal diseases that could be
accidentally--or deliberately--introduced into the country. Certain
animal disease can be devastating to the agricultural economy while
others, such as mad cow disease, can be transmitted to humans. Our
recent work has raised serious questions about security at DHS's Plum
Island Animal Disease Center, which is responsible for developing
strategies to protect the nation against animal diseases.[Footnote 68]
In particular, we had concerns about the adequacy of the facility's
controls of dangerous pathogens.[Footnote 69]
The Gilmore Commission made recommendations related to the challenges
presented in this section.
Addressing Chemical Plant Security:
Although the chemical industry is identified in the homeland security
strategy as a critical infrastructure sector, we reported in March 2003
that the federal government has not comprehensively assessed the
industry's vulnerability to terrorist attacks.[Footnote 70] As a
result, federal, state, and local entities are challenged by a lack of
comprehensive information on the vulnerabilities faced by the sector.
An additional challenge concerns the fact that no federal laws
explicitly require all chemical facilities to take security actions to
safeguard their facilities against a terrorist attack. Moreover, while
federal laws require some facilities to take security precautions,
federal requirements do not address security at all facilities that
produce, use, or store hazardous chemicals.
Although the chemical industry has undertaken a number of voluntary
initiatives to address security concerns at chemical facilities, the
extent of participation in voluntary initiatives is unclear. The
chemical industry faces significant challenges in preparing its
facilities against terrorist attack, including ensuring that facilities
obtain adequate threat information, determining the appropriate
security measures given the level of risk, and ensuring that all
facilities that house hazardous chemicals address security concerns.
DHS and the Environmental Protection Agency (EPA) have taken steps to
identify high-risk facilities, develop appropriate information-sharing
mechanisms, and develop a legislative proposal to require chemical
facilities to expeditiously assess their vulnerability to terrorist
attacks and, where necessary, require these facilities to take
corrective action. Legislation is now before Congress that, if enacted,
would direct DHS, or DHS and EPA, to require chemical facilities to
address these challenges.[Footnote 71]
Challenge: Addressing Nuclear Power Plant Security:
Another critical infrastructure sector identified in the homeland
security strategy is energy. Among the possible terrorist targets
within this sector are the nation's nuclear power plants--104
facilities containing radioactive fuel and waste. The Nuclear
Regulatory Commission (NRC) oversees security of these facilities
through an inspection program designed to verify the plants' compliance
with security requirements. However, in September 2003,[Footnote 72] we
reported that NRC faces challenges in ensuring that its oversight
programs are effective in safeguarding these facilities and the
surrounding communities. Specifically, three aspects of its security
inspection program reduced NRC's effectiveness in this area. First,
NRC's inspectors often used a process that minimized the significance
of security problems found in annual inspections by classifying them as
"non-cited violations" if the problem had not been identified
frequently in the past or if the problem had no direct, immediate, or
adverse consequences at the time it was identified. By making extensive
use of these non-cited violations for serious problems, NRC may
overstate the level of security at a power plant and reduce the
likelihood that needed improvements are made. Second, NRC does not have
a routine, centralized process for collecting, analyzing, and
disseminating security inspections to identify problems that may be
common to plants or to provide lessons learned in resolving security
problems. Such a mechanism may help plants improve their security.
Third, although NRC's force-on-force exercises can demonstrate how well
a nuclear power plant might defend itself against a real-life threat,
several weaknesses in how NRC conducts these exercises limited their
usefulness. Weaknesses included using (1) more personnel to defend the
plant during these exercises than would be available on a normal day,
(2) attacking forces that are not trained in terrorist tactics, and (3)
unrealistic weapons (rubber guns) that do not simulate actual gunfire.
We also found that NRC made only limited use of some available
improvements that would make force-on-force exercises more realistic
and provide a more useful training experience. Finally, even if NRC
strengthens its inspection program, commercial nuclear power plants
face legal challenges in ensuring plant security. First, federal law
generally prohibits guards at these plants from using automatic
weapons, even though terrorists are likely to be using them. Second,
state laws vary regarding the permissible use of deadly force and the
authority to arrest and detain intruders, and we found that guards are
unsure about the extent of their authorities and may hesitate or fail
to act if the plant is attacked.
Effectively Securing Nuclear Weapons Sites:
The homeland security strategy identifies the defense industrial base
as a critical infrastructure sector. Within this sector, DOE has
responsibility for sites containing nuclear weapons or the materials
used in making nuclear weapons. A terrorist attack on one of these
sites could have devastating consequences for the site and its
surrounding communities. In ensuring that these sites are adequately
prepared to defend themselves against the higher terrorist threats
present in a post-September 11, world, DOE faces significant
challenges. Among the challenges identified in our April 2004
report[Footnote 73] are the development of a new design basis threat
(DBT), a classified document that identifies, among other things, the
potential size and capabilities of terrorist forces. While the May 2003
DBT identified a larger terrorist threat than did the 1999
DBT,[Footnote 74] further analysis by DOE, in response to GAO's April
2004 report, resulted in a 2004 DBT that has been refined and more
closely identified with the terrorist parameters reflected in the
intelligence community's postulated threat. An additional challenge
involves the fact that National Nuclear Security Administration (NNSA)
has not been fully effective in managing its safeguards and security
program. As a result, NNSA has had difficulty in providing fully
effective oversight to ensure that its contractors are properly
protecting its critical facilities and materials from individuals
seeking to inflict damage.[Footnote 75] Finally, although both DOE and
NNSA have made progress in implementing security initiatives, both
agencies could benefit from clarifying the roles and authorities of
various security offices and developing methods for evaluating program
effectiveness and improvement.[Footnote 76]
Improving Security at DOD Installations:
The homeland security strategy discusses critical infrastructure as
"those systems and assets so vital to the United States that their
destruction or incapacity would have a debilitating impact on
security." As DOD installations are an essential element of the
national defense establishment, it follows that their security is
equally essential. However, we have found that DOD faces challenges in
safeguarding its installations and personnel from terrorist attacks.
Specifically, in August 2004,[Footnote 77] we reported that although
DOD has taken several steps and committed significant resources to
immediately begin installation preparedness improvements, it lacks a
comprehensive approach that incorporates results-oriented management
principles to guide improvement initiatives in the most efficient and
effective manner. A major challenge DOD faces is the lack of a single
organization or entity with the responsibility and authority to
integrate and manage the installation preparedness improvement efforts
of numerous DOD organizations engaged in efforts to improve
installation preparedness. Additional challenges to be overcome include
DOD's difficulty in developing departmentwide standards and concepts of
operations for installation preparedness and in preparing a
comprehensive plan for installation preparedness.
[End of section]
Appendix VI: Defending Against Catastrophic Threats:
This appendix sets forth the definition and major initiatives of the
Defending Against Catastrophic Threats mission area and discusses the
agencies with major roles, their funding, the alignment of their
strategic plans and implementation activities with the major
initiatives, and a summary of the challenges faced by the nation. This
appendix presents baseline information that can be used by Congress to
provide oversight and track accountability for the initiatives in the
Defending Against Catastrophic Threats mission area.
Definition and Major Initiatives:
The National Strategy for Homeland Security categorizes homeland
security activities into six mission areas, the fifth of which is
Defending Against Catastrophic Threats. This mission area includes
homeland security programs that involve protecting against, detecting,
deterring, or mitigating terrorist use of weapons of mass destruction,
including understanding terrorists' efforts to gain access to the
expertise, technology, and materials needed to build chemical,
biological, radiological, and nuclear (CBRN) weapons. In addition, this
mission area includes planning and activities related to
decontaminating buildings, facilities, or geographic areas after a
catastrophic event. This mission area dovetails into Border and
Transportation Security, Critical Infrastructure Protection, and
Emergency Preparedness and Response as detection technologies are
fielded and integrated into broader processes.[Footnote 78] Figure 11
shows an example of the type of activities carried out in the Defending
Against Catastrophic Threats mission area.
The strategy identifies the following major initiatives in the
Defending Against Catastrophic Threats mission area:
* preventing terrorist use of nuclear weapons through better sensors
and procedures;
* detecting chemical and biological materials and attacks;
* improving chemical sensors and decontamination techniques;
* developing broad-spectrum vaccines, antimicrobials, and antidotes;
* harnessing the scientific knowledge and tools to counter terrorism;
and:
* implementing the Select Agent Program.
Figure 11: First Responders Practice Emergency Decontamination:
[See PDF for image]
[End of figure]
Agencies with Major Roles in Defending against Catastrophic Threats:
Of the six departments under review, DHS and HHS have major roles in
Defending Against Catastrophic Threats. DHS's Science and Technology
Directorate develops and tests technologies and systems to detect CBRN
materials and high explosives, develops and tests forensic methods to
analyze CBRN materials and high explosives, and prioritizes measures to
address catastrophic threats through research and modeling. HHS's
National Institutes of Health (NIH) conducts basic and applied research
related to likely bioterrorism agents; designs and tests diagnostics,
therapies, and vaccines; and maintains laboratory capacity and provides
expert assistance to address bioterrorism and other threats. Other
organizations involved in this mission area include DOD, which performs
research and development related to chemical and biological threats;
the Department of Commerce, which is working to improve export control
of weapons, materials that may be used to construct weapons, and other
technologies; and the National Science Foundation, which is working to
improve security and control of nuclear fuels.
OMB reported that the total 2005 funding request for Defending Against
Catastrophic Threats is just over $3.3 billion. The agencies with the
most funding are HHS ($1.9 billion, or 57 percent), largely for
research at NIH, and in DHS's Directorate of Science and Technology
($886 million, or 26 percent).[Footnote 79] Figure 12 summarizes the
fiscal year 2005 budget request for the Defending against Catastrophic
Threats mission area by agency.
Figure 12: Proposed Fiscal Year 2005 Homeland Security Funding for
Defending Against Catastrophic Threats:
[See PDF for image]
Notes: Budget authority in millions of dollars.
"All other agencies" includes USDA ($227 million) and the Department of
Commerce ($66 million) as well as the National Science Foundation ($27
million) and the Nuclear Regulatory Commission ($16 million).
[End of figure]
OMB's reported data do not include funding for two departments that
have activities under way in this mission area. These departments--DOE
and State--have either planning or implementation activity on specific
initiatives, as discussed in the next section of this appendix. On the
basis of our previous work, we have noted several qualifications to
OMB's figures to explain this discrepancy.[Footnote 80] According to
OMB officials, there is not always a clear distinction between homeland
security activities and other related activities. OMB staff must make
judgment calls about how to characterize funding by mission areas. For
example, some homeland security activities have multiple purposes and
funding for these activities is allocated to different accounts that
can cover multiple mission areas. In addition, some of the departments'
activities, such as planning, coordination, or providing advice may
support Defending Against Catastrophic Defense activities but are not
included in the amounts shown.
Alignment of Department Activities with the Major Initiatives:
In this section, we provide more detailed information about the
Defending Against Catastrophic Threats mission area initiatives and the
departments involved in conducting activities related to these
initiatives. This includes a discussion of specific departmental
planning/implementation activities, agency leads, and implementation
activities during fiscal year 2004, with respect to each initiative.
The data are summarized in table 11.
Table 11: Detailed Department Planning/Implementation Activities in the
Defending Against Catastrophic Threats Mission Area's Six Initiatives:
[See PDF for image]
[End of table]
Summary of Departmental Activities on the Initiatives:
All six Defending Against Catastrophic Threats initiatives are being
addressed in key departments' planning and implementation activities.
As shown in table 11, at least two departments cited activity in each
of the six initiatives. At least four departments cited activity in
four of the six initiatives. For example, DHS, DOD, State, and DOE
implemented activities in fiscal year 2004 to prevent terrorist use of
nuclear weapons through better sensors and procedures. DHS's Science
and Technology Directorate provided leadership in directing, funding,
and coordinating research, development, testing, and evaluation and
procurement of technology and systems to prevent the importation of
chemical, biological, and radiological nuclear and related weapons; DOD
activities addressed the clandestine transportation of weapons of mass
destruction, including nuclear devices, via the Container Security and
Proliferation Security Initiatives; State pursued diplomatic efforts in
fiscal year 2004 to ensure compliance with existing multilateral
treaties, strengthening verification and compliance procedures, and
strengthening the International Atomic Energy Agency; and DOE worked
with DOD to secure Iraqi radiological and nuclear materials, as well as
continued research at Los Alamos National Laboratory on radiological
and nuclear countermeasures. Additionally, DHS, DOE, and HHS
demonstrated fiscal year 2004 implementation activities oriented toward
improving chemical sensors and decontamination techniques. With regard
to sensors, DHS's Homeland Security Advanced Research Projects Agency
approved multiple chemical sensor technology contracts, and HHS
continued to increase the number of toxic substances that can be
readily measured by Rapid Toxic Screen testing. With regard to
decontamination, DOE, through a national laboratory, developed a
decontamination countermeasure for biological and chemical agents.
The only department that did not have activities related to Defending
Against Catastrophic Threats initiatives is DOJ. This is
understandable, given that Justice is concerned with identifying,
capturing, and prosecuting individuals involved in terrorist activity
rather than developing and improving sensors, vaccines, antimicrobials,
antidotes, and decontamination techniques and procedures.
Identification of Lead Agencies in the Initiatives:
For all six initiatives, a lead agency is identified either in the
strategy or HSPDs. As shown in table 11, DHS is a lead on all six
initiatives. It seems appropriate that DHS would be the department with
the most leads, given that the strategy's "national vision" calls for
that department to "unify much of the federal government's efforts to
develop and implement scientific and technological counter-measures
against human, animal, and plant diseases that could be used as
terrorist weapons" and "sponsor and establish national priorities for
research, development, and testing to develop new vaccines, antidotes,
diagnostics, therapies and other technologies against chemical,
biological, radiological, or nuclear terrorism." HHS is also a lead on
two initiatives, both oriented toward the public health safety of the
nation (improving chemical sensors and decontamination techniques and
developing broad spectrum vaccines, antimicrobials, and antidotes).
More specifically, DOD, State, and DOE are all leads on the same single
initiative (preventing terrorist use of nuclear weapons through better
sensors and procedures).
The strategy and HSPDs identified multiple leads on three of the six
Defending Against Catastrophic Threats initiatives (see table 11). DHS,
DOD, State, and DOE are all leads on one initiative, preventing
terrorist use of weapons through better sensors and procedures; and DHS
and HHS are both leads on two initiatives (improving chemical sensors
and decontamination techniques and developing broad-spectrum vaccines,
antimicrobials, and antidotes.) More specifically, with respect to the
latter initiative, DHS identifies needs and coordinates activities
rather than actually developing the vaccines, antimicrobials, and
antidotes. The initiative is broadly defined to cover each of these
areas. In addition, departmental strategic planning and implementation
documents show that DHS is a clear lead on four of the six initiatives;
and DOD, HHS, State, and DOE are implied leads on all their
initiatives.
Fiscal Year 2004 Implementation of the Initiatives:
In fiscal year 2004, implementation activity occurred with respect to
all six of the Defending Against Catastrophic Threats initiatives (see
table 11). DHS implemented activity in five of the six initiatives for
which it was identified as a lead by either the strategy or HSPDs. HHS
implemented activity in both initiatives for which it was identified as
a lead; State, DOD, and DOE each implemented activity in the single
initiative for which they are leads.
Additionally, several of the departments under review implemented
multiple Defending Against Catastrophic Threats initiatives for which
they were not identified as a lead in the strategy or HSPDs. During
fiscal year 2004, HHS and DOE cited implementation activities (as well
as prior implementation activities) in three and four initiatives,
respectively, for which they were not a lead; State cited
implementation and prior implementation activities in two initiatives
for which it was not a lead. DOD conducted prior implementation
activities in three initiatives for which it was not a lead.
In accordance with the Homeland Security Act of 2002, several
departments transferred some of their programs and centers to the newly
created DHS. In the case of DOE, the nuclear smuggling programs and
activities that had previously been within the proliferation detection
program were transferred to DHS; DOE's chemical and biological national
security and supporting programs were transferred; activities of the
nonproliferation and verification research and development program and
nuclear activities associated with assessment, detection, and
cooperation regarding international materials and protection were all
transferred to DHS. In the case of DOD, functions of the National Bio-
Weapons Defense Analysis Center, including related functions of the
Secretary of Defense, were also transferred to DHS.
Challenges in Defending Against Catastrophic Threats:
The expertise, technology, and material needed to build the most deadly
weapons known to mankind--including chemical, biological,
radiological, and nuclear weapons--are proliferating. The consequences
of a terrorist attack using these types of weapons could be far more
devastating than those suffered on September 11, in that such an attack
could cause a large numbers of casualties, mass psychological
disruption, and widespread contamination, and could overwhelm local
medical capabilities. Our recent work in the Defending Against
Catastrophic Threats mission area has identified a number of
challenges. These challenges include the strengthening of efforts
involving the nonproliferation of weapons of mass destruction,
dangerous weapons systems and materials, and dual-use items; the
control of the sale of excess items that can be used to produce and
deliver biological agents; and the designation of lead agencies for
setting priorities for information systems related to bioterrorism.
Strengthening Nonproliferation Efforts:
The strategy declares that one of the nation's top priorities is to
keep weapons of mass destruction out of the hands of terrorists. We
have issued a number of reports concerning U.S. efforts to more
effectively control and limit the spread of weapons of mass
destruction, dangerous weapons systems and materials, and dual-use
items. United States efforts in this regard are designed to prevent
sensitive items from reaching persons, entities, or countries involved
in terrorism or the proliferation of weapons of mass destruction and
the vehicles to deliver them.
We testified in March 2004 that the Departments of Commerce (Commerce),
State, and Defense need to enhance their programs in this
area.[Footnote 81] Specifically, we found that the United States faces
a growing threat from the international proliferation of cruise missile
and unmanned aerial vehicle (UAV) technology, challenging the tools the
U.S. government has traditionally used. Multilateral export control
regimes have expanded their lists of controlled items, but key
countries of concern are not members. Some of these countries are also
on the State Department's list of state sponsors of terrorism. In
addition, U.S. efforts to control U.S. exports of dual-use items are
hindered by a gap in U.S. export control authority. U.S. companies can
sell certain dual-use items to foreign buyers, even if the exporter
knows the buyer plans to use the items to build cruise missiles or
UAVs. Finally, the United States seldom uses its end-use monitoring
program to verify compliance with conditions placed on the use of
cruise missiles.
With regard to export controls over items that could be employed by
terrorists, we found that post-shipment verification (PSV) provides
limited assurance that dual-use items are being properly used.
Specifically, we reviewed Commerce's efforts to conduct PSV checks to
ensure that dual-use items and technologies arrive at their intended
destination and are used for the purpose stated in the export license.
We reported, in February 2004,[Footnote 82] that Commerce conducted
relatively few post-shipment verification checks. For example, PSV
checks were completed on only 6 percent of dual-use items exported to
countries of potential proliferation concern. We also identified three
key challenges in the PSV process itself. First, PSVs do not confirm
compliance license conditions because U.S. officials frequently do not
check license compliance, they often lack the technical training to
assess compliance, and end-users may not be aware of the license
conditions they are supposed to be abiding by. Second, some countries
of concern limit the U.S. government's access. Third, PSV results have
only limited impact on Commerce's future licensing decisions. Commerce
generally agreed with our recommendation to address these challenges
and indicated it had taken steps to strengthen the PSV process.
In March 2004,[Footnote 83] we reported that another area of
proliferation raising potential terrorism concerns involves delays in
implementing the Chemical Weapons Convention (CWC). CWC bans chemical
weapons and requires their destruction by 2007, with possible extension
to 2012. CWC has played an important role in reducing the risks posed
by chemical weapons. However, CWC's nonproliferation goals have proven
more challenging than originally anticipated. First, the destruction of
chemical weapons will likely take longer and cost more than originally
anticipated. Even with significant international assistance, Russia may
not be able to destroy its declared chemical weapons stockpile until 15
years beyond the extended CWC deadline. Second, technical advancements
in the chemical industry and the increasing number of dual-use
commercial facilities worldwide challenge the CWC's ability to deter
and detect proliferation. Third, many CWC member states have not yet
adopted national laws to fully implement the CWC or have not submitted
complete and accurate declarations of their CWC-related activities.
The Bremer, Gilmore, Hart-Rudman, and 9/11 commissions made
recommendations related to the challenges presented in this section.
Controlling the Sale of Biological Production Equipment:
Another challenge related to keeping weapons of mass destruction out of
the hands of terrorists involves the ability of terrorists to readily
obtain equipment that can be used to make biological agents. We have
previously reported[Footnote 84] that many items needed to establish a
laboratory for making biological warfare agents were being sold on the
Internet to the public from DOD's excess property inventory for pennies
on the dollar--making them both easy and economical to obtain. Although
production of biological warfare agents requires a high degree of
expertise, public sales of these DOD excess items increase the risk
that terrorists could obtain and use them to produce and deliver
biological agents within the United States. To prove this point, we
created a fictitious company and purchased over the Internet key excess
DOD biological equipment items and related protective clothing
necessary to produce and disseminate biological warfare agents.
Additionally, our investigation of several buyers of the biological
equipment items found that they exported them to countries, such as the
Philippines, Egypt, and the United Arab Emirates, for transshipment to
other countries--some of which may be prohibited from receiving exports
of similar trade-security-controlled items. Finally, the possibility
that anthrax and other biological agents could have fallen into the
wrong hands because of poor controls at laboratories handling
biological agents calls for an assessment of the challenge to national
security posed by public sales of excess biological laboratory
equipment and protective clothing. While it should be noted that our
work to date has focused on DOD sales, we found that these same types
of items are available from other sources, indicating a much broader
problem. The Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions made
recommendations related to this challenge.
Effective Implementation of Emerging Information Technologies:
The strategy calls for the development of a national system to detect
biological and chemical attacks that will include "a public health
surveillance system to monitor public and private databases for
indicators of biological or chemical attack." One of the challenges we
identified in a May 2003 report[Footnote 85] is that there are six
federal agencies with key roles in bioterrorism preparedness and
response. Within these six agencies, we identified 72 information
systems and supporting technologies, as well as 12 other information
technology initiatives, with about 74 percent of these currently
operational. Of the 72 information systems identified, 34 are
surveillance systems, 18 are supporting technologies, 10 are
communication systems, and 10 are detection systems. In planning or
operating each of these information systems and IT initiatives, the
extent of coordination or interaction among the lead and other related
government agencies covered a wide range. There was no one entity or
coordinating body to set priorities for information systems, supporting
technologies, and other IT initiatives.
Within the public health sector, the implementation of emerging
information technologies could help to strengthen agencies'
technological capabilities to support the nation's ability to prepare
for and respond to bioterrorism and other public health emergencies.
Agencies identified several activities to research, develop, and
implement emerging technologies, and these activities are generally
initiated to meet agencies' specific needs. However, challenges exist
that may hinder the public health community from benefiting from the
implementation of emerging information technologies. These challenges
include (1) the likelihood that emerging technologies have not been in
use long enough for the developers to identify all areas of
standardization, or for the technologies to have evolved to the point
that they are interoperable with other existing technologies within
public health; (2) the likelihood that the use of emerging technologies
may change an organization's existing business model and thereby
introduce a significant level of risk by disrupting existing business
practices; and (3) the lack of a clearly defined mechanism for
continuing research and development for emerging technologies once the
results are turned over to the public sector.
The Gilmore Commission made recommendations with regard to this
challenge.
Safeguarding Military Installations:
As DOD installations are an essential element of the nation's national
defense establishment, it follows that their security is equally
essential. However, we reported in August 2004 that DOD faces
challenges in safeguarding its installations and personnel in the
United States and overseas from terrorist attacks involving chemical,
biological, radiological, and nuclear weapons and high
explosives.[Footnote 86] Specifically, we found that improving the
preparedness of military installations is a challenging and complex
task that will require a significant allocation of resources; involve
numerous organizations within the department; and necessitate the
coordination with other federal agencies, civilian organizations, and
foreign host governments. Although DOD has taken several steps and
committed significant resources to immediately begin installation
preparedness improvements, it faces significant challenges and lacks a
comprehensive approach that incorporates results-oriented management
principles to guide improvement initiatives in the most efficient and
effective manner. One major challenge DOD faces is the lack of a single
organization or entity with the responsibility and authority to oversee
and integrate the installation preparedness improvement efforts of
various DOD organizations. Additional challenges to be overcome include
the evolving or unclear responsibilities of key organizations and
assignment of responsibility to update DOD's installation preparedness
plans.
[End of section]
Appendix VII: Emergency Preparedness and Response:
This appendix sets forth the definition and major initiatives of the
Emergency Preparedness and Response mission area and discusses the
agencies with major roles, their funding, the alignment of their
strategic plans and implementation activities with the major
initiatives, and a summary of the challenges faced by the nation. This
appendix presents baseline information that can be used by Congress to
provide oversight and track accountability for the initiatives in the
Emergency Preparedness and Response mission area.
Definition and Major Initiatives:
The National Strategy for Homeland Security categorizes homeland
security activities into six mission areas, the sixth of which is
Emergency Preparedness and Response. This mission area includes
programs that prepare to minimize the damage and recover from any
future terrorist attacks that may occur despite our best efforts at
prevention. Included here are programs that help to plan, equip, train,
and practice the needed skills of the varied and necessary first
responders--including police officers, firefighters, emergency medical
providers, public works personnel, and emergency management officials.
Finally, this mission area includes activities to consolidate federal
response plans and activities to build a national system for incident
management in cooperation with state and local government.[Footnote 87]
Figure 13 shows an example of the types of activities carried out in
the Emergency Preparedness and Response mission area.
The strategy identifies the following major initiatives in the
Emergency Preparedness and Response mission area:
* integrating separate federal response plans into a single all-
discipline incident management plan;
* creating a national incident management system;
* improving tactical counterterrorist capabilities;
* enabling seamless communication among all responders;
* preparing health care providers for catastrophic terrorism;
* augmenting America's pharmaceutical and vaccine stockpiles;
* preparing for chemical, biological, radiological, and nuclear
decontamination;
* planning for military support to civil authorities;
* building the Citizen Corps;
* implementing the first responder initiative of the fiscal year 2003
budget;
* building a national training and evaluation system; and:
* enhancing the victim support system.
Figure 13: Hazardous Materials Response Unit in Action at an Exercise:
[See PDF for image]
[End of figure]
Agencies with Major Roles in Emergency Preparedness and Response:
Of the six departments under review, the Department of Homeland
Security and the Department of Health and Human Services have major
roles in Emergency Preparedness and Response. DHS's activities include
the development and implementation of the National Response Plan and
the National Incident Management System, maintaining the National
Disaster Medical System and Urban Search and Rescue Teams, and
supporting state and local first responders through a wide-range of
programs. HHS's activities are centered on preparing the nation's
health care providers for catastrophic terrorism by, among other
things, maintaining the Strategic National Stockpile and other
emergency preparedness and response assets. In addition to DHS and HHS,
several other agencies--including the Department of Defense, which
maintains weapons of mass destruction (WMD) response teams to support
civil authorities; and the Department of Energy, which maintains
radiological and nuclear response capabilities--are involved in
Emergency Preparedness and Response.
The Office of Management and Budget reported that the total fiscal year
2005 funding request for the Emergency Preparedness and Response
mission area is just over $8.8 billion. DHS receives the largest share
of this funding ($5.9 billion, or 68 percent), mostly for preparedness
and grant assistance to state and local first responders and Project
Bioshield. HHS also receives a significant amount of this funding ($2.2
billion, or 25 percent) for assisting states and localities in
upgrading their public health capacity. A total of 18 other federal
agencies receive emergency preparedness and response funding, with a
number of these maintaining specialized response assets that may be
called upon in select circumstances.[Footnote 88] Examples of these
agencies include DOD, which maintains WMD response teams to support
civil authorities; DOE, which maintains radiological and nuclear
response capabilities; and the Environmental Protection Agency, which
maintains chemical, biological, radiological, and nuclear response
teams.[Footnote 89] Figure 14 summarizes the fiscal year 2005 budget
request for the emergency preparedness and response mission area by
agency.
Figure 14: Proposed Fiscal Year 2005 Homeland Security Funding for
Emergency Preparedness:
[See PDF for image]
Notes: Budget authority in millions of dollars.
All other agencies includes the Departments of Agriculture ($69
million), Veterans Affairs ($33 million), Commerce ($25 million),
Treasury ($16 million), Transportation ($14 million), Labor ($10
million), Interior ($4 million) and Education ($1 million), as well as
EPA ($30 million), and several others.
[End of figure]
Alignment of Department Activities with the Major Initiatives:
This section provides more detailed information about the Emergency
Preparedness and Response mission area initiatives and the departments
involved in conducting activities related to these initiatives. This
includes a discussion of specific departmental planning/implementation
activities, lead agency designations, and department implementation
activities in fiscal year 2004, with respect to each initiative. The
data are summarized in table 12.
Table 12: Detailed Department Planning/Implementation Activities in the
Emergency Preparedness and Response Mission Area's Twelve Initiatives:
[See PDF for image]
[End of table]
Summary of Departmental Activities on the Initiatives:
All 12 Emergency Preparedness and Response initiatives are being
addressed in key departments' planning and implementation activities.
As shown in table 12, at least two departments cited activity in each
of the 12 initiatives. At least four departments cited activity in 7 of
the 12 initiatives. For example, DHS, DOD, HHS, and DOE each cited
implementation activities in fiscal year 2004 with respect to creating
a national incident management plan. DHS Federal Emergency Management
Agency worked on a comprehensive National Incident Management System
that incorporates federal, state, tribal, and local government
personnel, agencies, and regional authorities; DOD participated in the
planning of the National Incident Management System; HHS issued
continuing guidance to assist state and local jurisdictions in
preparation for joining the National Incident Management System; and
DOE implemented an agreement to release departmental emergency response
assets to DHS as requested in support of DHS's national incident
management role. Additionally, DHS and HHS implemented activities in
fiscal year 2004 toward creating seamless communication among all
responders. DHS established an office to oversee interoperability
efforts, contracts have been awarded to develop interoperability
communication technologies, and the DHS Science and Technology
Directorate is leading the RAPIDCOM initiative (under SAFECOM, a
federal governmentwide program to achieve communication
interoperability), and HHS (through its Centers for Disease Control and
Prevention) increased the percentage of health departments with
interoperable, redundant communication systems and high-speed Internet
access, and has raised the number of jurisdictions having access to the
Epidemic Information Exchange.
All departments have implemented several initiatives in fiscal year
2004 related to the Emergency Preparedness and Response critical
mission area, with one exception: State has implemented activity with
respect to only one initiative (improving tactical counterterrorist
capabilities).
Identification of Lead Agencies on the Initiatives:
For all 12 initiatives, a lead agency is identified either in the
strategy or the Homeland Security Presidential Directives. DHS is the
lead on the most initiatives in this mission area--11 of the 12
initiatives, the single exception being the initiative to augment
America's pharmaceutical and vaccine stockpiles. It seems appropriate
that DHS would be the department with the most leads given that the
strategy's "national vision" calls for DHS to "consolidate federal
response plans and build a national system for incident management" and
"ensure that leaders at all levels of government have complete incident
awareness and can communicate with and command all appropriate response
personnel."
Additionally, HHS is a lead on 3 of the 12 initiatives--augmenting
America's pharmaceutical and vaccine stockpiles; preparing for
chemical, biological, radiological, and nuclear decontamination; and
building a national training and evaluation system. DOD is a lead on 1
of the 12 initiatives within this mission area--planning for military
support to civil authorities. Three departments have not been
identified as a lead on any initiatives in this mission area: DOJ,
State, and DOE.
The strategy and HSPDs identified multiple leads on 2 initiatives (see
table 12). DHS and DOD are both leads on planning for military support
to civil authorities; and DHS and HHS are leads on building a national
training and evaluation system. In addition, 10 of the 11 DHS leads are
clear, and the single DOD lead is clear. HHS lead is clear with respect
to augmenting America's pharmaceutical and vaccine stockpiles and
implied with respect to building a normal training and evaluation
system and preparing for chemical, biological, radiological, and
nuclear decontamination. (We included HHS as an implicit lead on the
latter initiative since the department was an implicit lead on the
closely related initiative, "improving chemical sensors and
decontamination techniques" in the Defending against Catastrophic
Threat mission area.)
Fiscal Year 2004 Implementation of the Initiatives:
In fiscal year 2004 implementation activity occurred with respect to
each of the 12 Emergency Preparedness and Response initiatives (see
table 12). DHS implemented activity in 2004 on all 11 initiatives for
which it was identified as a lead. DOD implemented prior and 2004
activities in the one area where it was the lead (planning for military
support to civil authorities), and HHS implemented prior and 2004
activities in its two lead areas (augmenting America's pharmaceutical
and vaccine stockpiles and building a national training and evaluation
system).
Additionally, several of the departments under review implemented
multiple Emergency Preparedness and Response initiatives for which they
were not identified as a lead in either the strategy or HSPDs. During
fiscal year 2004, DHS cited implementation activities in the single
initiative for which it was not identified as a lead--augmenting
America's pharmaceutical and vaccine stockpiles. HHS cited 2004
implementation activities in 7 initiatives for which it was not a lead.
Similarly, DOE cited implementation activities in 6 initiatives for
which it was not identified as a lead in the strategies or HSPDs; and
DOJ and DOD both cited fiscal year 2004 implementation activities in 3
initiatives for which they were not leads, respectively.
DOJ's role in the Emergency Preparedness and Response mission area has
been modified because of program transfers. DOJ's Office of Domestic
Preparedness (ODP) had provided grant funding to assist state and local
emergency response agencies (with respect to law enforcement, fire,
hazardous materials, emergency medical services, emergency management,
and public health) to enhance their capabilities to respond to threats
posed by terrorist use of weapons of mass destruction. This program was
transferred to DHS.
Challenges in Emergency Preparedness and Response:
Our recent work in the Emergency Preparedness and Response mission area
has identified a number of challenges that must be overcome if the
nation is to effectively minimize the damage and successfully recover
from future terrorist attacks that may occur despite its best efforts
at preventing them. One challenge involves the adoption of an "all-
hazards" approach to emergency preparedness and response. Addressing
this challenge would ensure that the nation is better prepared for
terrorist events while simultaneously better preparing itself to deal
with natural disasters. Another challenge involves providing better
governmental planning and coordination with regard to first responder
issues. An example of the challenge faced here concerns the National
Capital Region (NCR), where there exists no coordinated regionwide plan
for first responder priorities. Other challenges with regard to first
responders include better preparing them to respond to incidents
involving catastrophic terrorism and restructuring the federal grant
system. An additional challenge involves improving public health
communications and information sharing. An example of this challenge is
the lack of a coordinated review process that ensures that
communications projects complement one another. Additional challenges
include better preparing health care providers to respond to incidents
involving bioterrorism; improving regional response planning involving
multiple municipalities; ensuring that hospitals have the medical
equipment necessary for large influxes of patients; ensuring adequate
communications among responders and with the public, and defining the
roles and responsibilities of DOD in defending the homeland and
providing military support to civil authorities.
Adopting an All-hazards Approach:
The strategy calls for the creation of "a fully integrated national
emergency response system that is adaptable enough to deal with any
terrorist attack, no matter how unlikely or catastrophic, as well as
all manner of natural disasters." This all-hazards approach to
emergency preparedness and response has been embodied in a number of
documents, including HSPD-5 and HSPD-8; the National Incident
Management System; and the National Response Plan. In our May, June,
and July 2004 reports,[Footnote 90] we pointed out that the challenges
the nation's emergency responders face in adapting an all-hazards
approach include (1) identifying the types of emergencies--e.g.,
hurricane or truck bomb attack--for which they should be prepared and
the requirements--e.g., incident management plans and procedures,
equipment, and training--for responding effectively to these different
types of emergencies; (2) assessing current capabilities against those
requirements; (3) developing and implementing effective, coordinated
plans among multiple first responder disciplines and jurisdictions to
close the gap between current capabilities and established
requirements; and (4) defining the roles and responsibilities of
federal, state, and local governments and private entities in defining
requirements, assessing capabilities, and developing and implementing
coordinated plans to enhance first responder capabilities. The Gilmore
and 9/11 commissions made recommendations with regard to this
challenge.
Improving Intergovernmental Planning and Coordination:
The strategy emphasizes a shared national responsibility--involving all
levels of government--in responding to a serious emergency, such as a
terrorist incident. However, in May 2004 we reported that a major
challenge involves a lack of coordination in preparing for, responding
to, and recovering from terrorist and other emergency
incidents.[Footnote 91] In particular, our work indicates that there
has been a lack of regional planning and coordination for developing
first responder preparedness, defining preparedness goals, identifying
spending priorities, and expending funds. For example, our review of
the first responders grants in the National Capital Region (NCR) found
that there was no coordinated regionwide plan for establishing first
responder performance goals, needs, and priorities and assessing
benefits of expenditures to enhance first responder capabilities. As a
result, NCR faces several challenges in organizing and implementing
efficient and effective regional preparedness programs, including the
lack of a coordinated strategic plan for enhancing NCR preparedness,
performance standards, a central source of data on funds available and
the purposes for which they are spent.
We found similar challenges related to regional coordination in our
April 2003 bioterrorism work.[Footnote 92] The strategy calls for state
and local governments to "sign mutual aid agreements to facilitate
cooperation with their neighbors in time of emergency." Such agreements
are particularly important because although the response to a terrorist
incident (such as a bioterrorism attack) would occur at the local
level, it could spread across local, state, and even national
boundaries. We found that health care officials were challenged by a
lack of regional coordination between the states and with neighboring
countries. Specifically, states tend to organize their planning on a
regional basis, assigning local areas to particular regions within the
state. Additionally, we found that border states varied with regard to
the intensity of their coordination efforts with Canada and Mexico. The
Gilmore, Hart-Rudman, and 9/11 commissions made recommendations with
regard to this challenge.
Overcoming Fragmentation of the Federal Grant System:
The strategy acknowledges that the federal grant system for first
responders is highly fragmented. In September 2003,[Footnote 93] we
testified that this fragmentation leads to challenges in the
coordination and integration of services, as well as in planning at
state and local levels. There are many different grant programs that
can be used by first responders to address preparedness activities.
However, in April 2003,[Footnote 94] we testified that substantial
differences exist in the types of recipients and the allocation methods
for grants addressing similar purposes. For example, some grants go
directly to local first responders, such as firefighters, while others
go to state emergency management agencies or directly to state fire
marshals. The allocation methods differ as well--some are formula
grants, while others involve discretionary decisions by federal agency
officials on a project basis. Grant requirements vary as well. For
example, DHS's Assistance to Firefighters Grant has a maintenance of
effort requirement, while the State Fire Training Systems Grant has no
similar requirement. Several alternatives might be employed to overcome
problems fostered by this fragmentation, including consolidating grant
programs, establishing performance partnerships between federal
agencies and state and local governments, and waiving federal funding
restrictions and program requirements. The Gilmore and 9/11 commissions
made recommendations with regard to this challenge.
Improving Communications and Information Sharing:
The strategy has an initiative to enable seamless communications among
all first responders and public health entities. However, in our August
and November 2003 reports,[Footnote 95] we stated that insufficient
collaboration among federal, state, and local governments creates a
challenge for sharing public health information and developing
interoperable communications for first responders. For example, states
and cities implemented many initiatives to improve information sharing,
but these initiatives were not well coordinated and risked creating
partnerships that limited access to information and created duplicative
efforts. Another challenge involves the lack of effective,
collaborative, interdisciplinary, and intergovernmental planning for
interoperable communications. For instance, the federal and state
governments lack a coordinated grant review process to ensure that
funds are used for communication projects that complement each other
and add to overall statewide and national interoperability capacity.
Moreover, we testified in April 2004[Footnote 96] that the Wireless
Public Safety Interoperable Communications Program, or SAFECOM, has had
very limited progress in achieving communication interoperability among
all entities at all levels of government and has not achieved the level
of collaboration necessary. Finally, in our October 2002
report[Footnote 97] on public health preparedness, we reported that
challenges exist in ensuring communication among responders and with
the public. For example, during the anthrax incidents of 2001, local
officials identified communication among responders and with the public
as a challenge, both in terms of having the necessary communication
channels and in terms of making the necessary information available for
distribution. The 9/11 Commission made recommendations with regard to
this challenge.
Better Preparing Health Care Providers for Catastrophic Terrorism:
The strategy has an initiative to "prepare health care providers for
catastrophic terrorism." However, in April 2003,[Footnote 98] we
reported that many local areas and their supporting agencies may not be
adequately prepared to respond to such an event. Specifically, while
many state and local officials reported varying levels of preparedness
to respond to a bioterrorist attack, they reported that challenges
existed because of deficiencies in capacity, communication, and
coordination elements essential to preparedness and response (such as
workforce shortages, inadequacies in disease surveillance and
laboratory systems, and a lack of regional coordination and compatible
communications systems). Some of these challenges, such as those
involving coordination efforts and communication systems, were being
addressed more readily, whereas others, such as infrastructure and
workforce issues, were more resource-intensive and, therefore, more
difficult to address. Generally, we found that cities with more
experience in dealing with public health emergencies were generally
better prepared for a bioterrorist attack than other cities, although
challenges remain in every city. An additional challenge reported to us
by state and local officials concerned the lack of adequate guidance
from the federal government on what it means to be prepared for
bioterrorism. These officials said that they needed specific standards
(such as how large an area a response team should be responsible for)
to indicate what they should be doing to be adequately prepared.
Finally, state officials indicated that a challenge to be overcome
involved the lack of sharing of best practices information. These
officials stated that while each jurisdiction might need to adapt
procedures to its own circumstances, time could be saved and needless
duplication of effort avoided if better mechanisms existed for sharing
strategies across jurisdictions. The Gilmore, Hart-Rudman, and 9/11
commissions made recommendations with regard to this challenge.
Improving Response Capabilities:
The strategy recognizes that "a major act of biological terrorism would
almost certainly overwhelm existing state, local, and privately owned
health care capabilities." In fact, in May 2003 we testified that while
the efforts of public health agencies and health care organizations to
increase their preparedness for major public health threats has
increased, significant challenges remain.[Footnote 99] Specifically,
we found that there are gaps in disease surveillance systems and
laboratory capacity, and the number of personnel trained for disease
detection is insufficient. Additionally, most emergency departments
across the country lack the capacity to respond to large-scale
infectious disease outbreaks. For example, although most hospitals
across the country reported participating in basic planning activities
for large-scale infectious disease outbreaks, few have acquired the
medical equipment resources--such as ventilators--that would be
required in such an event. Further, because most emergency departments
already routinely experience some degree of overcrowding, they may not
be able to handle the sudden influx of patients that would occur during
a large-scale terrorist incident or infectious disease outbreak. The
Gilmore Commission made recommendations with regard to this challenge.
Adequately Equipping Hospitals for Large Influxes of Patients:
The strategy states that DHS, working with HHS and VA, will help
hospitals "expand their surge capacity to care for large numbers of
patients in a mass-casualty incident." However, in August 2003 we
reported[Footnote 100] that a challenge to be overcome involved the
fact that the medical equipment available for response to such an
incident varies greatly among hospitals. Additionally, many hospitals
reported that they did not have the capacity to respond to the large
increase in the number of patients that would be likely to result from
a bioterrorist incident with mass casualties. For example, if a large
number of patients with severe respiratory problems associated with
anthrax or botulism were to arrive at a hospital, a comparable number
of ventilators would be required to treat them. However, half of the
hospitals we reviewed had, per 100 staffed beds, fewer than six
ventilators, three or fewer personal protective equipment suites, fewer
than four isolation beds, or the ability to handle fewer than six
patients per hour through a 5-minute decontamination shower. Overcoming
this challenge is particularly difficult because bioterrorism
preparedness is expensive, and hospitals are reluctant to create
capacity that is not needed on a routine basis and may never be needed
at a particular facility. Related to this challenge, HSPD-10 stated
that HHS "in coordination with other appropriate federal departments
and agencies, is the principal federal agency responsible for
coordinating all federal-level assets activated to support and augment
the state and local medical and public health response to mass casualty
events." The Gilmore Commission made recommendations with regard to
this challenge.
Establishing Emergency Preparedness Standards:
Although the strategy discusses benchmarks, standards, and other
performance measures for emergency preparedness, we have found that
there is not yet a comprehensive set of preparedness standards for
assessing first responder capacities, identifying gaps in those
capacities, and measuring progress in achieving performance goals.
Additionally, in June 2004, we testified[Footnote 101] that state and
local officials were concerned about the lack of specific standards for
determining preparedness, and these officials noted that specific
benchmarks would help them determine whether they were adequately
prepared to respond to a bioterrorism incident. Moreover, in our past
work on interoperable communications,[Footnote 102] we discussed the
need to establish national interoperability performance goals and
standards. Finally, we have reported on the lack of reliable
information on existing federal, state, and local capabilities for
combating terrorism and the need to develop a comprehensive inventory
of existing capabilities. Without standards linked to such
capabilities, it will be a challenge to assess preparedness gaps and
efforts to address the gaps without information on existing
capabilities. The Gilmore Commission made recommendations with regard
to this challenge.
Defining DOD's Homeland Security Roles and Missions:
The strategy called for a review of the authority for military
assistance in domestic security. One of the reasons for this review is
that federal law places some restrictions on military personnel
performing law enforcement functions with the United States--functions
that might be needed in a terrorist incident.[Footnote 103] Another
reason for this review is that DOD's primary mission is to deter and
prevent aggression abroad and fight to win if these measures fail. This
is accomplished through military presence and power projection.
However, the federal government's view of the defense of U.S. territory
has changed since September 11. As a result, DOD has adjusted its
strategic and operational focus to encompass not only traditional
military concerns posed by hostile states overseas but also asymmetric
threats directed at our homeland by both terrorists and hostile states.
In a July 2003 report,[Footnote 104] we noted that DOD faces challenges
in balancing its domestic and overseas missions with a renewed emphasis
on homeland defense. Moreover, current operations both home and abroad
are stressing military forces, as shown in personnel tempo data.
Complicating the situation is the fact that some units are not well
structured for their domestic missions, cannot practice the varied
skills needed to maintain combat proficiency while performing domestic
missions, and receive little training value from their assigned
domestic duties. Therefore military force readiness may erode and
future personnel retention problems may develop, if action is not taken
to address these challenges. The Gilmore and 9/11 commissions made
recommendations with regard to this challenge.
[End of section]
Appendix VIII: Crosscutting Issues:
This appendix describes challenges in implementing the National
Strategy for Homeland Security that are crosscutting--they cut across
the six critical mission areas. Many of them also cut across the
federal, state, local and private sectors. Because this appendix is not
based on any critical mission area (as defined in the strategy), it
does not include information on major initiatives, agencies with major
roles, funding by department, or alignment of department plans with
major initiatives.
Crosscutting Challenges:
Our recent work has identified a number of challenges to ensuring the
security of the homeland that are not confined to a specific mission
area. These challenges are governmentwide in nature and include
balancing homeland security funding needs with other national
requirements, providing timely and transparent homeland security
funding information, improving risk management methods for resource
allocation and investments, expanding agency use of performance
measures that link costs to outcomes, establishing baseline performance
goals and measures upon which to assess and improve preparedness,
developing and implementing national standards, clarifying roles and
responsibilities within and between the levels of government and the
private sector, developing a national enterprise architecture, and
improving information technology management governmentwide.
In addition to the challenges discussed above, DHS--as the department
most responsible for Homeland Security--faces a number of other
challenges. Because of this, in January 2003 we designated the overall
implementation and transformation of DHS as high-risk.[Footnote 105] We
gave it this designation for three reasons. First, the size and
complexity of the effort make the challenge especially daunting,
requiring sustained attention and time to achieve the department's
mission in an effective and efficient manner. Second, the components
being merged into DHS already face a wide array of existing challenges
that must be addressed. Finally, if DHS cannot effectively carry out
its mission, it exposes the nation to potentially very serious
consequences. We are currently in the process of reviewing the
challenges faced by DHS, the progress it has made in addressing these
challenges, and its continued high-risk designation. The results of
this review will be published in a forthcoming GAO report.
Balancing Homeland Security with Other National Budget Needs:
The strategy notes that "the national effort to enhance homeland
security will yield tremendous benefits and entail substantial
financial and other costs." In April 2002 and September 2003, we
reported that, among other things, the federal government must address
the challenge of formulating realistic budget and resource plans that
support and will sustain implementation of an efficient and effective
homeland security program and that provide sufficient guidance to
federal, state, local and private sector entities to create concurrent
and compatible strategic plans and investments.[Footnote 106] In this
regard, extensive resources that have already been designated for
homeland security, along with those resources currently being proposed,
clearly reflect a large and rapidly growing federal role involving
direct spending and assistance to others. While a robust homeland
security program is critical to the nation's protection and prosperity,
the challenge will be to develop it in a manner that is targeted to
areas of greatest need and avoids wasteful, unfocused, or "hitchhiker"
spending. Moreover, the new commitments will compete with and increase
the pressure on other important priorities within the budget. As our
long-term budget simulation notes, known demographic trends and rising
health care costs will place unprecedented pressures on our long-range
fiscal position. A fundamental review of existing programs and
operations can create much-needed fiscal flexibility by weeding out
programs that are outdated, poorly targeted, or inefficiently designed
and managed. An additional challenge with regard to balancing homeland
security funding with other national requirements involves the role of
both the executive and legislative branches of government in ensuring
optimum performance and appropriate accountability of our homeland
security activities and program expenditures. The 9/11 Commission made
recommendations related to this challenge.
Providing Timely and Transparent Budget Information:
The strategy reflects that "it is important to reprioritize spending to
meet our homeland security needs, and not simply to permit unchecked
overall growth in federal outlays." To examine homeland security as a
crosscutting governmentwide function, Section 889 of the Homeland
Security Act of 2002 requires that the President's budget include a
funding analysis covering all federal homeland security activities--not
just those carried out in DHS. As we reported in November
2002,[Footnote 107] agencies provide information that distinguishes
funding for homeland security from combating terrorism and other
federal activities at a level of detail that OMB describes as
sufficient to analyze government spending on homeland security. OMB has
made a number of improvements to its annual Report to Congress on
Combating Terrorism.[Footnote 108] For the first time, the annual
report issued in September 2003 aggregated funding information by the
critical mission areas in the National Strategy for Homeland Security.
Additionally, by releasing this year's analysis with the President's
fiscal year 2005 budget, OMB has made this crosscutting presentation a
timely complement to individual budget proposals and a resource for
congressional budget deliberations. Despite these positive changes,
congressional decision makers still face challenges in using this
information to make sound decisions on appropriations. Specifically, a
key element to understanding spending for homeland security is missing-
-that is, how much of the funding provided has been obligated. Without
obligation information, it is impossible to know (1) whether funds are
being used to implement programs (e.g., orders placed, contracts
awarded, and services received); (2) how much funding from prior years
is still available to potentially offset new needs or priorities; (3)
whether the rate of spending for a program is slower than anticipated;
or (4) what the level of effort or commitment is in a particular
mission area for a given year or over time.
Improving Risk Management Methods for Resource Allocation and
Investment:
The strategy states that "we must carefully weigh the benefit of each
homeland security endeavor and only allocate resources where the
benefit of reducing risk is worth the amount of additional cost." We
have long advocated a risk management approach to guide the allocation
of resources and investments for improving homeland security.[Footnote
109] Additionally, OMB has identified various tools it considers useful
in planning, such as benefit-cost analysis, capital budgeting, and
regulatory decision making.[Footnote 110] Such tools are difficult to
apply to homeland security expenditures even when such application is
encouraged in the homeland security strategy.[Footnote 111] A challenge
to the central management of the budget is to develop and adopt a
framework and supporting tools to inform cost allocations in a risk
management process. Although OMB asked the public in 2002 for
suggestions on how to adjust standard tools to the homeland security
setting,[Footnote 112] a vacuum currently exists in which benefits of
homeland security investments are often not quantified and are almost
never valued in monetary terms.[Footnote 113] As OMB guidance is
relatively silent on acceptable treatments of nonquantifiable
benefits,[Footnote 114] there is a lack of criteria to guide agency
analysts in developing information to inform management. The Gilmore
and 9/11 commissions made recommendations on the need for risk
management.
Establishing Baseline Performance Goals and Measures:
While the strategy discusses creating benchmarks and performance
measures, it does not provide a baseline set of performance goals and
measures upon which to assess and improve preparedness. The Government
Performance and Results Act of 1993 (GPRA) required federal agencies to
develop strategic plans with long-term, outcome-oriented goals and
objectives, annual goals linked to achieving the long-term goals, and
annual reports on the results achieved. In July 2002,[Footnote 115] we
testified that because of lack of performance goals and measures in the
homeland security strategy, the nation does not have a comprehensive
set of performance goals and measures upon which to assess and improve
prevention efforts, vulnerability reduction, and responsiveness to
damage and recovery needs at all levels of government. Thus the nation
faces a challenge to establish clear goals and performance measures to
ensure both a successful and a fiscally responsible preparedness
effort. We identified strategic planning as one of the critical success
factors for new organizations. For example, as part of its
implementation phase, we noted that DHS should engage in strategic
planning through the involvement of stakeholders, assessment of
internal and external environments, and an alignment of activities,
core processes, and resources to support mission-related outcomes. We
are currently reviewing DHS's first strategic plan to, among other
things, assess the extent to which it reflects GPRA requirements and
supports the strategy. The 9/11 Commission made recommendations related
to this challenge.
Clarifying Government and Private Sector Roles and Responsibilities:
According to the strategy, "the responsibility for providing homeland
security is shared between federal, state and local governments, and
the private sector." In April 2002,[Footnote 116] we testified,
however, that the appropriate roles and responsibilities within and
between the levels of governments and with the private sector are
evolving and need to be clarified. New threats are prompting a
reassessment and shifting of long-standing roles and responsibilities.
These shifts have been occurring on a piecemeal and ad hoc basis
without the benefit of an overarching framework and criteria to guide
the process. The homeland security strategy recognizes the challenge
posed by a complex structure of overlapping federal, state, and local
governments--our country has more than 87,000 jurisdictions--but its
initiatives often do not provide a baseline set of performance goals
and measures upon which to assess and improve preparedness. Thus, the
nation does not yet have a comprehensive set of performance goals and
measures upon which to assess and improve prevention efforts,
vulnerability reduction, and responsiveness to damage and recovery
needs at all levels of government. Given the need for a highly
integrated approach to the homeland security challenge, national
performance goals and measures for strategy initiatives that involve
both federal and nonfederal actors may best be developed in a
collaborative way involving all levels of government and the private
sector. Standards are one tool the homeland security strategy
emphasizes in areas such as training, equipment, and communications.
The 9/11 Commission made recommendations related to this challenge.
Developing a National Enterprise Architecture for Homeland Security:
The strategy points out that mobilizing and organizing the nation to
secure it from terrorist attacks is "an exceedingly complex mission
that requires coordinated and focused effort from our entire society."
The development of a national enterprise architecture could assist in
transforming the various organizations involved in homeland security,
as well as their supporting systems, in a way that eliminates
duplication, promotes interoperability, reduces costs, and optimizes
mission performance. An enterprise architecture is a blueprint that
defines, both in logical terms (including interrelated business
processes and business rules, integrated functions, applications,
systems, users, work locations, and information needs and flows) and in
technical terms (including hardware, software, data, communications,
and security) how an organization operates today, how it will operate
in the future, and a road map for the transition.
DHS intends to incrementally develop a national enterprise architecture
for homeland security. In August 2004,[Footnote 117] we reported that
DHS's initial enterprise architecture provided a partial basis upon
which to build future versions that can be made applicable beyond the
department itself. However, it was missing most of the content
necessary to be considered a well-defined architecture. Moreover, the
content in this version was not systematically derived from a DHS or
national corporate business strategy; rather, it was more the result of
an amalgamation of the existing architectures that several of DHS's
predecessor agencies already had, along with their respective
portfolios of system investment projects. Such a development approach
is not consistent with recognized architecture development best
practices. DHS officials agreed with our content assessment of their
initial architecture, stating that it is largely a reflection of what
could be done without a departmental strategic plan to drive
architectural content and with limited resources and time. Since our
report was published, DHS has developed the next version or increment
of its enterprise architecture, with the intent of developing future
versions or increments that extend horizontally to include, for
example, state and local government homeland security entities. The 9/
11 Commission made recommendations related to this challenge.
Improving Governmentwide Information Technology Management:
The strategy states that "every government official performing every
homeland security mission depends upon information and information
technology." However, in January 2004,[Footnote 118] we reported that
challenges are faced throughout the federal government with regard to
information technology management--including the consistent
application of IT strategic planning and performance measurement
practices. Specifically, we have found that agencies generally have IT
strategic plans and goals, but that these goals are not always linked
to specific performance measures that are tracked. Additionally, while
agencies largely have IT investment management boards, we found no
agency had the practices associated with control fully in place. These
practices are important ingredients for ensuring effective strategic
planning and investment management, and they, in turn, make it more
likely that the billions of dollars in government IT investments will
be wisely spent. Finally, our experience with federal agencies has
shown that attempts to modernize IT environments without blueprints--
models simplifying the complexities of how agencies operate today, how
they will operate in the future, and how they will get there--often
result in unconstrained investment and systems that are duplicative and
ineffective. Enterprise architectures, as described in our report,
offer such blueprints. The 9/11 Commission made recommendations related
to this challenge.
[End of section]
Appendix IX: Department Summary Across Critical Mission Areas:
This appendix provides a summary analysis across all the six mission
areas. It includes information on whether all 43 initiatives are being
covered, how frequently departments are cited with lead
responsibilities, whether they are implementing programs related to
these initiatives in fiscal year 2004, and where such implementation
efforts are concentrated. As stated earlier, we used the National
Strategy for Homeland Security and Homeland Security Presidential
Directives 1 through 12 to determine lead agencies with respect to each
initiative. The "clear" and "implied" leads, discussed in the
methodology section, are denoted by solid and dashed line boxes,
respectively.
Table 13: Summary of Department Leads, Planning, and Implementation
across the Six Critical Mission Areas of the National Strategy for
Homeland Security:
[See PDF for image]
[End of table]
The strategy identifies 43 initiatives across the six mission areas.
All 43 initiatives have been addressed through department planning or
implementation activities. Each initiative has been addressed by at
least two departments under review, with a single exception (Justice is
the only department involved in planning/implementing activities to
complete the FBI's restructuring process to emphasize the prevention of
terrorist attacks). A total of 33 initiatives have been addressed by
three or more departments under review; 9 initiatives have been
addressed by five or more departments.
All initiatives have identified leads, with one exception (the
Intelligence and Warning initiative, "employment of red-team
techniques"). The strategy and HSPDs intended DHS to be the prominent
department on matters related to homeland security. This is reflected
in DHS being identified as a lead on 37 of the 43 initiatives, spanning
all six critical mission areas. DOJ is identified as a lead department
on 8 of the 43 initiatives, including all 6 initiatives cited under the
Domestic Counterterrorism mission area--the mission area most
specifically related to criminal justice matters. (DOJ had been
identified as a lead agency with respect to two initiatives, creating
smart borders and guarding America's critical infrastructure and key
assets against inside threats. However, given the transfer of the
Immigration and Naturalization Service and the National Infrastructure
Protection Center programs to the Department of Homeland Security, DOJ
officials indicated the department no longer serves as a lead on these
2 initiatives). HHS is identified as a lead on 6 of the 43 initiatives.
(HHS has no lead responsibilities with respect to the Intelligence and
Warning, Border and Transportation Security, and Domestic
Counterterrorism mission areas.) State is cited as a lead on 4
initiatives, spanning all the critical mission areas with the exception
of Intelligence and Warning and Emergency Preparedness and Response.
DOD has been cited in the homeland security strategy and HSPDs as a
lead on 3 initiatives (excluding the Intelligence and Warning, Border
and Transportation Security, and Domestic Counterterrorism mission
areas). DOE is a lead department on 2 initiatives, encompassing just
two critical mission areas: Protecting Critical Infrastructures and Key
Assets and Defending against Catastrophic Threats.
The six departments under review have implemented activities on several
initiatives during fiscal year 2004, for which they have been
identified as leads. DHS cited implementation activities in 36 of the
37 initiatives for which it was identified as a lead (the one exception
being the Select Agent Program). HHS, DOD, DOE, DOJ, and State cited
implementation activities in fiscal year 2004 on each of their lead
areas. In total, one or more departments cited implementation
activities in fiscal year 2004 on all 43 initiatives.
When considering departmental implementation activities during fiscal
year 2004, irrespective of lead, we find that DHS documented activities
in 40 of the 43 initiatives, spanning all six critical mission areas.
DOE documented fiscal year 2004 implementation activities in 25 of the
43 initiatives, also spanning all six critical mission areas. HHS
identified 2004 activities in 24 of the 43 initiatives, covering five
of the six mission areas (the exception: Intelligence and Warning). DOD
cited 2004 implementation activities in 17 of the 43 initiatives,
covering all six mission areas. State demonstrated 2004 activities in
15 of the 43 initiatives, spanning all six mission areas; and DOJ
identified 2004 activities in 13 of the 43 initiatives, covering four
of the six mission areas (the exceptions: Border and Transportation
Security and Defending against Catastrophic Threats).
[End of section]
Appendix X: Homeland Security Presidential Directives:
This appendix describes, in chronological order, the presidential
directives that, in conjunction with the National Strategy for Homeland
Security and certain other national strategies, form the foundation for
the federal government's efforts to protect the nation against
terrorist attack and ensure the security of the homeland. These
documents set forth agencies' roles and responsibilities for responding
to potential or actual terrorist threats or incidents as well as the
processes and mechanisms by which the federal government mobilizes and
deploys resources and coordinates assistance to state and local
authorities, the public, and the private sector.
Homeland Security Presidential Directive-1:
HSPD-1 was issued on October 29, 2001. It established the Homeland
Security Council (HSC) and charged it with ensuring that all homeland
security-related activities carried out by the executive agencies and
departments are properly coordinated and with promoting the effective
development and implementation of all homeland security policies. In
addition to describing the organization and operation of the HSC, it
set forth the composition and duties of the HSC Principals Committee
(the senior interagency forum under the HSC for homeland security
issues) and the HSC Deputies Committee (the senior sub-Cabinet
interagency forum for consideration of policy issues affecting homeland
security). It also discussed the formation of the 11 HSC Policy
Coordination Committees to serve as the main day-to-day forum for
interagency coordination of homeland security policy.
Homeland Security Presidential Directive-2:
HSPD-2, also issued on October 29, 2001, set forth U.S. national policy
for combating terrorism through the application of enhanced immigration
policies designed to aggressively prevent the entry into the country of
aliens who engage in or support terrorist activity and to identify,
locate, detain, prosecute, and deport any such aliens already residing
in the United States. This directive established the Foreign Terrorist
Tracking Task Force to ensure federal agency coordination and directed
the (1) development and implementation of multiyear plans to enhance
the investigative and intelligence analysis capabilities of the INS and
Customs Service; (2) implementation of measures to end the abuse of
student visas and prohibit certain international students from
receiving education and training in sensitive areas; (3) initiation of
negotiations with Canada and Mexico to ensure maximum possible
compatibility of immigration, customs, and visa policies; and (4) study
of the use of advanced technologies for data sharing and enforcement
efforts.
Homeland Security Presidential Directive-3:
Issued on March 11, 2002, HSPD-3 established the Homeland Security
Advisory System (HSAS) as a comprehensive and effective means for
ensuring the rapid dissemination of information regarding the risk of
terrorist acts to federal, state, and local authorities and to the
general public. It describes the HSAS as a system that provides
warnings in the form of a set of graduated threat levels that increase
as the risk of an attack rises and goes on to explain that for each
threat level there would be a corresponding set of protective measures
that would be implemented. According to HSPD-3, the HSAS is intended to
create a common vocabulary, context, and structure for an ongoing
national dialogue about the nature of the terrorist threat and the
actions that can be taken in response to it.
Homeland Security Presidential Directive-4:
Issued in December 2002, HSPD-4 is the unclassified version of the
National Strategy to Combat Weapons of Mass Destruction. This directive
promulgates the nation's resolve to combat weapons of mass destruction
through the application of new technologies, increased emphasis on
intelligence collection and analysis, the strengthening of alliance
relationships, and the establishment of new partnerships with former
adversaries. Further, HSPD-4 sets forth the three principal pillars
upon which the strategy will rest--counterproliferation to combat WMD
use; strengthened nonproliferation to combat WMD proliferation; and
consequence management to respond to WMD use. The classified version of
this HSPD is NSPD-17.
Homeland Security Presidential Directive-5:
HSPD-5, issued on February 28, 2003, is concerned with the management
of domestic terrorist attacks, major disasters, and other emergency
incidents. It calls for the establishment of a single, comprehensive
national incident management system in order to ensure that all levels
of government across the nation have the capability to work together
efficiently and effectively, using a national approach to domestic
incident management. HSPD-5 further states that with regard to domestic
incidents, the federal government will treat crisis management and
consequence management as a single, integrated function, rather than as
two separate functions. HSPD-5 is considered to be a companion to HSPD-
8, which was issued in December 2003.
Homeland Security Presidential Directive-6:
Issued on September 16, 2003, HSPD-6 set forth the policy of the United
States with regard to the integration and use of screening information.
It directed the Attorney General to establish an organization to
consolidate the government's approach to terrorism screening and
provide for the appropriate and lawful use of terrorist information in
screening processes. HSPD-6 further directed that the heads of
executive departments and agencies provide--to the extent permitted by
law--the Terrorist Threat Integration Center with all appropriate
terrorist information in their possession, custody, or control on an
ongoing basis.
Homeland Security Presidential Directive-7:
HSPD-7 was issued on December 17, 2003, and established a national
policy for federal departments and agencies to identify and prioritize
United States critical infrastructure and key resources and to protect
them from terrorist attacks. It set forth the roles and
responsibilities of the Secretary of Homeland Security, sector-specific
federal agencies, and other departments, agencies, and offices in
critical infrastructure protection. It should be noted that HSPD-7
superseded an earlier presidential directive on critical infrastructure
protection (PDD 63).
Homeland Security Presidential Directive-8:
This directive was also issued on December 17, 2003. It established
policies to strengthen the nation's preparedness to prevent and respond
to potential or actual terrorist attacks, major disasters, and other
emergencies by requiring a national domestic all-hazards preparedness
goal, establishing mechanisms for improved delivery of federal
preparedness assistance to state and local governments, and outlining
actions to strengthen the preparedness capabilities of federal, state,
and local entities. HSPD-8 is a companion to HSPD-5, which had been
issued earlier in the year.
Homeland Security Presidential Directive-9:
HSPD-9, issued on January 30, 2004, established a national policy to
defend the agriculture and food system of the United States against
terrorist attacks, major disasters, and other emergencies. It set forth
the roles and responsibilities of the Secretaries of Homeland Security,
Agriculture, and Health and Human Services and the Administrator of the
Environmental Protection Agency in ensuring the safety and security of
the nation's food supply.
Homeland Security Presidential Directive-10:
HSPD-10 was issued on April 28, 2004, under the title "Biodefense for
the 21st Century." It set forth a blueprint--based on a comprehensive
evaluation of the nation's biological defense capabilities--for the
nation's future biodefense program that fully integrates the sustained
efforts of the national and homeland security, medical, public health,
intelligence, diplomatic, and law enforcement communities. HSPD-10
describes the pillars of the national biodefense program as threat
awareness, prevention and protection, surveillance and detection, and
response and recovery. Finally, it provided that specific direction to
departments and agencies for implementing the biodefense program is
contained in a classified version of the HSPD, NSPD-33.
Homeland Security Presidential Directive-11:
Issued on August 27, 2004, HSPD-11 builds on HSPD-6 in setting forth
the nation's policy with regard to comprehensive terrorist-related
screening procedures. Specifically, it states that terrorist-related
screening will be enhanced through (1) the adoption of comprehensive,
coordinated procedures that detect, identify, track, and interdict
people, cargo, conveyances, and other entities that pose a threat to
homeland security and (2) the implementation of a comprehensive and
coordinated approach to terrorist-related screening--in immigration,
law enforcement, intelligence, counterintelligence, and protection of
the border, transportation systems, and critical infrastructure--that
supports homeland security.
Homeland Security Presidential Directive-12:
HSPD-12, also issued on August 27, 2004, directs the establishment of a
common identification standard for federal employees and contractors.
Specifically, HSPD-12 states that the policy of the United States is to
enhance security, increase government efficiency, reduce identity
fraud, and protect personal privacy through the establishment of a
mandatory, governmentwide standard for secure and reliable forms of
identification issued by the federal government.
[End of section]
Appendix XI: Comments from the Department of Defense:
Note: GAO comments supplementing those in the report text appear at the
end of this appendix.
ASSISTANT SECRETARY OF DEFENSE:
HOMELAND DEFENSE:
2600 DEFENSE PENTAGON:
WASHINGTON, DC 20301-2600:
24 NOV 2004:
Mr. Norman J. Rabkin, Managing Director:
Homeland Security and Justice Issues:
U.S. General Accounting Office:
Washington, DC 20548:
Dear Mr. Rabkin:
We appreciate the opportunity to comment on the draft report, "HOMELAND
SECURITY: Agency Plans, Implementation, and Challenges Regarding the
National Strategy for Homeland Security." The Department of Defense
applauds the efforts of the GAO to ensure that initiatives outlined in
the National Strategy for Homeland Security are being addressed. As
your report indicates, the Department of Defense is actively pursuing a
diverse range of CIP security initiatives.
The Department would like to clarify one point with respect to the
draft report. In Appendix V, DoD is identified as a lead agency for the
initiative to "Build and maintain a complete and accurate assessment of
America's critical infrastructure and key assets." More accurately, it
should be noted that DoD is the sector-specific lead for the Defense
Industrial Base, while the Department of Homeland Security is charged
with the overall lead for the initiative. Although Appendix V addresses
this issue briefly, this distinction between overall lead and sector-
specific lead is not self-evident in the report.
Let me take this opportunity to thank you and your staff for producing
a thorough and accurate report.
Sincerely,
Signed by:
Paul McHale:
GAO Comment:
We incorporated the point indicated in the DOD letter and responded to
technical comments where appropriate throughout the report.
[End of section]
Appendix XII: Comments From the Department of Health and Human
Services:
Note: GAO comments supplementing those in the report text appear at the
end of this appendix.
DEPARTMENT OF HEALTH & HUMAN SERVICES:
Office of the Secretary:
Office of the Assistant Secretary for Public Health Emergency
Preparedness:
Washington, D.C. 20201.
DEC 06, 2004:
Mr. Norman J. Rabkin, Managing Director:
Homeland Security and Justice Issues:
U.S. Government Accountability Office:
Washington, D.C. 20548:
Dear Mr. Rabkin:
Thank you for this opportunity to comment on your draft report
entitled: "Homeland Security: Agency Plans, Implementation, and
Challenges Regarding the National Strategy for Homeland Security (GAO-
05-33)." The enclosed comments and technical edits represent our
department's understanding of the issues described.
We highlight the following issues for your attention, decontamination
responsibilities and the transfer of the Strategic National Stockpile
from Department of Homeland Security (DHS) back to HHS.
Once again, we appreciate the opportunity to contribute to this report.
Sincerely,
Signed by:
William F. Raub:
Deputy Principal Assistant Secretary:
Office for Public Health Emergency Preparedness:
Enclosure:
Comments of the Department of Health and Human Services to the General
Accountability Office's Draft Report, "Homeland Security: Agency Plans,
Implementation, and Challenges Regarding the National Strategy for
Homeland Security." (GAO-05-33):
General Comments and Technical Edits:
The Department of Health and Human Services (HHS) appreciates the
opportunity to comment on the Government Accountability Office's (GAO)
draft report.
We offer the following general comments and technical edits:
1. Letter Report, Page 17 - HHS is listed as "implicitly identified" as
lead agency for improving decontamination techniques based on GAO's
review of the National Strategy for Homeland Security and Homeland
Security Presidential Directives (HSPDs). We note two other provisions
that cause some confusion regarding decontamination.
First, in Appendix VII, Page 4 of your report (Item 7 in Table VII. 1),
you note that the Department of Homeland Security (DHS) is "clearly"
identified as the lead for the task "Prepare for chemical, biological,
radiological, and nuclear decontamination."
Second, HSPD 10 suggests, at least implicitly, that the Environmental
Protection Agency has the lead for decontamination in a biological
incident:
"The Administrator of the Environmental Protection Agency, in
coordination with the Attorney General and the Secretaries of Defense,
Agriculture, Labor, Health and Human Services, and Homeland Security,
is developing specific standards, protocols, and capabilities to
address the risks of contamination following a biological weapons
attack and developing strategies, guidelines, and plans for
decontamination of persons, equipment, and facilities."
Finally, the HHS initiative mentioned in Appendix VI, Page 5 relates to
chemical sensors (e.g., the Rapid Toxic Screen testing), not
decontamination. Separating this item into two (chemical sensors and
decontamination) would provide clarity.
2. Appendix 11, Page 5 - HHS is listed as operating the BioWatch
program. This is inaccurate. DHS manages this program with support from
HHS. Please revise accordingly.
3. Appendix 111, Page 5, 2nd line - "HHS' Food and Drug Service
Administration..." should read "The Food and Drug Administration within
HHS."
4. Appendix V, Page 4, 3rd line from bottom - "HHS' Food and Drug
Service Administration..." should read "The Food and Drug
Administration within HHS."
5. Appendix V, Page 4, 2nd and 3rd lines from bottom - For clarity, FDA
issued five security guidance documents for different segments of the
food industry which suggested conducting background checks. The FDA
guidance was not directed at how to conduct the background checks, and
was not directed only to the food service industry. Suggested re-
phrasing is: "The Food and Drug Administration within HHS issued
guidance to the food industry that suggested preventative measures,
including employee background checks, which could increase the security
of food while under an establishment's control."
6. Appendix V, Page 4, Table 4 - A dot should be included in item 2,
"Build and maintain a complete and accurate assessment of America's
critical infrastructure and key assets", under the HHS PI column. FDA
completed its initial vulnerability assessments of the food industry in
2002, while continuing to re-evaluate its assessments.
7. Appendix V, Page 4, top paragraph, 2nd line from bottom - Insert
"food" after "agriculture", thus the phrase would read "addressing the
terrorist threat to agriculture and food."
8. Appendix VII, Page 2 - The Project Bioshield 2004 legislation, signed
by the President on July 21, 2004, returned the Strategic National
Stockpile to HHS from DHS. In addition to the Stockpile, HHS maintains
additional emergency preparedness and response assets, which include
(but are not limited to) teams from the United States Public Health
Service Commissioned Corps, the Centers for Disease Control and
Prevention, and the Food and Drug Administration. Please revise
accordingly.
9. Appendix VII, Page 10 - The Report notes that "DHS ... will help
hospitals `expand their surge capacity to care for large numbers of
patients in a mass-casualty incident."' HSPD-10 notes that HHS "in
coordination with other appropriate Federal departments and agencies,
is the principal Federal agency responsible for coordinating all
Federal-level assets activated to support and augment the state and
local medical and public health response to mass casualty events."
Please note this designation and revise accordingly.
10. Appendix IX, Page 2, Table 4 - A dot should be included in item 2,
"Build and maintain a complete and accurate assessment of America's
critical infrastructure and key assets", under the HHS PI column. FDA
completed its initial vulnerability assessments of the food industry in
2002, while continuing to re-evaluate its assessments.
GAO Comment:
We incorporated the technical comments where appropriate throughout the
report.
[End of section]
Appendix XIII: Comments From the Department of Homeland Security:
Note: GAO comments supplementing those in the report text appear at the
end of this appendix.
U.S. Department of Homeland Security:
Washington, DC 20528:
December 9, 2004:
Mr. Norman Rabkin:
Managing Director, Homeland Security & Justice Issues:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Mr. Rabkin:
RE: GAO-05-33, Homeland Security: Agency Plans, Implementation, and
Challenges Regarding the National Strategy for Homeland Security (GAO
Job Code 440295):
Thank you for the opportunity to review the subject draft report. It
acknowledges the work and progress of the Department of Homeland
Security (DHS) and the Departments of Justice, Defense, Health and
Human Services, State and Energy in addressing the Administration's
National Strategy for Homeland Security initiatives and the Homeland
Security Presidential Directives (HSPDs) objectives through strategic
planning and related activities in Fiscal Year 2004. DHS has a
prominent role in implementing all six of the critical mission areas
that include Border and Transportation Security, Domestic
Counterterrorism, Protecting Critical Infrastructure and Key Assets,
and Emergency Preparedness and Response.
We generally agree with the tenor of the report. Challenges remain in
implementing the strategy in a well coordinated and integrated manner
particularly when issues cut across two or more of the six critical
mission areas. However, the report notes that all the national
strategy's 43 initiatives are included in the activities of at least
one of the six departments reviewed. DHS itself had planning and/or
implementation activity related to 40 of the 43 initiatives. DHS and
the other departments are individually and collectively moving forward
to accomplish our respective missions with regard to implementing the
National Strategy for Homeland Security.
The report identifies a baseline from which to assess progress in
meeting homeland security objectives. It does not contain any
recommendations. The Department Summary Across Critical Mission Areas
(Appendix IX) and related table entitled Summary of Department Leads,
Planning, and Implementation Across the Six Critical Mission Areas of
the National Strategy for Homeland Security is particularly useful.
We have enclosed information that reflects in part the on-going work of
DHS in meeting many of the challenges facing America. In addition, we
are assuming GAO's incorporation of our technical comments which were
provided to your office under separate cover.
Sincerely,
Signed by:
Anna F. Dixon:
Director:
Departmental GAO/OIG Liaison Office:
Enclosure:
Appendix II-Intelligence and Warning:
Under "Challenge: Enhancing the analytical capabilities of the FBI"
(page 7), we believe that the stand up of the US CERT gives DHS, and
consequently the FBI through the law enforcement section, a better
situational awareness of what is occurring across cyberspace and, in
particular, in the government space. The later would be a natural
target for terrorists.
In addition, DHS' support/administration of the Cybercop Portal serves
as vehicle for sharing information (not classified, but important to
the recipient) with our state and local partners within the cyber law
enforcement community. Furthermore, DHS has acted as a conduit between
the intelligence community/law enforcement and the private sector
wherein source information has been rendered anonymous. DHS
component(s) also have acted as another mechanism for passing cyber
information from law enforcement to the intelligence community.
Appendix IV-Domestic Counterterrorism:
While not specifically directed toward terrorism, the National Cyber
Response Coordination Group (NCRCG) and the Cybercop Portal can be used
toward that end.
Appendix V-Protecting Critical Infrastructures and Key Assets:
One of the major initiatives in the critical infrastructure protection
mission area is securing cyberspace. We believe that GAO should include
or otherwise reference the NCRCG that is mentioned in the National
Response Plan's Cyber Annex as a coordinating body for cyber
emergencies of national scope.
Page 2, paragraph 1 discusses DHS primary responsibilities and provides
examples of specific functions performed by DHS. GAO may want to
include additional responsibilities mentioned in HSPD-7. This includes
responsibility for chemicals, dams, and nuclear reactors, materials and
waste.
Please consider including information related to Sector-Specific
Agencies under Challenges in Critical Infrastructure Protection
(Appendix V, pp. 7-16). HSPD-7 required the development of the National
Infrastructure Protection Plan (NIPP). HSPD-7 recognizes that
infrastructure sectors possess unique characteristics and operating
models, and assigns Critical Infrastructure Protection (CIP)
responsibilities for those sectors to Sector-Specific Agencies (SSAs),
with guidance to be provided by DHS. To implement HSPD-7, SSAs have
developed Sector-Specific Plans (SSPs) that provide an informational
foundation for the NIPP. SSPs provide a detailed description of the
specific processes that are used to identify, assess, prioritize,
protect, and measure effectiveness; the plans for implementing these
processes; and the status of any efforts being conducted to support
this effort to date, including best practices identified, challenges
encountered, and products generated. Additionally, these SSPs address
many of the challenges documented in this section of Appendix V.
GAO notes three challenges related to federal CIP efforts on page 8.
Progress meeting the challenges mentioned is imminent. The NIPP is on
schedule to be approved this month as planned; the support to the
Executive Order 13356 Working Group is developing information sharing
relationships; the Interagency Incident Management Group has improved
and the fusion cell will further strengthen DHS' ability to analyze
threat, incident, and vulnerability information together in a
meaningful way.
On page 14 of Appendix V, Challenge: Addressing chemical plant
security, GAO, referring to a March 2003 report, states that the
"federal government has not comprehensively assessed the industry's
vulnerability to terrorist attacks" and, "as a result, federal, state,
and local entities are challenged by a lack of comprehensive
information on vulnerabilities faced by the sector." DHS through it
Information Analysis and Infrastructure Protection Directorate has
published several Characteristics and Common Vulnerabilities (CCV) and
Potential Indicators of Terrorist Activity (PI) reports for the
chemical sector, the latest revisions have been prepared in October
2004. Specific reports address chemical facilities, chemical storage,
and chemical transportation.
Appendix V, Pages 14-15, Challenge: Addressing nuclear power plant
security discusses problems reported by GAO in September 2003 with
respect to the Nuclear Regulatory Commission (NRC)'s oversight of
security at commercial nuclear power plants. GAO should note that an
inter-agency (NRC, FBI and the DHS' United States Coast Guard and
Emergency Preparedness and Response) team is developing plans to
conduct comprehensive vulnerability assessments of commercial nuclear
reactors and associated facilities. Each facility will be assessed and
protective strategies prepared and implemented.
Appendix VI-Defending against Catastrophic Threats:
Reference again should be made to the NCRCG. There has been speculation
that a cyber attack would be used in conjunction with a physical attack
to enhance the amount of damage. The NCRCG is activated in the event of
a significant event (cyber or physical effecting cyber), and would be a
coordinating body for response and reconstitution efforts.
Appendix VIII-Crosscutting Issues:
Appendix VIII, Page 3, Challenge: Improving risk management methods for
resource allocation and investment comments on the benefits of the risk
management approach. DHS is working on a high-level risk-based approach
to CIP. This effort is based in part on the methodology described in
past GAO reports.
GAO Comment:
In addition to making the changes indicated in the enclosure, we
incorporated the technical comments where appropriate throughout the
report.
[End of section]
Appendix XIV: Comments From the Department of Justice:
Note: GAO comments supplementing those in the report text appear at the
end of this appendix.
U.S. Department of Justice:
Washington, D.C. 30530:
December 3, 2004:
Norman J. Rabkin:
Managing Director, Homeland Security and Justice:
Government Accountability Office:
441 G Street, NW:
Washington, D.C. 20548:
RE: GAO Draft Audit Report No. GAO-05-33 (Review No. 440295):
Dear Mr. Rabkin:
The Department of Justice (Department) reviewed the final draft of the
Government Accountability Office's (GAO) report entitled HOMELAND
SECURITY: Agency Plans, Implementation, and Challenges Regarding the
National Strategy for Homeland Security (GAO-05-33). The Department
sent its technical comments, under separate cover to Jared Hermalin,
the Analyst-in-Charge at GAO. Below find the Department's formal
comments for inclusion in the final report that GAO publishes.
APPENDIX IV:
DOMESTIC COUNTERTERRORISM:
Page 2, Agencies with Major Roles in Domestic Counterterrorism:
The first paragraph incorrectly says that the FBI leads the Anti-
Terrorism Advisory Councils. In fact, the Executive Office of the
United States Attorneys holds that responsibility. The FBI leads the
Joint Terrorism Task Forces. In addition, the FBI has responsibility
for terrorist financing which was left out of the paragraph completely.
Consequently, we suggest the paragraph should read:
"Of the six departments under review, the Departments of Justice (DOJ)
and Homeland Security (DHS) have major roles in Domestic
Counterterrorism. DOJ leads Anti-Terrorism Advisory Councils to
increase cooperation between federal, state and local law enforcement.
Within DOJ, the Federal Bureau of Investigation (FBI) works to detect
and prevent terrorist acts through analysis and fieldwork to identify
terrorists, their supporters, and materials that may be used to
perpetrate a terrorist act, to include terrorist financing; tracks
foreign terrorists and keeps them from entering the U.S.; and leads the
multi-agency Joint Terrorism Task Forces (JTTFs). The Department's 94
United States Attorneys lead the Anti-Terrorism Advisory Councils that
enhance cooperation and information sharing among federal, state and
local law enforcement, first responders, industry, academia, and
others."
The enclosed Statement of Recent Accomplishments describes some of the
efforts to prevent terrorism taken since the GAO stopped collecting
data for this report. Specifically, the Statement supplements the GAO
report by detailing how the FBI realigned its assets and shifted its
priorities to make the prevention of terrorism the Bureau's main
priority. The GAO told the Department on October 24, 2004, to provide
this data along with the Department's formal comments, and that the
material would be included in the GAO final report.
The Department appreciates the opportunity to provide its formal
comments and supplemental information. For more information, your staff
may contact Richard Theis, Acting Director, Audit Liaison Office, on
202-514-0469.
Sincerely,
Signed by:
Paul R. Corts:
Assistant Attorney General for Administration:
cc:
EOUSA - David L. Smith:
FBI - Cheryl Johnston:
JMD - Walt Wondolowski:
Criminal - Julie Wellman:
OJP - LeToya Johnson:
ODAG - James A. McAtamney:
Enclosure:
Statement of Recent Accomplishments:
Under the leadership of Director Mueller, the FBI has moved forward
aggressively to implement a comprehensive plan that has fundamentally
transformed the FBI with one goal in mind: establishing the prevention
of terrorism as the Bureau's number one priority. While the FBI once
concentrated on investigating terrorist crimes after they occurred; the
FBI now focuses on disrupting terrorists before they strike. Director
Mueller has overhauled the FBI's counterterrorism operations, expanded
its intelligence capabilities, modernized its business practices and
technology, and improved coordination with its partners.
To implement these new priorities, the FBI increased the number of
Special Agents assigned to terrorism matters and hired additional
intelligence analysts and translators. Also, it established operational
units and entities that provide new or improved capabilities to address
the terrorist threat. These include the 24/7 Counterterrorism Watch (CT
Watch) and the National Joint Terrorism Task Force (NJTTF) to manage
and share threat information; the Terrorism Financing Operation Section
(TFOS) to centralize efforts to stop terrorist financing; document/
media exploitation squads to exploit material found both domestically
and overseas for its intelligence value; deployable "Fly Teams" to lend
counterterrorism expertise wherever it is needed; the Terrorist
Screening Center (TSC) and Foreign Terrorist Tracking Task Force
(FTTTF) to help identify terrorists and keep them out of the United
States; the Terrorism Reports and Requirements Section to disseminate
FBI terrorism-related intelligence to the Intelligence Community; and
the Counterterrorism Analysis Section to merge, compare, and assess
indicators of terrorist activity against the United States from a
strategic perspective.
The FBI centralized management of its Counterterrorism Program at
Headquarters to limit "stove-piping" of information, to ensure
consistency of counterterrorism priorities and strategies across the
organization, to integrate counterterrorism operations here and
overseas, to improve coordination with other agencies and governments,
and to make senior FBI managers accountable for the overall development
and success of its counterterrorism efforts.
The FBI is building an enterprise-wide intelligence program that has
already improved substantially its ability to strategically direct its
intelligence collection and to fuse, analyze, and disseminate its
terrorism-related intelligence. The FBI quickly implemented a plan to
integrate all its capabilities and better prevent terrorist attacks
after passage of the USA PATRIOT Act, issuance of related Attorney
General Guidelines, and an issuance of opinion by the Foreign
Intelligence Surveillance Court of Review that removed the barrier to
sharing information between intelligence and criminal investigations.
Director Mueller elevated intelligence to program-level status, putting
in place a formal structure and concepts of operations to govern FBI-
wide intelligence functions, and establishing Field Intelligence Groups
(FIGs) in every Bureau field office.
Understanding that the Bureau cannot defeat terrorism without strong
partnerships, the FBI has enhanced the level of coordination and
information sharing with state and municipal law enforcement personnel.
The Bureau expanded the number of Joint Terrorism Task Forces (JTTFs),
increased technological connectivity with its partners, and implemented
new ways of sharing information through vehicles such as the FBI
Intelligence Bulletin, the Alert System, and the Terrorist Screening
Center. To improve coordination with other federal agencies and members
of the Intelligence Community, the Bureau joined with its federal
partners and established the Terrorist Threat Integration Center,
exchanged personnel, instituted joint briefings, and started using
secure networks to share information. The Bureau improved its
relationships with foreign governments by building on the overseas
expansion begun under Director Louis Freeh; by offering investigative
and forensic support and training, and by working together with those
governments on task forces and joint operations. Finally, the FBI
expanded outreach to minority communities, and improved coordination
with private businesses involved in critical infrastructure and
finance.
Re-engineering its personnel efforts made the Bureau more efficient and
more responsive to operational needs. The Bureau revised its approach
to strategic planning, and refocused its recruiting and hiring to
attract individuals with the skills critical to counterterrorism and
intelligence missions. Also, the FBI developed a more comprehensive
training program and instituted new leadership initiatives to keep its
workforce flexible.
These improvements have produced tangible, measurable results. Since
September 11, 2001, the FBI participated in disrupting dozens of
terrorist operations by developing actionable intelligence and better
coordinating our counterterrorism efforts. The Bureau significantly
increased the number of human sources and the amount of surveillance
coverage to support its counterterrorism efforts. It developed and
refined a process for briefing daily threat information, and
considerably increased the number of FBI intelligence reports produced
and disseminated.
Prior to September 11, 2001, the Bureau had no centralized structure
for the national management of its Counterterrorism Program, and
terrorism cases were routinely managed out of individual field offices.
An al-Qa'ida case, for example, might have been from the New York Field
Office; a HAMAS case might have been managed by the Washington Field
Office. This arrangement functioned for years, and produced a number of
impressive prosecutions. Once counterterrorism became the overriding
priority, improving the arrangement offered further benefits.
In December 2001, the Director reorganized and expanded the
Counterterrorism Division (CTD) and created the position of Executive
Assistant Director (EAD) for Counterterrorism and Counterintelligence.
(The Assistant Director of CTD reports to the EAD) The change
centralized management, a predicate for a truly national program - to
coordinate counterterrorism operations and intelligence production
domestically and overseas; to conduct liaison with other agencies and
governments; and to establish clear lines of accountability for the
overall development and success of the FBI's Counterterrorism Program.
With this management structure in place, the FBI can affect a
fundamental change in operations and can better accomplish its
counterterrorism mission.
The FBI divided the operations of the Counterterrorism Division into
branches, sections, and units, each of which focuses on a different
aspect of the current terrorism threat facing the U.S. These components
are staffed with intelligence analysts and subject matter experts who
work closely with investigators in the field and integrate intelligence
across component lines. This integration allows for real-time responses
to threat information and quick communication with decision-makers and
investigators in the field.
The FBI is designed, and has always operated, as both a law enforcement
and intelligence agency. It has the dual mission: 1) to investigate and
arrest perpetrators of completed crimes and 2) to collect intelligence
that will help prevent future crimes and assist policy makers in their
decision making. History has shown that the Bureau is most effective in
protecting the United States (U.S.) when it performs these missions in
tandem.
The FBI has long recognized that investigations produce intelligence
benefits beyond arrest and prosecution. Starting with the Ku Klux Klan
cases in the 1960's and the Mafia cases of the 1970's, FBI agents began
to view criminal investigations as both a means of arresting and
prosecuting someone for a completed crime, and as a means of obtaining
information to prevent future crime. The goal was not simply to arrest
individual members of the Klan or the Mafia, but to penetrate and
dismantle a whole criminal organization.
As this approach was adopted, the FBI developed intelligence tools that
have proven critical to predicting and preventing criminal activity.
Also, the Bureau learned to think strategically before making arrests,
sometimes opting to delay a suspect's arrest to allow more opportunity
for surveillance that might disclose conspirators or other criminal
plans. This approach was used to great effect in organized crime cases
and espionage investigations, and members of the Bureau's Safe Streets
Task Forces use it to combat street gangs. This is the approach that,
since 9/11, the Bureau has used successfully in terrorism
investigations.
By definition, investigations of international terrorism are both
"intelligence" and "criminal" investigations. They are intelligence
investigations because their objective, pursuant to Executive Order
12333, is "the detection and countering of international terrorist
activities," and because they employ authorities and investigative
tools - such as Foreign Intelligence Surveillance Act warrants -
designed for the intelligence mission of protecting the U.S. against
attack or other harm by foreign entities. They are criminal
investigations because international terrorism against the U.S.
constitutes a violation of the federal criminal code.
Over the past two decades, court rulings and internal DOJ procedures
regarding FISA warrants barred FBI agents and other Intelligence
Community personnel working intelligence cases from coordinating and
swapping leads with agents working criminal cases. As a result of this
legal "wall," intelligence agents and criminal agents working on a
single terrorist target had to proceed independently and without
knowing what the other may have been doing.
The USA PATRIOT Act, enacted on October 26, 2001 eliminated this "wall"
and authorized coordination among agents working criminal matters and
those working intelligence investigations. On March 6, 2002 the
Attorney General issued new Intelligence Sharing Procedures for Foreign
Intelligence and Foreign Counterintelligence Investigations Conducted
by the FBI (Intelligence Sharing Procedures) to capitalize on this
legislative change. The new procedures specifically authorized agents
working intelligence cases to disseminate to criminal prosecutors and
investigators all relevant foreign intelligence information, including
information obtained from FISA, in accordance with applicable
minimization standards and other specific restrictions. Likewise, the
procedures authorized prosecutors and criminal agents to advise FBI
agents working intelligence cases on all aspects of foreign
intelligence investigations, including the use of FISA.
On November 18, 2002 the Foreign Intelligence Surveillance Court of
Review issued an opinion approving the Intelligence Sharing Procedures.
The opinion authorized the FBI to share information, including FISA-
derived information, with both criminal and intelligence investigators.
Today, the FBI can conduct terrorism investigations using criminal and
intelligence tools and personnel.
To FBI formalized this merger of intelligence and criminal operations
by abandoning its practice of classifying cases as either "criminal" or
"intelligence" international terrorism investigations; now the FBI
classifies all these cases as ones including "international terrorism."
This reclassification officially designates an international terrorism
investigation as one that can employ intelligence tools as well as
criminal processes and procedures. In July 2003, the Bureau formalized
this approach in its Model Counterterrorism Investigative Strategy
(MCIS), which was issued to all field offices and has been the subject
of extensive field training.
With the dismantling of the legal "wall" and the integration of
criminal and intelligence personnel and operations, the FBI now has the
latitude to coordinate its intelligence and criminal investigations and
to employ full range of investigative tools against a suspected
terrorist. On the intelligence side, it can conduct surveillance on the
suspected terrorist to learn about his movements and identify possible
confederates; it can obtain FISA authority to monitor his
conversations; and/or it can approach and attempt to cultivate him as a
source or an operational asset. On the criminal side, the Bureau has
the option of incapacitating him through arrest, detention, and
prosecution. The course to take is chosen by continuously balancing the
opportunity to develop intelligence against the need to apprehend the
suspect and prevent him from carrying out his terrorist plans. This
integrated approach has guided Bureau operations and enabled it foil
terrorist-related operations and disrupt cells from Northern Virginia,
to Buffalo, New York, to Portland, Oregon, to Newark, New Jersey.
Virginia Jihad Network:
As a result of an FBI, Washington Field Office investigation, nine
members of a group based in Northern Virginia, now known as the
Virginia Jihad Network, were convicted on charges to include:
Conspiracy to levy war against the United States (18 USC 2384);
Conspiracy to provide material support to Al-Qa'ida (18 USC 2339B);
Conspiracy to provide material support to Lashkar-e-Taiba (18 USC
2339A); and supplying services to the Taliban (50 US 1705.):
The investigation, which involved both intelligence and criminal
aspects, proved that members of the Virginia Jihad Network had
intentionally participated in activities in preparation to enter into
jihad (Holy War) against enemies of Islam, including the U.S.
Specifically, members of the group participated in weekly jihad
training sessions consisting of physical training in small-unit para-
military tactics using paint-ball as a means of instruction, as well as
religious instruction on the topics of jihad, typically through the
readings of certain hadiths related to jihad.
Lackawanna Six:
The FBI investigation known as the "Lackawanna Six," conducted by
agents in the Buffalo Field Office, resulted in the convictions of six
men, all U.S. citizens of Yemeni descent, for their participation in an
Al-Qa'ida military-style training camp with radical Islamists in
Afghanistan shortly before the 9/11 terrorist attacks. Five of the men
plead guilty to providing material support to Al-Qa'ida and the sixth
pled guilty to conducting transactions unlawfully with Al-Qa'ida.
The investigation successfully identified and documented the methods
Al-Qa'ida members used to communicate with and recruit U.S. citizens of
Yemeni descent to travel to Afghanistan for the purpose of military
training for jihad.
The Portland Seven:
The FBI, Portland Field Office, investigation known as the "Portland
Seven," resulted in the conviction of seven Muslim men from Portland,
in February 2004, for: Conspiracy to levy war against the United
States; Conspiracy to Provide Material Support and Resources to Al-
Qaida; Conspiracy to Contribute Services to Al-Qa'ida and the Taliban;
and for two of the men: Possessing Firearms in Furtherance of Crimes of
Violence.
The investigation proved that, as part of the conspiracy, members would
travel to Afghanistan to join Al-Qa'ida and Taliban forces in the jihad
and take up arms against the U.S. and allied military forces. Following
the 9/11 terrorist attacks five of the defendants acquired various
firearms and engaged in weapons training and physical training for
preparation to fight a jihad. In October 2001, six of the men traveled
to China, then tried several times to reach Afghanistan to fight for
the Taliban.
Hemant Lakhani:
The FBI investigation into the activities of businessman Hemant
Lakhani, a British national born in India, resulted in charges against
Lakhani for attempting to sell anti-aircraft missiles to shoot down
American airliners. He was charged, also, with plotting to obtain for
terrorists a "dirty bomb". Lakhani since pleaded not guilty to the
charges of providing material support to terrorists and attempting to
sell arms without a license. His trial is set to begin in November,
2004. If convicted, he could be sentenced to 25 years in prison.
Two other individuals were arrested and charged with helping in a
planned money transfer that was part of the transaction. One of those
two individuals arrived in the U.S. to allegedly arrange for a $500,000
down payment from a government cooperating witness for 50 more
shoulder-fired missiles. Each individual faces up to five years in
prison.
Although the FBI is now able to coordinate its intelligence collection
and criminal law enforcement operations, it will realize its full
potential as a terrorism prevention agency once it develops the
intelligence structure, capabilities, and processes to direct those
operations. The Department needs an effective intelligence capacity, if
it expects to defeat a sophisticated and opportunistic adversary like
Al-Qa'ida.
For a variety of historical reasons, the Bureau had not developed this
intelligence capacity prior to September 11, 2001. Even though the FBI
always has been one of the world's best collectors of information, it
never completed the infrastructure to exploit that information fully
for its intelligence value. Individual FBI agents analyzed the evidence
in their particular cases, and used it to guide their investigations.
The FBI as an institution, however, had not elevated that analytical
process above the individual case or investigation to an overall effort
to analyze intelligence and strategically direct intelligence
collection against threats across all programs.
The attacks of September 11, 2001, highlighted, the need to develop an
intelligence process for the Counterterrorism Program. Since then, the
Bureau has undertaken to build the capacity to fuse, analyze, and
disseminate its terrorism-related intelligence, and to direct
investigative activities based on an analysis of gaps in its collection
against national intelligence requirements. That effort has proceeded
in four stages.
The first was to increase the number of analysts working
counterterrorism. Immediately after September 11, Director Muller
temporarily reassigned analysts from the Criminal Investigative and
Counterintelligence Divisions to various units in the Counterterrorism
Division. In July 2002, 25 analysts were detailed from the CIA to
assist. Many of these analysts provided tactical intelligence analysis;
others provided strategic "big picture" analysis. These deployments
were temporary, but the progress made, the confidence gained, and the
lessons learned during this period started the FBI down the road toward
a functioning intelligence analysis operation. Also, the Bureau
established the College of Analytical Studies to help train and develop
a cadre of FBI specialized analysts.
On December 3, 2001, the Director established the Office of
Intelligence (01) within the Counterterrorism Division. The 01 was
responsible for establishing and executing standards for recruiting,
hiring, training, and developing the intelligence analytic workforce,
and ensuring that analysts are assigned to operational and field
divisions based on intelligence priorities. Recognizing that
intelligence and analysis are integral to all of the Bureau's programs,
in February 2003, Director Mueller moved the 01 out of the
Counterterrorism Division and created a stand-alone 01, headed by an
Executive Assistant Director (EAD-1), to provide centralized support
and guidance for the Bureau's intelligence functions.
The second stage in the Bureau's intelligence integration was to
elevate intelligence functions to program-level status, instituting
centralized management and implementing a detailed blueprint for the
Intelligence Program.
The Director articulated a clear mission for the Intelligence Program -
to position the FBI to meet current and emerging national security and
criminal threats by: 1) aiming investigative work proactively against
threats; 2) building and sustaining enterprise-wide intelligence
policies and capabilities, and 3) providing useful, appropriate, and
timely information and analysis to the national security, homeland
security, and law enforcement communities. With the mission defined,
the Bureau set out to embed intelligence processes into the day-to-day
work of the FBI, from the initiation of a preliminary investigation to
the development of FBI-wide strategies.
Now that the Intelligence Program is established and evolving, the FBI
is moving on to the third stage of transforming the Bureau into an
intelligence agency - reformulating personnel and administrative
procedures to instill within our workforce an expertise in the
processes and objectives of intelligence work.
A major element of the Bureau's transformation is its increasing
integration and coordination with its partners in the U.S. and
international law enforcement and intelligence communities. More than
any other type of enforcement mission, counterterrorism requires the
participation of every level of local, state, national, and
international government. A good example is the case of the Lackawanna
terrorist cell outside Buffalo, New York. From the police officers who
helped to identify and conduct surveillance on the cell members; to the
CIA officers who provided information from their sources overseas; to
the diplomatic personnel who coordinated our efforts with foreign
governments; to the FBI agents and federal prosecutors who conducted
the investigation leading to the arrests and indictments, everyone
played a significant role.
The FBI recognizes that a prerequisite for any operational coordination
is the full and free exchange of information. Without procedures and
mechanisms that allow information sharing on a regular and timely
basis, the Bureau and its partners cannot expect to align their
operational efforts to best accomplish their common mission.
Accordingly, the FBI took steps to establish FBI-wide policies for
sharing information and intelligence.
To ensure a coordinated, enterprise-wide approach, the Director
recently designated the EAD-I to serve as the principal FBI official
for information and intelligence sharing policy. In this capacity, the
EAD-I functions as an advisor to the Director and provides policy
direction on information and intelligence sharing within and outside
the FBI with the law enforcement and intelligence communities, as well
as foreign governments. On February 20, 2004, the Bureau formed an
information sharing policy group, comprised of Executive Assistant
Directors, Assistant Directors and other senior executive managers.
Under the Direction of the EAD-I, this group is establishing FBI
information and intelligence sharing policies.
Beyond these information sharing initiatives, the Bureau is increasing
its operational coordination with its state, federal, and international
partners on a number of fronts.
The FBI strengthened its working relationships with the CIA and other
members of the Intelligence Community. From the Director's daily
meetings with the Director of Central Intelligence and CIA briefers, to
the regular exchange of personnel among agencies, to the joint efforts
in specific investigations and in the Terrorist Threat Integration
Center, the Terrorist Screening Center, and other multiagency entities,
the FBI and its partners in the Intelligence Community are now
integrated at virtually every level of our operations.
The Terrorist Threat Integration Center (TTIC) is a good example of the
collaborative relationship among the FBI, the CIA, and other federal
partners. Established on May 1, 2003, at the direction of President
Bush, TTIC coordinates strategic analysis of threats based on
intelligence from the FBI, CIA, DHS, and DOD. Analysts from each agency
work side-by-side in one location to piece together the big picture of
threats to the U.S. and our interests. TTIC analysts synthesize
government-wide information regarding current terrorist threats and
produce the Presidential Terrorism Threat Report for the President. FBI
personnel at TTIC are part of the Office of Intelligence and work
closely with analysts at FBI Headquarters in combining domestic and
international terrorism developments into a comprehensive analysis of
terrorist threats. In addition to the analysis developed by FBI
analysts detailed to TTIC, FBI analysts at Headquarters regularly
contribute articles to the President's Terrorist Threat Report.
The FBI currently has agents and analysts detailed to CIA entities,
including the CIA's Counterterrorism Center (CTC). Also, FBI agents and
intelligence analysts are detailed to the NSA, the National Security
Council, DIA, the Defense Logistics Agency, DOD's Regional Commands,
the Department of Energy, and other federal and state agencies.
CIA personnel are also working in key positions throughout the Bureau.
The Deputy Section Chief of the International Terrorism Operations
Section in the Counterterrorism Division is a CIA detailee. CIA
officers are detailed to the Security Division, including the Assistant
Director, the Chief of the Personnel Security Section, and managers
working with the Secret Compartmental Information (SCI) program and the
FBI Police. An experienced manager from the CIA's Directorate of
Science and Technology now heads the Investigative Technologies
Division and a CIA employee on detail serves as the Chief of a Section.
This exchange of personnel is taking place in Bureau field offices as
well as in the FBI headquarters. In JTTF sites, the CIA has officers
co-located with FBI agents, and there are plans to add CIA officers at
several others. The NSA detailed analysts to FBI Headquarters, and the
Washington, New York, and Baltimore Field Offices.
The FBI now uses secure systems to disseminate classified intelligence
reports and analytical products to the Intelligence Community and other
federal agencies. Improving the compatibility of information technology
systems throughout the Intelligence Community will increase the speed
and ease of information sharing and collaboration. To that end, an FBI
information technology team worked with the Chief Information Officers
(CIOs) of DHS and other Intelligence Community agencies as the Bureau
upgraded its data systems.
DHS plays a critical role in assessing and protecting vulnerabilities
in our national infrastructure and at our borders, and in overseeing
our response capabilities. The Bureau has worked closely with DHS to
ensure that the integration of information sharing between the
agencies. The FBI and DHS share database access at TTIC, in the
National JTTF at FBI Headquarters, in the FTTTF and the TSC, and in
local JTTFs around the country. The FBI and DHS worked together to
establish the new Terrorist Screening Center. CTD analysts from the FBI
weekly brief their DHS counterparts on terrorism developments. The
agencies jointly produce Intelligence Bulletins for state, local, and
tribal law enforcement and state and local homeland security officials.
They produce joint threat assessments for key events such as the
national political party conventions. The Bureau designated an
experienced executive from the Transportation Security Administration
to run the TSC and detailed a senior DHS executive to the FBI's Office
of Intelligence to ensure coordination and transparency between the
agencies.
On March 4, 2003, the Attorney General, the Secretary of Homeland
Security, and the Director of Central Intelligence signed a
comprehensive Memorandum of Understanding (MOU) establishing policies
and procedures for information sharing, handling, and use. Pursuant to
that MOU, information related to terrorist threats and vulnerabilities
is provided to DHS automatically. Consistent with the protection of
sensitive sources and methods and the protection of privacy rights, we
now share as a rule, and withhold by exception.
With terrorists traveling, communicating, and planning attacks around
the world, coordination with our foreign partners has become more
critical than ever before. The FBI has increased its overseas presence
and now routinely deploys agents and crime scene experts to assist in
the investigation of overseas attacks, such as the May 2003 bombings in
Saudi Arabia and Morocco. Their efforts, and the relationships that
grew from them, have played a critical role in the successful
international operations the Bureau conducted over the past three
years.
Bureau personnel have participated in numerous investigations of
terrorist attacks in foreign countries. The approach taken to those
investigations differs from the traditional Bureau approach. Prior to
September 11, FBI overseas investigations were primarily focused on
building cases for prosecution in the U.S. Today, the focus has
broadened. Now, the FBI provides its foreign partners with
investigative, forensic, and other types of support that enhance joint
efforts to prevent and disrupt terrorist attacks. This approach won the
approval of our partners and increased reciprocal cooperation and led
to more effective joint investigations.
With the recent directives implementing the intelligence agent career
track and the administrative reforms related to building an
intelligence workforce, the FBI has created a foundation for an
intelligence-driven counterterrorism operation.
The substantial progress achieved over the past three years, defies
precise measurement. However, several accomplishments demonstrate the
effectiveness of the Counterterrorism Program. Including:
* Developing human assets:
* Increasing the number of FISAs:
* Increasing the number of intelligence reports generated * Increasing
the quality of daily briefings:
* Raising the effectiveness of counterterrorism operations:
The FBI historically has recognized that human sources often provide
the most important information during a criminal investigation.
Accordingly, the Bureau has developed expertise in recruiting and using
human sources. Further, it uses those skills to great effect across a
wide range of investigative programs, including organized crime, drugs,
public corruption, and white collar crime.
The Bureau has placed a priority on developing human intelligence
sources to assist in the identification and apprehension of
international terrorists. The Bureau has revised its training programs,
its personnel evaluation criteria, and its operational priorities to
focus on source development. These efforts already increased the number
of human intelligence sources in the Counterterrorism Program. Between
August 30, 2001, and September 30, 2003, the number of sources related
to international terrorism increased by more than 60 percent, and the
number of sources related to domestic terrorism increased by more than
39 percent.
FISA coverage increased significantly, reflecting both the Bureau's
increased focus on counterterrorism and counterintelligence
investigations and its improvement in FISA operations. From 2001 to
2003, the number of FISA applications filed annually with the Foreign
Intelligence Surveillance Court increased by 85 percent. The FISA has
seen a similar increase in the use of the emergency FISA process that
permits the FBI to obtain immediate coverage in emergency situations.
In 2002, for example, the Department of Justice obtained a total of 170
emergency FISA authorizations, which is more than three times the
number of emergency FISAs obtained in the 23 years between the 1978
enactment of FISA and September 11, 2001.
The fourth stage involves improved dissemination of information. In the
past year, the FBI produced more than 3,000 intelligence products,
including "raw" reports, intelligence memoranda, in-depth strategic
analysis assessments, special event threat assessments, and focused
Presidential briefings. In addition, it briefed many members of
Congress, other government agencies, and law enforcement organization
about intelligence matters.
Prior to September 11, 2001, the FBI produced very few raw intelligence
reports. In fiscal 2004, the FBI produced and disseminated about 2,700
Intelligence Information Reports (IIRs) containing raw intelligence
derived from FBI investigations and intelligence collection. The
majority contained intelligence related to international terrorism; the
next greatest number contained foreign intelligence and
counterintelligence information; and the remainder concerned criminal
activities and cyber crime. These IIRs were sent to a wide customer set
in FBI field offices, the Intelligence Community, Defense Community,
other federal law enforcement agencies, and U.S. policy entities.
In addition to these raw intelligence reports, the FBI has begun
producing analytic assessments on a par with those the Intelligence
Community produces. The FBI developed and issued, in January 2003, a
classified comprehensive assessment of the terrorist threat to the U.S.
This assessment focuses on the threats that may develop over the next
two years, based on an analysis of information regarding the
motivations, objectives, methods, and capabilities of existing
terrorist groups and the potential for the emergence of new terrorist
groups. This threat assessment is used as a guide in the allocation of
investigative resources, as a compilation of threat information for
investigators and intelligence personnel within and without the FBI,
and as a resource for decision-makers elsewhere in the government. The
2004 threat assessment was released in April 2004. Also, the Bureau
published a comprehensive assessment of the terrorist WBRN threat to
the U.S., in December 2003. FBI analysts have produced 137 in-depth
analyses in Fiscal Year 2004 and several hundred current intelligence
articles.
How the FBI used the Al-Qa'ida terrorism handbook provides a good
example of the Bureau's improved capacity to exploit evidence for its
intelligence value. A terrorism handbook seized from an Al-Qa'ida
location overseas in the mid-1990's was declassified and released by
DOJ shortly after the events of September 11, 2001. The FBI believed,
and subsequent events confirmed, that intelligence gleaned from the
handbook could provide useful guidance about Al-Qa'ida's interests and
capabilities. Nine Intelligence Bulletins were based in whole or in
part on this intelligence. In addition, the Bureau used information
from the Al-Qa'ida Handbook to update the Bureau's counterterrorism
training, including the Intelligence Analyst Basic Course at the
College of Analytical Studies, the Introduction to Counterterrorism
Course at the National Academy, and sessions on Terrorism Indicators
and Officer Safety in the Bureau's SLATT training.
One measure of the Bureau's improved counterterrorism operations is the
Bureau's capability to analyze data daily and deliver daily briefing.
The development of this capability reflects the maturation of the
centralized Counterterrorism Program.
Prior to September 11, the FBI lacked the capacity to provide a
comprehensive daily terrorism briefing - to assemble the current threat
information, to determine what steps were being taken to address each
threat, and to present a clear picture of each threat and the Bureau's
response to that threat to the Director, senior managers, the Attorney
General, and others in the Administration who make operational and
policy decisions. Because investigations were run by individual field
offices, the Bureau never developed a central repository of treat data.
During the past three years, with the assistance of veterans from the
Intelligence Community, the FBI has established the infrastructure and
the cadre of professionals to produce effective daily briefings and to
share briefing materials more widely within the Bureau and with our
partners.
In 2002, the Bureau established the Presidential Support Group within
the Counterterrorism Division to prepare daily briefing materials. In
the summer of 2003, this group was renamed the Strategic Analysis Unit
and moved to the Office of Intelligence. Beginning in August 2003, the
Strategic Analysis Unit began producing the Director's Daily Report
(DDR), a daily intelligence briefing that includes information on
counterterrorism operations, terrorism threats, and information
related to all areas of FBI investigative activity. The DDR is
distributed to executives in all FBI operational divisions. The
Director uses the DDR to brief the President nearly every weekday
morning. The FBI also produces Presidential Intelligence Assessments,
finished FBI intelligence products covering topics of particular
interest to the President on issues other than terrorism.
Director Mueller holds threat briefings twice a day: an intelligence
briefing in the morning and a case-oriented briefing later in the day.
At them, a briefer and the operational executive managers provide a
summary of current threats and associated FBI operations. Because CIA
and DHS representatives attend, these meetings facilitate the sharing
of threat information. The development of the Bureau's daily briefings
provides a tangible measure of progress.
The Bureau historically measured its performance, to a large extent, by
the number of criminals it arrested. Although useful for traditional
law enforcement, a new standard was needed to measure how well the
Bureau neutralized terrorist threats. The arrest standard failed to
account for terrorist threats neutralized through means other than
formal terrorism prosecutions - such as deportation, detention, arrest
on non-terrorism charges, seizure of financial assets, and the sharing
of information with foreign governments for their use in taking action
against terrorists within their borders.
The number of disruptions and dismantlement provides a better measure.
This measure counts every time the Bureau - either by itself or with
its partners in the law enforcement and intelligence communities -
conducts an operation which disables, prevents, or interrupts terrorist
fund-raising, recruiting, training, or operational planning. Since
September 11, 2001, the FBI has participated in dozens of such
operations, disrupting a wide variety of domestic and international
terrorist undertakings.
The FBI has made significant advances over the past three years, as the
forgoing shows.
GAO Comments:
In addition to the letter reprinted in this appendix, we included the
enclosure containing the recent accomplishments of the Federal Bureau
of Investigation. We did not solicit this type of information from any
participating department nor its components, during this engagement.
Nor did we conduct the necessary audit to verify the validity of the
findings. In addition to providing the letter and enclosure, the
department provided technical comments. We incorporated the technical
comments where appropriate throughout the report.
[End of section]
Appendix XV: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
Intelligence and Warning:
FBI Law Enforcement Issues:
Laurie E. Ekstrand, (202) 512-2758:
FBI Information Technology and Watch List Issues:
Randolph C. Hite, (202) 512-6256:
DHS Homeland Security Advisory System Issues:
William O. Jenkins, Jr., (202) 512-8757:
Threat Information Sharing Issues:
Henry L. Hinton, (202) 512-6599:
Border and Transportation Security:
Border, Customs and Immigration Issues:
Richard M. Stana, (202) 512-8816:
Visa Issues:
Jess T. Ford, (202) 512-4268:
Travel Document Counterfeiting and Fraud:
Robert J. Cramer, (202) 512-7227:
Border Radiation Detection Issues:
Eugene E. Aloise, (202) 512-6870:
Biometrics Technology Issues:
Keith A. Rhodes, (202) 512-3938:
Border Information Technology Issues:
David A. Powner, (202) 512-9286:
Aviation Security Issues:
Cathleen A. Berrick, (202) 512-3404:
Surface Transportation Security Issues:
Cathleen A. Berrick, (202) 512-3404:
Maritime Security Issues:
Margaret T. Wrightson, (415) 904-2200:
U.S. Coast Guard Issues:
Margaret T. Wrightson, (415) 904-2200:
Domestic Counterterrorism:
FBI Law Enforcement Issues:
Laurie E. Ekstrand, (202) 512-2758:
Money Laundering Issues:
Richard M. Stana, (202) 512-8816:
International Terrorist Financing Issues:
Loren Yager, (202) 512-4347:
Identification Counterfeiting and Fraud:
Robert J. Cramer, (202) 512-7227:
Social Security Number Fraud Issues:
Barbara D. Bovbjerg, (202) 512-5491:
Protecting Critical Infrastructures and Key Assets:
National Critical Infrastructure Protection Issues:
Robert F. Dacey, (202) 512-3317:
Cybersecurity Issues:
Robert F. Dacey, (202) 512-3317:
Protecting Government Buildings:
Mark L. Goldstein, (202) 512-6670:
Federal Protective Service Issues:
Mark L. Goldstein, (202) 512-6670:
Defense Installation Protection Issues:
Janet A. St. Laurent, (202) 512- 4402:
Financial Services Sector Security Issues:
Thomas J. McCool, (202) 512-8678:
Postal and Shipping Safety and Security Issues:
Katherine A. Siggerud, (202) 512-6570:
Nuclear Power and Weapons Security Issues:
Robin M. Nazzaro, (202) 512- 6246:
Water Utilities Security Issues:
Robin M. Nazzaro, (202) 512-6246:
Agricultural Sector Security Issues:
Larry Dykman, (202) 512-9692:
Chemical Plants Security Issues:
John B. Stephenson, (202) 512-6225:
Defending Against Catastrophic Threats:
Nonproliferation Issues: (Department of Energy):
Eugene E. Aloise, (202) 512-6870:
Nonproliferation Issues: (Department of State):
Joseph A. Christoff, (202) 512-8979:
Sales of Potentially Harmful Excess DOD Materials:
Robert J. Cramer, (202) 512-7227:
Bioterrorism Preparedness Issues:
Janet Heinrich, (202) 512-7250:
Bioterrorism Information Technology Issues:
David A. Powner, (202) 512-9286:
Defense Role in Weapons of Mass Destruction:
Sharon L. Pickup, (202) 512-9619:
Research and Development Issues:
Eugene E. Aloise, (202) 512-6870:
Emergency Preparedness and Response:
First Responder Emergency Preparedness Issues:
William O. Jenkins, (202) 512-8757:
Public Health Preparedness Issues:
Janet Heinrich, (202) 512- 7250:
Defense Support to Civilian Agencies:
Davi M. D'Agostino, (202) 512-5431:
Crosscutting Issues:
National Strategy Issues:
Norman J. Rabkin, (202) 512-8777:
Strategic Planning and Results Issues:
Bernice Steinhardt, (202) 512-6534:
Human Capital Management Issues:
Christopher J. Mihm, (202) 512-3236:
Budget Issues:
Paul L. Posner, (202) 512-9573:
Risk Management and Resource Allocation:
Scott R. Farrow, (202) 512-6669:
Information Technology Issues:
Randolph C. Hite, (202) 512-6256:
Acquisition Management:
Katherine V. Schinasi, (202) 512-4841:
Staff Acknowledgments:
The following persons made key contributions to this report: Stephen L.
Caldwell, Jared A. Hermalin, Wayne A. Ekblad, and Ricardo A. Marquez.
In addition, numerous other individuals across GAO made contributions
regarding the challenges faced in implementing the National Strategy
for Homeland Security.
[End of section]
Related GAO Products:
Intelligence and Warning:
Intelligence Reform: Human Capital Considerations Critical to 9/11
Commission's Proposed Reforms. GAO-04-1084T. Washington, D.C.:
September 14, 2004.
Information Technology: Foundational Steps Being Taken to Make Needed
FBI Systems Modernization Management Improvements. GAO-04-842.
Washington, D.C.: September 10, 2004.
Homeland Security: Communication Protocols and Risk Communication
Principles Can Assist in Refining the Advisory System. GAO-04-682.
Washington, D.C.: June 25, 2004.
FBI Transformation: Human Capital Strategies May Assist the FBI in Its
Commitment to Address Its Top Priorities. GAO-04-817T. Washington,
D.C.: June 3, 2004.
Security Clearances: FBI Has Enhanced Its Process for State and Local
Law Enforcement Officials. GAO-04-596. Washington, D.C.: April 30,
2004.
FBI Transformation: FBI Continues to Make Progress in Its Efforts to
Transform and Address Priorities. GAO-04-578T. Washington, D.C.: March
23, 2004.
Homeland Security: Risk Communication Principles May Assist in
Refinement of the Homeland Security Advisory System. GAO-04-538T.
Washington, D.C.: March 16, 2004.
Homeland Security Advisory System: Preliminary Observations Regarding
Threat Level Increases from Yellow to Orange. GAO-04-453R. Washington,
D.C.: February 26, 2004.
Drinking Water: Experts' Views on How Future Federal Funding Can Best
Be Spent to Improve Security. GAO-04-29. Washington, D.C.: October 31,
2003.
Homeland Security: Efforts to Improve Information Sharing Need to be
Strengthened. GAO-03-760. Washington, D.C.: August 27, 2003.
Post-Hearing Questions from the May 8, 2003, Hearing on Barriers to
Information Sharing at the Department of Homeland Security. GAO-03-
985R. Washington, D.C.: July 7, 2003.
Homeland Security: Information Sharing Responsibilities, Challenges,
and Key Management Issues. GAO-03-715T. Washington, D.C.: May 8, 2003.
Information Technology: Terrorist Watch Lists Should Be Consolidated to
Promote Better Integration and Sharing. GAO-03-322. Washington, D.C.:
April 15, 2003.
Combating Terrorism: Actions Needed to Improve Force Protection for DOD
Deployment through Domestic Seaports. GAO-03-15. Washington, D.C.:
October 22, 2002:
Homeland Security: Information Sharing Activities Face Continued
Management Challenges. GAO-02-1122T. Washington, D.C.: September 23,
2002.
Border and Transportation Security:
Port Security: Planning Needed to Develop and Operate Maritime Worker
Identification Card Program. GAO-05-106. Washington, D.C.: December 10,
2004.
Aviation Security: Preliminary Observations on TSA's Progress to Allow
Airports to Use Private Passenger and Baggage Screening. GAO-05-126.
Washington, D.C.: November 19, 2004.
General Aviation Security: Increased Federal Oversight Is Needed, but
Continued Partnership with the Private Sector is Critical to Long-Term
Success. GAO-05-144. Washington, D.C.: November 10, 2004.
Homeland Security: Management Challenges Remain in Transforming
Immigration Programs. GAO-05-81. Washington, D.C.: October 14, 2004.
Immigration Enforcement: DHS Has Incorporated Immigration Enforcement
Objectives and Is Addressing Future Planning Requirements. GAO-05-66.
Washington, D.C.: October 8, 2004.
Maritime Security: Better Planning Needed to Help Ensure an Effective
Port Security Assessment Program. GAO-04-1062. Washington, D.C.:
September 30, 2004.
Transportation Security R&D: TSA and DHS Are Researching and Developing
Technologies, but Need to Improve R&D Management. GAO-04-890.
Washington, D.C.: September 30, 2004.
Social Security Numbers: Use Is Widespread and Protections Vary in
Private and Public Sectors. GAO-04-1099T. Washington, D.C.: September
28, 2004.
Border Security: Joint, Coordinated Actions by State and DHS Needed to
Guide Biometric Visas and Related Programs. GAO-04-1080T. Washington,
D.C.: September 9, 2004.
Border Security: State Department Rollout of Biometric Visas on
Schedule, but Guidance Is Lagging. GAO-04-1001. Washington, D.C.:
September 9, 2004.
Maritime Security: Partnering Could Reduce Federal Costs and Facilitate
Implementation of Automatic Vessel Identification System. GAO-04-868.
Washington, D.C.: July 23, 2004.
Border Security: Additional Actions Needed to Eliminate Weaknesses in
the Visa Revocation Process. GAO-04-795. Washington, D.C.: July 13,
2004.
Maritime Security: Substantial Work Remains to Translate New Planning
Requirements into Effective Port Security. GAO-04-838. Washington,
D.C.: June 30, 2004.
Homeland Security: Performance of Information Systems to Monitor
Foreign Students and Exchange Visitors Has Improved but Issues Remain.
GAO-04-690. Washington, D.C.: June 18, 2004.
Border Security: Agencies Need to Better Coordinate Their Strategies
and Operations on Federal Lands. GAO-04-590. Washington, D.C.: June 16,
2004.
Aviation Security: Further Steps Needed to Strengthen the Security of
Commercial Airport Perimeters and Access Controls. GAO-04-728.
Washington, D.C.: June 4, 2004.
Homeland Security: First Phase of Visitor and Immigration Status
Program Operating, but Improvements Needed. GAO-04-586. Washington,
D.C.: May 11, 2004.
Aviation Security: Private Security Screening Contractors Have Little
Flexibility to Implement Innovative Approaches. GAO-04-505T.
Washington, D.C.: April 22, 2004.
Coast Guard: Key Management and Budget Challenges for Fiscal Year 2005
and Beyond. GAO-04-636T. Washington, D.C.: April 7, 2004.
Homeland Security: Summary of Challenges Faced in Targeting Oceangoing
Cargo Containers for Inspection. GAO-04-557T. Washington, D.C.: March
31, 2004.
Rail Security: Some Actions Taken to Enhance Passenger and Freight Rail
Security, but Significant Challenges Remain. GAO-04-598T. Washington,
D.C.: March 23, 2004.
Border Security: Improvements Needed to Reduce Time Taken to Adjudicate
Visas for Science Students and Scholars. GAO-04-371. Washington, D.C.:
February 25, 2004.
Border Security: Improvements Needed to Reduce Time Taken to Adjudicate
Visas for Science Students and Scholars. GAO-04-443T. Washington, D.C.:
February 25, 2004.
Coast Guard Programs: Relationship between Resources Used and Results
Achieved Needs to Be Clearer. GAO-04-432. Washington, D.C.: March 22,
2004.
Aviation Security: Computer-Assisted Passenger Prescreening System
Faces Significant Implementation Challenges. GAO-04-385. Washington,
D.C.: February 12, 2004.
The Department of Homeland Security Needs to Fully Adopt a Knowledge-
based Approach to Its Counter-MANPADS Development Program. GAO-04-341R.
Washington, D.C.: January 30, 2004.
Department of Homeland Security, Bureau of Customs and Border
Protection: Required Advance Electronic Presentation of Cargo
Information. GAO-04-319R. Washington, D.C.: December 18, 2003.
Homeland Security: Preliminary Observations on Efforts to Target
Security Inspections of Cargo Containers. GAO-04-325T. Washington,
D.C.: December 16, 2003.
Posthearing Questions Related to Aviation and Port Security. GAO-04-
315R. Washington, D.C.: December 12, 2003.
Aviation Security: Efforts to Measure Effectiveness and Strengthen
Security Programs. GAO-04-285T. Washington, D.C.: November 20, 2003.
Aviation Security: Efforts to Measure Effectiveness and Address
Challenges. GAO-04-232T. Washington, D.C.: November 5, 2003.
Homeland Security: Overstay Tracking Is a Key Component of a Layered
Defense. GAO-04-170T. Washington, D.C.: October 16, 2003.
Airport Passenger Screening: Preliminary Observations on Progress Made
and Challenges Remaining. GAO-03-1173. Washington, D.C.: September 24,
2003.
Homeland Security: Risks Facing Key Border and Transportation Security
Program Need to Be Addressed. GAO-03-1083. Washington, D.C.: September
19, 2003.
Maritime Security: Progress Made in Implementing Maritime
Transportation Security Act, but Concerns Remain. GAO-03-1155T.
Washington, D.C.: September 9, 2003.
Land Border Ports of Entry: Vulnerabilities and Inefficiencies in the
Inspections Process. GAO-03-1084R. Washington, D.C.: August 18, 2003.
Container Security: Expansion of Key Customs Programs Will Require
Greater Attention to Critical Success Factors. GAO-03-770. Washington,
D.C.: July 25, 2003.
Border Security: New Policies and Increased Interagency Coordination
Needed to Improve Visa Process. GAO-03-1013T. Washington, D.C.: July
15, 2003.
Border Security: New Policies and Procedures Are Needed to Fill Gaps in
the Visa Revocation Process. GAO-03-798. Washington, D.C.: June 18,
2003.
Border Security: New Policies and Procedures Are Needed to Fill Gaps in
the Visa Revocation Process. GAO-03-908T. Washington, D.C.: June 18,
2003.
Homeland Security: Challenges Facing the Department of Homeland
Security in Balancing Its Border Security and Trade Facilitation
Missions. GAO-03-902T. Washington, D.C.: June 16, 2003.
Transportation Security: Federal Action Needed to Address Security
Challenges. GAO-03-843. Washington, D.C.: June 30, 2003.
Counterfeit Documents Used to Enter the United States from Certain
Western Hemisphere Countries Not Detected. GAO-03-713T. Washington,
D.C.: May 13, 2003.
Transportation Security Research: Coordination Needed in Selecting and
Implementing Infrastructure Vulnerability Assessments. GAO-03-502.
Washington, D.C.: May 1, 2003.
Coast Guard: Challenges during the Transition to the Department of
Homeland Security. GAO-03-594T. Washington, D.C.: April 1, 2003.
Transportation Security: Post-September 11th Initiatives and Long-Term
Challenges. GAO-03-616T. Washington, D.C.: April 1, 2003.
Homeland Security: Challenges to Implementing the Immigration Interior
Enforcement Strategy. GAO-03-660T. Washington, D.C.: April 10, 2003.
Border Security: Challenges in Implementing Border Technology. GAO-03-
546T. Washington, D.C.: March 12, 2003.
Coast Guard: Comprehensive Blueprint Needed to Balance and Monitor
Resource Use and Measure Performance for All Missions. GAO-03-544T.
Washington, D.C.: March 12, 2003.
Homeland Security: Challenges Facing the Coast Guard as It Transitions
to the New Department. GAO-03-467T. Washington, D.C.: February 12,
2003.
Weaknesses in Screening Entrants into the United States. GAO-03-438T.
Washington, D.C.: January 30, 2003.
Aviation Safety: Undeclared Air Shipments of Dangerous Goods and DOT's
Enforcement Approach. GAO-03-22. Washington, D.C.: January 10, 2003.
Mass Transit: Federal Action Could Help Transit Agencies Address
Security Challenges. GAO-03-263. Washington, D.C.: December 13, 2002.
Border Security: Implications for Eliminating the Visa Waiver Program.
GAO-03-38. Washington, D.C.: November 22, 2002.
Homeland Security: INS Cannot Locate Many Aliens because It Lacks
Reliable Address Information. GAO-03-188. Washington, D.C.: November
21, 2002.
Technology Assessment: Using Biometrics for Border Security. GAO-03-
174. Washington, D.C.: November 15, 2002.
Coast Guard: Strategy Needed for Setting and Monitoring Levels of
Effort for All Missions. GAO-03-155. Washington, D.C.: November 12,
2002.
Border Security: Visa Process Should Be Strengthened as an
Antiterrorism Tool. GAO-03-132NI. Washington, D.C.: October 21, 2002.
Customs Service: Acquisition and Deployment of Radiation Detection
Equipment. GAO-03-235T. Washington, D.C.: October 17, 2002.
Mass Transit: Challenges in Securing Transit Systems. GAO-02-1075T.
Washington, D.C.: September 18, 2002.
Port Security: Nation Faces Formidable Challenges in Making New
Initiatives Successful. GAO-02-993T. Washington, D.C.: August 5, 2002.
Combating Terrorism: Preliminary Observations on Weaknesses in Force
Protection for DOD Deployments through Domestic Seaports. GAO-02-
955TNI. Washington, D.C.: July 23, 2002.
Aviation Security: Vulnerabilities in, and Alternatives for, Preboard
Screening Security Operations. GAO-01-1171T. Washington, D.C.:
September 25, 2001.
Aviation Security: Weaknesses in Airport Security and Options for
Assigning Screening Responsibilities. GAO-01-1165T. Washington, D.C.:
September 21, 2001.
Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve
Security at the Nation's Airports. GAO-01-1162T. Washington, D.C.:
September 20, 2001.
Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in
Aviation Security. GAO-01-1166T. Washington, D.C.: September 20, 2001.
Domestic Counterterrorism:
FBI Transformation: Data Inconclusive on Effects of Shift to
Counterterrorism-Related Priorities on Traditional Crime Enforcement.
GAO-04-1036. Washington, D.C.: August 31, 2004.
Combating Terrorism: Federal Agencies Face Continuing Challenges in
Addressing Terrorist Financing and Money Laundering. GAO-04-501T.
Washington, D.C.: March 4, 2004.
Investigations of Terrorist Financing, Money Laundering, and Other
Financial Crimes. GAO-04-464R. Washington, D.C.: February 20, 2004.
Terrorist Financing: U.S. Agencies Should Systematically Assess
Terrorists' Use of Alternative Financing Mechanisms. GAO-04-163.
Washington, D.C.: November 14, 2003.
Combating Money Laundering: Opportunities Exist to Improve the National
Strategy. GAO-03-813. Washington, D.C.: September 26, 2003.
FBI Reorganization: Progress Made in Efforts to Transform, but Major
Challenges Continue. GAO-03-759T. Washington, D.C.: June 18, 2003.
Information Technology: FBI Needs an Enterprise Architecture to Guide
Its Modernization Activities. GAO-03-959. Washington, D.C.: September
25, 2003.
FBI Reorganization: Initial Steps Encouraging, but Broad Transformation
Needed. GAO-02-865T. Washington, D.C.: June 21, 2002.
Foreign Languages: Workforce Planning Could Help Address Staffing and
Proficiency Shortfalls. GAO-02-514T. Washington, D.C.: March 12, 2002.
Foreign Languages: Human Capital Approach Needed to Correct Staffing
and Proficiency Shortfalls. GAO-02-375. Washington, D.C.: January 31,
2002.
Homeland Security: Justice Department's Project to Interview Aliens
after September 11, 2001. GAO-03-459. Washington, D.C.: April 11, 2003.
Critical Infrastructure Protection:
Homeland Security: Further Actions Needed to Coordinate Federal
Agencies' Facility Protection Efforts and Promote Key Practices. GAO-
05-49. Washington, D.C.: November 30, 2004.
U.S. Postal Service: Physical Security Measures Have Increased at Some
Core Facilities, but Security Problems Continue. GAO-05-48. Washington,
D.C.: November 16, 2004.
Financial Market Preparedness: Improvements Made, but More Action
Needed to Prepare for Wide-Scale Disasters. GAO-04-984. Washington,
D.C.: September 27, 2004.
Drinking Water: Experts' Views on How Federal Funding Can Best Be Spent
to Improve Security. GAO-04-1098T. Washington, D.C.: September 30,
2004.
Nuclear Regulatory Commission: Preliminary Observations on Efforts to
Improve Security at Nuclear Power Plants. GAO-04-1064T. Washington,
D.C.: September 14, 2004.
U.S. Postal Service: Better Guidance Is Needed to Ensure an Appropriate
Response to Anthrax Contamination. GAO-04-239. Washington, D.C.:
September 9, 2004.
Combating Terrorism: DOD Efforts to Improve Installation Preparedness
Can Be Enhanced with Clarified Responsibilities and Comprehensive
Planning. GAO-04-855. Washington, D.C.: August 9, 2004.
Public Key Infrastructure: Examples of Risk and Internal Control
Objectives Associated with Certification Authorities. GAO-04-1023R.
Washington, D.C.: August 10, 2004.
Homeland Security: Transformation Strategy Needed to Address Challenges
Facing the Federal Protective Service. GAO-04-537. Washington, D.C.:
July 14, 2004.
Information Security: Agencies Need to Implement Consistent Processes
in Authorizing Systems for Operation. GAO-04-376. Washington, D.C.:
June 28, 2004.
Critical Infrastructure Protection: Improving Information Sharing with
Infrastructure Sectors. GAO-04-780. Washington, D.C.: July 9, 2004.
National Nuclear Security Administration: Key Management Structure and
Workforce Planning Issues Remain as NNSA Conducts Downsizing. GAO-04-
545. Washington, D.C.: June 25, 2004.
Nuclear Security: Several Issues Could Impede Ability of DOE's Office
of Energy, Science, and Environment to Meet the May 2003 Design Basis
Threat. GAO-04-894T. Washington, D.C.: June 22, 2004.
Information Security: Information System Controls at the Federal
Deposit Insurance Corporation. GAO-04-630. Washington, D.C.: May 28,
2004.
Posthearing Questions Related to Fragmentation and Overlap in the
Federal Food Safety System. GAO-04-832R. Washington, D.C.: May 26,
2004.
Terrorism Insurance: Effects of Terrorism Risk Insurance Act of 2002.
GAO-04-720T. Washington, D.C.: April 28, 2004.
Nuclear Security: DOE Needs to Resolve Significant Issues before It
Fully Meets the New Design Basis Threat. GAO-04-623. Washington, D.C.:
April 27, 2004.
Terrorism Insurance: Implementation of the Terrorism Risk Insurance Act
of 2002. GAO-04-307. Washington, D.C.: April 23, 2004.
Critical Infrastructure Protection: Establishing Effective Information
Sharing with Infrastructure Sectors. GAO-04-699T. Washington, D.C.:
April 21, 2004.
Homeland Security: Federal Action Needed to Address Security Challenges
at Chemical Facilities. GAO-04-482T. Washington, D.C.: February 23,
2004.
Posthearing Questions from the September 17, 2003, Hearing on
"Implications of Power Blackouts for the Nation's Cybersecurity and
Critical Infrastructure Protection: The Electric Grid, Critical
Interdependencies, Vulnerabilities, and Readiness". GAO-04-300R.
Washington, D.C.: December 8, 2003.
Security: Counterfeit Identification Raises Homeland Security
Concerns. GAO-04-133T. Washington, D.C.: October 1, 2003.
Nuclear Regulatory Commission: Oversight of Security at Commercial
Nuclear Power Plants Needs to Be Strengthened. GAO-03-752. Washington,
D.C.: September 4, 2003.
Nuclear Security: DOE Faces Security Challenges in the Post September
11, 2001, Environment. GAO-03-896TNI. Washington, D.C.: June 24, 2003.
Nuclear Security: NNSA Needs to Better Manage Its Safeguards and
Security Program. GAO-03-471. Washington, D.C.: May 30, 2003.
Homeland Security: EPA's Management of Clean Air Act Chemical Facility
Data. GAO-03-509R. Washington, D.C.: March 14, 2003.
Homeland Security: Voluntary Initiatives Are Under Way at Chemical
Facilities, but the Extent of Security Preparedness Is Unknown. GAO-03-
439. Washington, D.C.: March 14, 2003.
Potential Terrorist Attacks: Additional Actions Needed to Better
Prepare Critical Financial Market Participants. GAO-03-414.
Washington, D.C.: February 12, 2003.
Potential Terrorist Attacks: More Actions Needed to Better Prepare
Critical Financial Markets. GAO-03-468T. Washington, D.C.: February 12,
2003.
Potential Terrorist Attacks: Additional Actions Needed to Better
Prepare Critical Financial Market Participants. GAO-03-251.
Washington, D.C.: February 12, 2003.
High-Risk Series: Protecting Information Systems Supporting the Federal
Government and the Nation's Critical Infrastructures. GAO-03-121.
Washington, D.C.: January 1, 2003.
Information Security: Progress Made, but Challenges Remain to Protect
Federal Systems and the Nation's Critical Infrastructures. GAO-03-564T.
Washington, D.C.: April 8, 2003.
Critical Infrastructure Protection: Significant Homeland Security
Challenges Need to Be Addressed. GAO-02-918T. Washington, D.C.: July 9,
2002.
Combating Terrorism: Actions Needed to Guide Services' Antiterrorism
Efforts at Installations. GAO-03-14. Washington, D.C.: November 1,
2002.
Homeland Security: Department of Justice's Response to Its
Congressional Mandate to Assess and Report on Chemical Industry
Vulnerabilities. GAO-03-24R. Washington, D.C.: October 10, 2002.
Building Security: Interagency Security Committee Has Had Limited
Success in Fulfilling Its Responsibilities. GAO-02-1004. Washington,
D.C.: September 17, 2002.
Chemical Safety: Emergency Response Community Views on the Adequacy of
Federally Required Chemical Information. GAO-02-799. Washington, D.C.:
July 31, 2002.
Information Security: Corps of Engineers Making Improvements, but
Weaknesses Continue. GAO-02-589. Washington, D.C.: June 10, 2002.
Security Breaches at Federal Buildings in Atlanta, Georgia. GAO-02-
668T. Washington, D.C.: April 30, 2002.
National Preparedness: Technologies to Secure Federal Buildings. GAO-
02-687T. Washington, D.C.: April 25, 2002.
Diffuse Security Threats: Technologies for Mail Sanitation Exist, but
Challenges Remain. GAO-02-365. Washington, D.C.: April 23, 2002.
Terrorism Insurance: Rising Uninsured Exposure to Attacks Heightens
Potential Economic Vulnerabilities. GAO-02-472T. Washington, D.C.:
February 27, 2002.
Critical Infrastructure Protection: Significant Challenges in
Safeguarding Government and Privately Controlled Systems from Computer-
Based Attacks. GAO-01-1168T. Washington, D.C.: September 26, 2001.
Combating Terrorism: Actions Needed to Improve DOD Antiterrorism
Program Implementation and Management. GAO-01-909. Washington, D.C.:
September 19, 2001.
Critical Infrastructure Protection: Significant Challenges in
Protecting Federal Systems and Developing Analysis and Warning
Capabilities. GAO-01-1132T. Washington, D.C.: September 12, 2001.
Defending against Catastrophic Threats:
Nuclear Nonproliferation: DOE Needs to Consider Options to Accelerate
the Return of Weapons-Usable Uranium from Other Countries to the United
States and Russia. GAO-05-57. Washington, D.C.: November 19, 2004.
Nuclear Nonproliferation: DOE Needs to Take Action to Further Reduce
the Use of Weapons-Usable Uranium in Civilian Nuclear Reactors. GAO-04-
807. Washington, D.C.: July 30, 2004.
Department of State: Nonproliferation, Anti-terrorism, Demining, and
Related Programs Follow Legal Authority, but Some Activities Need
Reassessment. GAO-04-521. Washington, D.C.: April 30, 2004.
Nonproliferation: Improvements Needed for Controls on Exports of Cruise
Missile and Unmanned Aerial Vehicle Technology. GAO-04-493T.
Washington, D.C.: March 9, 2004.
Missile Defense: Actions Being Taken to Address Testing
Recommendations, but Updated Assessment Needed. GAO-04-254.
Washington, D.C.: February 26, 2004.
Weapons of Mass Destruction: Defense Threat Reduction Agency Addresses
Broad Range of Threats, but Performance Reporting Can Be Improved. GAO-
04-330. Washington, D.C.: February 13, 2004.
Nonproliferation: Strategy Needed to Strengthen Multilateral Export
Control Regimes. GAO-03-43. Washington, D.C.: October 25, 2002.
Chemical and Biological Defense: DOD Should Clarify Expectations for
Medical Readiness. GAO-02-219T. Washington, D.C.: November 7, 2001.
Chemical and Biological Defense: DOD Needs to Clarify Expectations in
Medical Readiness. GAO-02-38. Washington, D.C.: October 19, 2001.
Combating Terrorism: Considerations for Investing Resources in Chemical
and Biological Preparedness. GAO-02-162T. Washington, D.C.: October 17,
2001.
Bioterrorism: Review of Public Health Preparedness Programs. GAO-02-
149T. Washington, D.C.: October 10, 2001.
Bioterrorism: Public Health and Medical Preparedness. GAO-02-141T.
Washington, D.C.: October 9, 2001.
Bioterrorism: Coordination and Preparedness. GAO-02-129T. Washington,
D.C.: October 5, 2001.
Bioterrorism: Federal Research and Preparedness Activities. GAO-01-
915. Washington, D.C.: September 28, 2001.
Emergency Preparedness and Response:
Effective Regional Coordination Can Enhance Emergency Preparedness.
GAO-04-1009. Washington, D.C.: September 15, 2004.
Infectious Disease Preparedness: Federal Challenges in Responding to
Influenza Outbreaks. GAO-04-1100T. Washington, D.C.: September 28,
2004.
Homeland Security: Federal Leadership Needed to Facilitate
Interoperable Communications between First Responders. GAO-04-1057T.
Washington, D.C.: September 8, 2004.
September 11: Health Effects in the Aftermath of the World Trade Center
Attack. GAO-04-1068T. Washington, D.C.: September 8, 2004.
HHS's Efforts to Promote Health Information Technology and Legal
Barriers to Its Adoption. GAO-04-991R. Washington, D.C.: August 13,
2004.
Health Care: National Strategy Needed to Accelerate the Implementation
of Information Technology. GAO-04-947T. Washington, D.C.: July 14,
2004.
Homeland Security: Coordinated Planning and Standards Needed to Better
Manage First Responder Grants in the National Capital Region. GAO-04-
904T. Washington, D.C.: June 24, 2004.
Homeland Security: Management of First Responder Grants in the National
Capital Region Reflects the Need for Coordinated Planning and
Performance Goals. GAO-04-433. Washington, D.C.: May 28, 2004.
Homeland Security: DHS Needs a Strategy to Use DOE's Laboratories for
Research on Nuclear, Biological, and Chemical Detection and Response
Technologies. GAO-04-653. Washington, D.C.: May 24, 2004.
Emergency Preparedness: Federal Funds for First Responders. GAO-04-
788T. Washington, D.C.: May 13, 2004.
National Emergency Grants: Labor Is Instituting Changes to Improve
Award Process, but Further Actions Are Required to Expedite Grant
Awards and Improve Data. GAO-04-496. Washington, D.C.: April 16, 2004.
Project SAFECOM: Key Cross-Agency Emergency Communications Effort
Requires Stronger Collaboration. GAO-04-494. Washington, D.C.: April
16, 2004.
Public Health Preparedness: Response Capacity Improving, but Much
Remains to Be Accomplished. GAO-04-458T. Washington, D.C.: February 12,
2004.
HHS Bioterrorism Preparedness Programs: States Reported Progress but
Fell Short of Program Goals for 2002. GAO-04-360R. Washington, D.C.:
February 10, 2004.
Smallpox Vaccination: Review of the Implementation of the Military
Program. GAO-04-215R. Washington, D.C.: December 1, 2003.
Homeland Security: Challenges in Achieving Interoperable
Communications for First Responders. GAO-04-231T. Washington, D.C.:
November 6, 2003.
September 11: Overview of Federal Disaster Assistance to the New York
City Area. GAO-04-72. Washington, D.C.: October 31, 2003.
U.S. Postal Service: Clear Communication with Employees Needed before
Reopening the Brentwood Facility. GAO-04-205T. Washington, D.C.:
October 23, 2003.
Bioterrorism: Public Health Response to Anthrax Incidents of 2001. GAO-
04-152. Washington, D.C.: October 15, 2003.
Infectious Diseases: Gaps Remain in Surveillance Capabilities of State
and Local Agencies. GAO-03-1176T. Washington, D.C.: September 24, 2003.
Homeland Security: Reforming Federal Grants to Better Meet Outstanding
Needs. GAO-03-1146T. Washington, D.C.: September 3, 2003.
Hospital Preparedness: Most Urban Hospitals Have Emergency Plans but
Lack Certain Capacities for Bioterrorism Response. GAO-03-924.
Washington, D.C.: August 6, 2003.
Severe Acute Respiratory Syndrome: Established Infectious Disease
Control Measures Helped Contain Spread, but a Large-Scale Resurgence
May Pose Challenges. GAO-03-1058T. Washington, D.C.: July 30, 2003.
Homeland Defense: DOD Needs to Assess the Structure of U.S. Forces for
Domestic Military Missions. GAO-03-670. Washington, D.C.: July 11,
2003.
U.S. Postal Service: Issues Associated with Anthrax Testing at the
Wallingford Facility. GAO-03-787T. Washington, D.C.: May 19, 2003.
SARS Outbreak: Improvements to Public Health Capacity Are Needed for
Responding to Bioterrorism and Emerging Infectious Diseases. GAO-03-
769T. Washington, D.C.: May 7, 2003.
Smallpox Vaccination: Implementation of National Program Faces
Challenges. GAO-03-578. Washington, D.C.: April 30, 2003.
Homeland Defense: Preliminary Observations on How Overseas and Domestic
Missions Impact DOD Forces. GAO-03-677T. Washington, D.C.: April 29,
2003.
Infectious Disease Outbreaks: Bioterrorism Preparedness Efforts Have
Improved Public Health Response Capacity, but Gaps Remain. GAO-03-654T.
Washington, D.C.: April 9, 2003.
Bioterrorism: Preparedness Varied across State and Local Jurisdictions.
GAO-03-373. Washington, D.C.: April 7, 2003.
Homeland Security: CDC's Oversight of the Select Agent Program. GAO-03-
315R. Washington, D.C.: November 22, 2002.
Homeland Security: New Department Could Improve Coordination, but
Transferring Control of Certain Public Health Programs Raises Concerns.
GAO-02-954T. Washington, D.C.: July 16, 2002.
Homeland Security: New Department Could Improve Biomedical R&D
Coordination but May Disrupt Dual-Purpose Efforts. GAO-02-924T.
Washington, D.C.: July 9, 2002.
Homeland Security: New Department Could Improve Coordination but May
Complicate Public Health Priority Setting. GAO-02-883T. Washington,
D.C.: June 25, 2002.
Combating Terrorism: Intergovernmental Cooperation in the Development
of a National Strategy to Enhance State and Local Preparedness. GAO-02-
550T. Washington, D.C.: April 2, 2002.
Combating Terrorism: Enhancing Partnerships through a National
Preparedness Strategy. GAO-02-549T. Washington, D.C.: March 28, 2002.
Combating Terrorism: Critical Components of a National Strategy to
Enhance State and Local Preparedness. GAO-02-548T. Washington, D.C.:
March 25, 2002.
Combating Terrorism: Intergovernmental Partnership in a National
Strategy to Enhance State and Local Preparedness. GAO-02-547T.
Washington, D.C.: March 22, 2002.
Combating Terrorism: Key Aspects of a National Strategy to Enhance
State and Local Preparedness. GAO-02-473T. Washington, D.C.: March 1,
2002.
Bioterrorism: The Centers for Disease Control and Prevention's Role in
Public Health Protection. GAO-02-235T. Washington, D.C.: November 15,
2001.
Homeland Security: A Risk Management Approach Can Guide Preparedness
Efforts. GAO-02-208T. Washington, D.C.: October 31, 2001.
Anthrax Vaccine: Changes to the Manufacturing Process. GAO-02-181T.
Washington, D.C.: October 23, 2001.
Homeland Security: Need to Consider VA's Role in Strengthening Federal
Preparedness. GAO-02-145T. Washington, D.C.: October 15, 2001.
Crosscutting Issues:
Homeland Security: Further Action Needed to Promote Successful Use of
Special DHS Acquisition Authority. GAO-05-136. Washington, D.C.:
December 15, 2004.
Information Technology: Major Federal Networks That Support Homeland
Security Functions. GAO-04-375. Washington, D.C.: September 17, 2004.
Homeland Security: Observations on the National Strategies Related to
Terrorism. GAO-04-1075T. Washington, D.C.: September 22, 2004:
Homeland Security: Efforts Under Way to Develop Enterprise
Architecture, but Much Work Remains. GAO-04-777. Washington, D.C.:
August 6, 2004.
Department of Homeland Security: Formidable Information and Technology
Management Challenge Requires Institutional Approach. GAO-04-702.
Washington, D.C.: August 27, 2004.
9/11 Commission Report: Reorganization, Transformation, and
Information Sharing. GAO-04-1033T. Washington, D.C.: August 3, 2004.
Human Capital: Building on the Current Momentum to Transform the
Federal Government. GAO-04-976T. Washington, D.C.: July 20, 2004.
Financial Management: Department of Homeland Security Faces Significant
Financial Management Challenges. GAO-04-774. Washington, D.C.: July 19,
2004.
Status of Key Recommendations GAO Has Made to DHS and Its Legacy
Agencies. GAO-04-865R. Washington, D.C.: July 2, 2004.
Department of Homeland Security: Financial Management Challenges. GAO-
04-945T. Washington, D.C.: July 8, 2004.
The Chief Operating Officer Concept and Its Potential Use as a Strategy
to Improve Management at the Department of Homeland Security. GAO-04-
876R. Washington, D.C.: June 28, 2004.
Human Capital: DHS Faces Challenges in Implementing Its New Personnel
System. GAO-04-790. Washington, D.C.: June 18, 2004.
Information Technology: Homeland Security Should Better Balance Need
for System Integration Strategy with Spending for New and Enhanced
Systems. GAO-04-509. Washington, D.C.: May 21, 2004.
Additional Posthearing Questions Related to the Proposed Department of
Homeland Security Human Capital Regulations. GAO-04-617R. Washington,
D.C.: April 30, 2004.
Transfer of Budgetary Resources to the Department of Homeland Security.
GAO-04-329R. Washington, D.C.: April 30, 2004.
Reserve Forces: Observations on Recent National Guard Use in Overseas
and Homeland Missions and Future Challenges. GAO-04-670T. Washington,
D.C.: April 29, 2004.
Human Capital: Opportunities to Improve Federal Continuity Planning
Guidance. GAO-04-384. Washington, D.C.: April 20, 2004.
Combating Terrorism: Evaluation of Selected Characteristics in National
Strategies Related to Terrorism. GAO-04-408T. Washington, D.C.:
February 3, 2004.
Homeland Security: Information Sharing Responsibilities, Challenges,
and Key Management Issues. GAO-03-1165T. Washington, D.C.: September
17, 2003.
Department of Homeland Security: Challenges and Steps in Establishing
Sound Financial Management. GAO-03-1134T. Washington, D.C.: September
10, 2003.
Combating Terrorism: Observations on National Strategies Related to
Terrorism. GAO-03-519T. Washington, D.C.: March 3, 2003.
Major Management Challenges and Program Risks: A Governmentwide
Perspective. GAO-03-95. Washington, D.C.: January 1, 2003.
Major Management Challenges and Program Risks: Department of Homeland
Security. GAO-03-102. Washington, D.C.: January 1, 2003.
Major Management Challenges and Program Risks: Department of Justice.
GAO-03-105. Washington, D.C.: January 1, 2003.
Major Management Challenges and Program Risks: Federal Emergency
Management Agency. GAO-03-113. Washington, D.C.: January 1, 2003.
Combating Terrorism: Funding Data Reported to Congress Should Be
Improved. GAO-03-170. Washington, D.C.: November 26, 2002.
Highlights of a GAO Forum on Mergers and Transformation: Lessons
Learned for a Department of Homeland Security and Other Federal
Agencies. GAO-03-293SP. Washington, D.C.: November 14, 2002.
Homeland Security: Management Challenges Facing Federal Leadership.
GAO-03-260. Washington, D.C.: December 20, 2002.
Homeland Security: Effective Intergovernmental Coordination Is Key to
Success. GAO-02-1013T. Washington, D.C.: August 23, 2002.
Homeland Security: Effective Intergovernmental Coordination Is Key to
Success. GAO-02-1012T. Washington, D.C.: August 22, 2002.
Homeland Security: Effective Intergovernmental Coordination Is Key to
Success. GAO-02-1011T. Washington, D.C.: August 20, 2002.
Homeland Security: Critical Design and Implementation Issues. GAO-02-
957T. Washington, D.C.: July 17, 2002.
Homeland Security: Title III of the Homeland Security Act of 2002. GAO-
02-927T. Washington, D.C.: July 9, 2002.
Homeland Security: Intergovernmental Coordination and Partnership Will
Be Critical to Success. GAO-02-901T. Washington, D.C.: July 3, 2002.
Homeland Security: Intergovernmental Coordination and Partnership Will
Be Critical to Success. GAO-02-900T. Washington, D.C.: July 2, 2002.
Homeland Security: Intergovernmental Coordination and Partnership Will
Be Critical to Success. GAO-02-899T. Washington, D.C.: July 1, 2002.
Homeland Security: New Department Could Improve Coordination but May
Complicate Priority Setting. GAO-02-893T. Washington, D.C.: June 28,
2002.
Homeland Security: Proposal for Cabinet Agency Has Merit, but
Implementation Will be Pivotal to Success. GAO-02-886T. Washington,
D.C.: June 25, 2002.
Homeland Security: Key Elements to Unify Efforts Are Underway, but
Uncertainty Remains. GAO-02-610. Washington, D.C.: June 7, 2002.
National Preparedness: Integrating New and Existing Technology and
Information Sharing into an Effective Homeland Security Strategy. GAO-
02-811T. Washington, D.C.: June 7, 2002.
Homeland Security: Responsibility and Accountability for Achieving
National Goals. GAO-02-627T. Washington, D.C.: April 11, 2002.
National Preparedness: Integration of Federal, State, Local, and
Private Sector Efforts Is Critical to an Effective National Strategy
for Homeland Security. GAO-02-621T. Washington, D.C.: April 11, 2002.
Homeland Security: Progress Made; More Direction and Partnership
Sought. GAO-02-490T. Washington, D.C.: March 12, 2002.
Homeland Security: Challenges and Strategies in Addressing Short-and
Long-Term National Needs. GAO-02-160T. Washington, D.C.: November 7,
2001.
Homeland Security: Key Elements of a Risk Management Approach. GAO-02-
150T. Washington, D.C.: October 12, 2001.
Homeland Security: A Framework for Addressing the Nation's Efforts.
GAO-01-1158T. Washington, D.C.: September 21, 2001.
Combating Terrorism: Selected Challenges and Related Recommendations.
GAO-01-822. Washington, D.C.: September 20, 2001.
FOOTNOTES
[1] Homeland Security Act of 2002, Pub.L. 107-296 (Nov. 25, 2002).
[2] See GAO, Combating Terrorism: Evaluation of Selected
Characteristics in National Strategies Related to Terrorism,
GAO-04-408T (Washington, D.C.: Feb. 3, 2004).
[3] See GAO, Homeland Security: Selected Recommendations from
Congressionally Chartered Commissions and GAO, GAO-04-591 (Washington,
D.C.: Mar. 31, 2004).
[4] See GAO, Status of Key Recommendations GAO Has Made to DHS and Its
Legacy Agencies, GAO-04-865R (Washington, D.C.: July 2, 2004).
[5] See GAO, Homeland Security: Observations on the National Strategies
Related to Terrorism, GAO-04-1075T (Washington, D.C.: Sept. 22, 2004).
[6] There were several other related national strategies issued
subsequent to the National Strategy for Homeland Security. These
include the National Money Laundering Strategy, the National Security
Strategy, the National Strategy to Combat Weapons of Mass Destruction,
the National Strategy for Combating Terrorism, the National Strategy
for the Physical Protection of Critical Infrastructure and Key Assets,
and the National Strategy to Secure Cyberspace. For our analysis of all
of these strategies, see GAO-04-408T.
[7] The strategy also includes a discussion of "foundations," which we
did not identify separately in our analysis. The strategy describes
these foundations as unique American strengths that cut across all
sectors of society, such as law, science and technology, information
sharing and systems, and international cooperation. The discussion of
these foundations overlaps with the six mission areas. For example, the
initiative to improve international shipping security is covered by
both the mission area of Border and Transportation Security as well as
the foundation of international cooperation. To some extent, our
discussion of crosscutting issues also acknowledges issues that cut
across all sectors.
[8] Red-team techniques are those where the U.S. government would
create a team that plays the role of terrorists in terms of identifying
vulnerabilities and planning attacks.
[9] See GAO, Major Management Challenges and Program Risks, Department
of Homeland Security, GAO-03-102 (Washington, D.C.: Jan. 24, 2003).
[10] This definition is from the Office of Management and Budget's
(OMB) 2003 Report to Congress on Combating Terrorism (Washington, D.C.:
Sept. 2003).
[11] OMB, Analytical Perspectives, Budget of the United States
Government, Fiscal Year 2005 (Washington, D.C.: Feb. 2004). OMB did not
break the Intelligence Community spending down to the level of
individual agencies.
[12] See GAO, Combating Terrorism: Funding Data Reported to Congress
Should Be Improved, GAO-03-170 (Washington, D.C.: Nov. 26, 2002).
[13] See GAO, Information Technology: FBI Needs an Enterprise
Architecture to Guide Its Modernization Activities, GAO-03-959
(Washington, D.C.: Sept. 25, 2003).
[14] See GAO, Homeland Security: Efforts to Improve Information Sharing
Need to Be Strengthened, GAO-03-760 (Washington, D.C.: Aug. 27, 2003).
[15] See GAO, Homeland Security: Voluntary Initiatives Are Under Way at
Chemical Facilities, but the Extent of Security Preparedness is
Unknown, GAO-03-439 (Washington, D.C.: Mar. 14, 2003); Drinking Water:
Experts' Views on How Future Federal Funding Can Best Be Spent to
Improve Security, GAO-04-29 (Washington, D.C.: Oct. 31, 2003).
[16] See GAO, Information Technology: Terrorist Watch Lists Should Be
Consolidated to Promote Better Integration and Sharing, GAO-03-322
(Washington, D.C.: Apr. 15, 2003).
[17] See GAO, Homeland Security: Risk Communication Principles May
Assist in Refinement of the Homeland Security Advisory System,
GAO-04-538T (Washington, D.C.: Mar. 16, 2004).
[18] This definition is from OMB's 2003 Report to Congress on Combating
Terrorism (Washington, D.C.: Sept. 2003).
[19] OMB, Analytical Perspectives, Budget of the United States
Government, Fiscal Year 2005 (Washington, D.C.: Feb. 2004).
[20] See GAO-03-170.
[21] See GAO, Homeland Security: Challenges Facing the Department of
Homeland Security in Balancing its Border Security and Trade
Facilitation Missions, GAO-03-902T (Washington, D.C.: June 16, 2003).
[22] See GAO, Land Border Points of Entry: Vulnerabilities and
Inefficiencies in the Inspections Process, GAO-03-1084R (Washington,
D.C.: Aug. 18, 2003); and GAO-03-902T.
[23] See GAO, Information Security: Challenges in Using Biometrics,
GAO-03-1137T (Washington, D.C.: Sept. 9, 2003); Technology Assessment:
Using Biometrics for Border Security, GAO-03-174 (Washington, D.C.:
Nov. 15, 2002); and Border Security: Challenges in Implementing Border
Technology, GAO-03-546T (Washington, D.C.: Mar. 12, 2003).
[24] See GAO, Customs Service: Acquisition and Deployment of Radiation
Detection Equipment, GAO-03-235T (Washington, D.C.: Oct. 17, 2002).
[25] See GAO, Border Security: Visa Process Should Be Strengthened as
an Antiterrorism Tool, GAO-03-132NI (Washington, D.C.: Oct. 21, 2002).
[26] See GAO, Border Security: New Policies and Procedures Are Needed
to Fill Gaps in the Visa Revocation Process, GAO-03-1013T (Washington,
D.C.: June 18, 2003).
[27] See GAO, Border Security: Implications of Eliminating the Visa
Waiver Program, GAO-03-38 (Washington, D.C.: Nov. 22, 2002).
[28] See GAO, Border Security: Improvements Needed to Reduce Time Taken
to Adjudicate Visas for Science Students and Scholars, GAO-04-371
(Washington, D.C.: Feb. 26, 2004).
[29] See GAO, Visa Operations at U.S. Posts in Canada, GAO-04-708R
(Washington, D.C.: May 18, 2004).
[30] See GAO, Homeland Security: Risks Facing Key Border and
Transportation Security Program Need to Be Addressed, GAO-04-569T
(Washington, D.C.: Mar. 18, 2004).
[31] See GAO, Homeland Security: First Phase of Visitor and Immigration
Status Program Operating, but Improvements Needed, GAO-04-586
(Washington, D.C.: May 11, 2004).
[32] See GAO, Aviation Security: Challenges Delay Implementation of
Computer-Assisted Passenger Prescreening System, GAO-04-504T
(Washington, D.C.: Mar. 17, 2004); and Aviation Security: Computer-
Assisted Passenger Prescreening System Faces Significant
Implementation Challenges, GAO-04-385 (Washington, D.C.: Feb. 12,
2004).
[33] GAO, Aviation Security: Challenges Exist in Stabilizing and
Enhancing Passenger and Baggage Screening Operations, GAO-04-440T
(Washington, D.C.: Feb. 12, 2004); and Aviation Security: Private
Screening Contractors Have Little Flexibility to Implement Innovative
Approaches, GAO-04-505T (Washington, D.C.: Apr. 22, 2004).
[34] See GAO, Aviation Security: Further Steps Needed to Strengthen the
Security of Commercial Airport Perimeters and Access Controls,
GAO-04-728 (Washington, D.C.: June 4, 2004).
[35] See GAO, The Department of Homeland Security Needs to Fully Adopt
a Knowledge-based Approach to Its Counter-MANPADS Development Program,
GAO-04-341R (Washington, D.C.: Jan. 30, 2004).
[36] See GAO, Nonproliferation: Further Improvements Needed in U.S.
Efforts to Counter Treats from Man-Portable Air Defense Systems,
GAO-04-519 (Washington, D.C.: May 12, 2004).
[37] See GAO, Transportation Security: Post-September 11th Initiatives
and Long-Term Challenges, GAO-03-616T (Washington, D.C.: Mar. 31,
2003), and Transportation Security: Federal Action Needed to Enhance
Security Efforts, GAO-03-1154T (Washington, D.C.: Sept. 9, 2003).
[38] Federal hazardous material transportation law defines a hazardous
material as a substance or material that the Secretary of
Transportation has determined is capable of posing an unreasonable risk
to health, safety, and property when transported in commerce (49 U.S.C.
§ 5103). It includes hazardous substances such as ammonia, hazardous
wastes from chemical manufacturing processes, and elevated temperature
materials such as molten aluminum.
[39] See GAO, Maritime Security: Progress Made in Implementing Maritime
Transportation Security Act, but Concerns Remain, GAO-03-1155T
(Washington, D.C.: Sept. 9, 2003).
[40] See GAO, Container Security: Expansion of Key Customs Programs
Will Require Greater Attention to Critical Success Factors, GAO-03-770
(Washington, D.C.: July 25, 2003).
[41] See GAO, Homeland Security: Summary of Challenges Faced in
Targeting Oceangoing Cargo Containers for Inspection, GAO-04-557T
(Washington, D.C.: Mar. 31, 2004)
[42] See GAO, Contract Management: Coast Guard's Deepwater Program
Needs Increased Attention to Management and Contract Oversight,
GAO-04-380 (Washington, D.C.: Mar. 9, 2004).
[43] See GAO, Coast Guard: Deepwater Program Acquisition Schedule
Update Needed, GAO-04-695, (Washington, D.C.: June 9, 2004)
[44] This definition is based on that used by OMB in its 2003 Report to
Congress on Combating Terrorism (Washington, D.C.: Sept. 2003).
[45] OMB, Analytical Perspectives, Budget of the United States
Government, Fiscal Year 2005 (Washington, D.C.: Feb. 2004).
[46] See GAO, Combating Terrorism: Funding Data Reported to Congress
Should Be Improved, GAO-03-170 (Washington, D.C.: Nov. 26, 2002).
[47] See GAO, FBI Transformation: FBI Continues to Make Progress in Its
Efforts to Transform and Address Priorities, GAO-04-578T (Washington,
D.C.: Mar. 23, 2004); FBI Reorganization: Progress Made in Efforts to
Transform, but Major Challenges Continue, GAO-03-759T (Washington,
D.C.: June 18, 2003); Information Technology: FBI Needs an Enterprise
Architecture to Guide Its Modernization Activities, GAO-03-959
(Washington, D.C.: Sept. 25, 2003); FBI Reorganization: Initial Steps
Encouraging but Broad Transformation Needed, GAO-02-865T (Washington,
D.C.: June 21, 2002); Foreign Languages: Workforce Planning Could Help
Address Staffing and Proficiency Shortfalls, GAO-02-514T (Washington,
D.C.: Mar. 12, 2002); and Foreign Languages: Human Capital Approach
Needed to Correct Staffing and Proficiency Shortfalls, GAO-02-375
(Washington, D.C.: Jan. 31, 2002).
[48] See GAO, Combating Money Laundering: Opportunities Exist to
Improve the National Strategy, GAO-03-813 (Washington, D.C.: Sept. 26,
2003).
[49] See GAO, Investigations of Terrorist Financing, Money Laundering,
and Other Financial Crimes, GAO-04-464R (Washington, D.C.: Feb. 20,
2004).
[50] See GAO, Terrorist Financing: U.S. Agencies Should Systematically
Assess Terrorists' Use of Alternative Financing Mechanisms, GAO-04-163
(Washington, D.C.: Nov. 14, 2003).
[51] See GAO, Counterfeit Identification Raises Homeland Security
Concerns, GAO-04-133T (Washington, D.C.: Oct. 1, 2003); Security
Breaches at Federal Buildings in Atlanta, Georgia, GAO-02-668T
(Washington, D.C.: Apr. 30, 2002).
[52] See GAO, Social Security Administration: Actions Taken to
Strengthen Procedures for Issuing Social Security Numbers to
Noncitizens, but Some Weaknesses Remain, GAO-04-12 (Washington, D.C.:
Oct. 15, 2003).
[53] This definition is from OMB's 2003 Report to Congress on Combating
Terrorism (Washington, D.C.: Sept. 2003).
[54] OMB, Analytical Perspectives, Budget of the United States
Government, Fiscal Year 2005 (Washington, D.C.: Feb. 2004).
[55] In December 2003, the President issued HSPD-7, which established a
national policy for federal departments and agencies to identify and
prioritize critical infrastructure and key resources and to protect
them from terrorist attacks. It superseded Presidential Decision
Directive 63 and defines responsibilities for DHS, sector-specific
agencies (formerly referred to as sector liaisons) and other
departments and agencies.
[56] See GAO, Critical Infrastructure Protection: Establishing
Effective Information Sharing with Infrastructure Sectors, GAO-04-699T
(Washington, D.C.: Apr. 21, 2004).
[57] See GAO, High-Risk Series: Federal Real Property, GAO-03-122
(Washington, D.C.: Jan. 1, 2003).
[58] See GAO-02-668T and Counterfeit Identification and Identification
Fraud Raise Security Concerns, GAO-03-1147T (Washington, D.C.: Sept. 9,
2003)
[59] See GAO, Homeland Security: Transformation Strategy Needed to
Address Challenges Facing the Federal Protective Service, GAO-04-537
(Washington, D.C.: July 14, 2004).
[60] See GAO, Financial Market Preparedness: Improvements Made, but
More Action Needed to Prepare for Wide-Scale Disasters, GAO-04-984
(Washington, D.C.: Sept. 27, 2004); Potential Terrorist Attacks:
Additional Actions Needed to Better Prepare Critical Financial Market
Participants, GAO-03-251 (Washington, D.C.: Feb. 12, 2003); and
Potential Terrorist Attacks: Additional Actions Needed to Better
Prepare Critical Financial Market Participants, GAO-03-414
(Washington, D.C.: Feb. 12, 2003).
[61] Interagency Paper on Sound Practices to Strengthen the Resilience
of the U.S. Financial System. Board of Governors of the Federal
Reserve, Office of the Comptroller of the Currency, and the Securities
Exchange Commission (Washington, D.C.: Apr. 8, 2003).
[62] See GAO, Critical Infrastructure Protection: Efforts of the
Financial Services Sector to Address Cyber Threats, GAO-03-173
(Washington, D.C.: Jan. 30, 2003).
[63] GAO, Diffuse Security Threats: USPS Air Filtration Systems Need
More Testing and Cost Benefit Analysis before Implementation,
GAO-02-838 (Washington, D.C.: Aug. 22, 2002); U.S. Postal Service:
Better Guidance Is Needed to Improve Communication Should Anthrax
Contamination Occur in the Future, GAO-03-316 (Washington, D.C.: Apr.
7, 2003); U.S. Postal Service: Issues Associated with Anthrax Testing
at the Wallingford Facility, GAO-03-787T (Washington, D.C.: May 19,
2003); U.S. Postal Service: Clear Communication with Employees Needed
before Reopening the Brentwood Facility. GAO-04-205T (Washington,
D.C.: Oct. 23, 2003); and Federal Mail Screening: Better Postal Service
Communication with Agencies Needed to Enhance Federal Mail Security in
the Washington, D.C., Area, GAO-04-286RNI (Washington, D.C.: Dec. 31,
2003).
[64] See GAO, Drinking Water: Experts' Views on How Future Federal
Funding Can Best Be Spent to Improve Security, GAO-04-29 (Washington,
D.C.: Oct. 31, 2003).
[65] See GAO, Federal Food Safety and Security System: Fundamental
Restructuring is Needed to Address Fragmentation and Overlap,
GAO-04-588T (Washington, D.C.: Mar. 30, 2004).
[66] See GAO, Bioterrorism: A Threat to Agriculture and the Food
Supply, GAO-04-259T (Washington, D.C.: Nov. 19, 2003).
[67] See GAO, Food-Processing Security: Voluntary Efforts Are Under
Way, but Federal Agencies Cannot Assess Their Implementation,
GAO-03-342 (Washington, D.C.: Feb. 14, 2003).
[68] USDA's Plum Island Animal Disease Center was transferred to DHS in
June of 2003. Although USDA still administers research and diagnostic
programs on the island, DHS and USDA also conduct joint research
supporting efforts to reduce the effects of an attack on agriculture.
DHS is responsible for the security and management of the facility.
Located off the northeast coast of Long Island, New York, the center is
the only place in the United States where certain highly infectious
foreign animal diseases, such as foot and mouth disease, are studied.
[69] See GAO, Combating Bioterrorism: Actions Needed to Improve
Security at Plum Island Animal Disease Center, GAO-03-847 (Washington,
D.C.: Sept. 19, 2003).
[70] See GAO, Homeland Security: Voluntary Initiatives Are Under Way at
Chemical Facilities, but the Extent of Security Preparedness Is
Unknown, GAO-03-439 (Washington, D.C.: Mar. 14, 2003).
[71] See GAO, Homeland Security: Federal Action Needed to Address
Security Challenges at Chemical Facilities, GAO-04-482T (Washington,
D.C.: Feb. 23, 2004).
[72] See GAO, Nuclear Regulatory Commission: Oversight of Security at
Commercial Nuclear Power Plants Needs to Be Strengthened, GAO-03-752
(Washington, D.C.: Sept. 4, 2003).
[73] See GAO, Nuclear Security: DOE Needs to Resolve Significant Issues
before It Fully Meets the New Design Basis Threat, GAO-04-623
(Washington, D.C.: Apr. 27, 2004).
[74] See GAO, Nuclear Security: DOE Must Address Significant Issues to
Meet the Requirements of the New Design Basis Threat, GAO-04-701T
(Washington, D.C.: Apr. 27, 2004).
[75] GAO, Nuclear Security: NNSA Needs to Better Manage Its Safeguards
and Security Program, GAO-03-471 (Washington, D.C.: May 30, 2003).
[76] GAO, Nuclear Security: Lessons to Be Learned from Implementing
NNSA's Security Enhancements, GAO-02-358 (Washington, D.C.: Mar. 29,
2002).
[77] GAO, Combating Terrorism: DOD Efforts to Improve Installation
Preparedness Can Be Enhanced with Clarified Responsibilities and
Comprehensive Planning, GAO-04-855 (Washington, D.C.: Aug. 12, 2004).
[78] This definition is from OMB's 2003 Report to Congress on Combating
Terrorism (Washington, D.C.: Sept. 2003).
[79] OMB, Analytical Perspectives, Budget of the United States
Government, Fiscal Year 2005 (Washington, D.C.: Feb. 2004).
[80] See GAO, Combating Terrorism: Funding Data Reported to Congress
Should be Improved, GAO-03-170 (Washington, D.C.: Nov. 26, 2002).
[81] See GAO, Nonproliferation: Improvements Needed for Controls on
Exports of Cruise Missiles and Unmanned Aerial Vehicles, GAO-04-493T
(Washington, D.C.: Mar. 9, 2004).
[82] See GAO, Export Controls: Post-Shipment Verification Provides
Limited Assurance That Dual-Use Items Are Being Properly Used,
GAO-04-357 (Washington, D.C.: Feb. 11, 2004).
[83] See GAO, Delays in Implementing the Chemical Weapons Convention
Raise Concerns about Proliferation, GAO-04-361 (Washington, D.C.: Mar.
31, 2004).
[84] See GAO, DOD Excess Property: Risk Assessment Needed on Public
Sales of Equipment That Could Be Used to Make Biological Agents,
GAO-04-15NI (Washington, D.C.: Nov. 19, 2003).
[85] See GAO, Bioterrorism: Information Technology Strategy Could
Strengthen Federal Agencies' Abilities to Respond to Public Health
Emergencies, GAO-03-139 (Washington, D.C.: May 30, 2003).
[86] See GAO-04-855.
[87] This definition is from OMB's 2003 Report to Congress on Combating
Terrorism (Washington, D.C.: Sept. 2003).
[88] OMB, Analytical Perspectives, Budget of the United States
Government, Fiscal Year 2005 (Washington, D.C.: Feb. 2004).
[89] OMB, 2003 Report to Congress on Combating Terrorism (Washington,
D.C.: Sept. 2003).
[90] See GAO, Homeland Security: Management of First Responder Grants
in the National Capital Region Reflects the Need for Coordinated
Planning and Performance Goals, GAO-04-433 (Washington, D.C.: May 28,
2004); Homeland Security: Coordinated Planning and Standards Needed to
Better Manage First Responder Grants in the National Capital Region,
GAO-04-904T (Washington, D.C.: June 24, 2004); and Homeland Security:
Federal Leadership and Intergovernmental Coordination Required to
Achieve First Responder Interoperable Communications, GAO-04-740
(Washington, D.C.: July 20, 2004).
[91] See GAO-04-433.
[92] See GAO, Bioterrorism: Preparedness Varied across State and Local
Jurisdictions, GAO-03-373 (Washington, D.C.: Apr. 7, 2003).
[93] See GAO, Homeland Security: Reforming Federal Grants to Better
Meet Outstanding Needs, GAO-03-1146T (Washington, D.C.: Sept. 3, 2003).
[94] See GAO, Federal Assistance: Grant System Continues to Be Highly
Fragmented, GAO-03-718T (Washington, D.C.: Apr. 29, 2003).
[95] See GAO, Homeland Security: Efforts to Improve Information Sharing
Need to Be Strengthened, GAO-03-760, (Washington, D.C.: Aug. 27, 2003);
and Homeland Security: Challenges in Achieving Interoperable
Communications for First Responders, GAO-04-231 (Washington, D.C.: Nov.
6, 2003).
[96] See GAO, Project SAFECOM: Key Cross-Agency Emergency
Communications Effort Requires Stronger Collaboration, GAO-04-494
(Washington, D.C.: Apr.16, 2004).
[97] See GAO, Bioterrorism: Public Health Response to Anthrax Incidents
of 2001, GAO-04-152 (Washington, D.C.: Oct. 15, 2003).
[98] See GAO-03-373.
[99] See GAO, SARS Outbreak: Improvements to Public Health Capacity Are
Needed for Responding to Bioterrorism and Emerging Infectious Diseases,
GAO-03-769T (Washington, D.C.: May 7, 2003).
[100] See GAO, Hospital Preparedness: Most Urban Hospitals Have
Emergency Plans but Lack Certain Capacities for Bioterrorism Response,
GAO-03-924 (Washington, D.C.: Aug. 6, 2003).
[101] See GAO, Homeland Security: Coordinated Planning and Standards
Needed to Better Manage First Responder Grants in the National Capital
Region, GAO-04-904T (Washington, D.C.: June 24, 2004).
[102] See GAO-04-231T.
[103] The 1878 Posse Comitatus Act prohibits the direct use of federal
military troops in domestic civilian law enforcement, except where
authorized by the Constitution or acts of Congress. Congress has
expressly authorized the use of the military in certain situations such
as to assist with terrorist incidents involving weapons of mass
destruction.
[104] See GAO, Homeland Defense: DOD Needs to Assess the Structure of
U.S. Forces for Domestic Military Missions, GAO-03-670 (Washington,
D.C.: July 11, 2003).
[105] See GAO, Major Management Challenges and Program Risks,
Department of Homeland Security, GAO-03-102 (Washington, D.C.: Jan. 24,
2003).
[106] See GAO, Homeland Security: Responsibility and Accountability for
Achieving National Goals, Statement of David M. Walker, Comptroller
General of the United States, GAO-02-627T (Washington, D.C.: Apr. 11,
2002); and Truth and Transparency: The Federal Government's Financial
Condition and Fiscal Outlook (Washington, D.C.: Sept. 17, 2003).
[107] GAO, Combating Terrorism: Funding Data Reported to Congress
Should Be Improved, GAO-03-170 (Washington, D.C.: November 26, 2002).
[108] Consistent with the requirements of Fiscal Year 1998 National
Defense Authorization Act, the annual Report to Congress on Combating
Terrorism details governmentwide spending to combat terrorism. Starting
with the fiscal year 2005 President's budget, in compliance with the
Homeland Security Act of 2002, this information will be transmitted
with the President's buget.
[109] See GAO, Homeland Security: Key Elements of a Risk Management
Approach, GAO-02-150T (Washington, D.C.: Oct. 12, 2001); and Homeland
Security: A Risk Management Approach Can Guide Preparedness Efforts,
GAO-02-208T (Washington, D.C.: Oct. 31, 2001).
[110] OMB Circulars A-11 and A-94.
[111] OMB, Office of Information and Regulatory Affairs, Informing
Regulatory Decisions: 2003 Report to Congress on the Costs and Benefits
of Federal Regulations and Unfunded Mandates on State, Local, and
Tribal Entities (Washington, D.C.: Sept. 2003).
[112] OMB, 2003 Report to Congress on Combating Terrorism (Washington,
D.C.: Sept. 2003).
[113] OMB Circular A-11.
[114] OMB Circular A-94.
[115] See GAO, Homeland Security: Critical Design and Implementation
Issues, GAO-02-957T (Washington, D.C.: July 17, 2002).
[116] See GAO, Homeland Security: Responsibility and Accountability for
Achieving National Goals, GAO-02-627T (Washington, D.C.: Apr. 11,
2002).
[117] See GAO, Homeland Security: Efforts Under Way to Develop
Enterprise Architecture, but Much Work Remains, GAO-04-777 (Washington,
D.C.: Aug. 6, 2004).
[118] See GAO, Information Technology Management: Governmentwide
Strategic Planning, Performance Measurement, and Investment Management
Can Be Further Improved, GAO-04-49 (Washington, D.C.: Jan. 12, 2004).
GAO's Mission:
The Government Accountability Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office
441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director,
NelliganJ@gao.gov
(202) 512-4800
U.S. Government Accountability Office,
441 G Street NW, Room 7149
Washington, D.C. 20548:
