[Senate Hearing 113-296]
[From the U.S. Government Publishing Office]
S. Hrg. 113-296
THE DEPARTMENT OF HOMELAND SECURITY AT 10 YEARS
=======================================================================
HEARING
before the
COMMITTEE ON
HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
ONE HUNDRED THIRTEENTH CONGRESS
FIRST SESSION
----------
A PROGRESS REPORT ON MANAGEMENT, MARCH 21, 2013
HARNESSING SCIENCE AND TECHNOLOGY TO PROTECT NATIONAL SECURITY AND
ENHANCE GOVERNMENT EFFICIENCY, JULY 17, 2013
EXAMINING CHALLENGES AND ACHIEVEMENTS AND ADDRESSING EMERGING THREATS,
SEPTEMBER 11, 2013
----------
Available via the World Wide Web: http://www.fdsys.gov/
Printed for the use of the
Committee on Homeland Security and Governmental Affairs
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
S. Hrg. 113-296
THE DEPARTMENT OF HOMELAND SECURITY AT 10 YEARS
=======================================================================
HEARING
before the
COMMITTEE ON
HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
ONE HUNDRED THIRTEENTH CONGRESS
FIRST SESSION
__________
A PROGRESS REPORT ON MANAGEMENT, MARCH 21, 2013
HARNESSING SCIENCE AND TECHNOLOGY TO PROTECT NATIONAL SECURITY AND
ENHANCE GOVERNMENT EFFICIENCY, JULY 17, 2013
EXAMINING CHALLENGES AND ACHIEVEMENTS AND ADDRESSING EMERGING THREATS,
SEPTEMBER 11, 2013
__________
Available via the World Wide Web: http://www.fdsys.gov/
Printed for the use of the
Committee on Homeland Security and Governmental Affairs
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
U.S. GOVERNMENT PRINTING OFFICE
80-224 PDF WASHINGTON : 2014
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
THOMAS R. CARPER, Delaware Chairman
CARL LEVIN, Michigan TOM COBURN, Oklahoma
MARK L. PRYOR, Arkansas JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri ROB PORTMAN, Ohio
JON TESTER, Montana RAND PAUL, Kentucky
MARK BEGICH, Alaska MICHAEL B. ENZI, Wyoming
TAMMY BALDWIN, Wisconsin KELLY AYOTTE, New Hampshire
HEIDI HEITKAMP, North Dakota JEFF CHIESA, New Jersey
Richard J. Kessler, Staff Director
John P. Kilvington, Deputy Staff Director
Mary Beth Schultz, Chief Counsel for Homeland Security
Troy H. Cribb, Chief Counsel for Governmental Affairs
Susan B. Corbin, DHS Detailee
Carly Covieo, Professional Staff Member
Kaylee M. Myhre, AAAS Fellow
Carla D. Cotwight-Williams, AAAS Fellow
Jason M. Yanussi, Senior Professional Staff Member
Harlan C. Geer, Senior Professional Staff Member
Blas Nunez-Neto, Senior Professional Staff Member
Keith B. Ashdown, Minority Staff Director
Christopher J. Barkley, Minority Deputy Staff Director
Daniel P. Lips, Minority Director for Homeland Security
Monica C. Sanders, Minority Senior Counsel
Kathryn M. Edelman, Minority Senior Investigator
William H. W. McKenna, Investigative Counsel
Mark K. Harris, Minority U.S. Coast Guard Detailee
Laura W. Kilbride, Chief Clerk
Lauren M. Corcoran, Hearing Clerk
C O N T E N T S
------
Opening statements:
Page
Senator Carper..........................................1, 265, 437
Senator Coburn..........................................4, 276, 440
Senator Johnson.............................................. 5
Senator Heitkamp............................................. 20
Senator Ayotte............................................... 22
Senator Baldwin.............................................. 25
Senator Chiesa............................................... 462
Prepared statements:
Senator Carper.........................................45, 307, 483
Senator Coburn..............................................48, 486
Senator Chiesa............................................... 490
Closing statement:
Senator Carper............................................... 485
WITNESSES
Thursday, March 21, 2013
Hon. Eugene L. Dodaro, Comptroller General of the United States,
U.S. Government Accountability Office; accompanied by Cathleen
A. Berrick, Managing Director, Homeland Security and Justice... 7
Hon. Jane Holl Lute, Deputy Secretary, U.S. Department of
Homeland Security.............................................. 10
Hon. Elaine C. Duke, Former Under Secretary for Management, U.S.
Department of Homeland Security................................ 34
Hon. Richard L. Skinner, Former Inspector General, U.S.
Department of Homeland Security................................ 35
Shawn Reese, Analyst in Emergency Management and Homeland
Security Policy, Congressional Research Service, Library of
Congress....................................................... 38
Alphabetical List of Witnesses
Dodaro, Hon. Eugene L.:
Testimony.................................................... 7
Prepared statement........................................... 50
Duke, Hon. Elaine C.:
Testimony.................................................... 34
Prepared statement........................................... 113
Lute, Hon. Jane Holl:
Testimony.................................................... 10
Prepared statement........................................... 99
Reese, Shawn:
Testimony.................................................... 38
Prepared statement........................................... 127
Skinner, Hon. Richard L.:
Testimony.................................................... 35
Prepared statement........................................... 119
APPENDIX
Responses for post-hearing questions for the Record from:
Mr. Dodaro................................................... 136
Ms. Lute..................................................... 142
Ms. Duke..................................................... 260
Mr. Skinner.................................................. 262
Wednesday, July 17, 2013
Hon. Tara J. O'Toole, M.D., MPH, Under Secretary for Science and
Technology, U.S. Department of Homeland Security............... 268
David C. Maurer, Director, Homeland Security and Justice Issues,
U.S. Government Accountability Office.......................... 273
Alphabetical List of Witnesses
Maurer, David C.:
Testimony.................................................... 273
Prepared statement........................................... 326
O'Toole, Hon. Tara J.:
Testimony.................................................... 268
Prepared statement........................................... 309
APPENDIX
Responses for post-hearing questions for the Record from:
Ms. O'Toole.................................................. 337
Wednesday, September 11, 2013
Hon. Tom Ridge, President and Chief Executive Officer, Ridge
Global, and Former Secretary, U.S. Department of Homeland
Security....................................................... 442
Hon. Jane Harman, A Former Representative in Congress from the
State of California............................................ 445
Thad W. Allen, Admiral, U.S. Coast Guard (Retired), and Former
Commandant, U.S. Coast Guard................................... 448
Hon. Stewart A. Baker, Former Assistant Secretary for Policy,
U.S. Department of Homeland Security........................... 451
Alphabetical List of Witnesses
Allen, Thad W.:
Testimony.................................................... 448
Prepared statement........................................... 505
Baker, Hon. Stewart A.:
Testimony.................................................... 451
Prepared statement........................................... 515
Harman, Hon. Jane:
Testimony.................................................... 445
Prepared statement........................................... 501
Ridge, Hon. Tom:
Testimony.................................................... 442
Prepared statement........................................... 492
APPENDIX
Additional information from Mr. Allen............................ 523
Responses for post-hearing questions for the Record from:
Mr. Ridge.................................................... 553
THE DEPARTMENT OF HOMELAND
SECURITY AT TEN YEARS: A PROGRESS REPORT ON MANAGEMENT
----------
THURSDAY, MARCH 21, 2013
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 10:05 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Thomas R.
Carper, presiding.
Present: Senators Carper, Baldwin, Heitkamp, Coburn,
Johnson, and Ayotte.
OPENING STATEMENT OF CHAIRMAN CARPER
Chairman Carper. The hearing will come to order. To all of
our guests and our witnesses, welcome. It is good to see you
all.
At the beginning of each Congress, as we all know, the
Government Accountability Office (GAO) issues something called
a list of High-Risk Government Operations that leave our
government and our taxpayers exposed to waste, fraud, or abuse,
or which pose management challenges that threaten crucial
government services. I have always considered this list as a
to-do list for Congress, particularly for this Committee, and
GAO's updated high-risk list will heavily influence our
Committee's governmental affairs agenda for this Congress.
We also just marked, as you know, the 10th anniversary of
the date on which the Department of Homeland Security (DHS)
officially opened its doors. We plan to mark this milestone
throughout the year by holding a series of hearings intended to
take stock of how far the Department has come in maturing, how
well it is doing in executing its core missions, and how we can
help them do even better.
Our goal here, and this is one suggested by Senator Coburn,
is we do a series of hearings from top to bottom, A to Z, after
which we would work on reauthorization for the department. We
have never done that in 10 years. It is time.
This hearing fits into both of those categories: One, our
DHS oversight responsibilities; and second, the high-risk list.
From a government affairs perspective, the Department of
Homeland Security's management challenges appear, again, on
GAO's high-risk list, although GAO readily acknowledges that
progress is being made. Like other agencies across the Federal
Government, the Department has grappled in recent years with a
number of issues related to acquisition, to financial
management, and to human capital, among others. Unlike some of
those other agencies, though, DHS is moving the needle.
As we all know, sound and effective management practices
are, of course, critical to the Department's ability to carry
out all of its Homeland Security responsibilities, whether we
are talking about cybersecurity, border protection, disaster
response, or any of its other many missions. As we look back on
the past decade, I think it is important to remember the
circumstances in which the Department was stood up. The
Homeland Security Act passed by Congress to create the
Department was signed into law November 25, 2002. The
Department opened its doors on March 1, 2003. So in just over 4
months, some 22 different agencies from across the government,
with different cultures and different management practices and
philosophies, were merged into a brand new department.
In those early days at the Department, the focus of both
the Administration and Congress was on moving quickly to
prevent another 9/11-type attack on our homeland. Management
took a back seat to those efforts. Former Department of
Homeland Security Inspector General Richard Skinner, who is
here today again as a witness, confirmed this fact when he
testified before our Committee last year. The management
foundation of the Department really got shortchanged in those
early days. It has taken years to dig out of the hole that the
initial lack of a strong management foundation left.
That said, I want to give credit where credit is due. GAO's
most recent report confirms that there has been considerable
progress at the Department in integrating the components that
were folded into it and in strengthening the Department-level
management that overlays those components. The latest high-risk
report includes a fair amount of good news because GAO
acknowledges this progress and has narrowed the areas that
remain on the high-risk list.
The Department also deserves credit for its detailed,
aggressive plan to address all of GAO's concerns in its high-
risk report, which I believe is unique among all the agencies
on the high-risk list. I want to briefly review some of the
major improvements to management at the Department of Homeland
Security, and in doing so, I would agree with GAO that
committed leadership at DHS has been critical to driving
progress in these areas.
The Department is on the doorstep of having a clean
financial audit for the first time. Last year, the Department
was able to get its financial systems in good enough order to
attempt a full financial audit. That was a major milestone.
That leaves the important goal of now passing a financial
audit. And I know that the Secretary, the Deputy Secretary, and
their team are prepared to make the final push to earn a
completely clean audit. If they are successful, it will be a
major achievement.
Some of you heard me talk about a friend of mine. You would
ask him how he is doing and he says, ``Compared to what? ''
Well, compared to the Department of Defense (DOD)--we love
them, but they were stood up, what, 65 years ago and they are
not auditable. They have not passed a clean financial audit.
And here we are, an agency 10 years, also very complex,
knocking on the door. So it will set a good example if you can
get this done for our brothers and sisters over at DOD. Now, I
know they are committed, especially the Secretary is committed
to getting this done for them, too.
When the Department was stood up 10 years ago, there was no
framework for accountability. There was also no guidance on
which responsibilities lay with headquarters, and which
responsibilities lay with the various components that make up
the Department. Whenever that kind of Wild West environment
exists in government, there is sure to be a lot of wasteful
spending and inefficiency, and there was.
Now, the Department has made clear who is in charge of
what. This new, more disciplined environment will better enable
the Department to control costs at the various components and
better ensure that all of them operate as a more cohesive,
effective, and accountable agency.
The Department used to have an abysmal record when it came
to awarding contracts without competition, but the Departmental
leadership has been aggressive in turning that record around.
Just last month, the report from the Office of Inspector
General (OIG) showed that the spending on non-competitive
contracts in fiscal year 2012 fell by almost 89 percent from
fiscal year 2008 levels. That means about $3 billion in
contract dollars that were previously spent without competition
are now being spent in a manner that gets better value for
taxpayers' dollars. And the Department, as the governmentwide
procurement data shows, actually has a better record on
competing contracts now than most other major Federal agencies.
The Department has also revamped its process for
identifying technological solutions at the border. The
Department has moved away from the SBInet model, which was a
mega-contract to a single company to build a virtual fence
across the Southern border. It was an effort that went forward
without the necessary work to identify what the Border Patrol
really needed. As a result, it quickly became cost prohibitive
and did not ever deliver the capabilities that were promised.
The Department now is implementing a more rigorous process to
identify needs, sector by sector across the border, and where
possible, use commercially available technology off the shelf
to drive down costs and enable our Border Patrol agents to
become ever more effective.
In the area of information technology, the Department is
now at the forefront of the Federal Government's efforts to
consolidate data centers and move services to the cloud. These
efforts save money and enable the Department and its employees
to achieve better results.
Finally, there is no doubt that the response to Superstorm
Sandy--we had a hearing here just yesterday on this--but that
response to Superstorm Sandy shows how much the Federal
Emergency Management Agency (FEMA) has improved since Hurricane
Katrina struck the Gulf region in 2005. Simply put, this
improvement would not have been possible without better
management. For example, when Hurricane Katrina hit, FEMA did
not have the necessary contracts in place to get needed
assistance to victims in a timely manner. When Hurricane Sandy
hit 7 years later, FEMA was prepared, and as a result, there is
a dramatic reduction in no-bid contracts compared to the
Hurricane Katrina response.
These are all significant achievements and our witnesses
will discuss for us today other examples. But I do not want to
whitewash the serious remaining challenges with DHS management
that remain on the high-risk list. The Department still has
work to do--we know that--as both the Comptroller General and
Deputy Secretary Lute will discuss. As I like to say, the road
to improvement is always under construction, and my colleagues
have heard me say a million times, everything I do, I know I
could do better. The same is true for all of us. The same is
true for this Department.
For example, this Department still does not have a
comprehensive financial management system that gives the
Secretary real-time visibility over the spending of 22
department components. Workforce morale at DHS remains the
lowest of all major departments. I do not think that is going
to be the case for much longer, though. Many major acquisitions
have exceeded cost estimates or fall short of promised
performance.
This hearing also provides a timely opportunity to discuss
the possible impact of the fiscal year 2013 full-year
Continuing Resolution (CR) on the Department. I am concerned
about the $20 million cut that DHS management and the
Secretary's office would take under the bill and I want to hear
from our witnesses today about the likely impact of those cuts.
I am also concerned that the level of funding for consolidation
of the Department at St. Elizabeths is insufficient to support
the next phase, which could bring the leadership and operations
center to one location and realize efficiency and
effectiveness.
Both the Administration and Congress need to work together
to resolve these remaining high-risk areas, and we will. I
welcome our witnesses today. We look forward to working with
you and the dedicated people that you lead so that in 2 years,
when GAO releases its high-risk list, and we are sitting here
talking about GAO's high-risk list and the management
challenges facing the Department of Homeland Security, we hope
they are off that list, making our Nation more secure, and
putting our finances in better shape, as well.
And now, Dr. Coburn, the floor is yours, and then I am
going to call on Senator Johnson. He has to leave here. He is
not going to be here to ask any questions, but I want him to
just make a brief statement. He is so good about attending our
hearings, so I am going to ask you to say something before you
leave. Thank you.
OPENING STATEMENT OF SENATOR COBURN
Senator Coburn. First of all, Mr. Chairman, I would like
for my opening statement to be made part of the record, the
written one.
Chairman Carper. Without objection.
Senator Coburn. The Congressional Research Service (CRS)
recently put out a memo by Shawn Reese about the definition of
what homeland security is, and any organization that does not
know what it is really all about is going to flounder in
certain areas. The concern I have had is that we have taken
what was intended to be Homeland Security and made it an all-
hazards risk prevention agency, which is an impossibility. You
cannot eliminate all risk, nor even if we could, we could not
afford to. So I look forward to all of your comments today and
a frank discussion.
Senator Carper and I, over the next 4 years, will oversee
every nook and corner of Homeland Security for the transparency
that needs to be there and also to see the improvement, and I
appreciate his cooperation and his leadership in doing so. I
think it is healthy for you all. It is certainly healthy for
the Congress. We make a lot of decisions a lot of times without
the input that we need to have from the agencies, and getting
to know what you do and how you do it and to understand that
better can help us as we direct funds.
So I am thankful for your work and I am thankful for your
dedicated service and look forward to hearing your comments.
Chairman Carper. Thank you, sir. Senator Johnson.
OPENING STATEMENT OF SENATOR JOHNSON
Senator Johnson. Mr. Chairman, I was not prepared, but I
will take the opportunity, first of all, to certainly voice my
gratitude for both the Chairman and Senator Coburn in terms of
the way you are going to be conducting this Committee in the
future.
I think it is a really good sign that we are going to try
and reauthorize this Department. The Department of Homeland
Security should be playing a pretty vital role in the security
of this Nation. We are facing incredibly serious threats.
I have always been concerned since I came here a couple
years ago, was it really the right move? I mean, you take, what
is it, 22 different agencies and try and combine them into one
with the added layer of bureaucracy. I am not sure that is
really the most efficient business model.
If I had time to ask questions, the one question I have
always had is, it is about a $50 billion a year agency. The
Defense Department is about a $600 billion a year agency. Wal-
Mart and ExxonMobil are about $450 billion a year companies.
They get audited every year. A $50 billion company, it starts
up, it gets audited every year. It does not seem to have much
of a problem doing so. So I have always been scratching my head
wondering why cannot the Department of Defense, why cannot the
Department of Homeland Security pass an audit?
So I guess I would look to private business practices and
take a look at what is different in government that prevents
that type of accountability, because the only way that the
Department of Homeland Security is going to be able to fulfill
its very important mission is through a very accountable, a
very efficient, a very effective management style. And I do not
know how you can obtain that accountability if you cannot pass
a basic audit that private industry businesses that size do all
the time.
And, by the way, if the management of those companies do
not pass an audit now under Sarbanes-Oxley, I mean, they go to
jail or they certainly face criminal charges. So I think we
need to bring that type of dedication, those types of private
sector disciplines to government to make sure that we are
auditable, that we are efficient, and that we are effective.
Thank you, Mr. Chairman.
Chairman Carper. That is a great point. When you jammed
together 22 different agencies 10 years ago, different
cultures, different financial systems, different accounting
systems, it is not easy. And 65 years later, the Department of
Defense is still struggling with it.
I think there are really two keys, and one of those we will
talk about here today, is leadership. It is leadership from the
Department of Defense and Leon Panetta, now Chuck Hagel,
saying, we have to get this done. We are going to make this a
priority. And in this case, Secretary Napolitano and Deputy
Secretary Lute.
And the other thing is our responsibility. We are working
with GAO, saying, this is a priority. And we are going to keep
holding these hearings. We are going to do our job on oversight
until we finally achieve this.
And to their credit in this Department, they are coming
along and it is good. It is like turning an aircraft carrier,
but they are coming. That aircraft carrier is a big one over at
DOD. They are turning that one, too, and in a couple of years,
hopefully we will be singing their praises, as well.
Senator Johnson. Again, my point was not to be critical----
Chairman Carper. I understand.
Senator Johnson [continuing]. But, again, just really being
encouraging in the direction we have to go. Again, I am highly
encouraged with what this Committee has set out to do here and
I think this is the right path that we are on. So, again, I
just want to be encouraging.
Chairman Carper. Senator Johnson here comes out of the
private sector, as Tom does, who has done any number of things
in his life, but he understands full well the value of being
able to measure things. What we cannot measure, we cannot
manage. And thank you for the role that you play on this
Committee. You are just a very good addition to this Committee.
All right. Having said that, let me just briefly introduce
our witnesses. The first panel includes not two but three very
impressive public servants: Jane Holl Lute, who is Deputy
Secretary of the Department of Homeland Security, and Gene
Dodaro, Comptroller General. Accompanying Mr. Dodaro is
Cathleen Berrick of GAO. She is not here to testify, but she is
here to field the really tough questions so that when he is
stymied and does not know what to say--which has never happened
before in my time here--she can jump in and help out. We
appreciate both of you taking the time to be with us to talk
about GAO's high-risk update and the progress made by the
Department, and we look forward to continuing to work with both
of you and your folks.
I think, Deputy Secretary Lute, ordinarily, as a matter of
protocol, the Committee would ask you to be our lead-off
hitter, but if you are willing to do this, I think it might
make sense for Mr. Dodaro to set the stage for us by providing
us with a little bit of a broad overview and some context of
the high-risk series and the summary of how the High-Risk List
relates to the specific subject of our hearing, the management
of the Department of Homeland Security.
If you are comfortable with that, we will just ask him to
lead off and you can try to move him around the bases, all
right. Mr. Dodaro, you are recognized. Thank you. Thank you
all.
TESTIMONY OF HON. EUGENE L. DODARO,\1\ COMPTROLLER GENERAL,
U.S. GOVERNMENT ACCOUNTABILITY OFFICE; ACCOMPANIED BY CATHLEEN
A. BERRICK, MANAGING DIRECTOR, HOMELAND SECURITY AND JUSTICE,
U.S. GOVERNMENT ACCOUNTABILITY OFFICE
Mr. Dodaro. Thank you very much, Mr. Chairman, Ranking
Member Dr. Coburn, Senator Johnson. It is a pleasure to be here
today to talk about GAO's high-risk update.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Dodaro appears in the Appendix on
page 50.
---------------------------------------------------------------------------
As you point out, we have been doing this the beginning of
each new Congress since 1990. This past year, we provided the
update just recently. I am very pleased that this Committee has
already held hearings on two areas under the high-risk list, on
the Postal Service financial condition and on the cybersecurity
area, and is considering legislation which is necessary to get
those items off the list. In many cases, it is the agency's
actions that are required, but in a number of areas that are
high risk, it is really also up to the Congress to pass
legislation.
Now, we have reported this year notable progress in most of
the areas--there are 30 of them--on the high-risk list, and
this is a very good 2-year interim report by historical
standards. So there is a lot of effort going into these areas.
And I would credit this because the Congress has passed
several pieces of legislation that are important to getting
areas off that list. The agencies have worked hard. And the
Office of Management and Budget (OMB) has worked with GAO and
the agencies to convene meetings to focus on the high-risk
areas.
In two of the areas, we noted enough progress that we
removed them from the list. One is interagency contracting. We
put it on in 2005, and this is a good practice for agencies if
implemented properly. But we found they were doing it, not
within scope. The roles and responsibilities were not clear.
Probably the most notable example is when interrogators were
hired for Iraq off of a General Services Administration (GSA)
information technology (IT) contract. And so there clearly
needed to be some changes.
Now, at congressional direction, the Federal Acquisition
Regulation (FAR) was changed and improved to require a best
procurement approach, which required documentation of the
decision, and written agreements on spelling out roles and
responsibilities. Also at Congress' urging and direction, there
was a requirement added for a business case to be developed and
approved at senior levels within the Department before new
interagency contracts could be put in place. And then Congress
also asked for a series of audits by the Department of Defense
IG, and that Inspector General found less problems over time.
So we are satisfied that the mechanisms are in place. There
is demonstrated progress. And we have removed them from the
list.
The other area is the Internal Revenue Service (IRS)
Business Systems Modernization (BSM). We put that on the list
in 1995. IRS was mired in technical and management weaknesses
with that system. Over the years, they have made steady
improvement. Congress has required an annual expenditure plan
from IRS, which GAO was required to review.
And IRS finally has made measurable progress. They have
installed the first module of their new system, which allows
for daily updating of taxpayer accounts. This is a huge change.
It enables refunds to get out faster. It enables them to send
notices faster and to field questions and helps in enforcement
areas.
They also have instituted about 80 percent of all the best
practices for IT investment management and 100 percent of those
best practices for project management, which is a notable
achievement. They have also been rated, their Software
Acquisition Department, at a Computer Maturity Model 3 Level by
the Software Engineering Institute Standards, which by industry
standards is a very good mark.
Now, for both of these areas, a point that you made, Mr.
Chairman, in your opening statements, Senator Coburn, Senator
Johnson, all of you touched upon the importance of
congressional oversight. These two areas have had sustained
congressional oversight over that period of time and good
leadership by the agencies, which are the two key ingredients.
Virtually every area we have taken off the list, and we have
taken a third of them off over the years, have been
attributable to those two key ingredients being in place.
Now, while they are off the list, they are not out of
sight. We continue to monitor what is going on to make sure
that the progress is sustained.
We also evolved one of the areas this year, which is
modernizing the financial regulatory system for the United
States to include the financial management problems at the
Federal Housing Administration. They are below the capital
requirement needed. They took on a lot more risky loans during
the recessionary period where the private sector backed out of
the mortgage market. So we wanted to highlight those changes.
But also, as Congress resolves the conservatorships of
Fannie Mae and Freddie Mac, you need to take into account the
implications for the Federal Housing Administration and it
really needs to be an integrated decision as those efforts are
resolved as to what the proper Federal role should be in the
Federal housing mortgage market.
Now, we added two new areas to the list this year, as well.
The first was limiting the Federal Government's fiscal exposure
by better managing climate change risk. I am very concerned
about this area and the financial risk. The Federal Government
owns hundreds of thousands of properties, many Defense
installations along the coastal areas. The Federal Government
owns 29 percent of the land in the United States in terms of
managing it and dealing with erosion and other issues.
The Federal Government runs two of the largest insurance
programs. One is the Flood Insurance Program, and the Flood
Insurance Program already owes the Treasury Department over $20
billion, and has not made a principal payment back on that debt
since 2010. The levels have just been raised to allow them to
borrow additional money to help out in Hurricane Sandy.
Congress has passed some legislation recently, but it needs to
be implemented effectively.
And also the disaster aid that is provided. The criteria
for providing disaster aid really has not been changed since it
was established in 1980. Right now, it is $1.35 per person per
State. It was not adjusted for inflation for a 13-year period
of time. We estimated if it had been adjusted for inflation,
the Federal Government would not have been involved in 25
percent of the disaster declarations put in place over time.
We also do not budget for major disasters, which is a real
problem, particularly given our precarious financial situation
right now. The only thing that is budgeted for are 5-year
historical averages of disasters under $500 million. So
virtually, of the tens of billions of dollars that have been
appropriated over the years, in the last decade over about $140
billion, well over 80 percent of that, almost 89 percent of it,
has come through supplemental appropriations which were not
budgeted for.
So we have many ideas for improvements in these areas. It
is very important.
It is also related to the last area that we added to the
high-risk list, which is a gap in environmental satellites. The
polar orbiting satellites, in particular, provide global
coverage of the surface of the earth twice a day, morning,
afternoon and evening orbits, and this data feeds the weather
prediction models for 3-, 4-, and 7-day forecasts. Because of
procurement and management problems over the years, there is a
gap that could be anywhere from 17 to 53 months where we may
not have this information. It is critical. If we had not had
the satellite data in Superstorm Sandy, one credible
organization predicted that storm to go out to sea and not hit
New Jersey. So there would not have been adequate warnings for
the residents.
So we have encouraged National Oceanic and Atmospheric
Administration (NOAA) and DOD to put contingency plans in
place, but they need to be properly executed and this is an
area for congressional oversight, to make sure that these gaps
do not create real problems that could lead to loss of life,
property, and other economic damages over time.
Now, we also narrowed the areas for three of the high-risk
areas, including the Department of Homeland Security. We found
that, over the years, the department has made good progress in
its initial implementation. For example, they have created the
National Response Framework for addressing disaster assistance.
They have hired, produced, and have in place workforces. They
have stood up new agencies, like the National Cybersecurity
Communications Integration Center. So we felt comfortable
narrowing them to the management challenges that they have.
And for most of the management challenges--you have
highlighted some of the major progress that has been made, so
there has been some progress, but there really needs to be
additional progress. DHS needs to get a clean audit opinion for
2 years to get off the high-risk list. They need to have
financial systems in place. Major acquisitions are still
overrunning costs and are not being delivered on time with the
expected type of product that is needed to execute the mission.
And there are many other areas.
Now, we identified 31 specific actions that needed to be
addressed to come off the list. The Department has fully
addressed six; two, mostly addressed; 16, partially; and seven,
they have initiated action. So that provides a scorecard. They
have an excellent roadmap now. They just need to execute it.
And we are committed--I think we have had a very good,
constructive dialogue and partnership with DHS to provide
clarity. They have stepped up, have plans in place, know how to
do it, and if they execute those plans, I think they will
continue to make excellent progress.
So I thank you for the opportunity to be here today. I will
be happy to answer questions once the Deputy Secretary provides
her statement.
Chairman Carper. Thanks very much for that overview and for
some of the specifics on the Department and for being, really,
a good partner with us as we try to help DHS do the work that
they already do even better.
All right. Secretary Lute, you are on. Welcome. Glad to see
you.
TESTIMONY OF HON. JANE HOLL LUTE,\1\ DEPUTY SECRETARY, U.S.
DEPARTMENT OF HOMELAND SECURITY
Ms. Lute. Thank you very much, Chairman Carper, Ranking
Member Coburn--good to see you again--distinguished Members of
the Committee. I am grateful for the opportunity to appear
before you today to discuss the Department of Homeland Security
and our progress over the past 10 years.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Lute appears in the Appendix on
page 99.
---------------------------------------------------------------------------
Our 10-year anniversary provides an important opportunity
to consider how DHS has evolved to fulfill its original
purposes and reflect on further work that has to be done to
realize full potential.
Now, I do not know, Dr. Coburn, Shawn Reese, but if he were
sitting here, I would tell him he is behind in his reading. I
am not a politician. I am not a diplomat. I spent a long time
as a soldier and I am an operator. I run things. And I describe
the mission of Homeland Security in simple terms. Our job is--
as part of the Federal Government--to help create a safe,
secure, resilient place where the American way of life can
thrive.
And in order to meet that job, in order to fulfill that
mission, we focus on five main things: Preventing terrorism and
enhancing security; securing and managing our borders;
administering and enforcing our immigration laws; ensuring the
Nation's cybersecurity; and building national resilience.
We do not do any of this alone. While DHS plays an
important role, we view homeland security as a whole community
effort and, therefore, rely heavily on many partners throughout
the homeland security enterprise, at the State, local, Tribal,
Territorial level, across the rest of the Federal Government,
in the private sector, and among the American people.
In turn, our partners, and including Congress and this
Committee, which we have appreciated over the course of our
lifetime. It is the reason the Department is 10 years old and
not 1 year old for the tenth time. There is a big difference.
We have made progress over the course of these past 10 years
and we intend to continue making progress.
But this Committee, in fact, the American people, have a
right to expect that we can do three things. They have a right
to expect that we can execute the missions that I just outlined
for you. They have a right to expect that we can run ourselves.
And they have a right to expect that we can account for the
resources that have been entrusted to us, and we expect no less
of ourselves.
DHS is, in its nature, composition, and purpose, an
operational department. Yes, we have policymaking
responsibilities. Yes, we have regulatory responsibilities. But
we have operational responsibilities, as well. Every single
day, tens of thousands of Homeland Security professionals
provide essential services to the American public, from
securing our borders, to processing immigration benefits,
responding to disasters, patrolling the Nation's waters,
safeguarding our air travel, and in countless other ways.
To carry out this mission, we must be able to recruit,
hire, and retain qualified staff; budget, account, and oversee
billions in financial resources; procure complex systems and
services; collect, sort, and share data; maintain 24-hour
communications and situational awareness; ensure appropriate
security and safety for these operations; and effectively
manage the hundreds of facilities and locations where our
personnel are deployed.
We do these things in Homeland Security every day and we do
it for the American public. To do these things, we know we have
to be well staffed, well trained, and well led.
And to meet these requirements, we have worked constantly
to improve our hiring processes, our acquisition and
procurement processes, data management and financial systems.
As a result, for example, of the effort we have made to improve
our management operations across the board, for the first time
since the creation of the Department in 2003, DHS has earned a
qualified audit opinion on all five of its balance sheets. And
I project this year, Mr. Chairman, that we will have a clean
audit opinion. Perhaps we will be able to achieve a clean audit
opinion for 2 years, for 2012 and for 2013. That is our aim.
I do not need to tell this Committee what an----
Chairman Carper. I want to repeat myself. From your lips to
God's ears. That would be great.
Ms. Lute. Thank you. I do not need to tell you what an
extraordinary achievement this has been, but I would like to
acknowledge my colleagues from across the Department who have
worked tirelessly to make this a reality under the leadership
of Rafael Borras, our Under Secretary for Management, and Peggy
Sherry, our Chief Financial Officer (CFO).
The lights are on in many buildings around Washington, DC,
and across the country very late into the night so that this
can be achieved, and we are proud of our people who have done
this. We will continue our fierce commitment to sound
management practices and expect that DHS will receive that
unqualified audit opinion.
We know that Congress and GAO understand the importance of
effective management. When GAO placed the implementation and
transformation of DHS on its high-risk list in 2003, it cited
three principal reasons for doing so. First, the sheer size of
the task with respect to numbers and the complexity of
transforming 22 agencies into one coherent Department. Second,
the fact that many of these agencies were coming to DHS with
preexisting conditions, preexisting GAO findings and other
challenges to overcome. And third, because of the potential for
catastrophic consequences should this effort to strengthen the
security and safety of this country fail.
The undertaking has been massive and there have been many
challenges, but there have also been many advantages, beginning
with the men and women of the Department and their unwavering
professionalism and commitment to the mission of homeland
security. Similarly, in the early years, the leadership of DHS
worked to build a sensible foundation from which to grow, and
Congress has been indispensable to our progress, as has our
important partnership with GAO, with whom we tend on nearly all
matters to find overwhelming agreement.
With this help, we have made considerable progress in all
key areas of management and take some measurement of
satisfaction in the significant narrowing of the high-risk area
in GAO's recent report. The close working relationship we have
built with GAO is founded on principles of engagement,
responsiveness, and mutual respect, and we are grateful for the
level of coordination and professionalism that GAO displays to
us in our work together. We know that their partnership has
been important to the achievements we have made.
Today, we are more integrated and unified as a Department
and we are able to leverage both expertise and experience to
achieve our mission. There are things that are done today that
were not possible before the Department was created. Two
examples will illustrate this point and are indicative of the
kind of Department we have become with your help.
First, the Homeland Security Surge Capacity Force was
created legislatively in 2006, requiring the creation of a
volunteer force made up of DHS employees who could deploy in
the event of a catastrophic disaster to support survivors. On
November 1, 2012, in the immediate aftermath of Hurricane
Sandy, we activated the Surge Capacity Force for the first
time. Within just a few days, nearly 1,200 employees from
Homeland Security from across the Department--the
Transportation Security Administration (TSA), Citizenship and
Immigration Services (CIS), Customs and Border Protection
(CBP), Coast Guard, U.S. Immigration and Customs Enforcement
(ICE), Secret Service, and DHS headquarters--deployed to New
York and New Jersey in support of FEMA's response and recovery
effort.
These individuals communicated directly with disaster
survivors regarding power restoration, emergency services, food
and shelter options, and how to register for disaster
assistance. They slept on ships docked offshore so that they
would be close to the people they serve and not take up limited
hotel space. They empowered those who had been disempowered by
the storm. They were at their best for people who had been
through the worst.
The second example of the things that we can do today in
the Department that we could not do 10 years ago is
cybersecurity. People did not even talk about it in the terms
they talk about it now. But by bringing the components and
offices of Homeland Security together, we have been able to
formulate a coherent strategy to defend the Federal networks in
dot-gov, engage a broad community of expertise, from law
enforcement to the private sector, the intelligence community,
as well, to strengthen the protection and resilience of the
Nation's critical infrastructure, both cyber and physical.
The point of these two anecdotes is not just that we have
helped communities bounce back from disaster or that we have
architected from the ground up a responsible approach to
cybersecurity. The point is that the very best of what this
Department is about comes from the work that we do together and
from the individuals who have transformed the Department from
22 separate agencies into one cohesive and mission-driven unit
whose purpose is to help create a safe, secure, resilient place
where our way of life can thrive.
From a management perspective, as well, we continue to
streamline and strengthen ourselves. The Secretary's efficiency
reviews, begun 4 years ago, have led to DHS employees
identifying 45 specific projects and initiatives that have
yielded more than $4 billion in savings and cost avoidances,
savings that have been reinvested into our critical missions.
Elsewhere, as you have noted, Mr. Chairman, we have
consolidated data centers, overhauled our procurement and
acquisition systems, written the Federal Government's first
ever guidelines on financial assistance, created clear and
measurable performance objectives, have built a statistical
compendium of all of our operations in Homeland Security to
give us visibility into the kinds of indicators and metrics
that indicate successful performance, and we have become
auditable.
We know our work is not done. We know that nothing stands
still. Threats continue to evolve. Technology will continue to
advance. And operational demands will continue to grow. We are
deeply connected to this dynamic world and we are committed to
doing our very best to ensure that this country remains a safe,
secure, resilient place where the American way of life can
thrive. We count on our continued partnership with Congress to
help us hit the mark the American people expect and deserve.
And I thank you again, Mr. Chairman, for the opportunity to
appear before you today and I look forward to your questions.
Chairman Carper. We have all heard the old saying, that is
my story and I am sticking with it. That is a good story to
tell and it is a great story to build on.
We have been joined by Senator Ayotte and Senator Heitkamp
and Senator Baldwin, all new to this Committee, Senator Ayotte
not new to the Senate. But we are delighted that you are here
today to hear this testimony and to join us in asking
questions.
I have prevailed on Senator Johnson just to wait for a
couple minutes. He needs to go someplace else. But he asked a
very good question sort of earlier. I do not know if you want
to ask the same question or something else before you head out,
that would be great.
Senator Johnson. Maybe two quick questions. This one is
pretty broad.
Deputy Secretary Lute, how long have you been with the
agency?
Ms. Lute. Four years.
Senator Johnson. Four years. Having been there now and
understanding the complexity of having 22 different agencies--
again, this is all hindsight, Monday morning quarterbacking--
are there any of those agencies that you think might have been
restructured better someplace else and maybe should not be part
of the Department? Is there any restructuring that you would,
again, just in hindsight, or do you think things are pretty
well comprised here?
Ms. Lute. Thank you, Senator. I have been running
organizations for a long time. I do not have too many
organizational theologies. You can always do things differently
and make improvements. But I think if you ask any of the 22
agencies, the legacies and the offices that have come together,
can they find themselves in that mission statement of creating
a safe, secure, resilient place, yes, they can. Can they find
themselves in any of the five missions--preventing terrorism,
borders, immigration, cybersecurity, and building national
resilience? Yes, they can. So, largely, for the most part, they
are in the right place.
Senator Johnson. OK. Then just getting back to the audit,
can you just describe the major reason why that has not been
achievable in the last 10 years? I mean, is it the
incompatibility of accounting systems between 22 different
agencies? I mean, what has prevented just a complete audit?
Ms. Lute. Well, we have made progress over every year. I
mean, I would tell you at the moment, we are focused on
property. I think we will be able to resolve it for 2012 and
certainly going forward.
Senator Johnson. So it is really just the complexity of
individual issues as opposed--and being able to account for
that 29 percent of all land that the Federal Government
operates and that is now under your jurisdiction?
Ms. Lute. It is a tremendous challenge. It is not that we
do not know what to do. It is not that we do not have the tools
to do it. It is a tremendous challenge. And it is not that we
lack the commitment or the help and support of our partners. We
have all of those things. We will get this done.
Senator Johnson. So it is just the number of things you
have to account for and trying to get it all----
Ms. Lute. It is a big job.
Senator Johnson. OK. Thank you very much. Thank you, Mr.
Chairman.
Chairman Carper. Senator Johnson, thanks for sticking with
us to ask those questions. Good questions.
Let me just start off with a question, if I could, for the
Deputy Secretary. Let me focus for a couple of minutes on the
next steps the Department is going to be taking to improve the
management of the Department. GAO recommends that the
Department track and independently validate the effectiveness
and sustainability of the management improvements that have
already been made. Let me just ask, how will you do that, and
also, what type of reports will be available to this Committee
so that we can monitor the progress that is occurring and meet
our responsibilities for providing good oversight?
Ms. Lute. Thank you, Chairman. So, we have done several
things. One is to launch the Management Health Initiative,
which is really designed to create a dashboard for that at-a-
glance look at critical systems and performances.
In addition, as I mentioned, we have for the first time
begun to compile a statistical compendium to give us visibility
into all of the resources that we have in the Department and
how they are applied against those mission sets. So building
this kind of business intelligence and understanding of our
operation is fundamental to be able to report in a cogent and
authoritative way on the accomplishments and the achievements
that we have made. So we look forward to working with this
Committee to get that right and to establish regularized
reporting to give you the visibility we have.
Chairman Carper. All right. Good.
We all know that management matters and good management is
the platform on which agencies, frankly, businesses, execute
their missions. I hope that is one of the missions that comes
out of this hearing, that good management matters, and I am
convinced that we have good management.
I also am encouraged we have some continuity in that
management, and with, I think, Secretary Napolitano--nobody is
perfect. She is not. God knows, I am not. But I think she is a
very good administrator and very committed. I think you are,
too. I think the fact that she is going to be staying around
for, hopefully, four more years, my hope is you are going to be
staying around for at least that long, and that leaves in place
a very good management team.
I think over your right shoulder is Rafael Borras. Is that
the man? Rafael is the Under Secretary of Management, and a lot
of what we are talking about here is actually an effort that he
has led. You mentioned that and we want to acknowledge him and
the team that he works with, so thanks so much.
But, Deputy Secretary Lute, would you provide us with just
a couple of maybe concrete examples of in the past where weak
management has really undermined the performance of the
Department, and conversely, where good management has enabled
the Department to better carry out its mission. So a couple of
good examples of where bad management undermined the Department
and its mission and maybe one or two where it is just the
opposite has been true.
Ms. Lute. Thank you, Mr. Chairman. First, if you will allow
me, you will not hear me say the Secretary is not perfect.
[Laughter.]
She is a terrific boss and a terrific leader for the----
Chairman Carper. Well, I will say the Chairman here is not
perfect, though.
Ms. Lute. But I will----
Chairman Carper. And I have known the Secretary for a long
time.
Ms. Lute. I know.
Chairman Carper. As good as she is, she is not perfect,
either. You can always do better. Tell her I said that.
Ms. Lute. And I will accept her imperfections.
Leadership and management are things that I have paid a lot
of attention to over the course of nearly 35 years of working
in the public sector, in the military, in the international
civil service, and in the not-for-profit sector, as well. What
management needs to do very clearly is provide people purpose
and pride. You do not run organizations through derogation and
putting people down. You have to say very clearly, what is our
job here.
And what we have tried to do in the Department of Homeland
Security--four years ago, I stood in a door jamb of one of my
colleagues and said, we need to narrate the purpose of this
Department in very clear terms. We need to conduct a bottom-up
review of what we are doing and balance that examination
against what we said is important to do. We need to get off the
GAO high-risk list and we need to become auditable. So those
are the kinds of examples, I think, and we have made progress
in every single one of those, in every single one of those
areas, if I can be allowed.
When you are creating a new department and a new
enterprise--I have done this several times now in the public
sector--this narration of purpose is really essential so people
understand how what they have been doing now contributes to the
purpose that they are being asked to perform. It is easy
sometimes, particularly at the operational level, to be
absorbed in the day to day. It takes a great deal of effort to
sit back, develop perspective and a strategic understanding of
how those discrete individual operational efforts add up to an
overarching purpose.
So narrating that purpose of Homeland Security, clarifying
the five mission areas, as we have done, orienting people in
the direction of, are you performing these missions? Are you
contributing to running ourselves? Are you contributing to our
public accountability? If whatever you are doing is not in one
of those three buckets, stop doing it.
So it is a particular leadership challenge when you are
doing startups, one that I think that we have met, together
with those who have gone before us, in establishing this
Department.
Chairman Carper. One more for you, if I could. Secretary
Lute, we are in a tough fiscal environment. We are working on
it. We passed a Continuing Resolution to fund the government
for the rest of the fiscal year, not perfect, but it is better
than stop and go, the fiscal cliff, lurching from emergency to
emergency. But it is still a tough environment that we are
going to be operating in for the foreseeable future.
Let me just ask, do you think you will be able to sustain
and improve upon the vital management progress that has been
made in the past 5 years? The Senate version of the Fiscal Year
Continuing Resolution that we passed yesterday in the Senate
cuts about $17 million from the Department's management
functions. Tell us, what could be the practical impact of a
reduction of that nature? For example, does this put in
jeopardy the Department's ability to do rigorous reviews of the
component's acquisitions that GAO recommends?
Ms. Lute. Thank you, Chairman. You do not run an
operational department without the ability to hire, retain, and
manage people, without the ability to acquire and procure goods
and services, without the ability to run your financial systems
from an accountability point of view. All of those will be
affected by cuts. Things may take longer. There may be aspects
of things that we do not get to as thoroughly as we would like
under other circumstances. Our job is to limit any negative
effects and prioritize. That is part of the leadership job.
Chairman Carper. All right. Dr. Coburn, please proceed.
Senator Coburn. Secretary Lute, I know I appreciate your
work. I hope you will have somebody stay around here to hear
Mr. Reese's paper, and I think it is unfortunate you have not
read it. It was published January 8. The fact is, there are
some significant criticisms that you need to be aware of rather
than to dismiss them, especially since it sounds like you or
your staff have not read his scholarship. So I hope you will
leave somebody here after you testify to hear his testimony
about what his research shows and his fair criticisms and then
give us an answer to it.
Ms. Lute. I did read his paper.
Senator Coburn. You did? And so you think it is totally off
base?
Ms. Lute. I disagree with what he finds. I do think we know
what our purpose is. I do think we know how to orient our
missions to that purpose.
Senator Coburn. OK. That is fair.
A number of recommendations were made by the 9/11
Commission. That is a fairly remote Commission now. One is the
status of TSA's effort on explosives. I would just like an
update of where we are and where you are going to be on that
requirement.
The other requirement that they had is on the U.S. Visitor
and Immigrant Status Indicator Technology (US-VISIT) program.
GAO found that there were 825,000 pieces of data that are not
matched to the correct fingerprints. They might be fraudulent,
and right now, there is no way to determine whether or not they
are fraudulent. So if you could--and you do not have to answer
these now. I do not expect you to know that detail and
understand that.
But, to me, those represent two of the areas where we have
had substantive recommendations by the 9/11 Commission that we
have not achieved the goal, and both of them are significantly
important to the missions of your organization. So I would hope
that you would respond to me on that.
Since 2004, your agency has disbursed $35 billion in
grants. What do you know about the effectiveness and the
accomplishments of those grants?
Ms. Lute. Thank you, Dr. Coburn. We do not have the kind of
granular visibility into the accomplishments that we want to
have. We do know that we have created a great deal of
capability across the country in those grants, and we do know
that there is a need for a comprehensive approach to a
financial assistance that the Federal Government, in our case
DHS, provides.
We have written that approach to financial assistance. We
have taken a look at everything, from understanding
requirements in the grant-making area, how to build and work
with the communities at the State level and local level in
constructing well-written grant proposals. We have looked at
the accountability and our ratio of personnel to oversight. We
have a lot to do, but we have begun to make progress through
that financial assistance work under the direction of our CFO,
Peggy Sherry.
Senator Coburn. Do you think FEMA, at the very least,
should track what grants are spent on?
Ms. Lute. Yes, sir, I do.
Senator Coburn. OK. And are you?
Ms. Lute. Not as well as we would like, but we are
improving.
Senator Coburn. OK. GAO found that fewer than 10 percent of
DHS's acquisition programs fully comply with the new
acquisition policy. And I know this is a work in process, so I
am not actually being critical when I make that note. I know
that your intent and goal is to accomplish that. They also
found that only one-third of the programs that should have had
approved acquisition baselines actually do. The baselines
actually are probably the most important tool for managing
individual programs and conducting congressional oversight.
Having said that, what steps are you taking to hold
components accountable for complying with the DHS acquisition
policy? I know you have made the policy. Now, where is the
management accountability to make sure the agencies are holding
within that acquisition policy?
Ms. Lute. Well, as you noted, we have drawn all of our
programs under Management Directive 102. Each of the programs
submit to a regular review by the Acquisition Review Board
(ARB). Decisions are taken. We will not progress if we are not
satisfied the questions and accountability are in line. We have
instituted a lifecycle management cost model, as well, which we
are imposing. And we have shut programs down that were not
performing.
So we have begun to change the culture. I think we have
gone a very long way. It is unthinkable that we would undertake
a major acquisition without a careful review under our
directives procedures of what our requirements are and exposing
those requirements to regular oversight through the ARB
process.
Senator Coburn. How about the acquisitions that were
started before you started?
Ms. Lute. Some of them----
Senator Coburn. What are you doing with those?
Ms. Lute. Some of them have proven problematic, and all of
them, we are incorporating into the new process.
Senator Coburn. Would you submit to the Committee the ones
that you have terminated and the ones that are problems?
Ms. Lute. Yes.
Senator Coburn. Thank you. My first training was as an
accountant and as an auditor, and I can tell you, the
experience when I talk to Marine captains and colonels today,
they are so thankful that the Marine Corps is just about to
pass an audit, because what it has actually done is made their
job easier and their decisionmaking easier because they now
have visibility on the key parameters which would judge the
outcome of a decision or direct them to make a new decision.
Are your people ready to use accounting information to make
management decisions and all the way through all 22 agencies?
Ms. Lute. That is a great question, Dr. Coburn. The answer
is, absolutely. And if I can just call out the men and women of
the Coast Guard as the first----
Senator Coburn. Yes, I know.
Ms. Lute [continuing]. As the first uniformed service----
Senator Coburn. You bet, the first one to do it.
Ms. Lute [continuing]. The first to achieve auditable
status. This is something that we have and the Commandant has
and the leadership across the Coast Guard has pushed down, you
are exactly right, down to the lowest level possible. The
American people have a right to expect that we can account for
the resources that have been given to us, and when you can do
it, it is very powerful from a leadership point of view.
Senator Coburn. OK. Let me ask you one other question. You
have accomplished and actually performed on about 60 percent of
the GAO recommendations. I do not expect you to say they are
right in every indication. I understand that sometimes they
miss it. But there are 40 percent of their recommendations that
you really have not acted on. What is the plan? Are some of
those recommendations that you actually disagree with, or are
they just ones that are harder to implement, and is there a
push from senior management at DHS to actually accomplish and
meet those recommended accomplishments?
Ms. Lute. There absolutely is a push, I think as Mr. Dodaro
mentioned. This is not the first time he and I and Cathy are
sitting together at a table. We have known each other for 4
years because we made a commitment early on to get this right.
There are a few things we do not agree with, but we have an
overwhelming bandwidth of agreement between us, what needs to
be done. And also----
Senator Coburn. Let me just interrupt. Will you send me and
the Committee--what you do not agree with?
Ms. Lute. Whatever material we have that we can share
with----
Senator Coburn. Yes, where you say, here are their
recommendations. Here is where we think they are wrong. Send
that to us, because we actually read GAO reports in my office,
and----
Ms. Lute. Mine, too.
Senator Coburn [continuing]. And we would love to have the
other side of the issue----
Ms. Lute. OK.
Senator Coburn [continuing]. Of where you think they
disagree, since the final arbiter is the U.S. Congress in terms
of making the judgment on some of these things and whether some
mandate is going to be put in an appropriation bill to make you
do something that you actually disagree with and have a good
reason for saying, ``We think GAO got it wrong.'' So if you
would send those to us, I would appreciate it. And I am sorry
for interrupting you.
Ms. Lute. No, sir. And as I was just going to conclude, he
also mentioned that he has seen from us detailed plans for
working through the findings that they have given us. And it is
the only way I know as an operator. What do we need to do to
know that we are done, and we will do it.
Senator Coburn. Yes. OK. Thank you.
I am over my time. Are we having a second round?
Chairman Carper. I hope so. It may be abbreviated, but we
will have one.
What you just said about agreeing with most of the
recommendations but not all, and Mike Enzi, a Member of this
Committee, has shared with us any number of times something he
calls the 80/20 rule, which describes how he and Ted Kennedy
were able to get so much done when they were leading the
Committee on Health, Education, Labor, and Pensions. The 80/20
rule means this. He says, ``Ted and I agreed on 80 percent of
the stuff. We disagreed on 20 percent of the issues. We decided
to focus on the 80 percent that we agreed on, set the other 20
percent aside to look at another day,'' and that is how they
were able to get a lot done. And I think that maybe kind of
describes what you are doing here, and whatever you are doing
is, I think, working, and let us just keep it up.
Senator Ayotte is next, and she stepped out for a moment.
We are going to go to Senator Heitkamp, and if Senator Ayotte
does not return immediately, then Senator Baldwin. Thank you.
Senator Heitkamp, you are recognized.
OPENING STATEMENT OF SENATOR HEITKAMP
Senator Heitkamp. Thank you so much, Mr. Chairman, and
thank you for appearing today.
I actually do know Janet pretty well and she is not
perfect. Tell her I said that. [Laughter.]
We were Attorney Generals (AGs) together.
During my time in public life, I have been a tax auditor,
tax commissioner. I have been an Attorney General. So this is
an area that I think I have kind of two perspectives on, how
difficult it is to do security, how difficult it is to wake up
every day and realize primarily your mission is to protect this
country and protect people. But the only way we can do it is
when we are held accountable for how we do it.
And we are in a time of pretty tough budget questions, and
when we have 10 years where we are not able to pass audits, it
gets increasingly difficult to justify to the American public
that we are doing the right thing here. Now, I am new to this
and I can tell you--maybe if I sat through 10 hearings like
this on a GAO audit--I would be a little tougher. But I want to
give you an example of why the American public gets frustrated.
Recently in North Dakota, TSA removed three scanners, full-
body scanners, to move to other locations to replace scanners
that you had to replace because they did not pass privacy
measures. Now, Minot, North Dakota, is a place of great
economic growth. In fact, their airport is experiencing a 49
percent increase in passengers. We have more airlines flying in
there. The airport is understaffed. But yet you removed their
scanner, causing the people of Minot to think, OK, here we go
again. They cannot seem to get it right in Washington. They
cannot seem to get procurement right. We see it every day.
Obviously, we are extraordinarily grateful in North Dakota
for all the help that we have received from FEMA. Minot is
grateful for all the help, and, I think, all the true
compassion and caring that the people experienced. But at the
end of the day, yes, people can like the Federal employees who
show up, and yes, you guys can sleep on ships and demonstrate
your willingness to be accountable, but people want their
dollars spent in an accountable and efficient manner, their tax
dollars.
And when we see repeated problems and a lack of what we
have been hearing today. Sixty percent, you can agree with. You
are moving on 60 percent. But, yet, there have been a lot of
years to make this happen. And I can tell you as an agency
head, if I had come back year after year with an audit and not
having responded to concerns and questions, I probably would
not have gotten an appropriation the next time and the
legislature would have probably taken away my responsibility.
And so I just have a couple questions about my scanners,
and I know that it is, in the grand scheme of things, this is
not the big issue, but it illustrates concerns that we have
about defending and representing the Federal Government when we
go home.
And so I have been told by John Sanders that the agency is
developing an acquisition program for the next generation of
scanners that are going to replace the systems that were
transferred out of our airports. This is a critical acquisition
program which will impact the safety and the security of my
constituents. What steps are DHS and TSA management taking to
ensure that the acquisition problems identified by GAO, such as
a lack of a plan to manage the risk and measure performance,
are not repeated? And that we are not going to see--I have to
tell you, I was pretty tough when I talked with John because I
said, look, if the next thing is that you move those same
scanners back into North Dakota, I will have 400 constituent
letters about the waste of time. I said, you have to figure out
how you can do this in a way that does not disrupt. And the
notice was way too short, so there was not an ability to adapt.
And so I use this as an illustration of the frustration,
and want to be supportive and want to learn more about what the
challenges are of meeting these acquisition policies. But I
also want you to know that I am concerned deeply about
irregularities. I am concerned deeply about inefficiencies and
about a 10-year audit where the response is, ``We are working
on it. We are hoping we will get there.''
Ms. Lute. So, Senator, when I was in the Army, one of the
Chief of Staffs of the Army, Gordon Sullivan--I am a great
admirer of his--used to have a saying, ``Hope is not a
method.''
Senator Heitkamp. Yes.
Ms. Lute. We are not hoping to get to a clean audit
opinion. We were not hoping to get to a qualified audit
opinion. We were going to get there, and we are there. We are
at a qualified audit opinion. We are auditable in less than 10
years of existence of a $60 billion agency with half-a-million
people.
So I share your determination that the accountability and
the auditability and the answerability continues and has to
improve. We will do that.
Senator Heitkamp. But if I can just make a point, and it is
not to be belligerent, but it illustrates, if a bank
consistently told the bank regulator after 10 years, ``We are
working on it. We have a strategy, we think,'' they would not
have been given 10 years to hit the mark. They would not have
been given 10 years.
Ms. Lute. I worked in a bank when I was younger. I will not
pretend to answer for it now. But what I can tell you is that
we take a backseat to no one in our determination to achieve
what we said we were going to do, which was a clean audit
opinion, and sustain that, and I believe we will hit that mark.
I know we will, because I know the effort that is going into
this.
In terms of the acquisition, I would be happy to share with
you our detailed Management Directive covering the acquisition
process to which now all programs must adhere, and it is a
rigorous process that examines from requirements to ultimate
disposition.
Senator Heitkamp. And if I can just--not to belabor it--
every organization has a policy. The question is whether they
have the will to implement the policy, and so we will wait and
we will see. But these numbers at this point are not numbers
that I can defend in North Dakota.
Ms. Lute. What I could say, we also have a proven track
record over the past 4 years of actually holding the meetings,
canceling programs, improving the accountability and the
understanding and the oversight within the Department of our
acquisition programs, and we would be happy to lay all of this
out for you in as much detail as you would find useful.
Senator Heitkamp. Thank you.
Chairman Carper. Senator Heitkamp, if you have not taken
advantage of this, or any other Members of our Committee, I
know Senator Coburn has, but Deputy Secretary Lute was good
enough to spend a couple of hours with me and members of my
team and it was just enormously helpful in understanding where
they were when she started and where the Secretary started and
how far they have come and what more they need to do. Hearings
are good. Roundtables are good. But that is even better, and I
would just urge you to take advantage of that. If we can be
helpful in maybe pulling together a small group of Senators to
have that kind of conversation with their staffs, I think
everybody would be better for it, all right.
OPENING STATEMENT OF SENATOR AYOTTE
Senator Ayotte, thanks for being with us yesterday. Thanks
for being back again today. You are recognized.
Senator Ayotte. Thank you, Mr. Chairman.
I want to thank the witnesses for being here today and
wanted to followup on, I think, some questions that you were
already asked by Senator Coburn and may have been touched on by
Senator Heitkamp, as well, and that is the grant programs and
acquisition programs.
The December 2012 GAO report found that, in fact, there
were--unfortunately, the major acquisition programs are
continuing to cost more, take longer, deliver less capacity,
and GAO identified 42 particular programs with cost growth or
schedule problems, 16 of which saw increased costs, from $19.7
billion in 2008 to $52 billion in 2011. And according to that
December GAO report, this was due to the Department's lack of
adherence to knowledge-based program management practices, and
I know that Dr. Coburn touched on that, but where are we on
this and how do we--basically, as Senator Coburn said, if we
cannot measure effectiveness for these and we are continuing to
see cost overgrowth in a challenging fiscal climate, how do we
justify to our constituents that we should be spending money on
these programs?
So can you explain, where we are on that, and also, I would
love to get some comment from you, Ms. Berrick, on that issue.
Ms. Lute. Thank you, Senator. We agree that we can do
better, and as Dr. Coburn and I discussed, this is something we
are very seized with.
One of the things that we did was put in place the National
Preparedness Goals. What do communities need to do? How much of
X, Y, or Z do they need to have? How do they know that from a
set of judgments regarding what constitutes community
preparedness that they are getting close to that? So
articulating those preparedness goals was an important first
step.
Evaluating the capacity that has been created over the past
10 years, with a sizable investment by the Federal Government
in that capacity, is something that we are intending to do, as
well.
And then measuring performance objectives. And we have
begun the performance objective process with ourselves. In
2009, we had over 182 performance objectives, some of which,
quite frankly, were impenetrable. They were really difficult to
understand and they were not at all straightforward. We looked
at every single one of them. We have broken them down. We have
cut them by more than half. And we have put them in plain
language so that we know if we do these things, these are
recognizable steps in the direction of preparedness, safety,
and security.
Senator Ayotte. Can I share an experience I had when I was
Attorney General? When the Homeland money first came in, to the
State level, at least, the experience I had in our State, good
intentioned people, but a lot of specific requirements on the
Homeland money that maybe allowed a local agency to buy an All
Terrain Vehicle (ATV) or a particular piece of equipment, but
as I saw it, no connection to the overall plan to homeland
security. Where are we on that with the State dollars that have
flowed down and what I have seen sort of from a State
perspective is a lot of piecemeal equipment here and there, but
I could not connect it to the overall protection of either the
State or the country.
Ms. Lute. Again, that was part of the purpose of laying out
these National Preparedness Goals, so that we could see not
just what the States were doing, but that the States could,
further on down, see what was going on at the local level.
Senator Ayotte. And that it was all coordinated to some
greater plan to protect the homeland?
Ms. Lute. So that it would be better coordinated to address
the risks in a prioritized way.
Senator Ayotte. OK. Well, I appreciate that, and this is
something that I--obviously, I am new to this Committee, but
want to hear more about, and I would certainly like to hear
your perspective, Ms. Berrick.
Ms. Berrick. Sure. I think Senator Heitkamp really captured
the State of DHS's acquisitions well, which is they have a good
policy in place. The key is really execution moving forward.
In addition to some of the statistics you mentioned, our
review that we issued late in 2012 identified that most of
DHS's major acquisition programs lack key documentation. That
is really fundamental to managing those acquisition programs.
And, in fact, half of the programs did not have any of that
documentation, and that includes new programs and also older
programs, as well, that predated the new Acquisition Directive.
DHS has a number of really promising initiatives that they
are pursuing right now that will strengthen their acquisition
function. The status is they are in the very early stages, and
I can give you a couple of examples.
One is they have recently developed a requirements
validation function which basically looks at the requirements
for new systems and looks across the Department and coordinates
that and makes sure that they are developing one DHS solution
to meet all of their needs. We think that is very positive, but
it is still in the very early stages. They are just starting to
meet as they move forward. So we are going to be watching that
moving forward.
Another promising development is they developed a dashboard
to oversee cost, schedule, and performance for their
acquisitions, again, very promising. But that also is in the
early stages. And, in fact, due to data issues, managers cannot
really rely upon that system right now to make decisions.
Regarding DHS's progress related to acquisitions, they are
absolutely moving in the right direction. The key will be
executing on their policy, which is a good policy, and then
assessing the results as they move forward.
Senator Ayotte. Thank you. I also wanted to ask about just
looking at the 2013 high-risk list, where are the issues that
fall under, really, primarily DHS that GAO issued? And, of
course, I think the one that jumps out at me, as I am aware we
have had a pretty lengthy hearing on the cyber challenges, but
the establishing effective mechanisms for sharing and managing
terrorism-related information to protect homeland security. I
mean, this is the key issue post-9/11. Where are we? If it is
still on the high-risk list, what have we done that is well
that you can talk about here, and where are the major
challenges that remain?
Ms. Berrick. The first----
Senator Ayotte. Obviously, if there are things you cannot
share here, I understand that.
Ms. Berrick. There has been significant progress in
standing up the information sharing environment, which is
really the government's structure to manage this issue because
it goes beyond DHS. It affects a lot of Federal agencies that
have key leadership roles in this area. So there have been good
oversight structures. The White House has established a Policy
Committee that oversees efforts in this area. They also
established a strategy with pretty good metrics.
The key, really, right now is for the five major
departments that have key responsibilities in this area,
including DHS, to execute their information sharing initiatives
and to coordinate with one another. DHS has made very good
progress in this area. They have prioritized their information
sharing initiatives. A key challenge that they are facing is--
as other departments are, as well--is really resourcing those
initiatives. We think they still have work to do in leveraging
efforts of other departments and also identifying what their
resource needs are for all of the various initiatives which are
still underway.
Another big challenge in the information sharing area is
really the IT issue of connecting systems to enable departments
to share information. There have been some frameworks put in
place, but the agencies are really in the early stages of that.
So very good progress in standing up a governance structure.
The key right now will be for the departments that have key
responsibilities to move forward and coordinate their
initiatives, such as the IT initiatives, and work together to
address these challenges.
Senator Ayotte. Secretary.
Ms. Lute. I would just add one thing to what Cathy has
said, in addition to all of that. Maybe two things.
One is, sorting through the rules of information sharing is
an important aspect of this, as well--U.S. persons, non-U.S.
persons, law enforcement sensitive information, et cetera. We
have been working through that with all of our counterpart
agencies and we think we are making progress, but it is
something that we have to and do pay attention to.
The other thing that we have begun to come to grips with,
and I would say that this is a tremendous challenge, is the so-
called big data challenge. We have an initiative--we have
several initiatives sort of, again, that are across the
Department of Homeland Security. I call them the DHS Commons--
common vetting, common aviation, common redress and traveler
assistance and customer service.
In the common vetting, what we know is we interact daily
with the global movement of people and goods. TSA moves two
million people a day. A million people cross our borders. We
have a tremendous amount of data. How can we minimize the
collection of that data so as to not pose an undue burden on
the traveling public, for example, and how do we share it in an
expedited way, subject to rules, with appropriate limits of
use, protections for privacy, civil rights, and civil liberties
that people have a right to expect? We are making progress on
all of those fronts, in addition to what Cathy said.
Senator Ayotte. Thank you all. I know my time is over-
expired, so thank you for that latitude, Mr. Chairman.
Chairman Carper. It was worth stretching it out. All right.
Thank you very much. Thanks for being here again.
OPENING STATEMENT OF SENATOR BALDWIN
Senator Baldwin, welcome. Great to see you. Please proceed.
Senator Baldwin. I want to also thank the Chairman and
Ranking Member for holding this up and down review of the
Department of Homeland Security. Clearly, what was accomplished
back in 2003 was no easy task, and I certainly recognize the
incredible progress made in the 10-years since the Department's
creation. But since we are here today, I want to focus in on a
couple of the areas in which the Department can improve or have
been pointed out.
Fortunately for me, Senator Ayotte's last question was the
first question I was going to ask about in terms of the
recommendations in the GAO High-Risk Report on information
sharing across agencies, so I feel like you have tackled that.
But I want to also look at another area. Mr. Dodaro, in
your testimony, you discuss the inclusion of a new high-risk
area in 2013, limiting the Federal Government's fiscal exposure
by better managing climate change risks. And our country has
certainly seen an increase in weather-related events that have
contributed to significant loss of life and property, and it
seems to me that each year, the weather-related events become
more and more damaging and the level of involvement of the
Federal Government has only increased.
One of the recommendations in your testimony is for DHS to
improve the criteria for assessing a jurisdiction's capability
to respond to and recover from a disaster without Federal
assistance and to better apply lessons from past experiences
when developing disaster cost estimates.
A few weeks ago, I was meeting with a county executive from
one of the larger counties in the State of Wisconsin and we
briefly discussed the need for FEMA and other Federal agencies
to be more involved in ensuring that our local communities are
prepared for the worst. And so I am wondering if both of you
could comment on what DHS action items have occurred and will
occur in the near future to assist local communities in
preparing for the worst.
Mr. Dodaro. First, the criteria issue is a very important
one. The criteria was established, and it is qualitative
criteria, but they use some quantitative measures. One is the
per capita cost, per person in each State, and it started out
as a dollar in the 1980s per person per State as sort of a
threshold of whether or not the total costs of responding to
the disaster would go over that. Then the Federal Government
would get involved. That was not indexed for inflation for a
13-year period of time, from 1986 to 1999. Our calculations
show that if it had been indexed for inflation, the Federal
Government would not have been involved in about 25 percent of
the disasters that occurred during the time period we reviewed.
And FEMA did agree with our recommendation to reassess the
criteria and said that they were going to do that. It is a
complicated task to be able to do it, but it is very important
because of the incentives that it provides at the State and
local level to make their own plans for preparedness and to
identify where accountability lies. Particularly with State and
local governments having zoning responsibilities, they have a
lot to say in terms of where there infrastructure is located.
Now, the other responsibility that FEMA has is to come up,
ultimately, with criteria to determine readiness at the State
and local level, and this goes to the grants question, as well,
that was raised earlier. With all the grants that have been
provided, at what point, even with what Jane mentioned
regarding their goals that will be established, at what point
are States capable of responding to these situations? FEMA is
still working on that issue and has not really resolved that
issue, as well.
So there are two issues. One is the criteria for whether
the Federal Government intervenes or not, and I think it needs
to be reassessed. FEMA has agreed. But it will be a while
before they come up with the criteria. But Congress should ask.
And second is when FEMA comes up with a criteria for
determining readiness of the capabilities at the State and
local level. Both are needed to have good benchmarks in that
area.
Senator Coburn. Would the Senator yield for just a moment?
Let me make a comment about Oklahoma. I think Oklahoma received
11 disaster declarations based on the per capita damage ratio,
and it is supposed to be a combination of overwhelming local
resources and the per capita damage ratio. If you just looked
at when we were overwhelmed, it was one of those.
Now, we are happy to take the money. I know our Governor is
and our State Legislature. But I will put us back into
perspective. We are going to spend a trillion dollars more this
year than we have and there comes a point in time where local
responsibility has to take over and be responsible for their
legitimate functions for a couple of reasons.
One is, we can never solve all, have them totally prepared,
even if we were the great benevolent figure that we are.
And No. 2 is, financially, we cannot afford to do what we
have said we are going to do now. And so we have to change this
indicator, at least change it for inflation, because it is a
tremendous advantage to a small State. We have less than four
million people. It is not hard to get $4 million worth of
damage from a tornado in Oklahoma. How much responsibility
should Oklahomans bear for that? I would say the vast majority
of it, not the Federal Government.
So I think your point is well made, and I am sorry I
interrupted you and we will add more time to you. But we have
to start putting this into perspective.
Mr. Dodaro. I agree with you, Senator. I think a good
interim measure would be to index it for inflation for the
entire period of time, because FEMA has indicated it is going
to take time to come up with new criteria and go through a
vetting process. But there could be some interim changes that
they could consider.
Chairman Carper. Senator Baldwin, would you just hold your
thought for just a moment. None of this counts against your
time. In fact, we will give you more time.
My understanding, just correct me if I am wrong, is about
the last dozen or so years, I think this number has been
indexed to the rate of inflation, I think. But for the first 12
or so years that it was in existence, it was not. And so I
think that is the issue here, and the question is, what kind of
catch-up do we do for those first dozen or so years.
OK. Senator Baldwin, you are on. Thank you for bearing with
us.
Senator Baldwin. No problem.
Deputy Secretary Lute, I do not know if you have any
comments on this question also.
Ms. Lute. So, I would only say two things. It is not 60/40.
Gene and I agreed it is probably 95/5. We agree on most things
that need to be done and improved, and it is really on that
basis of common perspective that we proceed.
And I guess the only thing I would add reflects a little
bit on the point Dr. Coburn was making, which is in the tragic
tornado that went through Joplin, Missouri, not long ago, it
was an extraordinary demonstration of local capacity and mutual
aid from the local community. No Federal search and rescue
resources were deployed to that area. It is a small, teeny
example, but exactly the kind of point, I think, that you are
raising and making, and that is where we are headed.
Senator Baldwin. The other question I had, my home State of
Wisconsin has a number of ports of entry throughout the State
that Customs and Border Protection oversees. And I am curious
as to whether there are any major recommendations that directly
involve Customs and Border Protection and whether such
recommendations focus on security at ports of entry, if you
could both comment on that and provide context to whether there
are current issues with security at our ports of entry.
Mr. Dodaro. Yes, Senator. I will ask Cathy to elaborate on
it, but regarding maritime ports, the one I know of is the
Transportation Worker Identification Card (TWIC) issue, which
we have written about in a couple of reports, and the status of
that card. Part of the problem was not having the card readers
available yet. So that has been one problem. But I will ask
Cathy to elaborate on others.
Ms. Berrick. In addition, I would mention, as was already
discussed, the US-VISIT exit system, which is a mandate that
DHS has to develop a biometric exit capability to track foreign
nationals leaving the United States. They have a biometric
entry system. But that is a key area outstanding that they are
working on.
Also, another area is determining the appropriate mix of
technology and infrastructure to secure different sectors along
the Southwest border. As was mentioned, SBInet was canceled and
DHS's new approach is to determine the appropriate mix across
the sectors rather than have a one-size-fits-all solution, and
that work is still in progress and GAO has ongoing work looking
at it.
We have also made recommendations related to training for
CBP agents and the need to have recurring training and
refresher training after agents have been hired.
Those are some key ones, and we have a number of others
that we would be happy to discuss with you.
Ms. Lute. I think what I would just say in response, all of
these are known to us and things that we are working on. As
Cathy said, there is no one-size-fits-all for the ports of
entry at the border and there is no single-point solution, just
technology, or just more personnel, or just better process. You
need to integrate all of these things in a sensible approach at
the border, as we have been demonstrating.
With respect to training, I could not agree more, and I am
fond of saying sometimes that in the Federal Government, people
talk about investment. Really, the only place you invest is in
people. That is where you get the return. We spend a lot of
money. We place some bets. Is this going to work or not? But
the real investment is when you invest in people and that is in
training.
And we have taken steps, particularly on leadership
training. We have created--it did not exist before--a
comprehensive leadership training program for the Department of
Homeland Security so young, entry-level professionals coming in
as a Homeland Security person can see themselves all the way
through and understand that as they progress in their career,
there is a progression in expectations of the responsibilities
they will assume. Certainly, this applies here, as well.
Senator Baldwin. Thank you.
Chairman Carper. One of the recurring themes of our hearing
yesterday--on the oversight of the Hurricane Sandy response--
one of the recurring themes was shared responsibility. We are
not in this by ourselves. It is not just the Federal
Government. It is not just State or local government. It is
just government. We are all in this together, so that is good.
Mr. Dodaro, if you could, a question for you. I am going to
try to keep this under 4 minutes. If you could help me with
that, that would be good. But if you had to provide us with
maybe the top two or three areas that you think would yield the
greatest results in further improving the management of the
Department of Homeland Security, what might those two or three
areas be?
Mr. Dodaro. I think the first area, the one area that I
would focus on, is the acquisition management area, because----
Chairman Carper. Is your microphone on? Just start over.
Mr. Dodaro. I am sorry.
Chairman Carper. We want to hear every word.
Mr. Dodaro. OK. I will ask Cathy to provide input too. I
will give the first one, and that is acquisition management. I
think the acquisition management area is so critical to
procuring the types of systems, whether it is scanners, IT
solutions, or other solutions, that are critical to implement
the Department's missions. And I think that is very important,
whether you are talking about immigration, Customs and Border
Patrol, or other areas. That is where I would focus. That is an
area where we have seen well-established departments, long-
established departments--Defense, National Aeronautics and
Space Administration (NASA), Department of Energy--with
acquisition management still on the high-risk list. So that is
a tough issue to resolve and it is all about implementation and
having the proper discipline in place.
Chairman Carper. Thank you.
Ms. Berrick. And just to provide some context, GAO has
issued over 1,300 products looking at different aspects of
DHS's programs and operations and made over 1,800
recommendations. A key theme we identified, looking across all
those products that has impacted the Department's efforts trace
back to the management of the Department, just to put this in
context. So we have identified this as a cross-cutting issue.
And while all the management areas are important, I agree
that acquisition along with IT are the two areas that have the
most direct effect on the Department's ability to implement
their missions--secure the border, secure air travel. IT is
very similar to acquisition.
DHS's focus really needs to be on moving forward on the
initiatives that they are pursuing, and ensure that they are
following their existing policy, not just in acquisition and IT
but across all the management functions. DHS has good policies
in place. The key is really execution, moving forward on these
initiatives that they are starting, and monitoring their
progress moving forward.
Chairman Carper. OK. Thanks.
My last question. On our second panel today, Elaine Duke,
who is here today already, served as the Under Secretary of
Management at the Department, and former Inspector General
Richard Skinner, are both going to caution us on this Committee
that it is important not to be short-sighted with the budget
for management. The Fiscal Year 2013 Continuing Resolution
passed by the Senate yesterday would cut $17 billion from
management at the Department of Homeland Security. What area or
areas of progress in addressing management are the most at risk
if there are funding reductions, and what will be the impact in
the next 5 to 10 years?
Mr. Dodaro. We have already received a request from the
Congress to look at the impact of sequesters on Federal
departments and agencies, so we will be looking at that issue,
including in terms of how they have prepared for this issue,
because a lot depends on what kind of decisions that they have
made in terms of what impact it is going to have, and once we
complete that work, we would be happy to provide it to this
Committee.
Chairman Carper. OK. Fair enough. Dr. Coburn.
Senator Coburn. You said $17 billion?
Senator Carper. I said $17 billion. I think I misspoke. It
is $17 million.
Senator Coburn. General Dodaro, the DHS employee morale
survey this year went down. Why do you think it did?
Mr. Dodaro. Well, I think there are two reasons. If you
look at all the Federal departments and agencies, it went down,
I mean, overall, with few exceptions.
Senator Coburn. OK.
Mr. Dodaro. So I think it is part of the environment and
the uncertainty associated with the environment.
Beyond that, I am really not sure, and one of the things
that we have recommended to the Department is that they do a
root cause analysis to try to figure out what is driving the
decrease in scores.
Senator Coburn. It is a pretty depressing place up here, is
it not? [Laughter.]
Mr. Dodaro. Well, this is a tough issue. I know from
running the GAO, we have employee feedback surveys, too.
Fortunately, we are one of the top-ranked ones, but we did not
get there by accident. We worked on this over the years. It is
very difficult to figure out what motivates people and what you
really need to do to address their concerns. But you have to
keep trying really hard to find out what some of the root
causes are to be able to do that. We have made that
recommendation to DHS. They have agreed to do that. And I think
that will provide some insights as to the reasoning. You really
have to study this.
Senator Coburn. Yes.
Mr. Dodaro. If you leap to conclusions about things, you
can actually make things worse.
Senator Coburn. Yes, right.
Secretary Lute, do you think it is any worse in DHS than it
is anywhere else in the government?
Ms. Lute. I will not speak for anywhere else in the
government, Dr. Coburn, but it is unacceptably low to me,
certainly to the Secretary. I have been around a lot of
workforces for a long time, and as Gene said, across the
Federal Government, it is down. Across the country, the public
mood ebbs and flows. There have been pay freezes. There have
been other things going on.
Senator Coburn. Tough times.
Ms. Lute. But there also have--I think--and this Committee
has been very helpful in this regard and helping the American
public understand that their red, white, and blue-collar
workforce shows up to work for them every single day. And you
do not run an organization with denigration and derogation and
dismissiveness. You run it with purposefulness and pride. And
you run it most effectively when you put that purpose and that
pride in the hands of your workforce and you lift them up. Our
job is to lift them up.
So one of the things that I also know is that your front-
line supervisor matters a lot to you. Do our front-line
supervisors have the tools they need to do their job? We are
trying to give them that with this emphasis on a leadership
training program, and other things, as well.
People want to show up. They want to connect to the meaning
that brought them to public service. They want the tools they
need to do their job. They want to add value and they want to
feel valued. That is what we are going to do.
Senator Coburn. Secretary Lute, let me ask you one last
question. We will submit a lot of questions for the record,
which we routinely do, and I appreciate you all being timely on
the response.
Homeland Security Permanent Subcommittee on Investigations
(PSI) and my office did a study on urban area security
initiatives this last year and published it, and we got a lot
of blow-back, but it is $8 billion out of the $35 billion that
you spent in the last few years on grants. And Senator Ayotte
was here. New Hampshire spent hundreds of thousands of dollars
on a BearCat for a pumpkin festival. What Senator Heitkamp
said, it is pretty hard to explain to people why we are
releasing people from detention who are undocumented aliens
when we are spending two or three-hundred-thousand on a piece
of equipment that is going to rarely, if ever, be used for its
original intended purpose.
What level of specificity are you putting into the grant
requirements? We are spending American taxpayers' money to help
them get prepared, and then they see all these areas where we
are spending, whether it is snow cone machines or underwater
robots for a city that does not have a lake or whatever it is?
How are we changing that?
Ms. Lute. And I agree with you, Dr. Coburn. That has to
change. In part, we are changing that through the
identification from FEMA of the National Preparedness Goals.
What do you need to be able to do? What capabilities are
required for that, and how do you measure your performance
going forward?
Senator Coburn. And how much of it is the State and local
responsibility?
Ms. Lute. It is. As you know, a great deal of it is. But
also, this serves as guidelines for them as it further cascades
down.
In addition to that, we have written this financial
assistance policy which now is comprehensive. It looks at
requirements. It looks at grant writing. It looks at
accountability. It looks at grant oversight over the course of
time, disposition and ultimate reporting. We know we can do
better on this and we are committed to doing it. And, again,
the proof is in, not just writing the policy, but following
through.
Senator Coburn. All right. Thank you very much. Thank you
all for being here. I appreciate your dedicated service.
Chairman Carper. As do I.
Before we release you, I just want to mention a couple of
things. One--I think Tom has heard me say this before--people
say to me from time to time in Delaware and across the country,
I do not mind paying taxes. Some people say, I do not even mind
paying more taxes. I just do not want you to waste my money. I
just do not want you to waste our money.
This Committee is dedicated, committed to--not just the two
of us, but I think everybody on this Committee is determined to
be a good partner, provide oversight, but be a good partner
with you, both of you, the three of you, to making sure that we
waste a whole lot less. Our goal is to be perfect, but the road
to improvement is always under construction. I am encouraged
that this road to improvement is under construction, for sure.
We are making some progress.
The other thing, on morale, it troubles me. I want people
who work here with us on this Committee and our staffs, our
colleagues, I want morale to be good. And one of the most
interesting things I have heard lately about morale, what
people like about their work, it is people like different
things about their jobs. They like getting paid. They like
having vacations. They like having benefits, pensions, so
forth, health care. But what people most like about their work
is that they feel that it is important and they feel like they
are making progress. That is the most important thing. They
feel the work, that their work is important, and they feel like
they are making progress.
Clearly, the work that you and the team that you and
Secretary Napolitano do, the work you do is hugely important
for our country. And not everybody knows this, but pretty soon
it will be a secret no more. You are making progress. GAO, who
we look to for enormous help on this, has verified that. Can
more progress be made? Sure, it can. And I think with the
attitude that you bring to it and the oversight we will provide
and the help that hopefully we can provide, we will provide
even more.
We did not get into the issue in terms of management
success and morale, as to whether or not it makes sense to try
to put more resources behind consolidating your operations in
one location. We did not talk at all about St. Elizabeths. We
are going to have some follow-up questions. But I think that is
an important issue and we are not doing a very good job. At
this time of scarce resources, it is hard to come up with the
money, but what we do come up with, it is important that you
use it in a cost-effective way and help us in working with the
appropriators to make sure that the dollars that are available
for this are being put in the right place to help to better
manage the Department, better do your work, and, really, in a
sense, enhance morale.
All right. Anything else, Tom?
Senator Coburn. I do not think so. Thank you.
Chairman Carper. OK. Thank you all very much.
And I want to say, I do not know, Ms. Berrick, if you could
stay with us and sit through--just remain at the table and we
will add another nameplate if you could remain with us, just to
be--I do not know that we will call on you, but we may, and it
would just be helpful if you could be here.
Ms. Berrick. Sure.
Chairman Carper. Secretary Lute----
Ms. Lute. Yes, sir.
Chairman Carper. Good job.
Mr. Dodaro, as always, thank you.
Mr. Dodaro. Thank you. [Pause.]
Chairman Carper. All right. Welcome. It is great to see all
of you and have you join us at this witness table. You are not
strangers to us and we are mindful of your years of service to
our country, and your continued service. I am going to provide
brief introductions and then we will turn you loose to testify
and then respond to our questions.
Our first witness on this panel is Elaine Duke. Ms. Duke
had a 28-year career with the Federal Government culminating in
2008 with her nomination by President Bush and Senate
confirmation to be the Department of Homeland Security's Under
Secretary for Management. She is the principal of Elaine Duke
and Associates and provides acquisition and business consulting
services. Welcome. In addition, I understand that you are an
Adjunct Professor of Acquisition for American University and a
Distinguished Visiting Fellow at Homeland Security Studies and
Analysis Institute. Again, we are grateful for all your service
and very grateful that you can be here today.
Our second witness is Richard Skinner. After 42 years of
Federal service, having started at the age of 12, Mr. Skinner
retired in early 2011. He was the first Senate-confirmed
Inspector General of the Department of Homeland Security. Prior
to his July 28, 2005, confirmation, he held the position of
Deputy Inspector General starting on March 1, 2003, the date
the Department was created. Prior to his arrival at DHS, Mr.
Skinner was with the Federal Emergency Management Agency, where
he served as the Acting Inspector General and Deputy Inspector
General. In 1998, he received the President's Meritorious
Executive Rank Award for sustained superior accomplishment in
the management of programs of the U.S. Government and for
noteworthy achievement of quality and efficiency in the public
service. That is a high honor.
Our third witness is Shawn Reese, Analyst of Homeland
Security Policy at the Congressional Research Service. Mr.
Reese has written numerous reports to Congress on Federal,
State, and local homeland security policy issues. He has
testified numerous times on homeland security and
counterterrorism issues before House Committees. Mr. Reese is a
2011 graduate of the Department of Defense's National War
College and a former U.S. Army officer. We are happy to welcome
you. Thanks for joining us.
And, Cathleen, thank you for sticking around.
Ms. Duke, you are recognized. Your full statement will be
made part of the record. You are welcome to summarize it. I
will ask you to try to stick close to 5 minutes, if you could.
If you go a little bit over, that is OK. If you go way over, I
will have to rein you in. All right. Thanks. Please proceed.
TESTIMONY OF HON. ELAINE C. DUKE,\1\ FORMER UNDER SECRETARY FOR
MANAGEMENT, U.S. DEPARTMENT OF HOMELAND SECURITY
Ms. Duke. Thank you, Chairman Carper, Ranking Member
Coburn, and Members of the Committee. I am very pleased to be
here today. Management integration at DHS and the GAO high-risk
list was important to me when I was at the Department and it
continues to be of importance to me even after I have retired
from Federal service.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Duke appears in the Appendix on
page 113.
---------------------------------------------------------------------------
I would like to talk about three phases of DHS management
integration briefly, the past, present, and future.
In the past, first, we went through what I will call a
building block stage. Some have the misperception that DHS was
actually kind of formed as a blank slate, but really, it came
together as 22 different agencies with many disparate and
different systems, cultures, missions, all united by
legislation. And each of the agencies brought with it both the
good and the challenges of the legacy agencies. And so in
bringing them together and achieving management integration, we
had to start first by undoing to bring together in a more
effective manner.
For example, when DHS was formed, about 90 percent of the
major programs, and those are over a billion dollars in
acquisition costs, were not run by a program manager with the
skills and experience to run it. Now--and one of the building
blocks we put in place was to develop a certification program
for program managers and other acquisition professionals to
appropriately run this program. And as a result of that initial
building block, now, over 75 percent of the major programs are
currently run by a program manager.
Now, I will briefly address some of the present initiatives
to further enhance management integration, and these focus a
lot on integrating some of the building blocks that were put
together in the first 3 to 5 years of the Department. It has
expanded and it is preparing to expand the Acquisition
Certification Program to the other career fields that are
critical for success, most notably cost estimating, logistics,
test and evaluation.
It has put in place Component Acquisition Executives (CAE).
It is a position, but it is key to continued accountability and
authority of driving good acquisition throughout the operating
components. And it has also raised the level of acquisition
oversight to direct report to the Under Secretary for
Management, Mr. Rafael Borras, in the Program Accountability
and Risk Management Office (PARM).
DHS has made significant accomplishments toward management
integration. It has strengthened the authorities of the six
business chiefs, which was critical in driving integration
through DHS. And it has strengthened the functional integration
between those chiefs and the operating components. It has
chartered two federally funded research and development centers
to assist in driving these objectives through DHS, the Homeland
Security Studies and Analysis Institute and MITRE.
As a result of the continued efforts of DHS leadership and
management personnel, we are beginning in the Department to
show sustained and demonstrated improvements. It first started
at the U.S. Coast Guard (USCG) as the Blueprint for Acquisition
Reform. DHS has applied the best acquisition practices
throughout the Department. It has taken back systems
integration responsibilities in key programs such as Coast
Guard Deepwater and CBP SBInet. It has used the acquisition
review process to redirect programs that are breaching cost,
schedule and performance measurements. It has made significant
improvements on its financial audits, as was discussed in the
first panel. Another example is the consolidation of data
centers, closing 18 already with six more slotted for closure
this fiscal year.
Finally, I will give my recommendations for the future. DHS
has developed an Integrated Investment Life Cycle Model
(IILCM), and this model is critical and ideal for the next
phase of management integration. It does two important things.
First, it develops much needed management structure around
policy and joint requirements. Second, it seeks to integrate
and flow the decisionmaking of the various building blocks that
were put in place in the first 10 years of the Department of
Homeland Security. The integration of policy, joint
capabilities and requirements, resources and acquisition under
the Integrated Investment Life Cycle Model is critical for the
continued maturation and integration of DHS management.
I believe there are several key things that DHS, GAO,
supported by this Committee and other Committees of Congress,
must do to support DHS in its continued seek for management
integration: focusing on effectiveness and efficiency,
continuing to form the capital and resources necessary for the
integration, supporting the IILCM, and appropriately
recognizing the employees that have continued to make the
results that have been accomplished to date, as Deputy
Secretary Lute talked about a little earlier. We must not
underestimate the recognition of these outside parties.
I am looking forward to answering your questions this
morning as we proceed with this panel. Thank you.
Chairman Carper. Thank you, Ms. Duke.
Mr. Skinner, please proceed.
TESTIMONY OF HON. RICHARD L. SKINNER,\1\ FORMER INSPECTOR
GENERAL, U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Skinner. Good morning. I believe it is still morning.
[Laughter.]
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Skinner appears in the Appendix
on page 119.
---------------------------------------------------------------------------
Chairman Carper, Ranking Member Coburn, it is truly an
honor to be here today and I appreciate this opportunity.
The Department's management support function was, when I
was the IG, and you said earlier, one of the major problems
when the Department first came together. It had to dig itself
out of a hole. It inherited billions and billions of dollars'
worth of programs, all with material weaknesses and inherent
weaknesses. Yet, the management support staff that was
transferred to the Department was not sufficient to support
those programs. They have been digging themselves out of a hole
for years.
Management support, and it has been repeated all morning,
is in fact, the platform on which all of the DHS programs and
operations are built, and they are critical to the success of
the Homeland Security mission. And if the Homeland Security
programs are in fact weak, so in turn, will be the programs
which they are supporting.
Elaine and others have already hit on this, but I think it
is really important to understand that when the Department was
stood up, that this was one of the largest reorganizations in
the past 50, 60 years, since DOD. That, in and of itself,
created problems. And the fact that the environment in which we
were living in those days, right after 9/11, also I think,
contributed to this oversight. Everyone was mission focused,
not management support focused. And as a result, I think that
has delayed the building of the management support operations
that we are still grappling with today.
The Department, and this goes back to all three
Secretaries, Ridge, Chertoff, and now Napolitano, all
recognized this as important. But I think the real progress
that we are starting to see has occurred in the past 5 to 6
years, and it is moving at a snail's pace, but it is moving.
The barometer is going up, and I think that is a very healthy
indication of where the Department is headed.
Financial management, everyone has talked about that and
everyone is very proud of the fact that DHS has received a
qualified opinion on the balance sheet for fiscal year 2011 and
reduced its material weaknesses. I would like to emphasize that
obtaining an auditable financial statement is not the end goal.
That is just one of the benefits that you receive from having a
good, sound financial management system.
The Department right now is operating--their systems are
being operated with band-aids. In order to get that clean
opinion, it takes a Herculean effort by staff burning midnight
oil, and it is going to do that year-in and year-out until it
modernizes its financial management systems. Yes, it can tell
you where it is at a point in time, September 30, but can it
tell you where it is at on a daily basis? That is what a good
financial management system should be doing. We still need to
invest in modernizing DHS' financial management system.
The other area is information technology. That continues to
be one of the Department's biggest challenges, in my opinion.
We have to keep in mind, DHS inherited over 2,000 IT systems
back in 2003. I think they have reduced that down to well below
700. It took almost 2 years just to inventory the IT systems.
When we did that, when the Department accomplished that,
finished their inventory, we found that the systems were
archaic, stovepiped, unreliable, and many simply had no real
value. Things are starting to change now. Things are starting
to meld. But DHS is still in a very delicate stage, early stage
of creating a good integrated IT system.
Acquisition management, this is the one area, and it is the
one area everyone has been harping on for a long time and
everyone has been highly critical of it, but during my tenure
there and my observations over the last 2 years, it is the one
area, in my opinion, that has improved the most, thanks in
large part to my co-panelist right here, Elaine Duke, and the
leadership that they have given to acquisition management. If
you could understand how bad things were in 2003, I think we
would appreciate how good things are today. As bad as they are,
it is improving. We must stay on that task.
And finally, grants management. That is something else that
concerns me and continues to concern me as a citizen because of
the waste that we are experiencing. I looked at the IG's semi-
annual report, or the past two semi-annual reports. The OIG
conducted about 50 audits and identified well over $300 million
in questioned costs. That is just unacceptable. There is
something inherently wrong. We need to correct that.
The other thing that bothers me, always, when I was the IG
and when I was with FEMA, is our inability to measure the
impact those grant funds are having on our Nation's security.
It is something, I think, that needs to be addressed. We need
to do a better job of monitoring. We need to do a better job of
measuring our performance.
In conclusion, I would just like to say that 10 years after
its creation, the Department has in place the strongest
management team imaginable. The Under Secretary for Management,
the Chief Information Officer (CIO), the CFO, the Chief
Procurement Officer (CPO), all have proven they possess the
knowledge and skills to get the job done. Moreover, they have
the support of the Secretary and Deputy Secretary. However, if
DHS is going to progress, it is very important, I believe, that
the Congress continue to support these initiatives. They are
fragile--not only because they are in the early developmental
stages, but because in today's budget environment. I understand
that the first place you want to cut is the management support,
not your operational or your mission objectives. We will be
penny wise and pound foolish if we do not continue to invest in
DHS' management support functions. We will be talking about
this 5 years from now, 10 years from now, if we turn our back
on the progress that has already been made.
I realize my time is up. I am sorry. I will be happy to
answer any questions, Mr. Chairman, that you or Senator Coburn
may have.
Chairman Carper. He will be right back.
A lot of wisdom in what both of our first two witnesses
have said, especially what you said there at the end. We have
passed in the Senate and we expect the House to adopt today a
budget resolution that carries through the end of September,
for the next 6 months. It reduces for the balance of this year,
I think, the management function at DHS by about $16 million.
And that is not good. We know that. We know that is not good.
As you said earlier, there are some choices that need to be
made.
We have the opportunity to take up today, tomorrow, maybe
over the weekend, a budget resolution for the next 10 years and
we will have an opportunity to revisit this particular issue,
the kind of resources that we are putting toward the management
function of DHS. My hope is that we will do a better job and
maybe have some more resources and maybe be able to make some
smarter decisions than we did in this instance.
But having said that, let me just yield to our third
witness, Shawn Reese. Mr. Reese, we welcome you. Thank you.
TESTIMONY OF SHAWN REESE,\1\ ANALYST IN EMERGENCY MANAGEMENT
AND HOMELAND SECURITY POLICY, CONGRESSIONAL RESEARCH SERVICE,
LIBRARY OF CONGRESS
Mr. Reese. Chairman Carper, Ranking Member Coburn, Members
of the Committee, on behalf of the Congressional Research
Service, I would like to thank you for the opportunity to
appear before you today.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Reese appears in the Appendix on
page 127.
---------------------------------------------------------------------------
When I wrote my report, the first edition, a year ago, I
had no idea that it would be getting as much attention as it
has in the past year, so I am glad to see that my work for
Congress is paying off.
I will discuss the absence of a national comprehensive
homeland security concept and the lack of homeland security
mission priorities, not just within the Department, but
nationally as a whole, and how these issues may affect DHS's
integration and management of its missions.
Arguably, a comprehensive homeland security concept that
prioritizes national homeland security missions is needed. This
is more than an issue of what words describe homeland security.
It is instead an issue of how policymakers understand or
comprehend what homeland security is and how it is
accomplished.
My written statement addresses this in detail and discusses
the absence of both a standard homeland security concept and a
single national homeland security strategy. I will now briefly
discuss these issues.
In the past 10 years, Congress has appropriated
approximately $710 billion for the Nation's homeland security.
That includes entities, not just the Department of Homeland
Security, and that is based on OMB's estimate. However,
homeland security missions are not funded across the board
using clearly defined national risk-based priorities. Funding
allocations are most effective when priorities are set, clearly
defined, and well understood.
In August 2007, Congress required the DHS Secretary to
conduct a Quadrennial Review of Homeland Security with the
enactment of implementing the 9/11 Commission's Recommendations
Act. This review was to be a comprehensive examination of the
Nation's homeland security strategy, including recommendations
regarding long-term strategy and the Nation's priorities and
guidance on the programs, assets, capabilities, budgets,
policies, and authorities of the Department. The 2010
Quadrennial Homeland Security Review (QHSR) was criticized for
not meeting these requirements. Given that DHS is in the midst
of developing their 2014 Quadrennial Review, now might be an
ideal time to review the concept of homeland security, its
definition, and how that concept and definition affect DHS
appropriations and the identification of priorities.
Obviously, the concept of homeland security is evolving and
national DHS-specific homeland security missions are being
funded. However, the manner in which future Homeland Security
appropriations will be allocated is still a point of potential
contention if there continues to be no comprehensive concept or
list of national homeland security priorities.
Policy makers continue to debate and consider the evolving
concept of homeland security. Today, DHS has issued several
mission-specific strategies, such as the National Response
Framework. There has not been a distinct National Homeland
Security Strategy since 2007. It may even be argued that the
concept of homeland security as a separate policy area from
national security is waning. Evidence for this may be found in
the current Administration's combining of the national and
Homeland Security staffs and the inclusion of Homeland Security
guidance in the 2010 National Security Strategy.
Finally, OMB has questioned the value of requiring Federal
departments and agencies to identify homeland security funding
with their 2014 budget requests.
To specifically address the issues of funding national and
DHS homeland security missions in DHS management, Congress may
wish to consider three options. First, Congress could require
either DHS or the combined national and Homeland Security staff
to develop and issue a distinct homeland security strategy.
That would prioritize missions.
Second, Congress could require refinement of national
security strategy that would include not only national guidance
on homeland security policy, but also include a prioritization
of national homeland security missions.
Finally, Congress may focus strictly on DHS's forthcoming
Quadrennial Review and ensure that DHS prioritizes its homeland
security responsibilities.
In closing, it is important to note that Congress does
appropriate funding for DHS missions. However, there is no
single, comprehensive concept of homeland security and no
single national homeland security strategy at this time. This
may hamper the effectiveness of congressional authorizations,
appropriation, and oversight functions. It may also hamper or
restrict DHS and other Federal entities' ability to
successfully execute homeland security missions.
I will conclude my testimony here. Once again, thank you
for the privilege to appear before you.
Chairman Carper. Thank you. Thanks for the time and energy
you have put into this and for being with us today.
I want us to start off by asking each of you here for the--
I think each of you were here for the testimony of the first
panel, is that correct?
Ms. Duke. Yes.
Chairman Carper. All right. And you heard what they had to
say, and questions and answers and back and forth. Just reflect
on what you heard. Maybe you think you should underline or
emphasize something for us or you might want to question
something, but just react to the first panel, what was said.
Mr. Skinner. First, I think the first panel was on target
and I agree, particularly with the Comptroller General Gene
Dodaro, with regards to what is important. Acquisition
management is very important. Over 40 percent of DHS's budget
is being spent on contracts every year. I believe that will
probably continue because it has to rely on the private sector
and the technology that they can bring to the table in
supporting DHS.
DHS is going to continue to be wasteful if it does not have
a strong acquisition management strategy in place that not only
uses knowledge-based programs and theories, but also that holds
people accountable, and that is, I think, the two things that
were missing in the first panel, is accountability and
transparency. We need to be able to show people on a real-time
basis where our money is going. We cannot do that now with the
financial management systems that we have in place. We can do
it once a year, but we cannot do it on a continuing basis.
The other thing that I heard today, especially from Deputy
Secretary Lute, was the commitment and dedication to improving
the department's management support functions. And I truly
believe there is a dedication and a commitment there to move
forward, to move that meter forward. To stop pedaling right
now, we are just going to fall over. They need support. They
need oversight. And that can come from Congress. And I think it
is very important that Congress stay on top of not just the
mission-related functions, but also DHS' management support
functions and to support them.
Now, I understand the budget situation, we all do, that we
are facing today. It is going to take longer. We cannot do it
all. Everyone expects it to be done tomorrow. It is not going
to be done tomorrow. DHS needs to develop a strategic plan that
clearly sets forth where it is going to be this time next year,
where it is going to be 3 years from now.
One of the things that distressed me this morning was the
focus on having an auditable financial statement 3 years from
now. That is fine, but that does not mean it will have a good
financial management system, and that is what concerns me. The
focus on obtaining a clean opinion now is the end game. Victory
will be declared if it can get auditable financial statements.
DHS should not stop there. IT should be focusing on improving
its financial management capabilities, and as a result, it will
get auditable financial statements.
Chairman Carper. Good. I think they understand that. I
think Secretary Lute understands that. It is an excellent
point. It is actually just some good advice for us as well as
for the folks who are sitting at the table today. Thanks.
Ms. Duke, please.
Ms. Duke. I would like to first of all, reiterate what
Deputy Secretary Lute said at the end of her statement about
the value of the employees. It seems to be a little in vogue
right now to really criticize Federal employees----
Chairman Carper. Not just right now. It has happened too
often. Few things make me less happy than when I hear people
describing Federal employees, or State employees, or local
employees, as nameless, faceless bureaucrats. It demeans them.
It demeans the importance of them as human beings and the work
that they are doing. I find it very troubling.
Ms. Duke. Thank you, Mr. Chairman. You made my point better
than I would, so I will go on to No. 2.
Sometimes we talk about management and mission as if they
are two separate things, and mission is nothing more than the
foundation enabler of mission, and we cannot deal with the two
of them separately. And so I think it is important as we move
forward, especially as we are in this fiscally constrained
environment, to not talk about them separately, because
management delivers the people, the resources, the budget to
deliver a mission and you cannot separate the two.
And the last thing I would like to point out is we really
are driving toward a strategy. DHS is looking at management
integration in a very strategic way. But it is important, I
think, as we go along the way to not just measure the utopic
State, the end State, but to measure tactical measures as we
move along. What specifically are we doing to bring us toward
that end goal? And I think that it is going to be important now
to make sure we do take some of those tactical steps and not
stop. And some of the innovations do require investments in
capital investments to go forward, and I think we should be
thinking collectively of how we can innovate to keep those
going.
One of the ideas that we might want to consider is a share-
in-savings type approach, which is where industry provides an
infusion of capital and the Federal Government does not have to
fund investment so that we can continue to move some of these
management initiatives forward, like data center consolidation,
like information sharing, like DHS headquarters.
Chairman Carper. Thank you.
Mr. Reese, just very briefly respond, if you would. Any,
just, quick reactions to what you heard from the first panel?
Mr. Reese. Sir, just I think that DHS has very much
identified what its missions operationally are and it has
identified the goals within each of those missions, and that is
the word ``operation'' used so much this morning, I think that
is----
Chairman Carper. Excellent. Thank you for saying that.
A quick point, if I could, for Mr. Skinner. I believe you
are the first Senate-confirmed Inspector General at the
Department of Homeland Security, if I am not mistaken. That is
right, is it not?
Mr. Skinner. That is correct.
Chairman Carper. OK. Senator Coburn and I have been joined
by every Member of this Committee in sending a letter to the
President last month saying, Mr. President, there are about six
or so departments that do not have a permanent, confirmed
Inspector General. We have an obligation, I think. The
President has an obligation to nominate, to vet, ensure that
they vet good people, whether it is for IGs or cabinet
secretaries or under cabinet secretaries. The Senate has an
obligation to, in a timely way, make sure that those folks are
well qualified and move those nominations. We are not doing our
job. In fact, we have not done our job well there for a number
of years.
Talk to us just very briefly, and I will yield to Dr.
Coburn, why is it important to have, in those half-dozen or so
Federal agencies, why is it important to have Inspector
Generals that are confirmed by the Senate? Nominated by the
President, confirmed by the Senate? Why is it important?
Mr. Skinner. I think it is extremely important, and I think
we are seeing the results of not having the Senate-confirmed
Inspector Generals in place right now across the board, not
only at DHS but in other agencies.
One, I think it has an impact on staff morale.
Two, I think that serving in an acting capacity, you are
not going to move the agency forward. I think oversight is
extremely important, particularly in an organization such as
DHS, but across the government, and it provides accountability.
It helps provide transparency. It helps put funds to better
use. And it helps identify where funds are being wasted or
fraudulently spent.
By having acting people in place, what you are doing is
running in place. You are not moving the organization forward,
and you are not taking those steps necessary, as a confirmed IG
would, to provide the independent oversight, I think, that is
absolutely critical to the success of any organization.
Chairman Carper. Good. Thank you for those comments. Dr.
Coburn.
Senator Coburn. Sitting and thinking about our hearing
today, the one word I had not heard, which should have been in
everybody's testimony, is ``risk-based.'' I mean, Homeland
Security has to be about where the risks are. Now, we did not
hear it from the GAO and we did not hear it from Secretary
Lute. And what we have seen, and Tom will disagree with this to
a certain extent, but most of the grant programs come out of
here as a honey pot based on parochial preference rather than
risk. Some of them, we divide. Fifty percent of it goes to
risk-based. But everybody else gets their cut and share.
How important is it, that Homeland Security ought to be
about risk? Everything ought to be about risk. Where are the
risks? Where do we impact the risks? Where do we intercede in
the risk? And how do we put resources where the greatest risk
is? What are your thoughts about that?
Ms. Duke. I agree with you, Dr. Coburn. I think DHS's
recent move to move their Risk Office into the Office of Policy
was critical, and I think that, in theory, that is to drive
risk into the policymaking, and I think that is critical to
going forward.
I also think that some of the moves on, for instance,
securing the border and transportation security and doing a
risk-based multi-layer threat look is critical in moving
forward, from both a mission effectiveness and an efficiency
standpoint. And I think the Department is starting to take
looks at that and needs to move quite a bit forward. And,
hopefully, the second QHSR is another opportunity, a point in
time, where that can be emphasized even more.
Mr. Skinner. Maybe the term ``risk'' was not used in
explicit terms, but I think it was implied, particularly with
Deputy Secretary Lute and the way they are approaching their
strategic plans. Yes. It is risk-based. And you see this in all
of their programs. In our grant programs, instead of just
sending out money across the board, we should be establishing
standards for the recipients and the applicants for these
funds. Identify your risk, identify your vulnerabilities, and
identify your capabilities to address those risks? We are
unable to do that right now, and I think we could do a much
better job in guiding billions of dollars that we will probably
continue to spend to support State and local governments'
preparedness capabilities. Where are our risks?
Mr. Reese. I would just take a quick look, and I would
think also the gap exists between how the Federal Government as
a whole looks at risk-based in homeland security and the nexus
of where that mix is with national security, because the
Department understands its missions, but those are missions
that have either been inherent because of the organization or
how the Department has developed since then, and risk-based
evaluation, I am sure, goes into that. But I think we still
have an imbalance, or there is a missing component between how
we look at national homeland security risk and how we address
it and what the Department does.
Senator Coburn. Ms. Berrick.
Ms. Berrick. If I could just add, Senator, risk-based
decisionmaking and incorporating risk into planning,
programming, and budgeting has been a key theme of GAO's work.
In fact, the 1,300 reports I talked about that GAO has issued
on DHS's programs and operations, the need for DHS to better
incorporate risk into its decisionmaking, both at a strategic
and a tactical level, really was a key theme throughout all of
our work, right.
And at the tactical level, for example, talking about the
QHSR, DHS did not apply risk in prioritizing what its QHSR
priorities were. At a more tactical level, just to give you an
example, for a program, the Chemical Facility Anti-Terrorism
Standards (CFATS) program, which I know you are very interested
in, we recently testified that in identifying which facilities
should be in the higher-risk tier, DHS did not consider all
elements of risk in making that decision. They were not
considering all elements of threat, consequence, or
vulnerability.
So it is extremely important, securing the border, aviation
security, across DHS's range of missions, I think, overall,
they have made the most progress in assessing risk. I think
where they need to go is to build in----
Senator Coburn. The application of that assessment.
Ms. Berrick [continuing]. The application of the risk.
Senator Coburn. Yes. Do not get me started on CFATS. So
far, we have not accomplished much.
I am going to have questions for each of you. I would
appreciate very much if you would be prompt in the response.
I would also note--my Chairman is not in here--that we have
had key Homeland Security people and hearings in this Committee
already at a level far faster than what we have seen in the
past and we intend on continuing to do that. Learning from
people who testify before us and critical management personnel
in the government is what our job is. It is about oversight,
asking the right questions, learning the right things, holding
people accountable, just like we are talking about in DHS,
having accountable results for a management plan.
So I am proud that Senator Carper has held this hearing and
the others that we have held and the hundreds that we are going
to hold over the next couple of years. I appreciate you being
here, and you will get the Questions for the Record (QFRs) from
us in due time. Thank you.
Chairman Carper. As Dr. Coburn says, I just do not hold
hearings. We hold them. We try to work together to put together
ideas for hearings. This was really his idea, this kind of top-
to-bottom review, and I think it is a good idea and this has
been a very good hearing. We appreciate your being here.
Cathleen, you were good enough to stay overtime. Anything
else you want to add? We will give you the last word, if you
want it. Is there anything else you want to say?
Ms. Berrick. Just that it is my pleasure being here and GAO
looks forward to supporting the Committee on its future
oversight efforts. Thank you.
Chairman Carper. Dr. Coburn had asked Jane Lute to have
somebody stay from her team and I think we have somebody right
behind Mr. Skinner waving his hand, and we thank you for being
here. Please convey to her the relevant things that you heard
here.
The last thing I will say is this: on this management issue
which we are really focused on today, somebody said, penny wise
and pound foolish, and I really think that what we are doing
with our short-term CR is that.
I would like to say, leadership is key for any organization
I have ever been a part of. I do not care if it was the
military. I do not care if it was educational. I do not care if
it was government or business. Leadership is the key to
everything. And we have good leadership in this Department. Now
we need to make sure they have the tools to build on the good
track record that has been laid over the last 10 years,
especially the last 5 years.
You have helped us in your testimony today. You have helped
us a whole lot in what you have done with your life before
today. And I leave encouraged that--I am mixing metaphors here,
but in terms of changing the course of the aircraft carrier,
you can stay with it. You can turn an aircraft carrier. And I
think we are turning this aircraft carrier in very good ways.
We have a shared responsibility to make sure we continue to
make progress. Dr. Coburn and I are determined that we are
going to do what we can from our perches and my hope and
expectation is everyone on this panel and the one that preceded
it will do the same.
Thank you all. And with that, this hearing is adjourned.
But before I do that, the hearing record will remain open for
15 days, until April 5, for the submission of statements and
questions for the record. If you are asked questions, which you
probably will be, if you would respond to those in a timely
way, we would be most grateful.
Thank you so much. That is it.
[Whereupon, at 12:22 p.m., the Committee was adjourned.]
A P P E N D I X
----------
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
HARNESSING SCIENCE AND TECHNOLOGY TO PROTECT NATIONAL SECURITY AND
ENHANCE GOVERNMENT EFFICIENCY
----------
WEDNESDAY, JULY 17, 2013
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 10:10 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Thomas R.
Carper, presiding.
Present: Senators Carper, Pryor, McCaskill, and Coburn.
OPENING STATEMENT OF CHAIRMAN CARPER
Chairman Carper. Good morning, everyone. The hearing will
come to order.
Welcome, one and all. Secretary O'Toole, Mr. Maurer, happy
to see you. Is there a baseball player in the American league,
a catcher named Maurer?
Mr. Maurer. Yes, there is, although he spells his last name
incorrectly.
Chairman Carper. Yes.
Mr. Maurer. He drops that first ``r.''
Chairman Carper. Yes, he only has one ``r.'' [Laughter.]
Even without that second ``r,'' he still is a great player.
Mr. Maurer. Oh, he is an amazing ballplayer, absolutely.
Chairman Carper. Yes. What was the final score last night
of the All-Star Game, do you have any idea?
Mr. Maurer. It was three-nothing.
Chairman Carper. Was it National League or American League?
Mr. Maurer. American League.
Chairman Carper. I thought it was the American. I was in a
meeting this morning--I am an American League fan, a huge
Tigers fan, and the Tigers had about six players last night
plus the manager--and I think Rivera, the Yankees pitcher, was
on the front page of the New York Times and won Most Valuable
Player (MVP) at the age of 42, I think. Pretty amazing. It said
under the picture--great picture of him coming out and taking
the curtain call--that the American League won, three-to-
nothing.
And I went to a meeting this morning and I was very proud
as an American League fan to tell everybody how we had won, and
even though a Yankee--I am not a big Yankees fan--had been the
MVP, what a good night it was for baseball and for folks on our
side of the aisle. And everybody said, no, the National League
won. So thank you. [Laughter.]
Thank you for setting the record straight. We worry here
about nuclear options and trying to make sure the place does
not have a meltdown, but the really important stuff is going on
in baseball stadiums around the country, including guys named
Mauer. So we welcome both of you.
On a more serious note, earlier this year, as we all know,
the Department of Homeland Security (DHS) turned 10 years old,
not a baby anymore, not a toddler, not an infant, but a young
strapping 10-year-old. To mark that anniversary, Dr. Coburn,
and I announced that this Committee would hold a series of
hearings examining whether the Department of Homeland Security
is effectively and efficiently accomplishing its core missions.
Today's hearing is the second in a series. Actually, it is,
I think, more than the second in a series, but it is one of a
series of hearings that is going to focus on the role of the
Science and Technology (S&T) Directorate.
The threats, as we all know, to our national security
evolve constantly. So, too, then, must the strategies and
technologies we use to combat them.
I am an old Navy guy, about 23 years as a Naval Flight
Officer (NFO), and I have often said, as have others before me,
that the military are pretty good at fighting the last war. We
are not as good at anticipating what the next one is. That is
where the Science and Technology Directorate comes in, to help
us to fight the next war and the next. The threat that we face
today is a whole lot different than the one we faced when I was
on active duty as a Reserve Naval Flight Officer.
The work performed by the men and women at the Directorate
cut across all the various components and missions of the
Department, and that work involves the harnessing of cutting-
edge technology and research and development (R&D) projects
from the private sector, from universities, national labs, to
deploy what I call force multipliers that can make us more
effective in the effort we have embarked on after September 11,
2001, to prevent and respond to terrorist attacks and natural
disasters.
In essence, the Science and Technology Directorate
functions as a problem solver when it is at its best. For
example, the Science and Technology Directorate works closely
with the Transportation Security Administration (TSA) and the
Defense Advanced Research Projects Agency (DARPA), to develop a
better x-ray system for checked baggage. As a result of that
work, a 10-percent reduction in false alarms rate is expected.
This is projected to save millions of dollars in efficiencies
each year through the reallocation of staffing costs.
As another example, the Directorate examined agent
operations at two stations along the Southwestern border in
Texas that processed, and apprehended illegal immigrants. They
recommended improvements to their operations that enable the
two border stations to significantly reduce their processing
time, saving up to 2 hours per illegal immigrant processed.
This enabled an additional officer to remain in the field
rather than be stuck in the office processing paperwork.
In its early days, the Directorate was the subject of
criticism as it carved out its own role in the Department. It
focused, then, on basic research, which in some instances could
not be quickly put to use. Today, we are told that the
Directorate has proven itself to be more effective, more often
than it has been at least in the past, and it has a laser focus
on development of critically needed products that can be used
immediately.
As we all know, the fiscal environment in our Federal
Government has been very challenging over the past couple of
years, and this underscores the urgent need for agencies across
government to spend our taxpayer dollars more wisely. The
Science and Technology Directorate can and has been a key part
of the Department of Homeland Security's efforts in that
regard. It is critical that it continue, that this Directorate
continue to work aggressively and effectively with the
components of the Department and with first responders to find
solutions that allow the Department of Homeland Security and
its partners across the country to operate more effectively and
more efficiently.
We thank the witnesses for coming today. We look forward to
your testimony, especially about how we can continue to use the
Science and Technology Directorate to get better results for
less money. That is the recurring theme of this Committee and
the oversight work that we do. It is something that I am
determined to use my Chairmanship of this Committee, in
partnership with Dr. Coburn and our colleagues here, to push
throughout our Federal Government.
And when Dr. Coburn arrives--we have a vote underway and I
got there right at the beginning of the vote. He is probably
voting and will come here and join us shortly, and when he
does, he is welcome to make any comments that he wishes to do
at that time.
And with that having been done, let me just briefly
introduce our witnesses. This is a small panel, so I will be
fairly brief.
Our first witness is Dr. Tara O'Toole, Under Secretary for
Science and Technology at the Department of Homeland Security
since November 2009. Prior to this appointment, Dr. O'Toole
served as Chief Executive Officer (CEO) and Director of the
Center for Biosecurity at the University of Pittsburgh Medical
Center and was a Professor of Medicine and Public Health at the
University--are they the Panthers? University of Pittsburgh
Panthers. You did not go to school there. You were not a
Panther in college, were you? Where did you go to school?
Dr. O'Toole. I went to Vassar College.
Chairman Carper. Vassar, OK. There we go. All right.
In addition, Dr. O'Toole previously served as Assistant
Secretary of Energy for Environment, Safety, and Health at the
Department of Energy (DOE). When did you serve in that
capacity?
Dr. O'Toole. Ninety-three to 1997.
Chairman Carper. OK. We thank you for joining us today and
for your leadership at the Department. We look forward to your
testimony.
Our next witness is Mr. David Maurer, Director of the U.S.
Government Accountability Office's (GAOs) Homeland Security and
Justice Team. Mr. Maurer began his career with the Government
Accountability Office in the 1990s and worked in several key
areas, such as GAO's International Affairs and Trade Team,
where he led the review of the United States' effort to combat
several international issues, including terrorism and weapons
of mass destruction.
We thank you for joining us, Mr. Maurer. We really thank
our friends at GAO, great partners with us, and we relish our
partnership and hope we can continue to have it for a long
time.
Your full statements will be made part of the record. You
are welcome to abbreviate if you like. Sometimes we say, use
our guidelines. It should be about a 5-minute statement. If you
go a little bit beyond that, that is OK. If you go way beyond
that, we will have to rein you in, all right. If it is noon and
you are still giving your opening statement, that is probably
too long. [Laughter.]
Welcome. We are glad you are all here. Please proceed.
Dr. O'Toole. Shall I go first, Mr. Chairman?
Chairman Carper. We had a flip of the coin earlier and you
lost----
Dr. O'Toole. I won?
Chairman Carper [continuing]. So you get to go first.
TESTIMONY OF HON. TARA J. O'TOOLE, M.D.,\1\ MPH, UNDER
SECRETARY FOR SCIENCE AND TECHNOLOGY, U.S. DEPARTMENT OF
HOMELAND SECURITY
Dr. O'Toole. OK. Well, first of all, thank you very much
for this opportunity to talk about the Directorate of Science
and Technology in the Department of Homeland Security and where
we have come from and what we are doing now and how we make the
operational missions of Homeland Security and the work of first
responders more effective, more efficient, and safer.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. O'Toole appears in the Appendix
on page 309.
---------------------------------------------------------------------------
What I am going to do is give a very brief history of the
Department and then talk about how we do our work today and
illustrate that work with a few examples of projects that we
have engaged in.
From the beginning in 2003, Congress charged S&T with very
broad and ambitious responsibilities for conducting R&D, for
overseeing testing and evaluation of DHS missions in the first
responder community. The Directorate is also responsible for
assessing biological, chemical, and emerging threats to the
United States and with operation of five National Laboratories.
S&T also manages nine university-based Centers of Excellence
(COEs), which collectively represent consortia of over 275----
Chairman Carper. Let me just interrupt. I said earlier
roughly 5 minutes for your opening statement. Feel free to go
as long as 10 minutes, OK.
Dr. O'Toole. Thank you very much.
So, nine COEs, 275 colleges. We also have international
agreements with 13 countries bilaterally, and all of this
greatly augments our ability to engage out into the dynamic
global R&D community.
Senator. Shall I pause and let Senator Coburn make his
remarks?
Senator Coburn. I do not have any remarks.
Dr. O'Toole. OK.
Chairman Carper. Yes, he does. [Laughter.]
And we will hear them later, I hope. All right. Please
proceed. Thanks. Welcome, Tom.
Dr. O'Toole. The first Under Secretary of Science and
Technology, Dr. Charles McQueary, undertook the heroic task of
standing up the Directorate even as the Department itself was
getting underway. When he began, S&T was housed in another
government building where meetings were held in the cafeteria
and staff had to share chairs.
Understandably, the R&D efforts of that era were less
connected to the immediate operational needs of the Department,
which was just getting underway, than is the case today, and
there was a much stronger emphasis on basic scientific
research.
The second Under Secretary, Admiral James Cohen, did the
country a great service by emphasizing the importance of
linking S&T's research more directly to the customers, that is,
the DHS operational components and first responders, and he
moved the Directorate toward more applied research.
As you said, I became Under Secretary in November 2009.
Although only 6 years had passed since Congress created the
Department and the Directorate, it was clear very quickly that
the Homeland Security missions confront a constantly evolving
landscape of adaptive adversaries, evolving threats, critical
infrastructure vulnerabilities, and growing operational
challenges.
The wars in Iraq and Afghanistan have brought us Improvised
Explosive Devices (IEDs) using homemade explosives, requiring
different detection strategies. Cybersecurity has become a top
concern, as has the need to cope with huge amounts of data in
order to find and intercept the illicit cargo or discover
would-be terrorists within the global airline system.
My first year at DHS included the H1N1 influenza pandemic,
the Haitian earthquake, the airline bombing by Abdulmutallab,
and the Deepwater oil spill. We were also in the middle of the
economic downturn.
Moreover, the Department now faces the need to cope with
inexorable increases in commerce and travel in a setting of
flat or declining Federal budgets. So to maintain service and
security and the flow of trade essential to our economic well-
being, we have to find better, more efficient ways of carrying
out DHS missions.
New technologies, better analytical approaches are critical
to successfully countering new and enduring threats and to
meeting these growing operational demands. Science, technology,
and analytics are the keys to doing more with less.
To better address such challenges, S&T has over the past 5
years made significant changes in the way we do research and
development. Let me briefly describe how S&T does its work
today.
To deliver new technologies or knowledge products to DHS
components and the first responders with significant
operational impact, that is, create new capabilities or
improvements in effectiveness and efficiency or safety, S&T had
to transition new products to use in the field over much
shorter timeframes than the typical decade or more of R&D
efforts. And because of the wide spectrum of Homeland Security
missions and our limited budgets, we had to achieve a very high
return on those R&D investments that we did make.
To achieve these three goals--high operational impact,
rapid transition to use, and high return on investment--we
reshaped our R&D efforts in three major ways.
First, we now focus the majority of our R&D work on late-
stage development and we actively seek technologies in which
others have already invested and which S&T can adapt, evolve,
or apply to DHS and first responder needs. This approach speeds
transition and drives down cost to S&T. Every S&T project we do
must undergo what we call technology foraging, which is a
culture, not a thing, but involves a review of existing
technologies or research that may be a full or partial solution
or contribute in some way to the project under contemplation.
Technology foraging and very strong R&D collaborations with
other R&D organizations in Federal agencies and universities,
in the private sector and abroad, have become part of the way
we do our work, and it already had an impact on our ability to
deliver a high return on investment.
Now, we also realize that not all problems are amenable to
technology solutions. Process changes and systems integration
can also improve performance and increase efficiency. We have
established a group within S&T to apply our scientific and
engineering expertise to help components conduct operational
analysis, integrate system engineering principles, and to
provide assistance with complex acquisitions, all of which
increases efficiencies in mission execution.
The second thing we did is to develop closer, much more
robust partnerships with our customers in the DHS components
and the first responder communities to ensure that our R&D
efforts reflect, first of all, priority needs--if we develop
something that works, they will buy it and use it--and,
secondly, to make sure we understand the problem we are trying
to solve in all of its operational complexity.
Third, we established the R&D Portfolio Review Process as
the main mechanism of evaluating and selecting projects and
ensuring they are aligned with our top priorities. The
Portfolio Review process that we used was originally developed
by industry and is now widely used in the private sector and by
some Department of Defense (DOD) laboratories. It establishes
our top goals--as I mentioned, operational impact, transition
to use, scientific feasibility, et cetera--as metrics against
which all R&D projects are weighed. Each R&D project is treated
as a separate investment and evaluated by panels of outside
experts, senior people from the component partners we are
trying to serve, and S&T leadership.
Over 3 years, we have driven our R&D portfolio toward our
top priorities. We have had three Portfolio Reviews thus far
between 2010 and 2012, and the percent of projects likely to
transition to use in the field within 2 to 5 years has gone
from 25 to 49 percent. The percent of----
Chairman Carper. Just repeat that again, just that whole
last sentence.
Dr. O'Toole. The percent of R&D projects judged likely to
transition to use in 2 to 5 years has gone from 25 to 49
percent. The percent of investment targeting, what is judged to
be high impact, high feasibility outcomes, has gone from 38 to
45 percent. And the percent of projects benefiting from non-S&T
funds has gone from 12 percent to 55 percent. This is cash
coming from either the components or industrial partners. An
additional 35 percent of these projects receive in-kind support
that is at least 10 percent or more of the project costs. So,
92 percent of our projects are receiving some kind of support
from the customers, which I think is a vote of confidence that
we are doing useful work.
One might ask why those numbers are not even higher, but
R&D is inherently risky and this performance actually places us
in benchmark status compared to other R&D organizations
evaluated by this process.
I would like to illustrate our work with a few examples to
give you a sense of the Directorate's impact on Homeland
Security and the first responder community.
First of all, we have developed a commercially available
multi-band radio. You will recall that one of the top
priorities of the
9/11 Commission was this problem of lack of interoperability
amongst first responders. The fire department, the police
department, they were using different radio bands and they
could not talk to each other.
S&T took technology that had been invested in and, to some
extent, developed by DOD. We used our money to help industry
develop a commercially viable unit that was small enough and
light enough and cheap enough to be comparable to legacy
systems. And then we hooked the manufacturers up with our
partnerships with first responders in the field and we did
field testing of the prototype units.
What resulted is the development of a robust commercial
multi-band radio market and competition from multiple vendors.
There are three radios on the market today and they have been
bought by the Marine Corps, by the Department of the Interior
(DOI), by State and local responders in multiple States, and by
the U.S. Capitol Police (USCP). So this is a success.
Another example in another area is our Resilient Electric
Grid (REG) Project, which is aimed at addressing a critical
vulnerability that we saw highlighted in Hurricane Sandy and
many other times in the past few years. That is, how do we keep
the grid operating?
The grid today is separated into isolated subsections
called substations to prevent rolling power failure from taking
down an entire region. Especially in dense urban areas, this
technological characteristic prevents power sharing during
emergencies. You cannot ship power from one substation to the
other. So it prolongs outages and leads to slow and costly
restoration.
What we have done is partner with DOE and with industry,
who co-paid on this project, to develop a superconducting power
cable that allows you to connect different substations and
overcomes the previous technical limitations. This permits
faster and more efficient restoration of power in emergencies.
This technology is now in operational demonstration by Con
Edison in New York City, in Yonkers, and we are exploring a
scale-up partnership with NSTAR in Boston, which they would pay
60 percent of, to lower the cable production cost and move
toward wider implementation.
Moving to cybersecurity, yet another critical
infrastructure that is vulnerable to breakdown and attack, S&T
won a very prestigious prize for creating the Domain Name
System Security Extensions (DNSSEC) protocol. This is one of
several S&T cyber projects that is aiming at reducing the
vulnerabilities of the Internet itself, and what it does is it
makes it much harder for criminals to hijack the message you
are sending to your bank, thinking that you are going to get
your own money out, and instead having it diverted to the
criminals' site. More than 30 percent of all the top-level
domains--dot-us, dot-uk, dot-com, et cetera--now utilize this
protocol, and it has been mandated that all second generation
domain names will use it, as well.
You spoke of our work with TSA, Mr. Chairman. We all know
that there is a need to improve passenger comfort in the flying
public. But due to increases----
Chairman Carper. Let me interrupt just for a moment.
Dr. O'Toole. Sure.
Chairman Carper. You have been speaking for almost 15
minutes, and frankly, I think it is fascinating. But I want to
make sure we hear from Dr. Maurer and have a chance to have a
good conversation----
Dr. O'Toole. I apologize. My things say 4 minutes
remaining.
Chairman Carper. Go ahead. Just wrap it up in about the
next minute, summarize, and then we will----
Dr. O'Toole. Of course.
Chairman Carper [continuing]. Do the rest. Thank you.
Dr. O'Toole. OK. I apologize. I have 4 minutes remaining
here, but sure. I will wrap it up.
I could go on and on with projects, but I think you get a
sense of the breadth of work that we do and the direction that
we are trying to take. I hope these few examples of our work
illustrate what we are trying to accomplish.
I am very honored to be Under Secretary and to work with
the extraordinary colleagues in S&T, and I am happy to answer
your questions.
Chairman Carper. Are any of your colleagues here today?
Dr. O'Toole. Yes.
Chairman Carper. If they are, would you raise your hand?
All right. Repeat after me---- [Laughter.]
We have been joined by our colleague, Senator Pryor from
Arkansas. Tom, I was giving Mark a hard time. He only serves on
six Committees. I serve on three. I am not sure how many Dr.
Coburn serves on, but I do not know anybody who serves on six
Committees, so he is a busy guy. But I have been giving him a
hard time about being the prodigal--not the prodigal son, but
the prodigal brother, and I am happy to welcome him back into
the fold today.
Senator Pryor. Thank you.
Chairman Carper. Great to see you, Mark.
Senator Pryor. Thank you.
Chairman Carper. All right. Mr. Maurer, you are on.
TESTIMONY OF DAVID C. MAURER,\1\ DIRECTOR, HOMELAND SECURITY
AND JUSTICE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE
Mr. Maurer. Great. Thank you, Mr. Chairman.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Maurer appears in the Appendix on
page 326.
---------------------------------------------------------------------------
Chairman Carper. Would you tell me again who won the All-
Star Game last night?
Mr. Maurer. It was the American League, three-to-nothing.
Chairman Carper. Thanks so much. [Laughter.]
Mr. Maurer. GAO is glad to serve the public and the
Congress.
I am pleased to be here this morning, Chairman Carper, Dr.
Coburn, Senator Pryor, to discuss the findings from some of our
recent work looking at research and development at the
Department of Homeland Security.
But before I talk about our work, I think it is important
to stress a couple points about why R&D is important and why it
really matters, and first and foremost is the fact that R&D is
really the bridge between the scientific and engineering
expertise that exists within the United States and the ability
to address a wide variety of homeland security threats. To put
it simply, good R&D helps make the country safer. So it is
important that it is managed and implemented effectively and
efficiently.
The second reason why R&D matters is because the government
and the country at large is facing some pretty significant
fiscal constraints right now, and depending on how you add it
up, DHS spends well over a billion dollars a year annually on
R&D activities, and it is really important that the taxpayers
are getting the most out of every single one of those dollars.
It is also important to emphasize that good R&D is
difficult to do. There is always a balancing act. You want to
actually have some R&D projects fail because you want to push
the boundaries of science. At the same time, you want to have
enough R&D activity that transitions into real world use by
operators--people are using it in the field someday to help
secure the country. So appropriate management will find a way
to balance the need to fail as well as the need to succeed.
Within DHS, the Science and Technology Directorate has the
lead responsibility for overseeing and coordinating R&D
activities across all of DHS as well as playing a leading role
in coordinating with its other Federal partners on homeland
security R&D. I think it is also important to underscore the
fact that from GAO's perspective, we have seen that S&T has
made really important progress over the last few years, and
some of the points that Under Secretary O'Toole has pointed
out, I think, are important to underscore, as well.
I think the reorganization that S&T undertook a few years
ago was helpful. The fact that S&T now has a strategic plan
that it is operating from. The Portfolio Review is helping
provide a more strategic perspective on R&D investments within
the Department. But I think, most critically, the fact that S&T
is focused on working more closely with the various components
within DHS is helping produce better R&D outcomes and also
pursuing the broader goal of developing a ``One DHS'' vision
for the Department. That is all very good.
At the same time, I am also from GAO, so clearly, we want
to talk about some of the challenges and the work remaining,
because, clearly, there are some significant challenges on the
R&D front.
In our recently issued report, we focused on three issues.
The first was, how is R&D actually defined at the Department?
The second is, how much resources are devoted to R&D activities
within DHS? And the third is, how is the Department overseeing
and coordinating R&D?
On the first issue, we found that DHS currently does not
have a standard definition for R&D across all of the Department
and that is a significant problem. We looked at other large
agencies or departments that handle R&D work and they do have
R&D definitions that are tailored to their specific missions.
So, for example, National Aeronautics and Space Administration
(NASA), DOD, and other organizations that spend a great deal
more on R&D have developed a common definition. And that is
important because having a common definition for such a large
organization as DHS will help enable gaining better strategic
visibility over R&D activities and also, frankly, allow the
components to understand what some other activities--whether
some fall into the R&D realm and whether some fall under the
acquisition realm.
Now, we will be the first to recognize that coming up with
this definition at DHS is not going to be an easy thing to do.
There is a wide array of missions and there is this whole
spectrum of R&D and acquisition and there is a broad gray area.
But we think it is important to do going forward.
This lack of definition partially explains our second
finding, which is, it is really unclear at this point how much
DHS actually spends on R&D activities. When you look at the
budget information that DHS provides annually through the
budget process, you will see line items for the Science and
Technology Directorate, the Domestic Nuclear Detection Office
(DNDO), and the Coast Guard, and there is money there for R&D
activities.
In our work, we found that there were also R&D activities
being implemented across a variety of other components. And, in
fact, in fiscal year 2011, we identified an additional $255
million in R&D activity that was not captured in the sort of
standard R&D roll-up provided to the Congress. We feel that is
a concern because it is hard to be strategic, it is hard to
have a good perspective over what you are spending your money
on if you do not have good visibility of who is doing what. So
we think that is an issue that needs to be addressed.
This lack of visibility also underscores our third finding,
that DHS needs to improve the overall coordination and
oversight of R&D activities, and that is at the Department
level, not necessarily just at S&T. We found specific to S&T
that it has improved its coordination with components. There
have been a variety of mechanisms, a variety of forums that S&T
has implemented in partnership with various operational
components with DHS. This helped improve coordination. But it
is a big task and we found that R&D is inherently fragmented
across DHS. It is going on in a number of different components.
Some of it is being conducted under the aegis of acquisition
programs. It does not have good visibility. We think it is
important to gain that visibility.
So as part of our work, we looked at the potential for
overlap and duplication among R&D projects within the
Department. Our concern was that if there was not visibility
over all the different activities and all the money, there
could be unintentional duplication of effort.
We found 35 instances involving $66 million of different
R&D projects where there was overlap, and what that means is
that different parts of the Department were working on similar
aspects of R&D without necessarily being informed of one
another's ongoing efforts. That is overlap. Now, when----
Chairman Carper. A quick question.
Mr. Maurer. Yes.
Chairman Carper. Was GAO just looking within the Department
for overlap and duplication, or did you look outside the
Department for overlap and duplication?
Mr. Maurer. For this review, we looked just within the
Department of Homeland Security. We reviewed thousands of
different contracts. Now, we dug in very deeply into those
contracts to see if there was actual duplication. Duplication
is when two different parts of DHS were working on exactly the
same thing. We did not find any examples of duplication, but we
found overlap.
So, for example, we found cases where two different
components were working on five separate contracts to review
similar aspects of explosive detection technology. That is not
necessarily bad if it is done by design. I will be the first to
say, I want as many scientists as possible looking at explosive
detection technology and looking at biothreats and other
things. The problem occurs when it is not done strategically
and when it is not done intentionally, and when that happens,
it raises a potential risk of unnecessary duplication, and that
is a problem because you can end up essentially wasting money.
The reason why this has happened is because DHS lacks
policies to have this effective oversight, to have this
effective coordination across the entire Department, and we
think that, going forward, there are a few things that S&T and,
more broadly, the Department needs to address.
We think, first and foremost, there needs to be a common
definition of R&D that enables S&T and the other operational
components to understand what is research and development and
what is not.
Second, there needs to be at the Department level defined
processes and roles to enhance coordination, building on some
of the successes that S&T has been able to engender in its own
efforts to coordinate. We think it should be moved up to a
higher level, to the Department level.
Finally, there needs to be improved tracking of the
individual R&D projects, in other words, improved information
on who is doing what and at what cost. And again, there needs
to be this strategic visibility.
Right now in DHS's Acquisition Directive, there is a
placeholder for research and development and it literally says,
``to be determined.'' We think it is important for that ``to be
determined'' to be translated into actual policies and
procedures.
The good news on that front is when we issued our report
last fall, the Department in its official comments agreed with
our recommendations, agreed with our findings, and they have
started to take action to address those. So that is
encouraging, but it is still very much a work in progress and
we are looking forward to having the Department complete its
efforts, implement our recommendations, and, therefore, better
position themselves to deliver even improved and more enhanced
results on the R&D front. We think that is important, not just
for the sake of DHS or the GAO, but it is important for the
country to get better national security and homeland security
outcomes from the R&D investments.
That concludes my remarks today. I look forward to your
questions.
Chairman Carper. Great. Thanks so much.
The person who actually suggested to me initially that we
do these series of hearings on Department of Homeland Security
oversight was Dr. Coburn, with the eye toward eventually moving
toward reauthorization of the Department. We have never done
that in its 10 years of existence, so this is, as I said
earlier, a part of a series of hearings. I am going to yield to
him for questions and then to Senator Pryor and then I will
follow Senator Pryor.
OPENING STATEMENT OF SENATOR COBURN
Senator Coburn. Welcome. I would tell you, I have sat at
hundreds of these hearings and that is the best performance
analysis by the GAO of any Department I have ever heard. Most
of the criticisms you just heard were not of S&T. They were
overbranching Homeland Security and the R&D outside of S&T.
That is what we really just heard. So I want to compliment Dr.
O'Toole. I think she has done a great job so far.
I am concerned. One of the areas that, Dr. O'Toole, I want
to ask you about, one of the things that you have been good at
has been acquisition support, and I see in the President's
budget cutting that almost a quarter. I know that is a decision
that may have been made above your level, but to me--and Mr.
Maurer, if you would comment on that, as well--I see that
putting some of the progress we have made at risk if, in fact,
we allow that to go through. Would you care to comment on that?
Dr. O'Toole. Sure. We have two budget lines in S&T. One is
our management budget line and the other is what is called the
Research, Development, Acquisition, and Operations (RDA&O).
This is part of GAO's problem. So the acquisition support that
you are talking about, where we take our systems engineers and
our operational analysts and our scientists and we try and help
the components structure requirements at the very beginning of
an acquisition that are going to get us what we need, on time,
under budget, and so making sure we understand the entire life
cycle cost, is not getting cut. It is this RDA&O budget number
that is misleading in what it talks about.
So, the kind of assistance that you are talking about and
for which we set up a separate group is still intact and, in
fact, growing. The demands exceed our grasp. We have 11 people
in that section and we have to pick and choose what we are
going to work on. But----
Senator Coburn. But that component----
Dr. O'Toole [continuing]. That is ongoing.
Senator Coburn [continuing]. Is not being cut.
Dr. O'Toole. Correct.
Senator Coburn. OK. Thank you.
Let us talk about electromagnetic pulse, both natural and
intended----
Dr. O'Toole. OK.
Senator Coburn [continuing]. And the new transformers that
are available. Where is the work there and what are we seeing
happening right now?
Dr. O'Toole. S&T is not doing any work on Electromagnetic
Pulse (EMP). We are very aware of the threats to the grid from,
as you say, all kinds of potential deliberate attacks, as well
as natural events. The grid is the primary responsibility of
the Department of Energy and they are doing work on this in
collaboration, I believe, with DOD. But we do not have any R&D
directed work on that.
We have a very strong collaboration with DOE on the project
that I talked about and several others, so we are generally
aware of their work, but we would dive in much more deeply if
we were actually investing in that area.
Senator Coburn. And you do utilize the services of some of
the labs----
Dr. O'Toole. Yes.
Senator Coburn [continuing]. In your research. You
coordinate with that.
Dr. O'Toole. Yes.
Senator Coburn. Do you look at a review of everything they
are looking at to see what they may be doing that might help
you? In other words, rather than specifically, we need help
here, do you ever do an inventory of what they are doing to see
how that might prove as an augmentation to what you are doing?
Dr. O'Toole. So, we have talked about this a lot. It is
very difficult to do inventories of DOD or DOE National Labs
work because they are large inventories and constantly
shifting. That is what happens.
Senator Coburn. Yes.
Dr. O'Toole. R&D is a constantly dynamic beast.
What we have done is asked the labs to give us their
inventories of what they are investing in and for them to tell
us who we should be working with on one project versus another.
And we have made progress in that regard with the labs.
So, for example, Pacific Northwest Lab is very adept at
process control systems in cybersecurity. Other labs are much
more focused on big data issues. And we have learned through
professional association who does what and how well. But the
answer to your question is no.
Senator Coburn. OK.
Dr. O'Toole. We do it project by project.
Senator Coburn. So your Directorate basically manages a
billion dollars a year in----
Dr. O'Toole. In a good year.
Senator Coburn. In a good year. Hopefully, we can have some
more of those. But there is about a quarter of a billion in
R&D, guesstimate, outside of S&T, is that your understanding?
Dr. O'Toole. That is certainly the GAO finding. First of
all, half of our budget is R&D and the rest is the university
programs, et cetera, et cetera. The dilemma in DHS is that
because we are so operationally focused, there is, as David
said, this large gray area which the components do not now
regard as R&D. If you think about the spectrum of R&D, it
starts with trying to understand fundamental phenomena and then
you gradually apply it. You make a technology. You prototype
it. Once you get it out into the field and it is working and
you are using it, you are still tweaking it in virtually all
cases. Think of any technology you own.
And what the components are doing is what they call
tweaking--they do not call it tweaking. David calls it
research. They call it operational performance improvements. So
in these overlapping experiments or R&D efforts that he talked
about between TSA and DHS, I mean, S&T, what we were trying to
do was test brand new technologies, in this case, mass
spectrometry, to see if it could actually detect these homemade
explosives.
What TSA was trying to do, sort of to make a leap forward
in the way we deal with Hazardous Materials Endorsements
(HMEs), what TSA was trying to do is improve the efficiency in
the way they operate the scanning machines and the trace
explosive detection that is already deployed in the field. So
they do not regard that as R&D. They think that is operational.
And figuring out a definition that accommodates both parties,
that truly captures R&D without inhibiting the agility of the
components to make operational improvements, is the dilemma.
Senator Coburn. Dr. O'Toole, in your estimate, what
percentage of this money that is operational improvement--is
there other R&D going on in Homeland Security that is outside
of your control?
Dr. O'Toole. Yes. I mean, the components are sending money
to the DOE labs and the DOE labs definitely do R&D.
Senator Coburn. Right.
Dr. O'Toole. I cannot answer the percentage. I do not know.
I do not have any analytical basis for saying. What we would
like to do is form strong partnerships with all the components
as we are doing. I think a Portfolio Review, for example, is a
much more powerful mechanism for identifying research and
development than are budget lines----
Senator Coburn. Right.
Dr. O'Toole [continuing]. That say, this is R&D. And we
have persuaded the Coast Guard, for example, to use this
Portfolio Review. They really liked it. Actually, they improved
it. We are going to adopt their innovations. And the
Immigration and Customs Enforcement (ICE) is now looking at it,
as well. It takes a lot of work to do a Portfolio Review. It is
a big investment. But that would be something that we are
trying to encourage the components to adopt, and that will, I
think, pick up and identify that work which we would all agree
is R&D and should be captured.
Senator Coburn. Do you think the leadership at DHS buys
into that, in other words, this Portfolio Review, so that we
are actually using some of the techniques that you have put in
at S&T--where you have not had a partnership component unit
working with you? In other words, do you see that transitioning
to the point where we are going to have buy-in throughout all
the components of DHS?
Dr. O'Toole. The Secretary is very much in favor of it and
has said so. I think we will get there. Some components are
much more willing than others. There is a spirit of, let us
collaborate anywhere we can to save money and gain efficiencies
abroad in the Department that I think is quite powerful.
Senator Coburn. All right. Thank you.
Chairman Carper. Senator Pryor.
Senator Pryor. Thank you, Mr. Chairman. And you are
correct. We were together over the weekend and someone was
remarking that I am on six Committees, and I could see your jaw
drop and you said, ``Six Committees? No wonder you never come
to Homeland Security.'' [Laughter.]
So, anyway, I am back. Thank you. It is great to be here,
and I probably am on too much and doing too much, but thank you
so much.
Let me say thank you both for your leadership on this
issue. This is important. You are doing good work. It is nuts
and bolts. It is probably not going to grab a whole lot of
headlines, but it is important for the government to do this
and important for us to have that oversight.
Secretary O'Toole, let me start with you. Last September,
GAO recommended that DHS develop policies and guidance for
defining, reporting, and coordinating R&D activities across the
Department. I am curious just generally about the status of
that. I know you talked some about that, but I would like just
a brief status report on that and what you need to do to
continue to implement those recommendations.
Dr. O'Toole. So, we have accepted all the recommendations.
We have researched the different definitions of R&D around the
government and have offered a suggestion of one that we think
will work for DHS without impeding agile improvements by the
components.
The Under Secretary of Management is preparing a second
evolution of our fundamental Management Directive which would
set up an integrated approach to how we do all work across DHS
and would establish a lot more transparency and visibility into
what everybody is doing in a manner that would be available to
all of the components, including S&T. It would also give S&T a
prominent role at the front end of any acquisition, which would
be very important. Now, we come in just before we buy something
and we do operational testing and evaluation (OT&E). We could
save everyone a lot of grief and money if we had more expertise
engaged at the front end.
Third, S&T has established a process whereby we are going
to collect information on what the different components are
working on with the DOE labs.
Senator Pryor. So, in terms of the GAO recommendations, are
you halfway through? Are you three-quarters of the way through?
Have you implemented all of them? I mean, tell me where you are
in trying to----
Dr. O'Toole. We are more than halfway. We are about done
with the definition. The problem is that the definition will
still come up against these different kinds of budget lines
that will have to be worked through different Committees and
may not be that illuminating in the end.
The Integrated Investment Life Cycle Model (IILCM) is
hopefully going to be established in the next several months
and we will have an annual S&T delineation of DOE work this
year.
Senator Pryor. And is that the kind of thing where you get
the GAO report and then you just go to work implementing it, or
is there contact with GAO about how they think you should do it
and for them to sort of help you make good decisions there? Do
you have any contact with GAO on this?
Dr. O'Toole. Well, we have certainly talked with Mr. Maurer
and his team extensively about the report before and after they
issued it. It is pretty straightforward. The dilemma is how you
apply this definition across budget lines that we do not
control.
Senator Pryor. OK. Mr. Maurer, do you have a comment?
Mr. Maurer. Yes, absolutely. We typically, after we issue a
report, we let the report and the recommendations stand on
their own, but we often work with the departments and agencies
we make recommendations to and basically assess their actions
and we make an independent judgment of whether or not we think
those actions are sufficient to close a recommendation.
I think, as of right now, we are encouraged by the progress
that the DHS is making and we certainly leave it to them to
work out all the details, because that is appropriate. But at
the same time, we view those recommendations as open and not
fully implemented at this point.
Senator Pryor. But you feel like they are making progress?
Mr. Maurer. Absolutely.
Senator Pryor. And do you feel like that you can measure
that progress and, at some point in the future, say, hopefully
this year, you will be able to say they have been able to do
all this, or will there be ongoing problems?
Mr. Maurer. Well, I think that depends on what is actually
implemented at the Department. Typically, what we want to see
is not just a creation of a plan. We also want to see that plan
implemented and put into practice. That has been one of the
major challenges facing the Department, not just on the R&D
front, but there have been a number of plans and directives to
improve overall management of the Department, which, when you
read the words on paper, are very encouraging and very
positive, but you want to see those changes actually
implemented and involve changes in the day-to-day operation of
the Department and, hopefully, leading to cultural,
organizational change within DHS.
Senator Pryor. Secretary O'Toole, let me change gears, if I
may, and ask you about the sequester and the management
challenges that presents. So, I guess, just if you have some
specific examples of ways that the sequester is making things
difficult for you at DHS and maybe DHS Department-wide and how
you would like to see all that resolved.
Dr. O'Toole. R&D is particularly disrupted by budgets that
go up and down, because when you invest in an R&D project, it
does not bear fruit for several years. So not only does
sequester threaten to cut funds for projects that are not yet
completed, so you lose all your sunk costs, it makes it very
difficult for us to decide what projects to begin. We have not
begun any new projects for a while now because of budget
uncertainties. What you really want is steady funding in R&D.
Money that goes up and down is very difficult to deal with.
So, for example, in our Portfolio Review, one of the things
that it produces is a picture of all the potential investments
across all of these different areas and the scores associated
with those investments. And you have to decide, what are you
going to invest in, given your piggybank? With the sequester,
we are holding off on some very good projects that we would
like to begin, or having to choose between two projects and we
can only do one.
Over time, this kind of uncertainty wears away at the
morale and the quality of staff, frankly. If you ask any R&D
director what their biggest problem is, it is recruiting and
retaining talent. In R&D, when your budget goes down, you do
not just pedal harder and work longer hours. Your project goes
away. Your work goes away.
So if we have too long a period of this kind of
uncertainty, I think it will impair our ability to recruit and
retain staff. That is No. 1. Two, it makes it very difficult to
make really wise investments in new projects. And, three, it
ultimately leads us to end projects that might have borne fruit
before they ripen.
Senator Pryor. Thank you, Mr. Chairman.
Chairman Carper. Boy, you ask really good questions. You
have had a chance to practice and prepare, so it was good.
One of the things I loved to do when I was Governor--I
still love to do it--is I love to do customer calls, and my
guess is Dr. Coburn and Senator Pryor also do this back home,
where we visit companies all over my State and we ask--our
delegation does this, we do it with our Governor, Jack
Markell--and we ask businesses, how are you doing? How are we
doing and what can we do, we in government, our delegation, and
when I was in Governor, in that role, what can we do to help
you? We think that is part of creating a nurturing environment
for job creation and job preservation, to ask our customers, in
that case businesses large and small, how we can be helpful.
One of the things that I oftentimes ask--I usually ask it
at the end of the hearing--what can we do to help you do your
jobs better? I think you provided part of that answer already
in what you just said. And one of the things Dr. Coburn and,
frankly, Senator Pryor and I work on a lot is trying to develop
bipartisan support for a comprehensive deficit reduction plan
that includes entitlement reform, includes some revenues, and
includes just a real focus on changing the culture of
government, from spendthrifts and more to one of thrift where
actually we look at everything we do and ask, how do we get a
better result for less money?
But I am reminded--Tom and I were talking about this the
other day in terms of weapons systems procurement--if the
funding goes up and down, up and down, and we have a fixed
contract, a fixed-price contract with, whether it is Lockheed
or anybody else, it is pretty hard to--when they are talking
about modernizing C-5 aircraft or any other weapons system
project--it is pretty hard to get what we need at a good price.
And the point that you make about the need for some
certainty, some predictability with respect to funding is very
well taken. I take that to heart.
Let me just ask you, in terms of asking our customer, doing
customer calls, talk to us about who your customers are. Talk
to us about how you communicate with your customers.
One of the trips I took earlier this year was up along the
Canadian border. I was joined by Senator Levin of Michigan, to
take a look at border security on the Northern border. And one
of the memorable conversations I had up there, we spent some
time in helicopters. We spent a lot of time on land with the
Border Patrol folks, the Customs and Border Protection (CBP)
people. But we also spent time with the maritime folks in small
swift boats, fast boats, along the Great Lakes.
And we were talking to the fellow who was in charge of one
of the units up there that included a bunch of the boats,
maritime folks. He said he is very much interested in R&D.
Interesting. He has had some jobs within the Department, pieces
of the Department, that actually gave him the opportunity to be
involved in R&D. But what I heard from him is he was not really
convinced that the, say, the Directorate, the folks at the top
of the Directorate, were as interested as they might be, ought
to be, in terms of asking folks on the front line, what do you
need?
In one of my old jobs, I was a Naval Flight Officer for
many years in Navy P-3 aircraft and our job was to hunt for Red
October, track Russian subs in all the oceans of the world--
Soviet subs, actually--stuff like that. We would from time to
time be asked by the Navy and also by Lockheed, who was the
developer of our planes, builder of our planes, what do you
need? What is working? What is not working?
I was on the Amtrak Board of Governors as Governor and we
were always asking our customers, what do you need, because
what we thought they were looking for and needing maybe was not
what they did.
But who are your customers? How do you find out what they
need?
Dr. O'Toole. So, our customers are the DHS components in
all their variety and multitudes, hundreds of thousands of
people, and the first responder community spread out over
73,000 jurisdictions and also a heterogeneous set of
communities.
I have been up to the Northern border and the Great Lakes
and talked to those people. We are working hard up there. It is
hard to touch every person, but our outreach to the components
is quite extensive. We have people deployed to Customs and
Border Protection from S&T. We do not do a project without
extensive engagement with the operators, whomever they may be,
but the front line people.
In the particular situation that you are talking about, for
example, they are using on the Great Lakes and across the
Northern border a system of sensing integration that we
developed in Los Angeles-Longbeach for the Coast Guard, and the
CBP saw it, liked it, and moved it up to the Northern border.
At Ambassador Bridge in Detroit, where a lot of the
Northern border truck and car traffic comes over, we just
finished an Apex project that was trying out these smart locks
which help to make CBP much more efficient, also help to make
the vendors, particularly the car manufacturers, much more
efficient, and improve their throughput and security.
So we are very opportunistic in the projects that we take
on. We cannot do everything. So if somebody comes to us--if a
component comes to us and says, we have a problem, we will
respond to that. We will not now invest unless the head of that
component or his or her No. 2 says, this is a big problem for
us. We want S&T to invest here and we will agree in writing on
the objective and the approach to that project. And we do this
every year. We check to make sure that we are doing the right
thing.
We have learned that the projects that succeed are those in
which we have a partnering team that includes the operators,
but also the people with the authority to commit money on the
other side following that project throughout its gestation
period. We do not say, OK, we are going to do this for you and
walk away for 2 years and come back with a gizmo anymore. We
will not do that.
And if, after 2 years of S&T investment, the component is
not willing to invest their own money in furthering their
project, or at least establishing an acquisition line so that
they can pick it up in another year or two if it succeeds, we
stop. So we stopped the Secure Transit Corridor that we were
working at the Ambassador Bridge because CBP told us, we would
rather you spend your resources on air entry and exit.
Chairman Carper. That was a reassuring answer. I would like
to say, as Dr. Coburn and our staff says I often say,
everything I do, I know I can do better. And I would just urge
the folks that work for you just to make sure that on a daily
basis, on an ongoing basis, that they bring to work the spirit
of asking, what do you need? How can we help? Just make sure
that they are continuing to improve that communication and
asking that question and responding to the answers.
I am going to slip out and take a quick phone call, and
when we come back, I want to go from the Northern border to the
Southern border. I spent a fair amount of time, as did Dr.
Coburn, along our border with Mexico. As you know, we spent a
lot of time in the Senate in the last month on legislation
trying to figure out, among other things, how to make our
borders more secure in a cost-effective way.
I want to come back and talk about force multipliers and
the ports of entry. We have this huge throughput of traffic you
have alluded to. Also, how do we use force multipliers to get
better results for less money or the same amount of money with
all these Border Patrol people we have, and there is a proposal
to add a whole lot more to them. And we ought to figure out,
what are we doing that makes a lot of sense, but what, in terms
of what you are hearing from your customers down on the
Southern border, that we can do, things like Enforcement Link
to Mobile Operations (ELMO) that we hear about that you have
probably been involved in, the handheld device for the CBP
people. I just want to delve into that and look forward to
pursuing that and have some questions, too, for you, Mr.
Maurer. Thanks very much. Dr. Coburn.
Senator Coburn. Well, thanks. As Senator Carper said----
Chairman Carper. You can just hold off for now and we will
come back. I was telegraphing my pitch.
Senator Coburn. No. Well, she had said something before
that, but that is OK.
Chairman Carper. All right. Thanks.
Senator Coburn.[Presiding.] Tell me the benefits in the way
that you work with DARPA.
Dr. O'Toole. We have become very avid transition partners
for DARPA. They work, as you know, on the leading edge of
technology and we have on numerous occasions--I will give you
some examples--worked with them to pick up their technology and
apply it to DHS needs.
We just held a Joint Industry Day with DARPA and TSA that
is oriented around these new approaches to aviation safety. We
are using DARPA's $25 million investment in compressive
sensing, which is a way, mathematically, of getting more
information out of a signal as part of this new checkpoint that
I described.
We have used a big DARPA investment in a classified system
for gathering and making sense of data that we are going to
declassify and use to try and maintain a better situational
awareness of the marine environment, which, as you know, is
plagued by these submersible, semi-submersibles, and small
boats that we have a hard time seeing and tracking.
We have benefited from DARPA's investment in a composite
material-based box--they call them Hard Unit Load Device
(HULDs), H-U-L-D--which is intended to house cargo being
shipped in airplanes and to contain an explosion if some cargo
in that box explodes. They developed a prototype. We have
tested it, tweaked it a little bit. It is probably too heavy
and expensive for what we need, but it has been a very good
experience.
We have used DARPA's algorithms for identifying explosives
in our applications, and I could go on and on. But we have
formed very close liaisons with them almost across the board of
disciplines.
Senator Coburn. And you feel comfortable you are not
duplicating but you are, rather, extending their research----
Dr. O'Toole. Yes.
Senator Coburn [continuing]. In terms of----
Dr. O'Toole. Very comfortable.
Senator Coburn. All right.
Dr. O'Toole. We do not do what DARPA does.
Senator Coburn. Yes. You have these Centers of Excellence
at the university level, which I assume you think you are
getting good value from. Do you think you are always getting
good value? Do you have good control over the expenditure of
that money?
Dr. O'Toole. We are getting more and more value out of the
Centers of Excellence. There are initial stand-up transactional
costs. It takes about a year, from what we can tell thus far,
for a new COE to really get rolling. And the more they engage
with DHS, the more successful they are. So last year, for
instance, the Centers for Excellence combined got more money
from the DHS components than they did from their S&T grants,
which is a sign of confidence.
But, yes, I think they are a very good value, and as I
said, as they mature, they become more so out of time.
We are also making a lot of efforts to get our own program
managers from the Homeland Security Advanced Research Projects
Agency (HSARPA) more familiar with and engaged in what the
universities are doing so we can go out when we do technology
foraging--that is actually the first thing that we do. Is there
anything our COEs have that we could use?
Senator Coburn. OK. I will submit questions for the record,
and I do not know whether this came from S&T funding or from
the component funding, but there are a couple of studies that
were released from the COEs that I cannot find a connection to
Homeland Security from, and one is from the University of
Hawaii and another from the University of Arizona, that I do
not see how it has any application to what you are doing, but I
will not go into that now.
Dr. O'Toole. OK.
Senator Coburn. But I will send you a letter on it and have
you look at it.
Dr. O'Toole. OK.
Senator Coburn. One of my criticisms in grants is, too
often, especially at Homeland Security, we do not have the
followup.
Dr. O'Toole. Mm-hmm.
Senator Coburn. Here is what the grant was supposedly for.
Dr. O'Toole. Mm-hmm.
Senator Coburn. Did they actually spend the money on the
grant?
Dr. O'Toole. Mm-hmm.
Senator Coburn. Did the grant give us something of value?
Could we have done a better job in detailing down and honing
down on what the grant was for? Do those people receiving
grants know you are going to be checking on them----
Dr. O'Toole. Yes.
Senator Coburn [continuing]. For compliance? In other
words, creating an expectation as, we are going to give you a
grant. It has to be serious. It is not about fulfilling some
professor's need for some extra money for his research. Rather,
here is a need the government has and we are going to check on
you. And, by the way, if you are not doing it, we are going to
pull the money.
Because where we do that in the government, and it is not
many places, we get much more value for what we send out
because you change the culture. The culture becomes an
expectation, if you get a Homeland Security S&T grant, you had
better by dinghy be on the ball after it and you had better
perform. Otherwise, you are not going to get the grant, and you
might get that one pulled back.
Dr. O'Toole. I agree. We do not pull back money, but we
give more money if you are performing. We review each COE twice
a year with a Federal Steering Committee. And these are very
desirable grants. If you have not performed, you are certainly
not going to get the second round of grants. But there is
definite incentive to performing well and that is measured by
how you help DHS.
Senator Coburn. OK. Mr. Maurer, during your review, I
presume you spoke with several of the components of DHS and
their evaluation. What is their perception of S&T?
Mr. Maurer. That is right, Dr. Coburn. We spoke with a
number of different operational components at DHS and our
report, obviously, was issued back in September, so all of this
audit work was done about a year and a half ago or so. At that
time, we spoke with representatives from six different
components.
We heard, frankly, a range of views. Some components were
very complimentary of how closely they were working with S&T
and they really applauded S&T's efforts to have a tighter link
between operational needs and the R&D support and the other
support that S&T can provide.
There were other components, or representatives from other
components, that were, frankly, unclear of the linkages and
they were not sure that what S&T was providing was in direct
alignment with their overall operational needs and they felt
that there was a need for enhanced coordination and
collaboration.
Senator Coburn. Was that communication at the leadership
level of those components or was it at sub-levels of that
component?
Mr. Maurer. We were talking to people at the sub-levels, at
the working level.
Senator Coburn. Yes, because I think the important point
Dr. O'Toole made is we will work with you if you buy in. But if
you are not going to buy in, we are not going to be there. And
so I wonder, can you ferret out any of that for me in terms of
the agencies where they were actually doing work and yet you
still had a negative comment?
Mr. Maurer. Generally speaking, the components where there
was a more positive feedback from S&T had the tighter links at
that senior level and it had trickled down through the
organization. Some of the areas where there were some concerns,
it may have been a combination of sort of legacy and longer-
term things, where the change had not percolated down into the
trenches yet.
Senator Coburn. Yes.
Mr. Maurer. And I think that is actually not atypical
within DHS, to be quite honest. I mean, there are good things
happening within the Department, but you are really talking
about changing the direction of an aircraft carrier. It takes a
while for it to get all the way down.
Senator Coburn. All right. Thank you very much.
Mr. Chairman, let me have one other----
Chairman Carper. [Presiding.] No, please, go ahead.
Senator Coburn. One other question, if I might.
Chairman Carper. Sure.
Senator Coburn. The National Bio- and Agro-Defense Facility
(NBAF) in Kansas, you got that under control?
Dr. O'Toole. Yes.
Senator Coburn. Going to come in on time, under budget?
Dr. O'Toole. Under budget----
Senator Coburn. On budget? How about on budget?
Dr. O'Toole. On budget, yes. I think we can do that. This
has been a very extensively studied construction project. It is
a unique facility, very highly engineered. But the country
needs this laboratory to protect its agriculture industry, and
I think we have great partners in Kansas. They really want to
build this for their own reasons, which I think are sound. So
everybody's interests are aligned.
Senator Coburn. OK. It is a big project, as you know.
Dr. O'Toole. Huge, yes.
Senator Coburn. It is bigger than your whole budget.
Dr. O'Toole. Yes.
Senator Coburn. So I would love updates on that as you get
through. If you get in trouble, I would like to know earlier
rather than later.
Dr. O'Toole. I agree. I will say, we did bring the National
Biodefense Analysis and Countermeasures Center (NBACC), which
is the human BioSafety Level-IV (BSL-IV) lab, in on budget.
Senator Coburn. OK. Thank you.
Chairman Carper. All right. Thanks, Dr. Coburn.
We have been joined by Senator McCaskill. There is nobody
more vigilant than the two people sitting to my right in terms
of trying to make sure there is a culture around here that
focuses on better results for less money, and Senator McCaskill
chairs a Subcommittee that focuses a lot on this and we are
happy that she is here. It is all yours.
Senator McCaskill. Thank you, Senator Carper.
I believe that you have spent $334 million to produce an
antibiotic, Raxi, dosage in preparation for and anticipation of
an antibiotic-resistant anthrax, is that correct?
Dr. O'Toole. No, Senator.
Senator McCaskill. OK. How much has been spent?
Dr. O'Toole. We have not spent any money on production of
antibiotics. That would be the Health and Human Services (HHS)
responsibility.
Senator McCaskill. OK. But the Federal Government has spent
this money.
Dr. O'Toole. That is possible.
Senator McCaskill. You do not know?
Dr. O'Toole. No.
Senator McCaskill. You have no idea how much has been spent
for vaccinations for an anthrax attack?
Dr. O'Toole. That is not my realm of responsibility,
Senator.
Senator McCaskill. OK. So you do not know about Raxi?
Dr. O'Toole. I know of the drug----
Senator McCaskill. OK.
Dr. O'Toole [continuing]. But I do not have any direct
oversight or engagement or responsibility with that issue.
Senator McCaskill. Well, is it not your job to determine
overall homeland security as it relates to science and
technology? Is that not your job?
Dr. O'Toole. My job is to manage the R&D investments on
behalf of DHS. The realm of R&D that we do is set forth in the
Statutory Act. We have very specific responsibilities in
biodefense----
Senator McCaskill. So if you do not have testing capability
in terms of health, then you would not be in charge of having,
instead of GenWatch, instead of having BioWatch, having blood
testing done on individual responders to determine whether or
not there has been some kind of terrorist bioattack?
Dr. O'Toole. No. We do not do that work. The bio----
Senator McCaskill. That would be HHS responsibility?
Dr. O'Toole. Testing first responders----
Senator McCaskill. Yes.
Dr. O'Toole [continuing]. For exposure? Yes. That would be
the--developing those tests, developing a diagnostic test is
something that we are very interested in, but we would not----
Senator McCaskill. But have you not advocated for that?
Dr. O'Toole. I have advocated for a strategy that
emphasizes the development of clinical diagnostics, because I
think in a big bioattack or a pandemic, particularly if
resources such as treatments are scarce, it will be very
important to be able to specifically define who is infected and
who is not.
Senator McCaskill. OK. I am a little confused, then. So you
are involved in the strategy of clinical diagnostics when it
comes to testing first responders in terms of blood tests that
would give us some indication as to whether or not there had
been an attack, but you have nothing to do with Raxi, any
strategy or any opinion about whether Raxi has been a good
investment for the Federal Government.
Dr. O'Toole. The medical countermeasure investments, which
are defined as vaccines and antivirals and antibiotics, are
under the purview of HHS and DOD for its own troops. DHS does
not engage in research and development related to medical
countermeasures. We have had a historical mission involved in
trying to detect bioattacks and attain situational awareness
over an attack once it occurs, which is the realm in which I
think diagnostics would be important.
Senator McCaskill. Well, let me just ask for your opinion
then, even though it is not your--maybe you are going to say
you do not have an opinion, which I would find shocking. Do you
think it is a good idea that we have spent $5,100 per dose and
spent over $334 million for an antidote when there has never
even been a test that has proven that antidote will work, and
that all of these doses will expire and be worthless to us in
2015, and the person who had been recommending this everywhere
he went in a professional capacity was on the board of
directors of the only company that developed the drug and made
more than a million dollars from that company during the period
of time he was recommending this strategy, not only to HHS, but
also to your predecessors and I believe you have had meetings
with Mr. Danzig.
Dr. O'Toole. I have known Mr. Danzig for over 20 years. I
think he is a dedicated public servant. He works as a member of
a panel for a contractor of ours on what is called the BioNet
Assessment, which is an Homeland Security Presidential
Directive (HSPD)-10 mandated panel that is supposed to look at
our progress in biodefense periodically and report back. I have
never heard him in any meeting on biodefense--and I have been
in a lot, particularly prior to my job here, which has kind of
moved me out of that realm, frankly--I have never heard him
advocate that drug.
But let me answer your first question.
Senator McCaskill. Well, Secretary O'Toole, it is in
writing. I would recommend you Google him. There is article
after article about the importance of doing this. You are not
going to sit there and tell me that Mr. Danzig has not
advocated buying this vaccination, this treatment.
Dr. O'Toole. What I said was I have never heard him
advocate it.
Senator McCaskill. OK.
Dr. O'Toole. In terms of----
Senator McCaskill. But you know he has been advocating it--
--
Dr. O'Toole. I believe you----
Senator McCaskill [continuing]. Far and wide for years.
Dr. O'Toole. I believe you.
Senator McCaskill. OK.
Dr. O'Toole. OK. In terms of----
Senator McCaskill. But you do not need to believe me. You
know it, do you not?
Dr. O'Toole. Pardon me?
Senator McCaskill. You know this, do you not?
Dr. O'Toole. No, not from personal experience or
information, I do not.
Senator McCaskill. So you have not read about this?
Dr. O'Toole. No, I have not.
Senator McCaskill. You are telling me that in your capacity
of responsibility and leadership at the Department of Homeland
Security, you have no idea that there has been a serious
allegation of conflict of interest----
Dr. O'Toole. Oh, no. I am well aware of the serious
allegation of conflict of interest, but I do not believe
everything I read, and I do know Richard and I had personal
experiences with him.
Let me go back to your first question, though, which is a
very serious strategic point about what are we doing to protect
the country against biodefense, OK. This is a very complicated
area technically, OK, and in my view, which you have asked for
so I will offer it--I am a little out of my area of
responsibility here--it has not gotten sufficient congressional
attention and oversight. It is very difficult to figure out,
particularly in medical realms, when you are talking about
drugs and vaccines, where there is a very long, complicated
runway between the idea and the success, it is very difficult
to figure out what to invest in.
The added complication for biological weapons-related
diseases is that we cannot ethically test a lot of this stuff
in humans, which is the dilemma that you raise, Senator,
regarding this pharmaceutical. So we need to have a very
careful strategy of investment.
This is big money that we are talking about, as you point
out. That is not a lot of money per dose for your average
biological, but it is a lot of money, particularly since we
have to deal with many different potential agents and we are
trying to protect the country, not just one, two, or a thousand
patients. So there are very difficult decisions to be made,
almost Hobbesian choices in some cases, about which medical
countermeasure to invest in and what are the principles upon
which we will be investing.
And in my opinion, I think that deserves more attention
from Congress than it has gotten. I think we are investing a
lot of money. I think we are under-investing and I would like
to see us take a more strategic approach. We have to buy down
this cost with new technologies. It is a very difficult set of
markets to move, very complicated. But I do think it would be a
good thing to spend more of the Congress's attention on
biodefense.
Senator McCaskill. I am reading your responsibilities and
it says, finally, some of the Under Secretary's
responsibilities and authorities are primarily coordinative.
These include collaborating with the Secretary of Agriculture,
the Attorney General, and the Secretary of Health and Human
Services in designating and regulating biological select
agents.
Dr. O'Toole. Mm-hmm.
Senator McCaskill. And that is why I am a little surprised
at your initial reaction that this is not anything that you
have anything to do with and your assertions that you are not
really aware of any of the----
Dr. O'Toole. Well----
Senator McCaskill [continuing]. Highly, frankly,
questionable expenses that we have embraced without----
Dr. O'Toole. Well, you are hitting on an important seam.
Biodefense is one of these issues which is very important to
national security but is not a top priority of any one agency.
It is an inherently interagency set of responsibilities that is
distributed over many different agencies.
It primarily resides in HHS. What S&T does in DHS is we
examine potential threat agents and we do analyses of these
threats and then we determine if they really look like they
could be made into a biological weapon. At that point, we hand
off that information, which is called a Material Threat
Determination, to HHS. They do their own analysis as to whether
or not it is a highly consequential public health problem, and
on the basis of those data, they decide whether and in what way
to invest in medical countermeasures.
Senator McCaskill. I have a number of more questions about
BioWatch, but I know my time is up and you all may want to go,
because we have billions in BioWatch and it is almost as bad as
Raxi.
Chairman Carper. Well, you are going to get another chance.
Senator McCaskill. Thank you.
Chairman Carper. So do not go away. Thanks for those
questions. Thanks for the answers. That was a good tutorial for
me.
I telegraphed my pitch earlier, I think just about the time
Senator McCaskill was getting here, and I want to go to the
Southern border. Talk to us a little bit about force
multipliers. One of the things that some of us have been
concerned about the--I supported the immigration reform bill. I
did so. I was not convinced that we really need to add 20,000
Border Patrol officers down on the border given how many we
have there. We spend more money for border security right now
than we spend in all other Federal law enforcement activities
combined, so that is a lot of money.
I am convinced that we need more people in what we call the
ports of entry, those lands ports. We have huge amounts of
vehicular traffic, truck traffic, a lot of trade going back and
forth. I saw some really interesting and impressive technology,
a handheld device called the ELMO used at the ports of entry by
our Customs and Border Protection officers.
And one of the things that I want you to talk a little bit
about is what are some fruits of our R&D activities that have
been deployed along our Southern border with Mexico that we can
point to and say, this is working and this is where we got the
idea. Where did the idea come from? Maybe it came from your
customers down on the border, the people who work there for us.
Dr. O'Toole. Mm-hmm.
Chairman Carper. And maybe give us some insight into some
of the activities that you are working on that we hope will
help make the men and women we have on the border, 20,000
Border Patrol, 21,000 Border Patrol and thousands of others at
the land ports. Talk to us about that----
Dr. O'Toole. Mm-hmm.
Chairman Carper [continuing]. What we have that is
deployed, how you all worked in it, and some projects that you
are working on that will enable us to be even more effective.
I guess the implicit question is, what do we need to be
doing here to support those activities so that those thousands,
tens of thousands of people we deployed on the border can be
more effective.
Dr. O'Toole. We are doing a lot of work on the border. The
Southern border is not a consistent entity. The kinds of
technologies that will work in Arizona are different from what
we need in Texas, for example, where there is a lot more
vegetation and a river to cross and a very fast vanishing point
once you get across. You can get in a car, be on a highway, and
be gone very quickly.
We have done, as I said, a recent operational analysis that
shows that we can change procedures at no cost in a way that
would reduce the time CBP agents spend processing aliens whom
they pick up and get them back out to the border. We have made
suggestions of other process changes that would cost some
money, because they involve changes to computer systems, that
would push those efficiencies further.
We think of the border in terms of air surveillance, ground
surveillance. On the Southern border, underground surveillance
is very important because we are seeing more and more tunnel
activity. One of the projects that we have underway in
collaboration with DOD and some of the intelligence agencies is
to figure out how we can guide Border Patrol agents in using
the proper technology to find tunnels. It turns out that
different technologies work differently depending upon the soil
conditions. So we are creating a compendium of what works where
and how to maximize your likelihood of finding tunnels.
We have also instrumented some of the public infrastructure
tunnels, the sewer drains and so forth, that people use as
conduits so that we have more awareness of people coming
through there and can more efficiently deploy Border agents
when there actually is activity and not having them stand at
the entry of the tunnel day and night.
We have deployed ground-based radars and something called a
trip wire on the Southern border. The trip wire is buried and
it follows the contours of the land. One of the problems with
the cameras and radars is it cannot see into the gullies. The
trip wire costs about a tenth as much as the fence to deploy,
has a very low false positive rate, allows you to determine
whether it is an animal or a person or a vehicle that has
tripped the wire, and has been very effective so far. It is in
operational field testing now on the Southern border.
We have also done a lot of work in marine surveillance and
have a major program underway with Air and Marine Operations
Center (AMOC) to----
Chairman Carper. I am sorry, with whom?
Dr. O'Toole. AMOC, the Air and Marine----
Chairman Carper. OK, thanks.
Dr. O'Toole [continuing]. And the CBP which uses DOD
technology to gather more data from different sensors. We are
taking existing sensors and repurposing them. So, for example,
we are taking a National Oceanic and Atmospheric Administration
(NOAA) weather buoy, changing the radar signal a little bit to
give us notice of small dark boats in the area.
So we are taking more data. We are putting it into this
open mongoose system that fuses the data, aggregates it and
analyzes it and then spreads it out to the people who need to
use it in the Port Authorities and so forth. That program is
now deployed in pilot at AMOC and will become progressively
more functional over the next 6 months or so.
We have also taken the mobile surveillance systems, which
are the cameras and radar on trucks that CBP relies upon,
particularly in Arizona, and we have upgraded them so that you
have a wider field of view, a better resolution. We have
improved the software so that they are still operable in bad
weather, in windy weather, and we have made them easier to use
and lowered the maintenance and operational cost. They, too,
are now under operational testing at CBP.
Chairman Carper. Senator McCaskill, we could almost have a
hearing--this is fascinating stuff for me. I spent a fair
amount of time down on the border with Senator John McCain and
Secretary Napolitano, Congressman McCaul who heads up the
Homeland Security Committee over in the House. This is really
actually very helpful information in terms of us passing a
comprehensive immigration reform bill that actually tries to
strengthen further our border security.
Dr. O'Toole. We----
Chairman Carper. Let me just mention----
Dr. O'Toole. Of course.
Chairman Carper. I want to yield to Senator McCaskill, but
we will come back and maybe have another round.
I feel bad for Mr. Maurer just sitting here. He is just
sitting here listening to your testimony, rolling his eyes--no,
he is not rolling his eyes. [Laughter.]
Mr. Maurer. No. I have my game face on. I am staying
focused. [Laughter.]
Chairman Carper. Do you want to jump in here?
Mr. Maurer. Yes, sure.
Chairman Carper. Before you do, and then I need to yield to
Senator McCaskill, this guy named Tony Wayne--Senator McCaskill
probably knows him--he was the No. 2 person, Deputy Chief of
Mission (DCM), over in Kabul in Afghanistan when Karl
Eikenberry was our Ambassador there. He is now our U.S.
Ambassador to Mexico. And I talked with him on the phone last
month just to get some input on border security, what we ought
to do more of or less of.
And one of the things we talked about were tethered
dirigibles, lighter than air assets, and we talked about what
we have deployed in Kabul in lighter than air surveillance and
we have down in Kandahar and other places and he says it has
been very effective in that part of the world. And we talked a
little bit about using tethered dirigibles.
If the wind is over 15 knots, you cannot fly a drone. We
only have four drones in Arizona. We only fly two of them at
any point in time. They fly 5 days a week, 16 hours a day. The
rest of the time, they are not around. They are around, but
they are not being used. The C-206 aircraft that we basically
send--we have 18 of them. We send people out with binoculars to
look at the border, not very smart, but there is a lot of
technology. But when we come back, I want to ask you about
tethered lighter than air.
Mr. Maurer, just jump in here and then I am going to yield
to Senator McCaskill.
Mr. Maurer. Just really quickly, two points on the Southern
border. One is we currently have ongoing work for the House
Science Committee looking at R&D efforts on the border maritime
realm at DHS. That report will be forthcoming in September, so
be looking for that. I think that could help in deliberations.
The second point I would like to make is as the Congress
considers what to do on comprehensive immigration reform it
underscores, really, the importance of having a strong
management foundation at the Department, because if we are
really going to be hiring 20,000 more additional Border Patrol
agents, that is a tremendous human capital challenge. You are
also going to have to put information technology (IT) in the
hands of these people. They are also going to have to have
financial management systems to track the costs. And you are
going to require new technologies and put them in their hands
so they can do an effective job. So, really, it is the
management foundation that enables that mission, and that is
why we placed a lot of emphasis in terms of our oversight and
our work on the management front and I think that is one thing
to always keep a good focus on.
Chairman Carper. That is a great point. Let me just ask our
staffs, both the Democrat and Republican staff here, just to
make sure we come back to Mr. Maurer on that. If we are
fortunate enough to get into conference on immigration reform,
it is a huge amount of money we are going to spend in the
Senate-passed version. I am not convinced all of it is wisely.
Let us just make sure that we are coming back to the points
that he made, OK. Thanks very much. Senator McCaskill.
Senator McCaskill. Thank you.
You have clarified what I think you see a role in terms of
stockpiling vaccination or treatment for bioagents that could
be used as a weapon against Americans. Are you going to
recommend or have any opinion as to whether or not we should
buy additional doses of Raxi, since it is all going to be
worthless in 24 months?
Dr. O'Toole. So, S&T participates--in some cases, I am the
participant--in what is called the Executive Steering Committee
at HHS that reviews these decisions periodically. I raised----
Senator McCaskill. So, were you part of that when they made
the decision to purchase it, but you had no idea how much it
was?
Dr. O'Toole. I do not think I was part of the decision, but
I raised concerns on the point of the strategic intent of what
we were doing.
Senator McCaskill. Mm-hmm.
Dr. O'Toole. Anthrax is of great concern as an agent
because we have seen it used. The U.S. built anthrax weapons.
We know the Russians did, as well, in their time, as did the
British. And there are few technical barriers to doing so. So,
it is the kind of weapon that you could imagine terrorists
getting their hands on.
The other problem with bio----
Senator McCaskill. Although there are technical barriers to
making lethal--according to the documentation I have read from
scientists, there are barriers to making lethal doses of
antibiotic-resistant anthrax.
Dr. O'Toole. Yes. That is true. But----
Senator McCaskill. But that is what we are buying the
antidotes for at $5,100 a dose.
Dr. O'Toole. There are technical barriers to making multi-
drug-resistant anthrax. There are no technical barriers to
making an anthrax that is resistant to the primary drugs in our
stockpile. Some of this is getting into classified information,
so I apologize. But multi-drug-resistant anthrax, I think, is
not likely to be a terrorist weapon.
And I was part of a discussion in DHS in which we did not
think it was wise to proceed with an R&D project to develop an
antidote, if you will, a drug product against or a vaccine
against multi-drug-resistant anthrax.
Senator McCaskill. I guess I am back to my question. Will
you be recommending that we buy more doses of Raxi that we have
spent $334 million on that will be worthless in 24 months? Yes
or no?
Dr. O'Toole. No.
Senator McCaskill. OK. BioWatch--how much have we spent on
BioWatch?
Dr. O'Toole. How much has S&T spent on BioWatch?
Senator McCaskill. How much has DHS spent on BioWatch?
Dr. O'Toole. Billions of dollars. I do not know the exact--
--
Senator McCaskill. And how much of that was spent before
you took your position?
Dr. O'Toole. S&T has spent no money on BioWatch since I
took my position.
Senator McCaskill. How much had DHS spent before you took
your position?
Dr. O'Toole. I do not know that figure. I can get it for
you.
Senator McCaskill. I want to clarify for the record, it has
been your stated position that you do not support or do not
believe we should go to the next generation of BioWatch?
Dr. O'Toole. My stated position before I became Under
Secretary was that investing in Gen-3 BioWatch while not also
investing in more traditional approaches to public health
surveillance was a mistake.
Since I have become Under Secretary, I have advised the
Department that the performance of the Gen-3 candidates that
the Office of Health Affairs (OHA) has tested thus far is not
such that under DHS's own acquisition procedures would warrant
further investment until performance can be improved. And those
recommendations, which were mirrored by the Homeland Security
Studies and Analysis Institute (HSSAIs) evaluation, which the
Secretary requested, were a large part--not the only, but a
large part of the basis for the Acquisition Review Board's
(ARB) decision to put a hold on further acquisition of Gen-3,
on proceeding with the Gen-3 acquisition.
Senator McCaskill. And is there any effort at this point to
proceed with acquisition of assays or anything in order for us
to do blood testing on first responders or testing of blood
donors or anything of that nature?
Dr. O'Toole. As part of BioWatch, you mean?
Senator McCaskill. In lieu of BioWatch. What has been
advocated, and once again by Mr. Danzig, is that we develop
what would be a very expensive, obviously, very expensive
process of doing blood testing of, I guess, first responders
that would volunteer to have their blood tested on a regular
basis and/or others have suggested blood donors. It has been
written up in some of the medical journals that they do not
think that would be effective.
Is there any discussion in the groups that you sit on, in
the places you collaborate, or in the executive committees you
stand on, to substitute for Third Generation BioWatch a blood
testing protocol that would somehow, in lieu of BioWatch, give
us notice that there is some kind of bioweapon being unleashed
somewhere in America?
Dr. O'Toole. Not for substitution for environmental
sensors. We are going to need environmental sensors and we need
to improve what we have. Whether that is Gen-3 BioWatch is one
set of questions. I do not think it is, but that is a technical
question that we have to determine empirically.
The overall problem is that what we want is very early
notice of a bioattack, if possible, before people become sick
with symptoms, because by then, it is, as far as we know, very
difficult to rescue them. That is certainly the case with
anthrax, for example.
Ten years ago--even the Defense Science Board suggested
that we should be investing in rapid, cheap diagnostic tests
that would be part of a panel of blood tests that people coming
in for clinical care would get. So, for example, if you have an
upper respiratory infection, it would be good for your doctor
to know if that is viral or bacterial in origin because the
latter requires antibiotics, the former does not. It would have
all kinds of good consequences beyond that individual patient's
well-being.
If we had a cheap enough diagnostic that when you ran that
test you also, by the way, checked for anthrax, tularemia, or
the other bioweapons agents that we thought might be used, at
almost no extra cost, it would give us a way, if we deployed
that, for example, in a sample of hospitals around the country,
to achieve very specific and actionable early warning.
We have reached a point technologically where these kinds
of very fast and simple tests are almost within reach. There
are very few market forces pressing diagnostics forward, and
one of the problems is how do we actually have the Food and
Drug Administration (FDA) approve these multianalyte tests that
look for more than one bug at a time.
But we do need a way to get beyond the current process of
diagnosis, which is to take blood from a sick person, someone
who is already sick, culture that blood, which itself takes 24
to 48 hours, and then go looking for the bug, which you often
cannot find even if it is there. So you are now 2, 3 days into
the bioattack and you do no good for that individual patient,
who is probably dying by now, and it does not give you the kind
of early warning we are looking for to protect the population
with vaccination or whatever.
Senator McCaskill. Dr. O'Toole, I am trying to make the
point here that we spent billions on a tool to tell us if we
were having a bioattack and now there seems to be consensus
that we have wasted it, because we are not going to use it
anymore. We are not going to buildupon it. Because if we do not
do Third Generation, obviously, we are saying that it is not
going to be effective for what we are trying to do.
Dr. O'Toole. I do not think that the money spent on
BioWatch as deployed has been wasted, OK.
Senator McCaskill. OK.
Dr. O'Toole. I think it is possible to improve BioWatch as
deployed in ways other than investing in Gen-3.
Senator McCaskill. Let me move on to a couple of other
things. What is the ratio of contractors to employees at S&T?
Dr. O'Toole. It is about one-to-one.
Senator McCaskill. So you only have one contractor--so the
vast majority of your budget, half of it is spent on employees
and half of it is spent on contractors? Are you not passing
through most of the money to people----
Dr. O'Toole. No.
Senator McCaskill [continuing]. Who have contracts with you
to do research?
Dr. O'Toole. Yes.
Senator McCaskill. OK. So----
Dr. O'Toole. Our Mergers and Acquisitions (M&A) budget is
spent on Federal employees. Our contractors are different from
a lot of Systems Engineering and Technical Assistance (SETA)
contractors. We contract, for example, with scientists to help
us on projects----
Senator McCaskill. I am very aware of who you contract
with, and I am on the Armed Services Committee and have spent
years on contracting and R&D. So I understand that the vast
majority of the money that we appropriate to you is not spent
on your employees, correct?
Dr. O'Toole. Correct.
Senator McCaskill. What percentage of the money we
appropriate to your Department is spent on employees as opposed
to other contractors? They may be scientists, but they have a
contract with us. They have an R&D contract with us. They have
a development contract with us. They have all kinds of
contracts that are being managed, ostensibly, by your division.
Dr. O'Toole. Sure.
Senator McCaskill. OK.
Dr. O'Toole. Well, I can get that for you. The problem is
that I have my M&A budget, which tells me what we are spending
on Federal employees, and then what you are calling contractor
costs are embedded in our project costs, so I do not have an
overall sum of that number.
Senator McCaskill. What percentage of your employees are
actually doing research as opposed to overseeing research done
by others?
Dr. O'Toole. The only employees in S&T who are actually
doing research are those who work in our five laboratories.
Senator McCaskill. OK. So I know I am over, and I can
finish on the next round----
Chairman Carper. Yes, you are.
Senator McCaskill [continuing]. Because this will involve
Mr. Maurer, because I want him to talk about some of the
documentation for acquisition and how lacking it is, especially
when you realize this is primarily a pass-through organization.
Chairman Carper. Mr. Maurer--do you want him to respond at
this point in time or do you want to just--we will have one
more round.
Senator McCaskill. Well, this is me studying your reports,
so maybe you can speak to it. We obviously have acquisition
documentation that has not even been completed and you are in
the sustainment phase. It does not do you much good to figure
out that the acquisition is not needed if you are already
supporting it in a sustainment phase, and I studied your report
and would like you to speak to the fact that since, primarily,
this is a pass-through organization, a core competency is going
to be the documentation at the onset of these projects, before
we ever begin paying for these projects. Could you speak to
that, Mr. Maurer?
Chairman Carper. I would like for you to go ahead and
respond to that question. I would ask you to do it fairly
briefly, if you could. If you need more time, we will just come
back for one final round.
Mr. Maurer. I will keep it short and sweet. You hit on a
key point and a key challenge of acquisition at DHS, not just
on BioWatch, but many others. DHS historically, since they
developed acquisition guides, have had a good policy. They have
not always followed that policy. They have gotten the cart
before the horse in many acquisition projects, and not just
BioWatch, and it is exactly the point you pointed out, which is
that they have not clearly defined the requirements up front
and/or they have not clearly demonstrated that the project or
the program is going to work as advertised in real world
conditions before spending a lot of money trying to deploy it,
and that has been a problem that has plagued the Department for
years.
They are starting to take action to address that. They are
trying to revamp their approach to acquisition, and I think
that is encouraging, but they still have a long way to go.
Senator McCaskill. Thank you, Mr. Chairman.
Chairman Carper. That was short and sweet. Thank you.
Mr. Maurer. Thank you.
Chairman Carper. I am going to go back, if I can, to--I
just wish Senator McCaskill were more passionate about this
stuff. [Laughter.]
Senator McCaskill. Sorry. I know I am obnoxious. I
apologize, Dr. O'Toole.
Chairman Carper. Actually, she is on her good behavior
today.
Senator McCaskill. But it came out of your mouth. There has
not been enough oversight here, and I do not want you to be
scared because I do have someplace I have to be in a few
minutes, but I could go on a long time on this Department.
Chairman Carper. OK. That is great, because I have
someplace I need to be in a few minutes, too. [Laughter.]
Let us go back a little bit to tethered dirigibles, the
kind of technology that Tony Wayne, our Ambassador to Mexico,
was talking with us about when he saw it firsthand over in
Afghanistan. This may be outside your lane or outside your
wheelhouse, but in terms of the kind of technology we could put
on tethered dirigibles to do surveillance work along the
borders on days that the drones are not flying, that they
cannot get into the controlled airspace of the Department of
Defense, any idea? We have all these assets over in
Afghanistan. The question is, do we want to leave them there or
can we bring them back here? Could we redeploy them along the
border? Any thoughts along those lines?
Dr. O'Toole. Yes. S&T has actually----
Chairman Carper. And, Mr. Maurer, if you have any thoughts
along those lines, we would welcome those, too.
Go ahead, please.
Dr. O'Toole. S&T has actually tested the DOD Aerostats on
behalf of CBP to see how they perform. They are great. There is
a lot that you can do with them. They do not perform well in
weather which is fairly frequent on the border.
The trouble with the Aerostats is they are very expensive.
They are very expensive to operate and maintain. So we are
going to have to make decisions----
Chairman Carper. That is interesting. You would think with
an Aerostat, you put in your tether, you put it up in the air,
and it stays up for days as opposed to having to have an
aircraft, either manned or unmanned. Even the drones are
unmanned, but you have huge costs to support them. That is
interesting that they would be that expensive.
Dr. O'Toole. Yes. I mean, look, we are going to need a
suite of technologies on the border and S&T is very eager to
participate in these decisions. Going back to your how can we
help you question, we would like to be engaged. We think there
should be some kind of steering committee that ponders these
difficult decisions and ways investments in one technology or
another and----
Chairman Carper. Well, we are going to be needing to use
some steering here, so try to figure out how----
Dr. O'Toole. Well, and there are going to be very difficult
decisions to make, as Senator McCaskill is pointing out. These
are complex technologies, complex situations, and a lot of
judgment will have to be brought to bear.
But the Aerostats are great. They are not the answer. There
is a lot of very cool technology out there, and putting
together a package that is efficacious and cost effective and
can actually be maintained over time is going to be the
challenge.
Chairman Carper. All right. Thanks.
I want to turn, if I could, to--Mr. Maurer, anything you
wanted to add to that now?
Mr. Maurer. Just really briefly.
Chairman Carper. Please.
Mr. Maurer. We issued a report in the last year or two
specifically on Aerostats and I will get that directed to your
staff.
Chairman Carper. Give us just a little tease on it, a
little----
Mr. Maurer. Well, I did not actually do it myself, but we
looked across the different Aerostat technology. I think a lot
of it was focused on DOD, but it may be useful for your
purposes and oversight on this Committee, as well.
Chairman Carper. I would just ask our staff, let us just
make sure we followup on that offer. Thank you.
If I could, one question and then I am probably going to go
back to yield the floor to Senator McCaskill.
Senator McCaskill. I just have one more.
Chairman Carper. OK. But let us talk a little bit about
cybersecurity R&D duplication. I think the distinction you made
between overlap and duplication was a good one and very
instructive for us. But for Dr. O'Toole, let me just ask, one
very important issue to this Committee and I think certainly to
the Senate and to the Congress and to the President and our
country is that of cybersecurity. And in such a fast-paced and
evolving environment like ours, cybersecurity research and
development is really important, as you know, as we try to stay
out ahead of the bad guys.
At the same time, a whole lot of agencies have a mission
that touches on cybersecurity, a big one, but one of several.
How does S&T coordinate with some of these other Federal
agencies, and maybe even non-Federal agencies, but especially
the Federal agencies and with the private sector to avoid
duplication of cyber research and development efforts?
Dr. O'Toole. Cybersecurity is coordinated by law by the
High-Performance Computing Act of 1991 out of the Office of
Science and Technology at the White House. It is under the
aegis of what is called Networking and Information Technology
Research and Development (NITRD), the National Coordinating
Office for Networking and IT R&D. So this NITRD is broader than
just cybersecurity, but it has a senior steering group devoted
to cybersecurity R&D coordination and also several interagency
working groups devoted to cybersecurity.
Our Director of our Division of Cybersecurity in S&T co-
chairs the Non-Classified Cybersecurity Working Group. We do
not do classified cybersecurity work. And they meet very
regularly. There are many working groups on big data. There are
various aspects of cybersecurity. We are also participants in
the Classified Steering Committee on Cybersecurity.
And the collaboration and cooperation is quite intense.
This is an area of R&D that is very coordinated in the U.S.
Government. We have a very good handle on who is doing what,
and people are eager to stay in their lane, to collaborate with
others in order to get the most out of resources. We are
collaborating, as I said, with DOE, for example, on electric
grid cybersecurity. And they meet monthly to talk about
particular topics and everybody presents what they are doing.
So who is doing what is made quite transparent.
To your question about how do we cooperate with the private
sector, the U.S. Government's investment in cybersecurity is
coordinated through the Industrial Coordinating Councils, also
managed out of the White House. So we are very involved in S&T
in the Financial Sector Coordinating Council, in the Electric
Grid Council, and also, we have a consortium of the big five
oil and gas companies with whom we are working on a variety of
cyber projects that they choose. They decide what the biggest
vulnerabilities are and then we help them with fixes and we
help them to disseminate those fixes.
Chairman Carper. Take just 1 minute, and then I am going to
yield to Senator McCaskill and run out and take a quick phone
call, but how do you track the performance of your cyber R&D
programs? And maybe just give one or two quick examples, but
just be very brief, please.
Dr. O'Toole. Cyber moves very fast. You can get a fix out
there and it will be overtaken by the adversary months later.
So this is very complicated.
We basically measure progress by whether our solution has
been picked up. We have had McAfee and Microsoft, for example,
buy and incorporate cybersecurity solutions that we developed
by supporting small companies. We also track how widely it is
being used. In that one case, a $5 million investment in
collaboration with DARPA, actually, resulted in half-a-billion
computers being equipped with this particular malware
protection.
And we also get feedback from the venture capital
community, which is extremely active in this area now, on the
quality of our fixes. They are very interested in what we
invest in because we, have a reputation of doing good work. But
it is hard to judge efficacy in this field and we do it by,
does it get commercialized? Does it get picked up? And how
widely dispersed is the fix?
Chairman Carper. OK, thanks.
I am going to yield to Senator McCaskill and I will be
right back, so----
Senator McCaskill. I have a--and I will not be long, so
should I dismiss the witnesses when I am finished? No. Ask them
to stay? OK. I did not get what he said. [Laughter.]
You are on your own. I am going to just ask you a couple of
questions and you are on your own.
I do understand that this is difficult, what you are tasked
with doing, because you are being tasked to do cutting-edge
research and technology to protect America. And I am not
convinced that we are doing cutting edge. I think that there
are component parts in DHS that are doing--and the GAO report,
in fact, cited that, that we have research going on in
component parts.
I also am aware, Dr. O'Toole, that, for some reason, fair
or unfair, your agency ranks at the very bottom in terms of
best places to work. It is very bad, your rankings, from the
people who work there. And I do not want you to--if you want
to, you can respond today, but I would, as part of my questions
for the record, there will be a number of specific questions
about various projects, about when is the next risk assessment,
how quickly are we pulling the plug.
I do not want to be critical that you are pulling the plug
on Gen-3 for BioWatch because I think part of the problem is
plugs have not been pulled and we have wasted an awful lot of
money. And, believe me, you have a way to go before you get to
your big brother, the Pentagon, in terms of money that has been
wasted, and the entire government in terms of IT.
But I would like you to maybe in answers to these questions
try to give a thoughtful response as to why the people who work
in your Department rank your Department so low in terms of a
place to work and to address the risk assessment and the fact
that it is not occurring every 2 years and that means that we
are getting down the line on things that are being done without
really evaluating on an ongoing basis whether or not we are
throwing good money after bad.
I think your agency because of the responsibilities you
have, has a much higher risk than many others in terms of good
money being thrown after bad. And I am worried, because of a
lack of documentation on projects, the fact that some of your
recommendations that you are giving to some of your components,
you did all that work on transit workers and then TSA just
ignored you. Basically, we spent a lot of money developing
technology for TSA and they said, never mind, we do not want
it, and did not pay any attention to you.
So there is something not right here, and I want to try to
spend some time and energy--and be fair to you--to respond,
because I do not think we have done enough oversight in this
area. But I have kind of gotten into it now and I find it
fascinating and interesting and that is really bad news for you
because it means I am not going to go away until we get some
more specific answers to these.
So if you would like to respond about your----
Dr. O'Toole. I would.
Senator McCaskill [continuing]. Issues here, but it will
also be part of the questions I will give you for the record.
Dr. O'Toole. Good. I would appreciate that, Senator.
First of all, I would like to offer to come and talk to you
at length about these issues and particularly how S&T is trying
to--and I think we have succeeded to a great extent--evolve a
very efficient approach to R&D and how we are trying to partner
with the components who do the acquisitions, and as you say,
tighten up the front end of acquisitions when we devise the
requirements that are going to guide what it is that we invest
in. We do not want to find out at the tail end, as we are about
to procure something, that we made a mistake and we are not
getting what we need. But I would welcome the opportunity to
talk about this or anything else you would like in person and
at length.
In terms of morale, this has been a source of enormous
distress to me and to the Secretary, and actually to the entire
DHS leadership, and we have discussed it for hours on end. I am
happy to give you my view of what I think is going on, which I
am sure is imperfect. We in S&T did followup surveys after the
first abysmal congressional survey to try and get to the bottom
of what is wrong and there are many facets to this.
First of all, it would be useful if Congress made the
survey every 2 years rather than every year, because what
happens is just as we start to put in place the fixes, the
results of the previous survey, the next one comes out. So it
feels like there is never any progress.
DHS employees are there for the mission. They say this
again and again and they say it in the survey. I think it is
very disheartening to have your agency constantly, almost
without exception, bashed in the media and criticized. And God
knows, as you say, we have this huge mission that is very
difficult----
Senator McCaskill. Welcome to our world. Amen. Touche.
[Laughter.]
Dr. O'Toole. That is one thing, because these people are
public servants. They are not in it for the money.
Second, one of the things that they told us in our survey
was that they felt they did not have enough recognition for
what they did do, so we put in place a whole series of, not
rewards, but recognition ceremonies for progress that we had
made and extra efforts that people had did, all of which has
gone away in sequestration. We cannot have reward ceremonies.
We cannot give bonuses. The 3-year freeze in salaries is
beginning to really hurt. I mean, people are hesitating to buy
houses and have second children because of this. So, over time,
even though these people are not in their jobs to make money,
that long-term pay freeze is very important.
For us, one of the big impediments to doing our work, to
getting out and meeting our customers and collaborating with
others, is this rather draconian freeze on travel and
conferences. Particularly for R&D, conferences are how we do
work. And when you have to hire contractors in order to manage
the paperwork involved in requesting permission to travel,
something is wrong.
So in the interest of more efficiency, in the interest----
Senator McCaskill. Wait a minute. You have 439 people that
work for you and you have to hire a contractor to do travel
documents?
Dr. O'Toole. Yes, to do it more efficiently, because I do
not want to use Ph.D.s to fill out travel documents. We put
together a very efficient process----
Senator McCaskill. So all the people that are overseeing
contracts and paperwork are Ph.D.s that work for you? What
percentage of the people who work for you are Ph.D.s?
Dr. O'Toole. No, the people who are overseeing contracts do
not work for me. They work for the Office of Management.
Senator McCaskill. OK.
Dr. O'Toole. We can talk about this at length----
Senator McCaskill. Yes, we need to, because----
Dr. O'Toole. I should not have gotten you started.
Senator McCaskill. You should not have told me you were
hiring contractors to handle travel documents. That was not
something----
Dr. O'Toole. Well, no, it is----
Senator McCaskill. Now I have another set of questions I
need to ask.
Dr. O'Toole. But I am saving money and I can prove it.
Senator McCaskill. I would like to see that.
Dr. O'Toole. OK. I can prove it. I am saving money doing it
that way.
Anyway, what has happened is people, as I am sure you do,
feel very beleaguered. One big problem is the Civil Service
Reward and Advancement Program. People say it is not fair. It
is not. It is not. It is very broken. I mean, I am trying to
run this organization and I have very little capacity to hire
or fire. Imagine running an organization of this size and not
being able to hire the skill set you need or fire people who
are not performing. But that is the case across the Federal
Government and people feel that very much is unfair.
Senator McCaskill. Well, I appreciate your answer. I think
what I would like you to give some thought to is this is a
comparative survey and a lot of the problems that you indicated
just now are across the Federal Government. So that would not
be the answer as to why you are 292 out of 292, because 250
have those problems and 10 have those problems. So that is what
I would like you to reflect on, and we can visit----
Dr. O'Toole. I will----
Senator McCaskill. And I really appreciate you being here,
and I hope you understand that all of this oversight is because
it is needed and it is part of our job, and I hope that I was
not too rough on you, but I was taken aback when you first kind
of did not want to talk about Raxi and what it was and I think,
clearly, in your job, I expected you to want to talk about it.
So we will visit in person and continue and I will get
questions to you.
Thank you both very much. Thank you, Mr. Chairman.
Chairman Carper. Thanks very much, Senator McCaskill. Thank
you for your passion that you bring to this work.
Sometimes I offer our witnesses an opportunity to give a
short closing statement. Since we are running overtime right
now, I am going to ask you to do that. You have just, sort of,
given one, Dr. O'Toole, and I am just going to ask Mr. Maurer
if you would like to make just a short concluding statement,
just if you want to reiterate some things, emphasize some
things, underline some things, feel free. If something new has
come to mind you think you ought to leave it before us, this is
a good time to do that.
Mr. Maurer. Sure. Absolutely. I think the key takeaway from
our discussion earlier from the GAO perspective is that it is
important for DHS to define R&D. It is important for DHS to be
able to know who is doing R&D within the Department, to have
effective coordination mechanisms in place, to be able to make
the necessary strategic tradeoffs, to make the wise decisions
and make the most effective use of taxpayer dollars.
Chairman Carper. All right. Thanks.
Dr. O'Toole, just one last quick comment from you, if you
want.
Dr. O'Toole. Just I appreciate the opportunity to be here
and I hope the Committee will be an advocate for using science
and technology to make DHS more effective, efficient, and
safer.
Chairman Carper. I think it is safe to say that we will be.
I hope you will not leave here discouraged. I hope you will
leave here encouraged, both of you.
I said to our staffs on both sides here, I said, I came
into this hearing sort of uncertain as to how productive it was
going to be, how constructive it was going to be. I think it
has been, for me, very helpful and really encouraging. I am
encouraged by your leadership, Dr. O'Toole, very encouraged.
Dr. O'Toole. Thank you.
Chairman Carper. And we have a lot of witnesses who come
before us--I would say this to Mr. Maurer--we have a lot of
witnesses from GAO. You are just two very excellent witnesses.
For those who you work with and whom you lead, I want you to
take back my appreciation for the work that is being done.
Our staffs have heard me tell, probably more than they want
to remember, the story of my driving to the train station. I go
back and forth on the train most nights to Delaware. I drive
into the train station early in the morning, listen to National
Public Radio (NPR), and before I got to the train station to
catch my train to come down here, and hearing about a year ago
an international study done to ask the following question. What
is it that gives people joy or satisfaction in their work? What
makes people really satisfied in their work? What is it?
And some people said they--from all over the world,
thousands--they like getting paid. [Laughter.]
Some people said they liked having fringe benefits, sick
leave, vacation, pension, whatever. Some people said they like
the folks they work with. Some people said they like the
environment, the space in which they work.
But do you know what most people said? Most people, the
thing that gave them real satisfaction about their work is that
they found that the work they were doing was important. They
felt it was important. And the second half of that is they felt
like they were making progress. Put those two together. That is
what most people said.
And I think the same is true here. We had a near meltdown
in the Senate, as you may know. The old nuclear option
fortunately defused and I think we have just a renewed spirit
of cooperation and collegiality. I hope it extends beyond this
week, and I am encouraged that it will.
But just to take back to the folks you work with and lead
that the work you are doing is important and I believe we are
making progress, and God knows we need to.
I have a beautiful closing statement that was prepared for
me. I just have one quote here I am going to just throw out
before I close, and it is Carl Sagan who once said, ``science
is a way of thinking much more than it is a body of
knowledge.'' That is pretty good.
Part of our challenge is to figure out how to use science,
good science, to help protect our country and the people here,
and I am encouraged we are doing a lot of smart stuff, and
clearly, we can do more of that.
I have a couple questions I am going to submit for the
record, and I know Senator McCaskill and, I presume, Dr. Coburn
and other colleagues will, too. The hearing record is going to
remain open for about 15 days--I think that is until August 1--
at 5 p.m. for the submission of statements and questions for
the record.
I want to thank our staffs, both our Minority and Majority
staffs, for their work in preparing for this hearing. They do
not just happen by themselves, but they have done good work.
You all have done very good work here today.
And with that, this hearing is adjourned. Thank you.
Dr. O'Toole. Thank you, Mr. Chairman.
[Whereupon, at 12:17 p.m., the Committee was adjourned.]
A P P E N D I X
----------
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
EXAMINING CHALLENGES AND
ACHIEVEMENTS AND ADDRESSING EMERGING THREATS
----------
WEDNESDAY, SEPTEMBER 11, 2013
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 9:30 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Thomas R.
Carper, Chairman of the Committee, presiding.
Present: Senators Carper, Pryor, Baldwin, Coburn, Johnson,
Ayotte, and Chiesa.
OPENING STATEMENT OF CHAIRMAN CARPER
Chairman Carper. Well, welcome one and all to this
important hearing.
Today marks the 12th anniversary of September 11, 2001.
Coming down on the train today, Dr. Coburn and colleagues, I
was reminded that 12 years ago exactly to this day, to the
hour, to the minute, what was going on in our lives. So it is a
very poignant day, a sad day, but a day that is not without
hope. But it is a day for reflection--not only a day that we
lost a lot of our fellow Americans, but a day that brought with
it a sense of unity that we do not often see in this town and
in this country in the wake of a terrible tragedy.
There is going to be a moment of silence a bit later, I
think observed here in the Capitol. I am going to ask us just
to start this hearing with a moment of silence, and then I will
introduce our witnesses and make some statements and begin. But
if you will just pause now for a moment of silence, please.
[Moment of silence.]
Thank you.
One of the things that our chaplain--some of you know our
chaplain, Barry Black, a retired Navy Admiral. He always
encourages us to pray for wisdom, each and every one of us in
our own way, and that is probably a good thing for us to
remember on this day.
This anniversary also provides us with an important
opportunity to think about all the efforts we have taken to
secure our country since that fateful day, as well as the
challenges that lie ahead.
With us today we have just a remarkable group of witnesses
that will share their thoughts, their counsel, on what we have
accomplished since September 11, 2001, and the future of
homeland security. We are just honored that each of you are
here and delighted that you would come, and thank you so much
for joining us and really for your service, your extraordinary
service, to our country.
This year, the Department of Homeland Security (DHS) turned
10 years old. And while I am sure we can all agree that the
Department can do a better job in certain areas, we should not
forget about the remarkable progress that has been made in
keeping Americans safer since Tom Ridge helped to open the door
of that new Department those many years ago. There is no doubt,
in my view, that we are safer today than we were 10 years ago
in spite of greater threats to our Nation and to our well-
being.
I want to take a couple minutes to highlight some of the
more significant accomplishments, if I could.
We have enhanced aviation security through a more risk-
based, intelligence-driven system that begins screening
passengers against national security databases roughly 4 days
before they ever board an aircraft.
We have improved our preparedness for and our ability to
respond to disasters while cutting red tape at the Federal
level.
We saw the fruits of these efforts in the response
following the Boston Marathon bombings and also the natural
disasters that struck my part of the country, including
Hurricane Sandy.
We have increased the security of our Nation's borders with
historic levels of manpower and resources.
And we have built up cybersecurity capabilities to work
with the private sector and Federal Government agencies in
preparing for, responding to, and mitigating against the ever-
growing number of cyber attacks.
But is there still room for more improvement? And I would
just say you bet there is. One of my favorite sayings is, ``The
road to improvement is always under construction.'' And that is
true in this venue as well. One way the Department can improve
is by doing a better job of preparing for tomorrow's threats
today.
We do a pretty good job in this country at fighting the
last war and preparing for the last type of attack, but to
secure our homeland we must do an even better job at
anticipating the next kind of attack that we will face. Ten
years ago, for example, relatively few people were even talking
about or thinking about cybersecurity. Some were, but a lot
were not. Today we can hardly go a day without reading about a
cyber attack or hearing about a cyber attack in the news,
oftentimes many attacks.
To respond to the challenge of ever-changing threats, we
need a Department of Homeland Security that is flexible and
ready to adapt when necessary. And sometimes we just need to
use some common sense. If a program is not working, we should
not just keep throwing good money after bad. Rather, we must
work smarter with our limited resources and find ways to get
even better results for less money or for the same amount of
money.
That is why Dr. Coburn and I are holding this hearing and a
series of others. Actually, at the beginning of this year, he
suggested that we focus on reauthorization. We have never done
a reauthorization of the Department of Homeland Security. He
suggested that maybe a good way to do that would be to do a
year-long series of hearings that are relevant to the
Department and its functions and looking forward. And this is
one of those hearings, and a really important one.
We are doing this top-to-bottom review of the Department so
we can learn from instances where the Department succeeded and
where it came up short. And this information will help us to
better focus our scarce resources on what works.
As the Committee conducts this review process, we will be
looking to ensure that the Department is making smarter
acquisition decisions, developing an even more agile and
capable workforce, and improving its financial management
systems. This review will also look at how we can strengthen
the defenses of our homeland against very sophisticated and
highly agile threats.
One of the most important things we can do to improve
homeland security is to come together to pass cybersecurity
legislation, either in pieces or together as a comprehensive
policy, a comprehensive approach for our country. The threat is
too great and the consequences of inaction are too severe to do
nothing. Enacting a thoughtful, comprehensive cybersecurity
policy has not been easy, as we know. But we have a shared
responsibility--both Democrats and Republicans, House and
Senate, government and industry--to get this legislation across
the goal line and into the end zone hopefully this year.
We already saw many of the different parties come together
to pass comprehensive immigration reform in the Senate a few
months ago.
I do not agree with everything in that bill, and I know my
colleague here, Dr. Coburn, and I suspect Senator Johnson do
not agree with everything either. But I believe the approach
that we have taken in the Senate is vastly preferable to our
current immigration system, the failings of which undermine
both our national and economic security. It is my hope that the
House will pass its own version of immigration reform so we can
go to conference, make it even better, and pass the kind of
historic piece of legislation that our country needs.
So as we remember 9/11 and discuss the challenges that lie
ahead, we must seek to recapture that spirit of unity that
prevailed 12 years ago today, and we need that if we are going
to succeed in making not just the Department of Homeland
Security stronger over the next 10 years but our Nation
stronger going forward into the future.
So I look forward to working with Dr. Coburn and with our
colleagues, even Senator Johnson over here, who is so good at
coming to our hearings. He is always faithful in attendance and
asks good questions. And we look forward to working with the
Administration, with our witnesses, and a whole lot of other
folks that are going to help us figure out how to do this job
of shared responsibility better.
So with that having been said, let me turn it over to Dr.
Coburn for any comments he wants to make. Thank you.
OPENING STATEMENT OF SENATOR COBURN
Senator Coburn. Thank you, Senator Carper. I have a
statement that I will place in the record.
I have a lot of concerns with Homeland Security. One of the
editorials that was in the New York Times today talked about
the lack of focus on multiple committees--the focus on multiple
committees instead of single committees of jurisdiction, and I
know it is difficult for Homeland Security to answer all the
questions from the 88 different committees and subcommittees
that they have to answer to. And that is one of the things that
we ought to be about changing because our frustrations are we
cannot ever get answers. And I am sure it is not always
intentional that we do not get answers. Sometimes it is, but it
is because we are asking so much information all the time where
the people who actually have responsibility at Homeland
Security cannot do their job because they are busy answering
questions of Members of Congress. So the disorganization.
The other concern I have with Homeland Security is it has
turned into an all-hazards agency, which was never its intent.
And it has abandoned risk-based policies to put money where
risk is rather than money where risk is not. And the
politicians in Washington have very much accounted for that.
In my opening statement that I will put in the record,
there are a large number of areas where we are incompetent,
whether it is in terms of either metrics or effectiveness, and
we have not held the hearings that are necessary to straighten
that out.
I would welcome all of our panelists. Thank you for your
service in multiple areas for our country. And I hope that you
can give us some wisdom--I have been through your testimonies.
I hope that you can give us some wisdom how to streamline and
not undermine the goal and the long-term changes that need to
be made in Homeland Security to get us back to a risk-based
agency instead of a grab bag of political benefits agency.
The final point I would make is that transparency is
important, and the difficult job you had, Governor Ridge, in
terms of bringing all these agencies together. We have had good
Homeland Security Directors and Secretaries, but the idea that
you can effectively manage this--and we have all the data to
say that we are not effectively managing it. And so my hope
today out of this hearing is that we will hear some great ideas
on how you change the structure.
And the final point I would make is we have 15 of the top
17 positions at Homeland Security open, and to my knowledge, we
only have two nominees pending in that area. And I may be
wrong. That is my guess. I think we have two.
So leadership matters, and having people in positions
instead of acting people in positions is very different in
terms of accomplishing the goals that need to be accomplished
at Homeland Security.
So I welcome you, thank you, and look forward to your
testimony.
Chairman Carper. Thank you. Thank you, Dr. Coburn.
Before I introduce our witnesses, I will just note, if I
could, that at 11 o'clock there is going to be a gathering of
Members of Congress and former Members of Congress, I think on
the east steps of the Capitol, for an observance. And my hope
is that we would work right up to just before that time, and
hopefully we will be in a position to conclude, to adjourn; and
if not, I may ask to adjourn fairly briefly but come back in
about half an hour. Hopefully we can be done. I know at least
one of you has a tight schedule herself.
All right. I want to just briefly introduce our first, or
not so briefly, the first witness. Tom Ridge and I came to the
House together in 1983, 30 years ago today. We were both in our
mid-twenties, maybe early twenties. But we both served in the
Vietnam War together, he with real distinction, as just a hero,
and very modest about it. But we ended up on the Banking
Committee together, and I think in the 102nd Congress, I think
we ended up leading--on the Banking Committee, we had a
Subcommittee on Economic Stabilization, and people said to me
in the past years, ``Tom, what did you accomplish in those 2
years that you and Tom Ridge led that Committee?'' I said, ``We
laid the foundation for the longest-running economic expansion
in the history of the country.'' And we stepped down from our
responsibilities in 1993 and we were on our way to 8 glorious
years. He went on after that to become Governor of
Pennsylvania, our neighbor to the north, and the first
Secretary of the Department of Homeland Security.
Since stepping down as Governor, he has not only led the
Department, but he has also served as chairman of the National
Security Task Force at the Chamber of Commerce and on boards of
the Institute of Defense Analysis, the Center for Studies of
the Presidency and Congress, and chairman of the National
Organization on Disability. Meanwhile, he travels the world as
head of his firm, Ridge Global, and any number of other
entities. Somewhere along the line, he found time to convince a
woman named Michele to marry him, and they have two wonderful
kids that we have been privileged to know, Leslie and Tommy.
We are delighted to see you and thank you for your
friendship and thank you for your extraordinary service to our
country.
Next I want to welcome Jane Harman, former Congresswoman
from California's 36th District. During her tenure in the House
of Representatives, Congresswoman Harman distinguished herself
as one of the top national security voices in the House,
serving on the House Armed Services Committee and the
Intelligence and Homeland Security Committees. She was also one
of the principal authors of the Intelligence Reform and
Terrorism Prevention Act of 2004. Congresswoman Harman now
serves as the Director of the Woodrow Wilson Center. She is
also a member of the External Advisory Board for the Department
of Defense (DOD), State, and the Central Intelligence Agency
(CIA), and does a million other things. So it is great to see
you. We welcome you warmly.
Our next witness is in his civvies today, with facial hair,
and I was kidding him earlier. I would not have recognized you
had I not known it was you and that you were coming today. But
it is great to see you. You are a hero in this country, a hero
in the Coast Guard, and in the Department of Homeland Security.
I have enormous respect and affection for you, as you know.
Thank you for all that service. I wish you well as, I
understand, the executive vice president at Booz Allen
Hamilton, and we are happy for you for that opportunity, well
deserved. But in the Coast Guard, Admiral Allen led the effort
to respond to and recover from Hurricane Katrina after the
first couple of weeks of the initial response as well as the
Deepwater Horizon oil spill. And for that service and a million
other things that you have done and continue to do, we welcome
you. I want to thank your family for allowing you to serve our
country and share you with all of us.
The final witness is Stewart Baker batting cleanup, former
Assistant Secretary for Policy at the Department of Homeland
Security, a partner--are you partner now?--at Steptoe & Johnson
here in D.C. I understand you have a book out. You are the
author of a book. I love this title: ``Skating on Stilts: Why
We Aren't Stopping Tomorrow's Terrorism.'' Good luck with that.
In his position, Mr. Baker established the Department's
Policy Office. He led successful negotiations with foreign
governments over data sharing, privacy, and visas, and
established a secure visa-free travel plan. What years did you
serve in the Bush Administration?
Mr. Baker. 2005 to 2009.
Chairman Carper. OK. Thank you for that. And I want to
again thank all of you for being here. Your entire statements
will be made part of the record, so feel free to testify. We
are going to lead off, I believe, with Governor Ridge, and I
just want to say to Senator Chiesa, nice to see you. Welcome.
Always a pleasure. He is the Senator from New Jersey whom you
may or may not know. He is a great addition to this Committee
and to this body.
Governor. Congressman.
TESTIMONY OF THE HON. TOM RIDGE,\1\ PRESIDENT AND CHIEF
EXECUTIVE OFFICER, RIDGE GLOBAL, AND FORMER SECRETARY, U.S.
DEPARTMENT OF HOMELAND SECURITY
Mr. Ridge. Thank you very much. Good morning to my former
colleague and my friend, Tom Carper. It is a great pleasure to
appear before you and Senator Coburn.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Ridge appears in the Appendix on
page 492.
---------------------------------------------------------------------------
As they say, let me associate myself with the gentleman's
remarks with regard to a risk-based approach, with regard to
consolidating the incredible labyrinth of the jurisdictional
maze that the Secretary and his or her Department have to
continually respond to up here on the Hill. It was one of the
recommendations of the 9/11 Commission, and 10 years later,
that one and the other recommendation they made was with regard
to a broadband public safety network. That is 10 years in the
making. There is some legislation. We are a long way from
execution. So I really appreciate your words in those regards.
And to the other Members of the Committee, it is a great
pleasure for me to spend this morning with you on this very
historic and very important day.
I appear before you in my wonderful personal capacity as a
private citizen as well as the chairman of the U.S. Chamber of
Commerce's National Security Task Force. The task force is
responsible for the development and implementation of the
Chamber's homeland and national security policies. Frankly, it
is a voice for businesses across America. It certainly informs
my perspective on many issues, but it does not dictate it
because my work there is strictly voluntary. I am neither a
lobbyist nor a paid advocate, but we do have certain views that
we share, and I am happy to advocate when we share them.
I welcome the opportunity to appear here to examine ways in
which we can secure America's future. Since we have limited
time, I would ask permission to revise and extend my remarks.
Before I begin I want to, on this anniversary, acknowledge
the families that lost loved ones on September 11th. We all
know where we were. I had the opportunity to visit Shanksville
a couple of hours after the plane went down.
So the reason we are here is to work together and to do our
best to ensure that such events do not happen again and that
other families do not have to suffer like the families of our
9/11 heroes.
With your indulgence, I would like to make a few general
observations first and then focus on what I believe is a cross-
cutting issue that both DHS and the broader Federal Government
has faced in the past and has the potential to complicate our
security forevermore.
First of all, briefly, it is becoming clear that members of
this body intend to pass some form of immigration reform. I
think that is relevant to homeland security. DHS components can
be expected to play a significant role in implementing these
reforms. My position is that the time has come to grant status
to those who wish to enter to our country legally, to work
lawfully, to pay taxes, and deal with the issue that we have
talked about for 10 years, and that is, the undocumented
individuals who are here. I think it can be done. I hope this
Congress does it. But I also think Congress has to balance this
responsibility with providing adequate resources to the
Department of Homeland Security in order to affect the outcomes
that the broader American public want to achieve. We can talk
about reaching consensus in Washington, but unless any reforms
are resourced appropriately, DHS components will be saddled
with an impossible mission in the critical area of border
security.
I am not going to discuss my deep and abiding concern about
the number of critical senior-level vacancies at DHS. It has
been addressed. It is disconcerting that an agency, if it is
perceived by our government, the U.S. Government, to be as
important as I believe it is, to have 15 vacancies, or whatever
the number is, at any time. And yet these vacancies have lasted
for quite some time. You are aware of it. I just urge the
administration to fill the vacancies quickly and the Senate in
a judicious manner and timely manner to exercise the advice and
consent responsibilities and fill these positions.
Let me spend the rest of my time discussing the challenges
of information sharing, which I think goes to the heart of
Homeland Security's responsibility. We do not generate
intelligence. We are assigned from the get-go the enabling
legislation to share it and provide whatever defensive measures
we need to protect America.
Information sharing is an issue that has been with us since
September 11, 2001, and cuts across a range of challenges that
have and will continue to confront the dedicated men and women
of Department of Homeland Security. We all know the nature of
the terrorist threat has changed. As we have seen in Iraq,
Afghanistan, and today in Syria, our enemy is no longer just al
Qaeda, but like-minded organizations and nation states that are
willing to ally themselves in order to harm their common
enemy--the United States. In my opinion, this will require the
intelligence community to renew its commitment to work more
closely with one another than ever before. Congress in its
oversight role should ensure that DHS specifically remains
plugged into the Federal intelligence community horizontal
across the board. For if intelligence indicates a physical or
cybersecurity threat against the homeland, DHS by enabling
legislation is the agency required to work with our partners
along the vertical--required to work with the State and locals,
required to work with the private sector. That is embedded in
the enabling legislation. Further, we should ensure that the
great progress that has been made for information sharing with
our State and local partners--such as the establishment of
fusion centers--continues to be nurtured.
No discussion of the DHS threat environment or about
information sharing can be complete without discussing
cybersecurity in greater detail. There is no part of our
national economy, infrastructure, or social fabric that is not
in some way connected to the Internet backbone--our critical
power and communications, transportation, product supply
chains, and financial systems. And DHS owns many of these
sector-specific relationships.
Let us face it. The cyber threat is not new or emerging. In
fact, when I was Secretary, in 2003, a full decade ago, the
first U.S. National Strategy to Secure Cyberspace was released.
Greater awareness of this threat may be emerging, but the
threat itself has been with us and will be with us for the rest
of our lives. As the first Secretary of Homeland Security, I
have a particular perspective on this issue.
We learned after September 11, 2001, and we learned after
Hurricane Katrina and we keep learning after all these
incidents that information and coordination sharing could have
been better, and some people refer to a digital cyber Pearl
Harbor. Well, at least in that instance, historians say that we
did not have notice of the emerging threat. Well, I do not
think this is the cyber Pearl Harbor, because we have notice,
and it is not an emerging threat. It is a constant and ever-
changing dynamic threat. So I am more inclined to say that it
may end up being a cyber Hurricane Katrina where we had notice
but we were not as prepared as we should have been until Thad
Allen got there and cut through the Gordian knot of problems
and began to address the situation that he confronted on the
ground.
I have several more pages of testimony. I see my time is
running out. But I hope we get to this area in the question and
answer (Q&A). At the end of the day, the sharing of information
between the U.S. Government and the private sector
specifically--and I can refer to the enabling legislation that
says that is where DHS has a very significant legislative
role--is absolutely critical, and not in a prescriptive form.
It cannot be in a prescriptive form. We cannot mandate
regulations. There are plenty of standards out there, and,
frankly, the President's Executive Order (EO) asking the
National Institute of Standards and Technology (NIST) to set
the standards is something that we all welcome and we engage,
but we hope we give it a chance to work and assure that the
private sector is involved and engaged, because it is that kind
of collaboration that is absolutely essential. And you are
never going to defeat the cyber enemy, whether it is a nation
state, organized crime, any organization, by having the private
sector check the compliance box. We did all that Congress
wanted us to do. That is not enough. That is inadequate. It is
grossly ineffective. There has to be timely and continual
information sharing horizontally within the Federal Government,
particularly to DHS, and then vertically down to the State and
locals, and particularly to the private sector. After all, the
Federal Government relies on the private sector in order to
function.
So as I said before, we have some lessons to be learned
about the inadequacy of what the Federal Government is doing to
protect its own information. I think it would be helpful not
only when we repair that, but we also make sure that we
facilitate the day-to-day engagement and sharing of information
with the private sector.
I thank my colleagues who are on the panel, distinguished
patriots as well, for the opportunity to appear with them, and
I thank the Chairman and the Committee for the opportunity to
share these remarks with you this morning.
Chairman Carper. Thank you for those remarks very much.
Congresswoman Harman, please proceed.
TESTIMONY OF THE HON. JANE HARMAN,\1\ A FORMER
REPRESENTATIVE IN CONGRESS FROM THE STATE OF CALIFORNIA
Ms. Harman. Thank you, Mr. Chairman. As I think every
Member of this Committee knows, I have great affection for this
Committee. I worked very closely with your prior management
during 8 years on the House Homeland Committee and another 8
years, some of them overlapping, on the House Intelligence
Committee. Later today, at the invitation of Colorado Governor
John Hickenlooper, I am flying to Denver where Senator
Lieberman and I are appearing on a 9/11 panel in Denver this
evening.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Harman appears in the Appendix on
page 501.
---------------------------------------------------------------------------
Chairman Carper. Well, I hope you will give them our best.
Ms. Harman. I shall. And as my youngest daughter would say,
your former Ranking Member, Susan Collins, is one of my
``besties.'' And we stay close friends, and we all worked
together on the intelligence reform law of 2004.
I also have great affection for all of us testifying before
you today, worked very closely with everyone on this panel on
homeland topics, and we continue to stick together, which I
think is a good thing.
Twelve years ago today, as the towers were falling and the
Pentagon fire was burning, I was walking toward the U.S.
Capitol. My destination was the Intelligence Committee rooms in
the Capitol dome--the place most consider was the intended
target of the plane that went down in Shanksville. My staff
called to alert me that the Capitol had just been closed, as
were the House and Senate office buildings. So most of
Congress, including me, milled around on the lawn in front of
the Capitol. There was no evacuation plan. We had no roadmap
for a response.
Part of the solution which some of us recommended was to
create a dedicated homeland security function, and that
function we thought should be in the White House, and Tom Ridge
became its first coordinator.
Along the way, the White House proposed a much more
ambitious concept, and in order to get this function as part of
law, we embraced that concept, and then there became the
Department of Homeland Security.
Now in its tenth year, I am proud of my role as one of the
Department's ``founding mothers,'' and I think we should
acknowledge today the thousands of DHS employees who serve us
daily around the country and the world. As we speak, Customs
and Border Patrol (CBP) agents are in mega ports like the port
of Dubai, and they are screening U.S.-bound cargo for dangerous
weapons and materials. Specially trained homeland security
investigation agents are in diplomatic posts everywhere in the
world, and they are reviewing suspicious visas, and the
Transportation Security Administration (TSA) screeners are
daily depriving al Qaeda and other terror groups of the ability
to turn more aircraft into weapons--a tactic we know they are
continuing to attempt.
Today, as Tom Ridge said, DHS remains a work in progress,
but the efforts of its people are its backbone--and our
backbone. We have a safer country because of them.
A year ago, I testified here, and I noted some of the
things that were going well at DHS. But I also noted
challenges, and they include: An anemic intelligence function,
something Tom Ridge just touched on; the need for DHS to focus
more on its relationships with critical infrastructure owners
and operators, something that is now happening because the
cyber threat is increasing; and as mentioned by you, Mr.
Chairman, the failure of Congress to reorganize its committee
structure.
Today, as you mentioned, there is a very good op-ed in the
New York Times--I actually buy the print edition, called
``Homeland Confusion'' but Tom Kean and Lee Hamilton, our good
friends, and Lee preceded me as the president and Chief
Executive Officer (CEO) at the Wilson Center, and we served as
colleagues many decades ago in the House.
I do not want to touch on all of this, but let me just
briefly scope the bad news and the good news since last year.
The bad news: We failed to thwart the Boston Marathon
bombing; an exponential increase in cyber attacks; Edward
Snowden; and the fact that the bomb maker, Ibrahim al Asiri,
who belongs to al Qaeda, is still alive in the boonies of
Yemen, despite our good efforts to retire his service.
But there is significant good news. One is information
sharing is improving. I know there is much to continue.
Second, resilience. We showed resilience after Boston in
particular, after the Boston Marathon bombing, and common sense
is emerging in the way we approach homeland security. And to
Senator Coburn's point, I think there is more support, and
there should be, for a risk-based approach.
Collaboration with the private sector on cyber, that is
happening, and credit should go to--I guess she has just
retired--the Secretary of Homeland Security Janet Napolitano
for personally working on this issue.
And we are getting ahead of privacy concerns.
Let me just touch on these very briefly because my time is
running out, too.
Information sharing, Tom Ridge talked about it, but the
Committee should take credit for the fact--and so should the
Department--that homeland security grant money was critical.
According to the Boston Police Department (PD), it helped make
sure that the city was trained to share information rapidly
during the emergency. DHS also participated in something called
the Multi-Agency Coordination Center (MACC), that was
operational before and during the marathon. And the MACC was
critical in coordinating communications once the bombs
exploded.
Resilience--a very important factor in our country's
ability not to be terrorized. It is not that we will not have
future attempts and maybe even successful attempts at attacks.
But if we fail to be terrorized, the terrorists lose. And DHS,
again, and this Committee distributed almost $11 million to
Boston, just to pick Boston, through its Urban Area Security
Initiative (UASI). The money was used in part to upgrade over
5,000 portable radios for first responders, install a
communication system inside the tunnels of the Boston T, and
conduct two citywide disaster simulations in coordination with
DHS. This is a very good news story.
Similarly, in Hurricane Sandy, which went fairly well, the
Federal Emergency Management Agency (FEMA) activated in advance
a National Response Coordination Center (NRCC), which was
critical in terms of preventing more damage and speeding the
recovery.
Collaboration with the private sector on cyber.
DHS will never ``own'' the cyber mission, but it is
responsible for a central piece, which is critical
infrastructure protection. And in the past year, DHS has
tracked and responded to nearly--get this number--200,000 cyber
incidents, a 68-percent increase from the year before. We will
never get ahead of this problem if there is not a total lash-up
with the private sector. And as Janet Napolitano and some of
her team explained at the Wilson Center about 6 weeks ago, that
is exactly what is happening. Kudos to the Department.
Finally, getting ahead of privacy concerns. The Department
itself has a Privacy and Civil Liberties Office. That office
has trained many in the fusion centers--68 out of 78 fusion
centers have received some training. There is enormous
complaint out in the boonies about the invasion of privacy, and
it is important that we do two things: One is protect the
American people, and two is protect the American people's
privacy. It is not a zero-sum game. It can be handled with
proper training.
And, finally, the Administration has fully populated the
Privacy and Civil Liberties Oversight Board (PCLOB), which was
created by the 2004 law and which was never functioning until
May, and that should be helpful, too.
Let me just conclude by saying DHS will continue to face
difficult challenges, including al Qaeda's enormous ability to
evolve, the rise of lone wolf-terrorists, the constant increase
in the type and sophistication of cyber attacks, especially the
risk of exploits in software, and privacy issues. But most
attempts to attack us since September 11, 2001, have been
thwarted, for which thousands of selfless DHS people deserve
our thanks, and so do our former Secretaries of Homeland
Security, starting with Governor Ridge over here, and so do
Members of this Committee.
Thank you very much, Mr. Chairman.
Chairman Carper. Congresswoman, thank you so much.
Admiral Allen, please proceed. Your whole statement will,
again, be made part of the record. Feel free to summarize as
you see fit.
TESTIMONY OF THAD W. ALLEN,\1\ ADMIRAL, U.S. COAST GUARD
(RETIRED), AND FORMER COMMANDANT, U.S. COAST GUARD
Admiral Allen. Thank you, Mr. Chairman, Ranking Member
Senator Coburn, and Members of the Committee. Thank you for the
opportunity to testify this morning.
---------------------------------------------------------------------------
\1\ The prepared statement of Admiral Allen appears in the Appendix
on page 505.
---------------------------------------------------------------------------
Like Secretary Ridge, for the record, I am testifying in my
personal capacity today and am not representing any particular
entity. I would note, however, that the op-ed piece that was
published this morning by Lee Hamilton and Tom Kean was the
result of an Aspen-sponsored task force on congressional
oversight of the Department of Homeland Security, and I am a
member of that task force, for disclosure.
I am also pleased to be here with comrades Jane Harman and
Stewart Baker. These are people that I have worked with over
the years and I hold with great respect and consider them
friends and role models. I am glad to be here with them.
As you mentioned earlier, Mr. Chairman, it is hard not to
sit here this morning and not recall the events of 12 years ago
and what has transpired in the interim. I was the Coast Guard
Atlantic Commander on 9/11, and what happened that day was
something I thought I would never see in my career, and that
was a Coast Guard cutter stationed off the tip of Manhattan
with its guns uncovered. It was a chilling site. We closed the
port of New York. We closed the Potomac River north of the
Woodrow Wilson Bridge and then used Coast Guard vessels to
resupply Ground Zero because there was such a problem getting
vehicles in and out. So this was a consequential event for the
Coast Guard as well, and I, like the members of the panel here,
pass on our best regards to the families that were impacted by
that terrible event.
I have testified before this Committee on several occasions
since my retirement, and in each of the testimonies, including
today, I have done a little bit of a retrospective on where the
Department is at. I am not going to go into that today. I would
say that I was the Chief of Staff of the Coast Guard when the
Department was established and led the transition out of the
Department of Transporation (DOT) into the Department of
Homeland Security, and I have spoken over the years on many
occasions about the conditions under which the Department was
formed, which was bureaucratic light speed, just a little over
3 months. And the issues associated with trying to bring all
that together, including--it was in the middle of an
appropriations year. It was between sessions of Congress. I
think Secretary Ridge was confirmed the day before he became
the Secretary, if I remember correctly.
Mr. Ridge. Correct.
Admiral Allen. That is a lot of stuff going on at the same
time, but I think we have to move beyond the aggregation of
entities that came into the Department and the conditions under
which the Department was created and kind of get beyond that.
You can talk about that as a means for why the Department kind
of is the way it is. But I think 10 years later we have to
actually sit down and say what is going on here and where do we
need to go.
So I would like to associate myself with the remarks that
were made by Secretary Ridge and Jane Harman. They have talked
about the what. I would like to talk a little bit about the
how, because ultimately we need to know, moving into the
future, how we are going to attack these problems and what is
the best way to do that. And the central part of all of us and
a recurring theme you are hearing is information sharing,
because information sharing is the precursor to unity of effort
and more integrated operations in the Department of Homeland
Security, not only in mission execution but in mission support,
all the back-room operations that actually enable folks to put
boarding teams on, to have TSA inspectors screen people, and
that is financial operations, human resource (H.R.) operations
and so forth. So I would like to talk in general about the
border, resiliency, counterterrorism, law enforcement, and
cybersecurity, as has been previously referred to.
Regarding the border, there is a lot of talk right now
about the southwest border in relation to comprehensive
immigration reform. And while we move forward and define what
the policy is going to be and what we are going to do in
relation to the number of illegal immigrants that are in the
country right now, I think we need to remember that we have a
border that is very complex and goes well beyond what I would
call a geographically and physically described border. It is a
functional border that also includes the analysis of data and
the movement of cargo that are never touched by human hands but
are virtually carried out and we have to carry out our
functions as a sovereign government in a global commons in a
variety of ways, including air, land, sea, and cyber domains.
So when we look at border security, I would just urge the
Committee to try and understand that it is a combination of
functions and it is a system of systems. And it cannot be
reduced to oversimplistic fixes like fences or more Border
Patrol agents. We have to figure out what is the nature of the
problem and what is the best way to deal with it with all the
tools we have available, including the aggregation of data on
all border functions into a fused picture that senior leaders
can take a look at. And I am talking about all the different
license plate reader programs, passenger information,
information on private arrivals of aircraft and vessels and so
forth, bringing that together and putting that where there can
be coherent analysis done against it.
I think sharing and fusing of sensor information across all
domains is incredibly important. We need to build an
architecture that allows us to do that so we can understand the
current conditions and the threats and how to react to them on
the border.
We need to visualize that knowledge for our leaders so that
they can understand what we would call a common operating
picture, and that in turn can be discussed with folks here in
the Congress regarding oversight.
And I think we need to look at, along the southwest border,
not every part of the border is the same, and boots on the
ground and fences are not the way to control the border. We
need to look at areas where, say, there is no traffic, and
conversations that I have had with some folks in the
Department, we are actually using satellite imagery and going
back and taking several runs at a time. And if there are no
movements, you can pretty much say that is a low-risk area and
start concentrating on where you think there is a risk involved
there. I think in that way we could probably do a better job of
looking at how we are managing the border.
Congresswoman Harman talked about national resiliency. I
think this is extraordinarily important. And I think it is
important because we need to start looking at resiliency as
something that resides way beyond natural disasters and what
FEMA does for a living inside the Department.
I am in favor of regionally based risk assessments that
focus on the most likely and consequential events that occur,
either natural or the man-built environments, and that includes
understanding what population densities and critical
infrastructure do and what kind of risk they present. And we
need to figure out how to reduce those risks, including looking
at building codes, land use, going beyond current floodplain
legislation and regulations associated with that and try and
look at the behaviors that need to be influenced to change how
we think and act at a local level.
I think we need to improve our incident management
doctrine. Homeland Security Presidential Directive (HSPD)-5 is
a general framework for the Secretary to manage incidents, but,
frankly, when you have these large, complex incidents, it is
very hard to support one Cabinet to another in an overarching
way to understand incident management, especially in complex
hybrid events, I think is extremely important.
If you look at the possibility that we could have a
combination of events that starts with a cyber attack, then
gets into industrial control systems that produces a
consequential kinetic effect, all of a sudden you have FEMA,
the National Protection and Programs Directive (NPPD), the
Federal Bureau of Investigation (FBI) through the National
Cyber Investigative Joint Task Force (NCIJTF) there because it
is a potential crime scene, and then you have the overall
incident management, we do not have a coherent doctrine how to
move forward on that.
And, finally, we need an integrated national operations for
Homeland Security. The National Response Coordination Center at
FEMA is an excellent operation for what they do. The Coast
Guard has an operations center. One of the big challenges in
the absence of being able to consolidate on a campus at St.
Elizabeths is the inability to create a coordinated operations
center with every component there to be able to coordinate in
direct operations.
I have some other points, but I see my time is out, so I
will submit that for the record. I will be glad to answer any
questions you may have.
Chairman Carper. Thanks. You crammed a lot into 5\1/2\
minutes. Thank you. That was a lot of wisdom.
Mr. Baker, please proceed. Welcome.
TESTIMONY OF THE HON. STEWART A. BAKER,\1\ FORMER ASSISTANT
SECRETARY FOR POLICY, U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Baker. Thank you, Chairman Carper, Ranking Member
Coburn, and Members of the Committee. It really is an honor to
be here with Members of the Committee and members of the panel.
All of us made promises to ourselves and to the country 12
years ago and it is a pleasure to be here to have an
opportunity to continue and rededicate myself with the rest of
the panel to those promises.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Baker appears in the Appendix on
page 515.
---------------------------------------------------------------------------
There have been a lot of achievements in those 12 years,
and DHS has contributed to many of them. It has many successes
that we have heard about from other panel members that could
not have been possible without the Department. It also has had
some failings that I think you are talking about addressing
quite directly. Reauthorizing legislation is an excellent idea.
The idea of reducing the number of committees that provide
disjointed oversight to portions of the Department would be an
excellent approach, as would be building the equivalent of the
Defense Department's Office of the Secretary of Defense.
We have had three great leaders of the Department who, when
they are focused on a problem, have the entire Department sing
like a chorus. But when they have had problems that they cannot
spend 1 day a week on or one meeting a week on, the components
tend to drift off. And there is no institutional mechanism for
keeping the Department in tune when the Secretary is pulled off
or the Deputy Secretary is pulled off in another direction. So
finding ways to build the Office of Policy, the Office of
Management, into effective managers of many of those second-
tier issues would be very valuable.
I want to talk mainly about an issue where I think the most
opportunity for progress is offered, and that is in cyber. This
is a terrible crisis. We are not solving it. We are falling
behind. Many of the ideas that have been proposed are rather
divisive, but it seems to me that there are at least three
issues where the Department of Homeland Security could
contribute to and that may form a basis for less divisive
solutions.
What seems clear to me is that, while we are falling
farther behind, we also have more information about the people
who are attacking us than we actually expected to have 5 years
ago. We know what their girlfriends look like. We know what
blogs they write. They are no more able to secure their
communications than we have been able to secure our networks,
and that offers some opportunity for actually bringing
deterrence to bear, not simply defense. We cannot defend
ourselves out of this cyber crisis. That is like telling people
that we are going to solve the street crime problem by making
pedestrians buy better body armor. That is not the solution. We
have to find a way to actually capture and deter and punish the
people who are attacking us.
How do we do that? Law enforcement is very familiar with
the idea of deterring and punishing attackers, but prosecuting
the people who are attacking us, many of them overseas, many of
them associated with governments, is probably not the most
effective measure. What we need is new ways of bringing
sanctions to bear on the people that we can actually identify,
and DHS can lead that.
If we used the law enforcement capabilities that the
Department has at the Immigration and Customs Enforcement
(ICE), at the Secret Service, integrated them in a smaller
group, maybe on an experimental basis with NPPD and its
defensive capabilities and its understanding of the attacks, we
could gather much more intelligence about these people and then
bring to bear new forms of sanctions--again, something DHS
could take the lead in developing. Many of the companies that
support these hackers by hiring them after they have finished
their service for government, the universities that train
them--need and want visas to come to the United States. I do
not know why we are giving them visas if we know who they are.
We should impose sanctions of that sort or, frankly, sanctions
of the sort that Treasury uses today to deal with conflict
diamond merchants or the Russian officials who oppressed the
human rights of Mr. Magnitsky.
We face attacks on the human rights of advocates right in
the United States, cyber attacks on Tibetan activists and the
like. We should be treating attacks on human rights that occur
in the United States every bit as seriously as we treat the
Russian Government's abuses inside Russia. And, again, DHS
could be authorized to go looking for ways to bring those
sanctions to bear.
And then, finally, with respect to the private sector, it
seems to me the private sector knows more about the attackers
inside their networks than government will ever know. They are
more motivated to find their attackers and to pursue those
attackers, who often end up as their competitors. What is being
stolen is competitive information. It is fed to competitors,
and those competitors are operating in our markets. If we can
gather intelligence and close the loop to find the
beneficiaries of cyberspying, we can bring to bear criminal and
other penalties on the beneficiaries of these attacks.
That is not something we are doing now because there is not
enough integration between the people who have the resources
and the incentive to do that, the individual companies who are
under attack, and the law enforcement agencies that are totally
swamped by the nature of the task. If we experimented with
giving the companies that are under attack more authority to
investigate their attackers under the guidance and supervision
of the government, we could make more cases and impose more
sanctions on the people who are attacking us.
So those are three pretty concrete ideas. There are plenty
more in my testimony, which I ask that you read into the
record. Thank you.
Chairman Carper. Your full testimony will be made a part of
the record. Thank you very much for your testimony today.
I want to return to a comment of Dr. Coburn's. Several of
you, as well as, I think, Governor Ridge, and the issue--I call
it ``executive branch Swiss cheese.'' It is not just DHS. It is
not just the Department of Homeland Security. We have too many
vacancies throughout the Federal Government. The Administration
I think has released just in the last couple of days an
extensive list of nominees. We welcome that. A lot of them are
in the Department of State. One or two are in this Department.
We are still looking for an Inspector General (IG). We need
someone to fill that position in this Department, and a bunch
of other IG positions that are vacant. This is a shared
responsibility. The Administration has a responsibility to vet
and give us names of excellent people, capable, honorable
people, hard-working people. We have an obligation to hold
hearings, to vet those nominees, and, to the extent that we
feel they will do a good job, to move them promptly. And the
Administration needs to do their job. We need to do our job.
And we will keep focused on that.
Governor Ridge, we're wearing different uniforms, him in
the Army, me in the Navy. There was a popular movie called
``Five Easy Pieces.'' Some of you are old enough to remember
the Jack Nicholson movie. A great movie. And I think
comprehensive cybersecurity policy is not five easy pieces, but
maybe six. And I just want to mention them, and then I want to
ask a question of each of you about one of those.
One of the pieces is critical infrastructure, how we best
protect our critical infrastructure. That is a shared
responsibility, as we know.
Another piece is information sharing. I think almost every
one of you has touched on that in your testimony.
A third we call the Federal Information Security Management
Act (FISMA), but it is really protecting the Federal
Government's networks.
A fourth piece is workforce. Governor Ridge and I have
talked about this recently and Dr. Coburn and I have talked
about this a lot. How do we make sure that DHS is able to
attract and retain the kind of people that they need to do
their job in this arena.
Research and development (R&D) would be a fifth piece.
And another one that falls outside of our jurisdiction but
an important one is data breach. How do we respond to data
breaches? What are the expectations of those who breach data?
That affects a lot of people's lives.
So those are sort of the six not so easy pieces that we are
dealing with.
Over the past couple of years, the Department of Homeland
Security has been playing an important role in protecting our
Federal networks and working to try to secure our critical
infrastructure. Unlike the specific statutory authority that
defines the Federal Bureau of Investigations or the National
Security Agency's (NSA) work in this arena, the Department of
Homeland Security's authority comes really from a patchwork of
Presidential Directives. It comes from policy memos. It comes
from vaguely written laws.
In fact, one way I have heard it described is this: As far
as cyber capabilities go, if the NSA has a Doberman, if the FBI
has a German Shepherd, then DHS has a Chihuahua. Nothing
against Chihuahuas, but they need a bigger dog because this is
a big fight. And we want to make sure that we figure out what
to do and give them that capability.
While I would say that DHS is much further along in
developing cyber capabilities than some people give the
Department credit for, I do think that we ought to provide the
Department with clear statutory authority to carry on their
current activities so that it can be compared to something a
lot stronger, a lot more formidable than a Chihuahua.
Let me just ask each of you, do you believe that it is
important for the Congress to empower the Department, this
Department, with clear and explicit statutory authority to
carry out its current cyber activities? These activities
include working voluntarily with the private sector to protect
against, to prepare for, and recover from cyber attacks. And
would a better defined statutory mission of the current cyber
activities--help to strengthen the Department's cyber
capabilities? Governor Ridge, do you want to lead it off,
please?
Mr. Ridge. Senator, I think the enabling legislation that
created the Department of Homeland Security, embraced in a
strong bipartisan way by the House and the Senate, basically
set up conceptually that very idea that DHS would really be at
the epicenter of engagement down to the State and locals as
well as the private sector. So, No. 1, I think it is certainly
consistent with the original intent of Congress in terms of the
role that DHS plays.
Second, I think any gray that exists in the alignment of
DHS' relationship with the private sector particularly,
probably creates a great deal of confusion. Right now I know
the private sector is reluctant to cooperate, for many reasons
even to share information because of the absence of liability
protection or those sorts. I realize you are not asking that,
but I think if there is a gray area that can be cleaned up and
there is a direct line of responsibility--and, by the way, you
also have the opportunity then to hold them accountable for not
doing the job consistent with what Senator Coburn said. You
have been assigned some tasks. We do not think you are
providing those very well. You can hold them accountable that
way.
Third, I would only say, however, that it will be important
to do two things. One, I think it will be important to resource
the Department appropriately. The men and women in DHS right
now that are working on cyber, and government generally, let us
face it, there are probably a lot more potential lucrative
opportunities out there in the private sector. So we have some
real patriots. R's and D's, Independents, it is immaterial.
They are working hard on cybersecurity matters because they
believe it is their contribution to their family's security and
their country's security as well. But we are probably going to
need to take a look at some kind of compensation adjustment to
keep some of the best and brightest with us for some time. So,
one, I think it is consistent with the enabling legislation.
Two, I think clarity would enhance the kind of voluntary
collaboration that I think is absolutely critical between the
private sector and the Federal Government vis-a-vis DHS. And
then if it is going to be the mandate, I think they need to be
properly resourced.
Chairman Carper. Good. Thanks very much.
Again, the same question, if I could, for Congresswoman
Harman. Would a better defined statutory mission of DHS'
current cyber activities help to strengthen the Department's
cyber capabilities?
Ms. Harman. My answer is absolutely yes. The Administration
did issue an Executive Order last year, which is somewhat
helpful, but it will take legislation, and Secretary Ridge
outlined a lot of the issues. There has been a difference of
opinion among people up here about how robust DHS' authorities
have to be. But the bottom-line problem is that the private
sector does not trust DHS. That has been overcome to some
extent by the really impressive efforts that Secretary
Napolitano has made in the recent months to reach out for
industry, and now there literally is a floor in the DHS
headquarters where the private sector and appropriate DHS
representatives are working together on cyber threats. So that
is a good start.
I just want to add a robust endorsement to your point about
Swiss cheese. There are a couple of nominations that have been
made by this Administration, and one of the nominees I know
very well. She has been nominated for Under Secretary for NPPD,
which is in charge of the cyber function, and I just mention
her to all of you. Her name is Suzanne Spaulding. I hired her
to be the staff director of the Minority on the House
Intelligence Committee and worked with her for years. And
before that, she was the Executive Director of the National
Commission on Terrorism (NCT) on which I served, which was then
chaired by L. Paul Bremer, Jerry Bremer, whom many of you know,
a bipartisan commission that predicted a major attack on U.S.
soil, one of three commissions that was not paid a lot of
attention to. But we need nominees, and I would recommend, if
anyone cares, the guy to my left as the new Secretary of
Homeland Security.
Thank you.
Chairman Carper. I will not ask if anyone wants to move
that the nominations be closed. [Laughter.]
But we could do a lot worse. I do not know that we could do
a whole lot better. But there is no shortage of, I think,
really good candidates. We just need for the Administration to
pick one and send us a great name. For Suzanne Spaulding, I
think we have a hearing--I believe, Dr. Coburn, we have a
hearing for her next week, and my hope is that we will be able
to move that nomination quickly. She is an impressive
candidate.
Admiral Allen, same question.
Admiral Allen. That is a tough statement to follow, but I
will try. I think there are three things we have to look at. I
do not think you can look at just the DHS authorities in
isolation. And if I could just enumerate them, because I think
it is really important.
The first one is the current status of FISMA, which is
basically a regulatory compliance tool to try and ensure that
proper information security is being carried out in the
government. There is a major step being taken right now to go
move away from a compliance checklist mentality to continuous
mitigation and measurement at the gateways so we actually know
what is going on. That will be enhanced shortly by a dashboard
which will pull that information up and allow it to be shared
across the agencies. That is a phenomenal step forward, but it
has been largely done through the congressional and
appropriations process where money was provided to actually go
out and solicit for that work to be done. So I think we need to
move forward and figure out how we are going to transition from
FISMA, which is a compliance program, to continuous monitoring
of our circuits and how to move that information around.
Second, as Jane mentioned, the Executive Order (EO) on
cybersecurity and infrastructure protection has laid out a
number of very important steps, including a voluntary framework
for the private sector that is being developed by NIST right
now in cooperation with all the parties. But we need to go
beyond the EO, as Secretary Ridge said, and start looking at
the issues regarding liability and what are the prohibitions
that keep the private sector from being involved.
So you have the FISMA revision; you have the EO on cyber,
which is going to take legislation to completely solve that,
and I think both of the other panelists have said that. And
then, finally, what are the authorities and the jurisdictions
that DHS would need to do that? If we put all three of those
together, I think you have the complete package, and I think
legislation is needed. But it should not be separate from
legislation that addresses the issues with the private sector
as well.
Chairman Carper. Good. Thank you for those comments.
Last, Mr. Baker, would a better defined statutory mission
of the current cyber activities at DHS help to strengthen that
Department's cyber capabilities?
Mr. Baker. Yes, I think in a couple of ways.
First, the technology is always evolving, and yet the law
that we are operating under is 10 years old at least. In many
cases authorities were simply transferred. And FISMA is a great
example. FISMA envisioned doing security checks that would
occur on paper and take months to accomplish. Yet the
Department is now actually rolling out technology that will
perform much of the FISMA checks in 3 days. And it is important
to revise the law so it takes account of those capabilities and
all of the other security measures that are being developed in
this area.
I would certainly support the idea that working with the
appropriators is the best way to do this. Having a single
unified appropriations process for the Department is the saving
grace for the Department, and the more that can be done, the
better.
Similarly, the second point that I will close on is that in
many cases the authorizing legislation needs to make clear
that, while the National Security Agency has a big dog, it is
an important participant--I used to work there, am very
supportive of it, but everyone in the country needs to be
reassured that when we are talking about cybersecurity, it is
DHS that is setting the policy and dealing with the data, not
the National Security Agency.
So what I would say is maybe DHS does not need so much a
bigger dog as a leash, and authorizing legislation can provide
that kind of reassurance to the American people.
Chairman Carper. Thank you all for those responses.
I consulted with Dr. Coburn. We are talking about how do we
better honor the loss of all those lives 12 years ago this
morning. Do we honor it by recessing and going to join some of
our colleagues on the steps of the Capitol for an observance?
Or do we really better honor their lives and their loss by
continuing to do our work here today? And we believe that the
best way to honor them is for us to continue doing that. We are
going to continue going through the 11 o'clock hour, and that
will give us a chance to really drill down on some of these
important issues.
With that having been said, let me just yield to Dr.
Coburn. Thank you.
Senator Coburn. Well, thank you, Mr. Chairman. A couple of
points based on what I have heard here today. The Homeland
Security budget is twice what it was when you had it, and
everybody knows we are resource poor right now. And the
question is: How do you put metrics on what Homeland Security
is doing?
I would suggest, No. 1, there are 45 open areas from the
Office of the Inspector General (OIG) that have not been
addressed by the Department of Homeland Security on
recommendations that they essentially agree with but they have
not acted on. I do not know if that is a priority problem or a
resource problem. But that list is growing.
The second thing, on FISMA, Bobbie Stempfley is a great
leader at Homeland Security. If we had a hundred Bobbie
Stempfleys, we could all sleep great at night. But the fact is
FISMA is going backward, according to the last Office of
Management and Budget (OMB) report, not forward. So I am very
hopeful, based on what you said, Admiral, on what we are going
to see and what you said, Mr. Baker, in terms of improving
that.
The other point I would make is I asked the Congressional
Research Service (CRS) to give us what statutory authorities
Homeland Security has, and they have most of the authorities
they need for everything. As a matter of fact, when Secretary
Ridge was Secretary, he had them start all these things under
these authorities. So we need to ferret out what we actually
really need to do to give increased authority.
The things that I am concerned about is I do not--first of
all, we cannot afford to duplicate things that we are doing at
NSA. And we heard from all of you, every time we have seen a
problem since September 11, 2001, it is because of either a
stovepipe or an individual judgment that was made in the wrong
direction. Even with Boston, if you go to the intel on all
that, what we know was we had some errors made by individuals
or by process rather than have flat, good, horizontal
communication that was real time.
So Tom Carper and I do not disagree about what the goals
are. The question is or the disagreement is: How do you get
there and how do you hold people accountable?
So information sharing is the key for us to be flexible and
highly responsive when it comes to threats for our country, and
how we do that is important.
And I think, Jane, you said something that I think is
really important. The confidence level by the public and the
private sector in terms of DHS' capability to handle all this
is a key hurdle we have to get over. And what we have to do is
we have to walk before we run. And we have been crawling, and
now I think we are walking, and I would attribute some of that
to the most recent Secretary, but also to Bobbie Stempfley and
her crew and some of the other things that are going on there.
The other thing is privacy is a big deal. We have seen
that. But we had a lot of problems at fusion centers with
privacy. We put out a report that showed that, and they
responded. They were starting to respond before that. But there
is no privacy policy associated with the drones with DHS right
now. We have an open letter that has not been answered. What
are you doing about it? And yet there was no consideration of
privacy as they made the policy for the use of drones. So there
are big problems for us to address.
I guess what I would ask is--and, by the way, I do need to
make a correction. The President has nominated four positions
out of the 15, not two, so I stand corrected on that: Office of
General Counsel, NPPD, Customs and Border Protection, and Mr.
Mayorkas.
So I guess the question I would ask is: How do we
incentivize to make sure we have real-time sharing across all
the branches, one? No. 2, how do we reform Congress' oversight
of DHS to where we limit the committees? Tell me how we do that
so that we can make them react in a positive way and not spend
so much time up here on the Hill but have good, clear
communication and single authority coming out? We have most of
the authority for Homeland Security, but that is not true in
terms of a lot of other subcommittees. So your comments on
those, and I would like each of you to address that, if you
could.
Mr. Ridge. Well, I would be happy to volunteer to begin the
conversation. I must tell you, Senator, that I think your
frustration with the growth of the Department in terms of
personnel and dollars is something that I share a little bit.
More is not necessarily better.
I remember my first year as Secretary. A well-intentioned
Congress on both sides of the aisle wanted to give me more
money, and I said, ``Before you give me more money, I think I
better take a look at it and see if we are doing an effective
job with the money we already have.'' And I thank you and
Senator Carper for bringing that mind-set.
Someone told me that we have gone from 180,000 basically to
240,000. I do not know what the number is, but, I mean, I just
have no idea where the additional bodies are needed,
notwithstanding some increase in personnel down at the border,
CBP and ICE, like that.
So I must tell you, I think at the epicenter of all the
concerns you have addressed is the failure of this institution
of the Congress of the United States to consolidate
jurisdictions so that there are no end runs to protect vested
interests that have been existing in silos for a long time. And
I think the only answer to that is the will of this body to
effect a change. Unless you can consolidate jurisdictional
responsibilities so that a small group of Republicans and
Democrats in both chambers have exclusive jurisdiction or
nearly exclusive jurisdiction, you are going to see through the
process--because we all know that it is a little byzantine, it
is--everybody has allies on all these other committees, both on
authorization and appropriation levels. We really need to do
that. And I think if you can consolidate that responsibility, I
think you can affect the kind of change that you are talking
about.
It is amazing to me that the Congress would ask two of
America's great public servants--Lee Hamilton and Tom Kean--to
spend about a year and a half or 2 years, take all that
testimony, and say, ``We as a Congress want to know how we can
help this new Department mature and how we can make our country
safer,'' and two of the most obvious and needed recommendations
made 10 years ago, consolidate jurisdiction on the Hill and
private sector, a public safety broadband network so that
police and fire and emergency responders can handle future
crises and all that, and we are not there.
Senator Coburn. The third one is risk based rather than all
hazards.
Mr. Ridge. Exactly, and the third one is risk based. I
mean, clearly--but I must say, they are starting to do it at
TSA. I mean, I like the pre-clear program. I know John Pistole
has done a great job. They are moving in that direction. But I
am going to say to my friends on both sides of the aisle here,
quit arguing about a fail-safe border security platform; you
will never make an absolutely secure border. What we want to do
is reduce the risk. So we have to risk-manage the border, we
have to risk-manage commercial aviation, we have to risk-manage
everything across the board. But I think at the end of the day,
Senator, if you are looking to achieve the outcomes that I
think are generally shared on both sides of the aisle, the
commitment is that strong, then I think the Republican and
Democrat leaders in both chambers have to sit down before the
next Congress and say, ``Enough is enough.''
One final anecdote, and I say this with the greatest
respect for my 12 years here on the Hill. I cannot tell you the
number of times we have been walking over to a vote, and we
would be leaving a committee or subcommittee hearing, and there
would be lament among the members: ``Geez, we got five or six
committee hearings and subcommittee hearings today, and we have
to run from here to there.'' And everybody decries the pressure
on legislators to do their job effectively and all these
committees and subcommittees, but nobody wants to relinquish
the seat on the committee or subcommittee. It may not be
voluntarily relinquished, but if the leaders in both chambers
say, ``As of this Congress this is done, we are making these
changes, Homeland Security does not report to 100, it reports
to 5 or 10,'' it will be done.
So I think the answer to that is you have to get the
leaders in both chambers and both parties to agree, because I
think it is at the epicenter of solving the problems that you
have just addressed. A strong letter to follow.
Ms. Harman. Mr. Chairman, let me apologize in advance. I
have to leave at 11 because I serve on a foreign policy board
to the State Department, which has been rescheduled three
times, but it is today, and the meeting with----
Chairman Carper. We understand. We are just delighted you--
we will make the next 17 minutes count.
Ms. Harman [continuing]. At 11:30 on my way to the airport.
All right. So I apologize.
Let me just address reorganizing Congress, which I think is
absolutely essential and will be very difficult to do. I was in
the painful conversations with--I am not sure if it was the
Democratic Caucus; Maybe Senator Baldwin remembers back in the
day--about the need for more jurisdiction for the House
Homeland Committee, and the pitch was made and people nodded,
and then someone from the House Commerce Committee stood up and
said, ``Oh, no, but this notion of an interoperable emergency
broadband network is central to our jurisdiction.'' And so, of
course, read: No change. And people in this institution on both
sides earn their power through their committee positions. And
giving up power in this institution is not something people
will do voluntarily.
So I agree with Tom Ridge that the leadership will have to
basically require it. However, the leaders earn their power
through the loyalty of their members, and making members shrink
their own power is not really helpful to leaders holding power.
So I do not know how the thing changes, but until it changes,
we will not have the robust homeland function that we should
have.
Just one other comment, as I kind of implied, 10 years ago,
the concept for the Homeland Department was more ambitious than
maybe some of us would have wished. It was the White House's
proposal to put 22 departments and agencies together. Some of
us had thought about a more modest function directed by the
Homeland Coordinator in the White House, a job Tom Ridge
originally had. But we took it because the Administration was
behind it.
So it is a daunting task to make this thing work. At this
point I do not think we should rearrange the deck chair in the
Administration. But if there is a way--and maybe the members
here have more power than members that I observed back in the
day. If there is a way to reorganize Congress to give this
Committee and the House Committee more power, I think our
country will be safer for it.
Chairman Carper. Admiral Allen, do you want to----
Admiral Allen. Thank you, Mr. Chairman.
Chairman Carper. And then Mr. Baker. Go ahead.
Admiral Allen. As I stated earlier, I spent several days
out at the Sunnylands Estate at the Annenberg Foundationsite in
Rancho Mirage with Lee Hamilton and Tom Kean as part of the
Aspen task force that produced the report that was sent out
today. My proposal would be that be submitted and attached to
the record because there is a detailed discussion of that
rather than take the Committee's time here.
I would say that I would not have served on that task force
if I did not subscribe to the concept that we need to make this
simpler.
The Coast Guard's authorizing committee is Transportaion
and Infrastructure (T&I), and there is a subcommittee for the
Coast Guard there. I spent 4 years as the Commandant of the
Coast Guard without an authorization bill. There were
significant issues that we needed to deal with, anywhere from
fishing vessel safety to unregulated small boats that never
were able to be addressed, and then if they were, committees
would assert jurisdiction that had to be sent over to those
committees for review. Very time-consuming. And if you look at
some of the issues we have not been able to address--and a lot
of those areas are addressed in the Aspen report\1\--I would
direct the Committee just to take a look because I think there
are a lot of issues on the record that have been raised. The
issue of security for general aviation aircraft is another one
moving forward.
---------------------------------------------------------------------------
\1\ The report to which Mr. Allen refers can be found on page 523.
---------------------------------------------------------------------------
The only other point I would add in response to Senator
Coburn's comments on risk based, if you look at what we are
trying to do right now with flood insurance, it is very
instructive, because we have a problem right now, and those
that bear the risk do not pay for the risk. We have an
extraordinary amount of liabilities that have been built up
trying to pay off the flood insurance claims for Hurricane
Katrina that still exist today, and there is no clear way to
how those books are going to be balanced moving forward.
On the other hand, if you start to let those flood
insurance fees rise, you have issues with local communities.
And what you really need to do in the long run, in my view, is
get out ahead of all this by starting to change behaviors on
building codes, land use, and zoning out there, which is a much
more strategic way to deal with this. But you cannot do that if
you have four or five committees asserting jurisdiction over
the problem.
Mr. Baker. I fully support the idea of reducing the number
of authorizing and oversight committees. Let me, though, talk
about two ways that we can address Senator Coburn's concerns
about the budget and some of the other issues.
It seems to me that proper authorizing legislation can set
the framework for actually saving money in the budget, and I
will give you two examples. In fact, you raised one. The
question of duplicating NSA's capabilities, it makes no sense
for DHS to try to do that. NSA has built capabilities over 50
years, carrying out a mission that has been funded in ways that
DHS's mission will never be funded. They have enormous
capabilities.
At the same time, both the American people and I think the
Department of Homeland Security want some reassurance that if
they lean on DHS to use those capabilities, they will not
discover that policies are being made de facto, privacy policy
in particular, by the people that they are leaning on. And so
language that could create a set of authorizing legislation
that sets aside DHS' authorities and leaves it in control of
its area, drawing on NSA for talent and for tools and
technologies that it already uses, you will end up saving money
by relying on existing capabilities and creating at the same
time reassurances for people about how that reliance will work.
The same thing, it seems to me, is true if you can build a
planning process, a budgeting process that uses integration,
Office of Secretary of Defense type capabilities, to say how
can we reduce the budget effectively, how can we eliminate
redundancies by looking at the authorizing language? And if we
do that, we will be building the capabilities at what I
described as the second tier so that the Secretary does not
have to sit down and get out the eyeshade and start asking
about the 14th line on individual components' budgets, but that
is being done by a centralized staff that is trying to
eliminate redundancies. So by creating the right kind of
authorization for those central staffs, you set the framework
for reducing the budget.
And, last, tied to that, it seems to me that until the day
comes when we have eliminated many of the authorizing issues,
one of the things that this Committee can do is build a
relationship with the appropriators so that when the
appropriators are asked about legislation that arguably is
authorizing on appropriations, they know that this Committee
has looked at those ideas, has thought about them, has vetted
language, creating authorization language that may in a pinch
end up in an appropriations bill, is worth considering in at
least the short run until we get to the promised land.
Chairman Carper. Good. Thanks. I apologize to Senator
Baldwin and Senator Chiesa, and Senator Ayotte has just left,
too, to attend the observance. We have gone well beyond our 5
minutes, as you know, and I thank you for your patience. I just
thought it was really important for us to allow this panel to
answer these questions in the kind of thoughtful way that they
have done, We spend so much of our lives here just going from
one place to the other and in and out, as some of you know, and
this was just a very helpful series of questions and responses.
Senator Johnson, if he comes back, is next. Senator Chiesa
is going to be recognized next, then Senator Baldwin. Senator
Pryor was here. I think he has made the same decision that
Senator Ayotte has made. But this is just an excellent hearing,
and I am just very pleased with the way it is going. Jane,
after Jeff asks his question, we will give you maybe the first
rights, the first shot at that, if you want, and I know you
have to leave.
OPENING STATEMENT OF SENATOR CHIESA
Senator Chiesa. Thank you, Mr. Chairman, and thanks to this
panel for being here today.
Mr. Chairman, I join everybody in remembering the families,
many from my State, who were so tragically impacted by the
events of 9/11. We all remember where we were that day,
certainly in New Jersey, watching this go on.
I have prepared some remarks that I would ask you to make
part of the record rather than reading them here today.
Chairman Carper. Without objection.
Senator Chiesa. Thank you.
The most recent events that we have seen that really get to
the issue we are talking about today are the bombing at the
Boston Marathon. And at the time--and I have raised this issue
before when we had Commissioner Davis here and others to talk
about those events, and I was serving as Attorney General at
the time, and I remember in real time being in my office and
learning that there were contacts, potential contacts to what
was going on there in my State. And I remember--our State
police and everybody just did an unbelievable job and turned
that around in a way that makes everybody proud. It really
does. And I understand that we want to work hard so that we do
not have the event actually occur.
So I have the same question, and, Congresswoman Harman, I
would invite you to answer first because of your time
constraint. Do you think we currently have the appropriate
climate among the people that are responsible for having,
developing, and sharing the information necessary so that
information is flowing appropriately, to get to Secretary
Ridge's point, we are not overly siloed? Because of all the
things we are talking about, be it from a cyber perspective, be
it from a terrorism perspective, be it from whatever these
perspectives are, it is all about making sure the information
is getting where it needs to get. And I would ask each of you
to talk to us about your thoughts on the current climate of the
way that information is shared among the people responsible for
sharing it?
Ms. Harman. Well, thank you, Senator. I would give us, as I
just said, an F for reorganizing Congress. I think it is really
sad that Congress has a 19th century structure to deal with
21st century evolving threats against our country. But on
information sharing, I would give us a B, and that is not an A,
and I am looking at Tom Ridge. I do not think----
Mr. Ridge. Did you say B or D?
Ms. Harman. B. It is not an A, but the challenge was to
break down silos and to create opportunities for people to
actually know each other, which is one of the ways you build
trust and enable information sharing.
Yes, there were mistakes in the Boston Marathon case. The
Terrorist Identities Datamart Environment (TIDE) list did not
get to the right folks, and the FBI did not followup, and a
little of this and a little of that. However, once the event
occurred, Boston--the surrounding police departments, the State
of Massachusetts, and all of our Federal law enforcement
agencies and Homeland came together in almost a seamless way;
and using video, including people's handheld phones, they were
able to piece together the identity of the folks and to close
in on them quickly. So that is why I say it is a B. After
action we were an A; before action we were probably a C. But
this is improving.
I just want to mention something that we have not talked
about but it is something I know a lot about based on my role
on the Advisory Committee to the Director of National
Intelligence (DNI) and some of these other intelligence places
that I stay connected to, and that is that information--the
dark side of information sharing is that it enables a Snowden
or others to get too much information and to use it for
nefarious purposes. So our goal has to be to build the trust,
to build the horizontal arrangements, but then also to put in
safeguards so that people with bad motives inside our system or
outside our system cannot abuse it. And I do not think we
mentioned that, and I do think it is part of the challenge
going forward.
Senator Chiesa. Thank you. Secretary Ridge.
Mr. Ridge. Well, I had the great pleasure of working with
Congresswoman Harman back then. I think she is grading on a
higher curve than I would by giving everybody a B. I am not
going to give them a grade, but I want to address something
that I found and I still find troubling, and it goes to the
perception that DHS has not done its job.
I remember doing some TV after the Detroit bomber, and DHS
was criticized for letting the individual on the plane. And I
think Secretary Napolitano has taken some heat, and I had to
remind everybody that DHS does not gather information. They
rely on the alphabet agencies to provide it. And if the State
Department did not give the information to DHS and Customs and
Border Protection and give them reason not to put the person on
the plane, then DHS should not be held accountable. But it
seems from time to time they are.
I think back to Fort Hood. There has been public revelation
that the FBI in two different venues were aware that Hasan was
e-mailing the radical cleric in Yemen, and DHS takes a little
hit on that. Why didn't they do more? Well, frankly, that was
not in DHS' spot. Somebody has to ask a couple of the other
agencies why they did not do more.
Now let me go to your question with regard to Boston. I do
not think that the FBI is on a speed-dial arrangement with the
Kremlin, and I would like to know personally how often the
Kremlin picks up the phone and says, ``We think you have a
couple terrorists in your midst.'' So I do not know how
thorough the examination of that revelation was within the FBI.
I am not faulting the FBI. I just do not know whether or not
the Federal Government generally, including the FBI, took
Russia, Russian intelligence, communication as seriously as it
should have. There may have been other agencies that should
have been involved.
I think the response, as Congresswoman Harman said, to that
incident was phenomenal. DHS did not get the credit--I mean,
there were grants that went out; a training program went out.
All that was done under DHS. But that is triage after the
incident, and that is why information sharing is so critically
important.
Let me just take this a little step further. Let us assume
that you break down the silos and there is more and better
information sharing conceptually. I think somebody has to take
a look at classification. The easiest way for an agency, I do
not care what the agency is, to deny access to--and I am
concerned about State and locals and private sector--is to say
it is top secret, top secret sensitive compartmented
information (SCI). Well, nobody wants to touch it. So I think
somebody has to take a look at classification. I have seen a
lot of things that were classified top secret that I know you
could have shared with folks that would not do harm to sources
and methods. And so I think classification is very important,
particularly if we are serious about information sharing down
to the State and locals and the private sector.
Finally, I think Attorney Generals have to know more
information about what is going on in their State. I am just
one of those folks--you cannot secure the country from inside
the Beltway, and at some point in time, Federal agencies, the
alphabet agencies, have to entrust and trust high-level law
enforcement members in all 50 States and territories with
information about what is going on in their respective States.
I venture a guess that you have no idea, as all the
investigations did not when you were Attorney General, into
potential terrorism activity in your State.
I think it is a huge mistake. People say, well, somebody
may reveal that information that was shared. Well, then, there
would be consequences. But I just think we need to expand the
network with fellow Americans who have responsibilities for
safety and security in this country. We have to start to trust
them. You cannot just keep all that information in here.
So that is my response to that inquiry, and I do think we
need to take a look at classification because it is overly
classified, which is reason not to share, and safety and
security is the ultimate concern. You have to trust fellow
Americans outside this city to help keep the country safe and
secure.
Senator Chiesa. Thank you, Secretary, and I know that my
experience was----
Chairman Carper. Congresswoman Harman, as you leave, thank
you very much. Godspeed.
Senator Chiesa. Mr. Chairman, I know I am out of time. We
had the opportunity to be briefed, and every Attorney General's
jurisdiction is a little bit different. Mine included a lot of
those things. But I think to get to your point, others have
made these relationships. The first time you are talking cannot
be after an event. Right? And talking before and having some
trust and having seen somebody is invaluable once the event
starts so that there is no hesitation, because that information
has to get to the decisionmakers and to the rescuers and to
whomever else is involved. So I appreciate your thoughts on
that.
Mr. Chairman, I am over my time, and I do not want to hold
up Senator Baldwin, but at some point I would love to hear from
the other panelists, too.
Chairman Carper. Senator Baldwin, are you OK if the other
panelists respond to his question? Are you OK with that? Let us
just do that. We have a good flow. Thanks.
Senator Chiesa. Thank you.
Admiral Allen. Rather than repeat some of the points, which
I think are very valid, that Jane and the Secretary have made,
let me take a little bit of a different spin on this. When you
look at counterterrorism and the great expansion of
transnational organized crime and illicit trafficking, we know
there are growing linkages there. Whether you are a terrorist
or you are a criminal, you have to do a couple of things that
are visible. You have to talk, you have to move, and you have
to spend money. And every agency operates basically on a case
doctrine and how you manage it, and in that case there are
usually confidential informants, and there are sources and
methods. That usually is the route of classification, as
Secretary Ridge referred to, because they are trying to protect
that.
The problem is that our law enforcement structure in this
country has evolved over the last century against business
lines of the bad guys--drugs, alcohol, tobacco, firearms,
counterfeiting, intellectual property, all managed by a law
enforcement agency that manages as a case.
The fact of the matter is we are dealing with networks,
illicit networks, that generate cash however they need to to
perpetuate their regime. And what you need to do is attack the
network with a network. And I think the greatest case for
information sharing and the greatest case for more and better
integration, not only in the Department of Homeland Security
but domestically and internationally, is to move to a way to
look at these challenges as network challenges and how do we
move across dealing with their business lines, which means you
are only taking down one franchise. You are not dealing with
the root of the problem, which is how the network managed
itself, threat financing, how the money moves, how they move,
and how they communicate. That is the No. 1 cause for action on
information sharing in my view.
Mr. Baker. Three thoughts on this, one that I offer only
tentatively because I do not know all the details. But I do
remember that when the older Tsarnaev brother came back from
Russia, he entered the United States, we had the chance to
interrogate him; we had the chance to look at his electronics
as he crossed the border. We did not do it. My impression is we
did not do it because at that point the FBI had closed its
case. And one of the questions I wonder about is whether DHS
and CBP have deferred too much to the FBI. We have an
independent responsibility to protect the United States, and
the fact that the FBI closed its case is not necessarily a
reason not to ask questions of somebody who has gotten the
kinds of intelligence reports that Tsarnaev earned.
Second, one of the things----
Senator Coburn. Let me correct the facts on that. Your
statement is in error.
Mr. Baker. All right.
Senator Coburn. The information was sent to the Joint
Terrorism Task Force in Boston, but it was not relayed to
Customs and Border Patrol at Kennedy.
Mr. Baker. OK. So then there clearly were failures of
information sharing that cost us something, and something
significant.
Second, we learned after Boston how valuable cameras can
be. They are not valuable in stopping crimes. They are valuable
in catching the people who carry them out. That is also true--
we learned that in the Tube bombings in London. And yet for a
variety of reasons, including privacy campaigns, a lot of
cameras have not yet been installed inside the city centers. We
do not actually need them hooked up, we do not actually need to
be watching them, but they need to be recording so that if
something bad happens, we can go back and figure out what
events led up to that. We should be encouraging the
installation of those cameras, and if people have privacy
worries, we should just have them continually write over their
hard drives as opposed to send the data anywhere.
And, third, on the information-sharing point, I thought
that Jane Harman was exactly right. Information sharing creates
risks. It creates the risk of Snowdens or Mannings. But on the
network Snowdens and Mannings look a lot like Chinese hackers
who have also compromised computers on the networks and are
gathering suspicious amounts of data, and the same tools that
help us to provide better cybersecurity will also provide
better audits of who is on the network, what they are doing,
and will protect privacy as well because we will be able to
tell who has accessed information improperly.
And so one of the things that this Committee could do, that
DHS could do, is to make it a little clearer to the State and
local entities that get grants, that they can use that money
for cybersecurity audit technology that will allow them to meet
all of those requirements.
Senator Chiesa. Thank you.
Thank you, Mr. Chairman.
Chairman Carper. You bet. Thank you.
Senator Baldwin, thank you for your patience here today.
You can take as much time as you want.
Senator Baldwin. Thank you, Mr. Chairman, Ranking Member,
for holding this hearing, and I want to thank all of our
panelists, including Congresswoman Harman in absentia, for your
service to our country. I appreciate each of your sharing your
analysis and appraisal of where we have come in these last 10
years and where we still have to go.
I want to focus my questions on the larger issue of
cybersecurity and the incredible increase in cyber attacks that
we are experiencing. And I would like, if you could--and I will
start with you, Mr. Baker--to sort of talk about any
distinctions that we should appropriately make with regard to
economic cyber attacks versus the threat of cyber terrorism
where the goal might be to take out part of the power grid, for
example. And I would like to have you focus--you ended your
testimony a little bit with the private sector being in a
position where they have more intel on their potential
competitors, but I think you were talking about economic cyber
attacks in that arena. So the question I have is: What can we
do better with existing authorities?
And then the second question that I would like to hear from
all of you about is, you know, I do not know how long the
journey will be until Congress actually passes legislation on
this topic to supplement the Executive Order and to respond to
many of the issues that have been raised. But there have been
lots of comments about--and, Secretary Ridge, you talked about
do not make this prescriptive, do not make this regulatory.
Again, I wonder whether there is a distinction we need to make
when we are talking about critical infrastructure because the
people of America depend upon that critical infrastructure for
daily life, and it may be private, but it is to the public
benefit without question. And should there not be some
additional obligation, some prescription, if you will, because
of the level of importance of that critical infrastructure?
If you do not mind, Mr. Baker, I would like to start with
your reflections on those questions.
Mr. Baker. So there are two big worries in cyber. One is
what you might call economic espionage or espionage generally,
in which all of the attacks are aimed at stealing information.
And we have seen enormous amounts of attacks aimed at
practically everybody who might be of interest to any foreign
government with any capabilities in this area, and probably
everybody on this panel and certainly everybody on this
Committee has been attacked in an effort to gather that
information. So that is a serious pandemic problem right now.
Second, sabotage or cyber war or cyber terrorism designed
to break systems is a very serious possibility. I am not so
sure about terrorism. I do not think it has been very healthy
for al Qaeda leaders to use the Internet in the past. But
state-aided terrorism is a concern. If we actually did attack
Syria, I think you would have to worry that Iran or Hezbollah
or some organization assisted by them would engage in cyber
attacks on the United States designed to cause failures in
financial or industrial control systems, and those could be
very serious.
All of those attacks tend to actually use the same basic
techniques. You break into a standard commercial network, and
then you try to hop to an industrial control network that you
can break and cause serious damage. And so stopping the
espionage attacks, making it much more expensive to break into
systems to steal secrets, is probably our first and highest
priority.
First, companies know a lot about who is in their network.
I represent a lot of them, and the experts that they hire say,
``Oh, yes, this is a unit of the People's Liberation Army or
some criminal gang. We know, by the things they are doing, the
code they are leaving behind, who it is, and we can tell you
what their tactics are going to be for the next 24 hours or 48
hours. We can tell you what they are trying to steal and why.''
So companies know a lot just from looking at the activity
on their network, information that may not be available to law
enforcement. What they cannot do is go to the command and
control servers that are being used to steal the information or
to the attackers headquarters computers. For that you often
need law enforcement authorities. But law enforcement does not
have all of the background information. So we need to find a
way to use existing law enforcement authorities and the
existing resources and information that individual companies
have to actually track those guys back home and then begin
looking for reasonably creative penalties that can be applied.
Again, using existing authorities, we can deny visas for any
good reason. The President and Congress can impose financial
sanctions on individuals who have committed this kind of crime.
We have lots of authorities we have not yet used.
Admiral Allen. I think the progress that has been made with
the Executive Order that was signed by the President regarding
cybersecurity and infrastructure protection has taken a major
step forward. I think, though, as was mentioned earlier, until
you start dealing with the issues about proprietary data,
antitrust issues, and liability, there is going to be a
hesitancy of the private sector to want to fully get on board
with that.
Now, I think the conversation that has been started in the
last 2 weeks with the release of the draft voluntary framework
by NIST is going to advance that discussion further. There are
some critics that have said that is too general and not
detailed enough to be effective. My position would be that you
need to start out with the 1.0 version and go to the 2.0
version, and having that conversation and moving forward and
involving the private sector in that is really what is needed.
But if you look at this problem, this is a classic case of
macroeconomics. What is the inherent governmental role here?
What should the private sector be doing? And I think that there
is not a consensus in the country about what those roles are.
Are the markets going to clear security? Or is the government
going to provide there will be a command and control regulatory
system?
I think to figure out a way, No. 1, to share the
information that is currently held classified within the
government and get that out to the people that need it; on the
other hand, when they are attacked, to get that information out
of them so it can be used when they are concerned about
regulatory oversight of potential civil or criminal penalties
associated with that.
I will just say this: There are a lot of people out there
that are trying to work this problem. I have had the
opportunity over the last couple years to work with an
organization in Pittsburgh called the National Cyber-Forensics
& Training Alliance. It is a 501(c)(3) organization that was
developed with the local folks at the Software Engineering
Institute at Carnegie Mellon and the local FBI office, and they
actually have kind of developed a way to create what I would
call a metaphorical Switzerland where they are collocated in
the same place, so it is capable of just walking across the
hall and exchanging information, understanding the protocols,
building trust and so forth. But we are going to have to figure
out a way for both of those parties to come into an area where
they are free of risk, organizational risk, to provide that
information and exchange it. If we cannot do that, it does not
matter what the role of the government is or what the role of
the private sector is. It is not going to work. And of all the
conversations I have had in the last 2 or 3 years regarding
this very complex problem, the National Cyber-Forensics &
Training Alliance has come closer to trying to figure out
exactly how that works in the organization I have run into, and
I would suggest the Committee may want to reach out and talk to
them.
Mr. Ridge. Senator, I think----
Senator Coburn. Turn your microphone on.
Mr. Ridge. I believe quite a bit of progress has been made
since the establishment of the Department with regard to
addressing cybersecurity, although I think we all have to
honestly admit in 2003, when the enabling legislation was
created, there was no one, I do not think, that was as totally
concerned about--some may have been--the emerging threat of
cyber incursions as we all are today. It has accelerated. It is
pretty remarkable if you think that we commercialized the
Internet in 1992 or 1993, and now it is the backbone of
absolutely everything we do. And so the sensitivity and concern
with regard to distinguishing between what is an economic event
and what is actually a more defense-directed or offense-
directed security incursion is a legitimate one. We know who
the actors are. You have nation States. You have terrorists.
You have hackers employed by nation States and terrorists. You
have organized crime. There are multiple challenges in dealing
with this.
Even if we can attribute, if we can actually attribute who
the attacker was and make a determination of the consequences,
what do we do about it? What do we do about it? I mean, that
again speaks, I think, to the kind of collaboration that
focuses on information sharing in a true public-private
partnership with the private sector rather than compliance,
because with due respect to my profession, as an attorney, I do
not see compliance lawyers as being the best means of assuring
that we have enhanced our security in this country, because a
regulation means there will be a block, it will be a check
block, and you will check, and they said, OK, you did what the
Federal Government wanted to do. And, frankly, the technology
available today, offensive and defensive, as we speak, is
changing, and it will be different tomorrow and the years
ahead.
So I think the best insurance right now is to take,
frankly, the embrace of--I think it is Pat Gallagher running
NIST, who I think testified perhaps in this Committee
previously about, look, let us continue down this path of
setting voluntary standards that both the Federal Government
and the private sector agree upon, and let us see how well they
do about taking those standards and devising the kind of
defensive infrastructure that they need before we start
thinking about regulations, because I am afraid we will never
be--I am going to say this: Congress 4 or 5 years ago
appropriately gave to DHS chemical facility antiterrorism
standards and regs. I think we are 3 or 4 years later; there
are a lot of people working really hard on it. But that
delegation of authority does not mean it was executed in the
appropriate way. And I am simply saying, for the time being I
think we ought to let this--I think President Obama set it up
with his Executive Order. I think we ought to let that come to
fruition before we even think about standards--before we think
about regulations.
I might add the three or four critical sectors--and I think
you were alluding to them in your comment--you have financial
services, you have energy, you have transportation. I must say
from my experience these sectors have spent and will continue
to spend hundreds of billions of dollars, sometimes on their
own, sometimes in cooperation, in collaboration with Homeland
Security. But we have evolved a long way. I remember we created
a Computer Emergency Response Team at Carnegie Mellon because
this was an emerging problem back in 2001 and 2002. Now it is a
fact of life. We are going to be dealing with forevermore.
Forevermore. And so I do not think we are ever going to have a
regulatory compliance scheme that is going to be able to keep
up with the dynamic environment.
So my recommendation based on the purpose of this hearing,
even though I think your question is a very important one, I
think we need to let the NIST standards play out and really
push for far more collaboration between the public and private
sector.
One anecdote. My company deals with some significant
private sector companies that deal with the cyber issue, and
one of them, which is a multinational corporation, walked into
one of the alphabet agencies and said, ``We have been hacked
into,'' and the alphabet agency said, ``We know.'' And they
said, ``Well, we are a taxpaying group of folks. Did you ever
think it might be helpful if we sat down and worked together on
it?''
So I think, again, focusing on collaboration and sharing
rather than compliance is the best approach for the time being.
Chairman Carper. Do you want some more time?
Senator Baldwin. No. Thanks.
Chairman Carper. All right. We made good use of that.
As we start a second round, I want to preface--let me just
say, you mentioned Pat Gallagher, who did testify here before
our Committee earlier this year--from NIST, and he said--every
now and then witnesses show great wisdom. And in his testimony
before us, I think he said, and I will paraphrase, he said,
``We will know we are on the right track when good
cybersecurity policy and good business policy are one.'' That
is what he said. I thought that was pretty good advice. We have
gotten a lot of good advice here today as well.
Let me also preface my next question by saying that here we
are, it is the anniversary of 9/11. Here we are, maybe days
before the United States could launch limited Cruise missile
attacks at some targets in Syria. Here we are, knowing that we
are under attack on the cyber front 24/7. And we have an Acting
Secretary of Homeland Security, and we have an Acting Deputy
Secretary of Homeland Security. And that just cries out for the
Administration and for us to do our jobs, to make sure we have
in place the kind of confirmed leadership that we need, capable
confirmed leadership.
OK. That having been said, let me turn to a topic that I
just mentioned, that is on our minds, and that is the potential
for military action, limited military action, in Syria unless
that country relinquishes its chemical warfare supply and
dismantles their capability to create more chemical weapons.
The prospect of our using military force is a serious
matter. It weighs on us all, certainly the President who came
and visited our caucuses yesterday in the Senate, both Democrat
and Republican.
I want to ask, as we prepare to make whatever decisions we
need to make in the days ahead in conjunction with the
President, I think it is important for us to get answers to a
few more questions, and I would like to ask this seasoned panel
of national security experts for some of your thoughts.
If the President does choose to take limited military
action against the Assad regime, what impact do you think that
might have on homeland security? What should DHS be doing to
prepare for some potential consequences that would flow from
U.S. action, even on a limited basis, against Syria? Mr. Baker,
if you would like to lead off, that would be great.
Mr. Baker. Sure, I will be glad to. We absolutely need to
prepare here. By taking on Syria, we are also taking on
Hezbollah and Iran, their backers in that regime. And if they
choose to make the United States regret the sanctions it
imposes, they have very substantial capabilities. Hezbollah has
its own cruise missiles. And a terrorist organization with that
kind of capability certainly can develop and use cyber attacks
or can send people to the United States to carry out attacks.
So we would have to go on a pretty substantial alert basis.
They would be biting off a lot. They are already on alert
against Israel and fighting in Syria themselves, so they may
decide that it is not prudent to attack, but hope is not a
strategy for us. We need to be worried about our defensive
capabilities. For the first time, we would face the risk that
we will have a cyber attack aimed at getting us to quit
engaging in military action.
Iran is widely blamed for a series of attacks on our
financial institutions that have been visibly punch-pulling
exercises in which the attackers announce how long the attack
will last and what day it will happen. Obviously they could do
more and cause more damage. And, again, Iran, having blamed us
for Stuxnet, is going to be less constrained about using that
kind of weapon against the United States on behalf of an ally
like Syria. So we will have to up our game both physically and
virtually.
Chairman Carper. OK. Thank you. Admiral Allen.
Admiral Allen. Let me start with a caveat. It has been
several years since I sat in a tank. I am not up to speed on
operational briefings, so I am just going to talk in
generalities. I would not want to speak for anybody or make any
comments that would not be appropriate in this situation.
In regard to cyber threats related to any untoward act--and
it could be generated by this--one of the problems we are
dealing with right now is we are trying to evolve these
structures, and we have talked about them extensively here
today. It is tough to talk about how you would deal with one of
these things when the answer is what you talk about you need to
do and you have not done yet.
But let me focus on something called advanced persistent
threat, which is something that is discussed both domestically
and internationally, and it relates a little bit to what
Stewart was talking about. There are footprints that are left
regarding behaviors that go on out there that are indications
of something that is going to occur. And one of the reasons the
changes that need to be made in the cybersecurity posture in
this country have been made and continue to be looked at in the
Executive Order, the NIST standards, and everything else is
that we need to move to continuous monitoring, and then after
that we need to move to continually be able to look at the
precursor or the context that is being set for an attack, and
we do know what those are, and a lot of it has to do with
basically analyzing social media, because people talk about
this.
So in regards to any threat situation, and this one
specifically, I think there ought to be a fine-tuning of our
sensors out there related to what is being talked about in
social media and what types of activities are taking place.
After 9/11, we used to talk about chatter. Well, we have a much
better capability now with--we have a mismatch in computation,
spectrum, and bandwidth management in this country. We do not
utilize enough against these problems. I think in this case we
will be looking at advanced persistent threat because if they
are going to do anything immediately, they already have had to
put the mechanism in place to do it.
Chairman Carper. Thank you. Governor Ridge.
Mr. Ridge. Senator, I appreciate the question, and I must
tell you, based on a personal relationship, because you and I
have had many long conversations over the years about topics of
national interest, I am going to resist the opportunity to tell
you how I think we got into this mess and how I think we ought
to get out of it and answer your question exactly.
It reminds me of the National Security Council coming over
to what was then a small core staff between the time I was
sworn in as Secretary and the intervening 6 weeks before we
opened the door on March 1, 2003, the first day of the
Department of Homeland Security. A couple members of the
National Security staff came over and said, very confidential
at the time, ``We are probably going into Iraq. We know you do
not have a Department, but maybe you should think about
potential blowback in this country and what we can do about it
to minimize the effect.''
So, one, I think your question is very appropriate and play
the ``what if'' and then figure out how we respond if the
``if'' occurs.
I think we have learned a lot since Liberty Shield. I
think, frankly, the State and locals are far better prepared.
We know defense readiness condition (DEFCON)--even the much
maligned and occasionally referred to color-coded threat
warning system, which I will carry with me for the rest of my
life, at least we know now there are certain levels of security
that are embedded in the Federal Government and even within
some of the State and locals and the private sector, No. 1.
No. 2, I think the most likely pushback would be in the
cyber realm, and to that end, again, it is a great place for me
to suggest that this is precisely where the Federal Government
should be sharing the precursors that it may know or the
addresses that it has seen as it relates to the digital
incursions that we have been hit with from the Syrian Army,
perhaps the Hezbollah and the like. This is a classic example
where we probably, in this instance, are more familiar with the
electronic incursions directed at us from Russia, from Syria,
et cetera, and at precisely the time that that information
should be shared with not just State and locals but with the
private sector.
So, long term, I think we are far better prepared to
respond to an attack because--I do think the word has been
used--we are far more resilient today than we were 12 years
ago. But this is an excellent opportunity for the Federal
Government to share some of the information that I am sure they
have that the private sector would like to check that
information against what they see occurring on the grid, with
the data systems, the financial institutions, and
transportation, et cetera, to see perhaps if they are missing
something and can be better prepared if there is an electronic
attack or digital attack if we go into Syria.
Chairman Carper. All right. Thank you all for those very
thoughtful responses. Governor Ridge mentioned how he will take
with him to his grave the leadership that he provided with
respect to the color-coding alert. I am not so sure if there is
some way to work that into your tombstone and the narrative of
your life.
I was kidding my wife recently. She said, ``Why do you
spend so much time on postal reform?'' Dr. Coburn and I, along
with our staffs, spent an inordinate amount of time this year
trying to reach an agreement on bipartisan legislation. But she
was kidding me about something about postal, and postal reform
on my tombstone. And I thought out loud and said, ``Well, maybe
what would be appropriate would be just these words: `Return to
Sender.' ''
Mr. Ridge. Again, it is a classic example of something that
the Congress is going to have to deal with. I believe--look, we
know that Russia and China have cyber attacks as part of their
public warfighting strategy. We know this is a condition of not
only military and diplomatic but business activity,
international activity for the rest of the world. But, again,
it is a place where you need the private sector and the public
sector to sit down and really cooperate and determine if there
is an attack, what are the consequences and who is responsible
for returning it to sender? I mean, all this has to be worked
out, and, again, I think that just calls for collaboration,
cooperation, communication, and it does not require for a
regulatory scheme where you check the compliance box and
everybody feels that they are safe after that.
Chairman Carper. All right. Thanks so much. Dr. Coburn.
Senator Coburn. I think Governor Ridge agrees with this. I
would love to have the other panelists' thoughts. We spend
billions on grants every year. Is it your opinion that those
grants ought to be risk based rather than parochial based?
Mr. Ridge. Absolutely.
Senator Coburn. Admiral.
Admiral Allen. Senator Coburn, following the attacks of 9/
11--I was the Atlantic Area Commander, as I said earlier--I was
concerned about the posture of our ports on the east coast, and
I put a team together that developed a port security risk
assessment model that now is called the Maritime Security Risk
Assessment Model by which we look at impacts, trading off what
you are protecting in a port based on risk and consequence.
I remember having a conversation with Secretary Chertoff
about implementing that at the secretarial level across the
Department to inform the grant programs, and early on we had a
pretty significant impact in doing that because there was a lot
of logic attached to what we did, until Secretary Chertoff ran
into the buzz saw which is called New York City. And we are all
still stinging from that adventure a couple years ago.
I unequivocally agree with you it ought to be risk based.
It ought to be conditions based, based on the adherence of
local communities to standards like the National Incident
Management System (NIMS). It ought to be, in my view, linked to
how they are making decisions on land use and reducing risk. I
think there is every argument in the world to do that in a
constrained budget environment.
Senator Coburn. Thank you.
Mr. Ridge. Senator, may I make just one quick comment if I
may?
Senator Coburn. Sure.
Mr. Ridge. Because, again, I do not want to go back to the
reorganization of Congress, but it just conjures up a couple
conversations I had when we were trying to move it to risk
based. And I could not agree with you more than my colleagues.
Every dime going out the door ought to be risk based. But I
think the Department of Homeland Security, of all the agencies
in the Federal Government, is probably more susceptible to
political meddling and interference and impact than any others.
I will give you a perfect example. Once we got into the
second year of the Urban Security Initiatives, action
initiatives, we had the FBI talk about and the intel community
really assess based on the prior year's intelligence gathering
and try to come up with a risk assessment model vis-a-vis the
cities that were potentially impacted, just given the volume
and the credibility of the traffic.
Long story short, from 1 year to the next, we took several
cities off because on a risk-based analysis of the preceding
year, they were no longer on the priority list. And the hue and
cry from Congress, those who represented those communities, was
not deafening, but it was fairly loud--not that we listened to
it, but the fact of the matter is that it ought to be risk
based, and I think you are on to something very important. But
the whole system should be risk based.
Senator Coburn. One of the things the President proposed
that I agreed with--I was kind of a loner on this Committee--is
combining all these grants together to where you really have an
efficient, effective grant program where you set metrics, there
is transparency to it, you are following up, and if they are
not following what the grant was for, you jerk the money. So
that we actually saved money by consolidating the grant
programs, and then we had more money to actually go where the
greatest risk is. And then we followed up to make sure there is
compliance with what the grant was for.
They got a pretty good cold shoulder here in Congress on
that, and I got a cold shoulder when our Committee marked up
while we were still doing things on the basis of parochial
rather than risk based. As a matter of fact, that is in the
law. Rather than risk based, we are doing it on a parochial
basis.
Any recommendations on how we can accomplish that? I do not
know whether you agree with the President's recommendation of
consolidating these grants and then using them on a risk-based
process. Any recommendations, one, on how we would do that;
and, two, whether or not we should do it?
Mr. Ridge. Again, without knowing specifically the
recommendation, it is just very consistent with my thinking as
to--after 10 years of maturity and 10 years of growth,
sometimes I think growth has not meant we have become more
efficient or effective. It just seems to me that homeland
security is all about risk management and resiliency, and the
dollars out the door to be based on some kind of assessment,
and it would be well to bring that philosophy to everything
they do as well as the approach in terms of appropriating
dollars for these grant programs.
You might want to allow for--and I am going to speak and be
very interested in my friend and colleague Thad Allen. I am not
sure we have done quite enough with regard to maritime risks,
port risks. So you may want to divide that aggregate, some
might be into two or three verticals whereby you identify the
greatest risks, one of which could be the maritime industry,
and move on from there. But I know there is a duplication of
programs and oversight, and I do not think it is needed and
everything out the door to be risk-managed at this point.
Senator Coburn. Admiral Allen.
Admiral Allen. Yes, Senator, early on there was a port
security grant program as well, and just one vignette
associated with that. Then I would like to attack the larger
issue that you raised.
I was prone to support requests for grants in areas where I
saw that there was not only a recognition of risk but a
commonality of purpose and regional approaches. And we saw some
areas--one of them is Houston--where they came together and
they created a regional entity by which they consolidated all
their requirements that came in for a grant program. I think
whenever you can do that, that kind of behavior ought to be
encouraged.
Whatever you put in place--and this is going to be a lousy
metaphor, but it is the only one I can come up with on the seat
of my pants here--it is almost going to have to have an
ironclad wall around it that allows it to be executed like the
Base Realignment and Closure (BRAC) program, an up-or-down
vote, this is what we decided; it is executed or it is not
executed.
Mr. Ridge. Yes, I like that.
Admiral Allen. And I do not know how you structure that in
law, but you are almost going to have to have a way where, once
we decide how it is going to be done, the criteria are
established and the decisions are made that it is irrevocable,
it is either up or down, and it cannot be picked apart.
The issues, I saw Secretary Chertoff just get wire-brushed
up here, ran into the political buzz saw in New York after even
trying to diminish the funding, and it is not to say that New
York does not have problems, but that was a very difficult time
for us at the Department.
Mr. Baker. I think Admiral Allen raises a point that is
worth thinking about in terms of how much of your personal
credibility and time you would invest in that, because even
after you have built a pretty good risk system for grants,
politics will not disappear, and that risk system, whatever it
is, could get distorted by the kinds of politics that Secretary
Chertoff encountered, and others have.
And so you may at the end of the day end up with a less
mechanical system, but not one in which the politics have been
eliminated. And at that point, it is possible you will ask
yourself, ``How much did I really achieve by introducing this
risk concept?'' I believe in it, but in practice, I am not sure
that it works out as well as one imagines.
Senator Coburn. Well, thank you. My comment on that is you
need a backbone, the person that is running the agency, and
take the heat, but do what is right for the country. When we
have a Bearcat garden, a pumpkin festival in Keene, New
Hampshire, and you say what could those dollars have done to
either protect us on cybersecurity, advance our intelligence,
what else could we have done? So we are not using any cost/
benefit analysis. What we are doing is parochial--dividing up
the pie, and we are at a point where, first of all, this
country cannot afford to do that anymore. We do not have the
pleasure of doing that.
And so I think the next Homeland Security Secretary, that
is going to be one of the qualifications I am looking for: Are
you ready to take on the fight to do what is best for the
country, not what is best for the politicians?
Thank you.
Mr. Ridge. I think it would make the next Secretary and
future Secretaries--you are right, a backbone will be
essential. But it would be nice to have the institution that
applies so much pressure, changing their jurisdiction, so, you
know, the fact that you can apply pressure institution-wide is
because they are answerable institution-wide. You start
reducing that to a reasonable, necessary oversight and
collaborative process, it will be a heck of a lot of pressure
if the decisions--the legislative decisions that the Secretary
is obliged to follow is reduced rather substantially and,
therefore, held accountable to Senators Carper and Coburn.
Admiral Allen. Mr. Chairman, could I make one quick
comment?
Chairman Carper. Sure.
Admiral Allen. There are a lot of different grants out
there. I am specifically going to refer--because I saw Senator
Coburn on television making very strong statements after the
tornadoes in Moore, Oklahoma. And this gets back to an earlier
statement by Jane Harman. In the passage of the emergency
supplemental following Hurricane Sandy, there were some very
deft and artful amendments to the Stafford Act that got
inserted into that bill that created more leeway and
flexibility for local governments to deal with things like
debris removal, where there was an economic incentive for them
to do what was best for them, but also preserved those funds
and allowed them for another use.
So I think there may be some utility in looking at what we
were able to do, and I realize that was a really unusual way to
amend the Stafford Act, but I think there may be some insight
there to be gained on how you can empower local communities
with flexibility so there is an economic incentive for them to
do what is right and build off a concept like that, sir. And I
congratulate everybody on that piece of legislation, by the
way.
Chairman Carper. All right. Thanks.
I believe it was back in March, Dr. Coburn and I held a
hearing in this room to examine the progress that has been made
and some of the challenges that still remain within the
management of the Department of Homeland Security. I am sure
that all of you are aware of the latest high-risk report from
the Government Accountability Office (GAO) that found the
Department had made considerable progress in integrating its
components, moving toward actually having auditable financials
and, we hope, an unqualified audit soon. But the overall
management of the Department remains on GAO's high-risk list,
and I have been really impressed by the efforts of the
Department's leadership to address these management issues.
With the changing of the guard, the impending changing of
the guard at the top of the Department, there are still a bunch
of questions about how the Department can sustain and buildupon
the work of Secretary Napolitano and also, I should hasten to
add, Deputy Secretary Jane Holl Lute.
What do you view as the most urgent steps that the
Department should take to develop strong management
institutions and practices? That is the question. What do you
view as the most urgent steps that the Department should take
to develop strong management institutions and practices, to
further develop those practices? And are there any legislative
steps that come to mind that those of us who serve on this
Committee and our colleagues ought to take to strengthen the
tools and institutions that the Secretary needs to manage the
Department?
And a last quick question. Admiral Allen, you were there, I
think, when we cut the ribbon on the new Coast Guard
headquarters at St. Elizabeths. Were you there?
Admiral Allen. I was not, sir. I was on travel that day.
Chairman Carper. That was a special day. I wish you could
have joined us. But how does the consolidation of DHS'
headquarters at St. Elizabeths play into management
improvements? Those three questions, if you all could take a
swing at those, three strikes, three pitches. Just make sure
your----
Mr. Ridge [continuing]. Those fast balls, Senator. I am
familiar with the report, not the contents of the report, with
regard to management. I have often said that the Department of
Homeland Security from the get-go had two responsibilities that
it had to deal with simultaneously: one, build a safety and
security platform to deal with risk and resiliency; the other
was the business line integration. It is a business. It is a
budget that has doubled. You have a couple hundred thousand
employees, and one of the ways--one of the regrets--and it is
something that you could not do anything about--is if you were
going to merge 20-plus agencies with multiple missions, with
multiple procurement requirements and budget requirements, et
cetera, in the private sector, you would at least have had a
year or so by the time you got all the Federal and State
regulatory approvals, because Homeland Security was and still
is about mergers, acquisitions, divestitures, and startups. And
the management around those things for the past 10 years
apparently, according to the GAO, has not dramatically
improved.
I frankly do not have an answer. I think that we have had
some really good people there trying to get those things done.
But absent buy-in from some of the management changes and the
restructuring that they might recommend, and that is, buy-in by
the Congress of the United States, it is pretty difficult to
make reforms.
I think that it is not just endemic to Homeland Security. I
just truly believe that there are still silos within that
agency that will require--that have to be merged, and it can
only be done with legislative oversight and direction.
I like the notion of consolidating. I hope you find money
to build out St. Elizabeths, because as Secretary, when we
would have periodic meetings with the leaders of the basically
five or six really muscular agencies--they talk about 20
departments and bureaus, but basically there were five or six
that provided most of the employees, and the rest were just
bits and pieces from the other units of government. And to try
to pull your leadership together a couple of times a week,
taking them from their offices and bringing them over to the
Nebraska Avenue Complex (NAC) and sitting down for 2 or 3 hours
a couple times a week was not a good use of their time or ours.
We had the opportunity to develop the kind of day-to-day
working relationship that I think Congress wanted when it put
these agencies together. It was a tremendous opportunity for
disparate pieces of Homeland Security, and it has been
demonstrated tactically with Customs and Border Protection
working with the Coast Guard, working with ICE. The
collaboration is important. But I think you get better
management if you have the chief leaders of the entity
interacting on a day-to-day basis rather than piecemeal.
I also think you get better management and efficiency if
the restructuring that has been recommended by some of us from
the outside and the Department of Homeland Security is put into
law.
Chairman Carper. OK. Thank you. Admiral Allen.
Admiral Allen. Mr. Chairman, this is an area I have a great
passion about, so do not feel bad about cutting me off here.
Let me hit a couple of these issues.
One of the things that happened when the Department was
created was we aggregated the authorities and the jurisdictions
from the legacy departments. But one of the things that has
been insidious for over 10 years now--and I know this from
talking with staff on the Appropriations Committees--is that we
took the appropriations structures from the legacy
departments--Treasury, Justice, and so forth--and just moved
them to a single committee. There is no comparability in the
Department right now between components on what is a personnel
cost, an operating cost, and a capital cost. And because of
that, you cannot compare and tradeoff between components on
where you want to make investments.
I have said in several hearings, both here and before the
House, that in my view you have to get down to blocking and
tackling if you are going to take on the management issues in
the Department, and the first area should be to standardize the
appropriations structure and how the budget is presented to the
Congress in terms of the justifications so there is
comparability. The Congress cannot make good decisions unless
there is more transparency and comparability across the
Department. That leads to financial management and the ability
to have better insight on how you are spending your money.
They got a qualified opinion on their audit this last year.
That was a major breakthrough. The Coast Guard got a qualified
opinion, the first military service to ever do that. That
should be taken as the floor, the minimum expectation. It needs
to move forward. But you are starting to talk about the
integration of IT systems, financial systems. There are three
major financial platforms that are used in the Department right
now. There is going to be a look this next year at shared
services and maybe a better way to do this.
I think all that has to come on the table, and we have to
look at really trying to integrate this enterprise and make it
run efficiently like you would if you were running a
corporation.
Now, regarding St. Elizabeths, I have to kind of sit on my
hands here. I was the Commandant when we made the decision to
move, and all I said was: ``I can support this; I am behind it.
I just don't want to go there without the Secretary.'' And I
will leave it at that.
There are issues with the Federal buildings funds. There
are issues with how this whole project has been funded, issues
with the District of Columbia planning entities. But the
overriding imperative to have a central operations center from
which the Secretary can operate and make decisions, as
Secretary Ridge said, is a primary need in this Department. It
is my written testimony. I will not belabor the fact here. A
National Operations Center at a unified Department, operations
and situational awareness, absolute imperative moving forward.
Chairman Carper. All right. Thank you. I think you can
control those passions pretty well. Thank you. Mr. Baker.
Mr. Baker. I would certainly agree with Admiral Allen on
St. Elizabeths. They say in Washington that where you stand
depends on where you sit, and I do think that if DHS components
sit together, they are likely to stand together much better
than they do today. And so to the extent that we can get
everybody in one place, we are much better off.
I, too, am a little reluctant to make suggestions for
changing the details of management in a Department that I left
a few years ago. I think that there are probably some
opportunities with respect to the Quadrennial Homeland Security
Review (QHSR) to turn that from an exercise in which we look at
some very interesting and difficult issues into something that
turns our budget into a multi-year, thoughtful priority-driven
exercise rather than something in which we ask how much money
do we have and what can we cut. And to the extent that
authorizing legislation can move the Quadrennial Homeland
Security Review in the direction of actually influencing budget
decisions, I think that would be an enormously effective way of
dealing with the looming crisis we have with respect to
appropriations for everybody, and making sure that the cuts are
much smarter than they otherwise would be.
Chairman Carper. Thank you.
Before we wrap it up, let me just telegraph my final pitch,
and that is, sometimes when we have a hearing like this, I like
to invite our witnesses just to give a brief closing statement,
just a couple of thoughts that you want to kind of pull
together, just underline a few things and leave those for us. I
would welcome, I think we would welcome that.
Let me just yield to Dr. Coburn for any last comments? OK.
Mr. Baker, do you want to give us a closing thought or two
before we wrap it up?
Mr. Baker. Yes. Nothing has made me prouder or caused me
more frustration than my service at the Department of Homeland
Security. I am deeply fond of the institution, and I believe
that it is making a major contribution to the security of all
Americans. It has changed our approach to the border in ways
that nothing else could have, and that has paid dividends in
almost every terrorist incident that has been planned or
launched against us since 9/11.
We need the Department, but we need it to be better, and we
need it to be more organized, more consolidated, more
coordinated. That is the biggest challenge that the Department
faces. We have gotten by with three great leaders, but we
cannot count on personality-driven unification forever. We need
to institutionalize it.
It is a big challenge, especially with the oversight
authority that exists, but it is a challenge that you have the
support, I am sure, of everyone on this panel in your effort to
accomplish.
Chairman Carper. All right. Thank you, sir. Admiral Allen.
Admiral Allen. Mr. Chairman, in regard to some of the
mission areas that we have talked about today--cybersecurity,
immigration reform, and so forth--a lot of that is going to
necessarily involve the Congress to do that. I sit on the
Advisory Board of the Comptroller General, so I am aware of the
risk areas. Gene Dodaro and I have talked about this before.
I believe when it comes to the internal management of the
Department of Homeland Security, there are adequate authorities
in the Secretary, administrative space to operate. I think
there needs to be a serious discussion about conditions of
employment and a management agenda related to mission support
activities and functional integration in the Department for the
next leadership team moving in. And those ought to be clear and
distinct, and they ought to be enforceable in the budget. And
they ought to be laid out with metrics attached, as Senator
Coburn would probably want.
I do not believe any legislation is needed to take care of
the management improvements that the Department could implement
immediately.
Chairman Carper. All right. Thank you. Governor Ridge.
Mr. Ridge. When you look back on those days when there was
considerable debate in this town as to whether or not we
actually needed a Department of Homeland Security, I remember
my friends on my side of the aisle said we are creating a
brand-new bureaucracy of 180,000 people. And I hopefully
reminded them and they believed me that they were not new jobs;
we were just going to consolidate units of government that
historically had missions related to protecting our borders and
gaining knowledge about the people and the goods that come
across our borders.
Long needed in the 21st century world when the
interdependency of the marketplace, the interdependency of
information sharing for law enforcement purposes, and the
interdependency of countries with regard to security is a part
of our daily lives and how we are going to live. We are
interdependent.
But I think the Congress did the wise thing. I do think
they brought together the right agencies. I think the
Department has evolved and matured, but I am reminded of Sean
O'Keefe's phone call to me after I was announced as being the
President's nominee to be the Secretary of the Department of
Homeland Security. He said, ``Tom, a couple of decades ago, we
saw''--there was a smaller aggregation of responsibilities that
created National Aeronautics and Space Administration (NASA),
and he said, ``Decades later I still see the vestiges of
culture in silos in this entity and in this organization.''
So, one, I do not think we should be surprised that we have
not made as much progress as we all think we need. We are not
as efficient as we need to be. We are not as risk-managed and
risk-based as we need to be. I do not think anything is wrong
with the management structure. I do think there needs to be
efforts to oversee the oversight of that structure to hold both
the Congress and the Department far more accountable for the
outcomes we want.
At the end of the day, I think you have touched on some
very important issues, and I am proud to have spent some time
with these panelists. It is about information sharing. It is
about resiliency. It is about risk-managed approach.
I would hope you can resolve these issues. I realize that,
again, ironically enough, the issues that I just raised are not
necessarily all within the exclusive purview of this Committee,
which speaks to one of the challenges I think the Congress has.
But at the end of the day, I am proud to have been the first
Secretary. I think they have made marvelous progress. I would
like to see some of it accelerated. I am just not convinced
because it got bigger it has gotten better. I do not think it
has. And that has nothing to do with the well-meaning
intentions of the people who go to work there every single day
to make you and me safer and more secure. It just does not have
the kind of collaboration and oversight with the Congress that
I think is absolutely essential.
At the end of the day, the mission is the same at the
Department of Homeland Security. Make our country safe and
secure. Do it in a way that is consistent with the Constitution
and the rule of law. And the big challenge associated with that
has been with us since 2003. But with the Snowden revelations
and the vast impact of the digital world and the cyber world,
that challenge to maintain that privacy of individuals and the
protection of these rights under the Constitution becomes more
complicated for this Committee and for the Congress of the
United States. And I look forward to future invitations to
share my point of view with all of you who are committed to
making a stronger and better Department. And I thank you very
much.
Chairman Carper. It is we who thank you. We thank you for
this day. We thank you for your preparation for this day and
for this conversation, and for your continued service to our
country. I have a closing statement I am going to submit for
the record.\1\
---------------------------------------------------------------------------
\1\ The closing statement of Senator Carper appears in the Appendix
on page 485.
---------------------------------------------------------------------------
And I will just say this: I think some remarkable progress
has been made in the 10 years that has passed. Thank you for
that initial leadership, Tom, as this Department was launched,
and to Admiral Allen and Mr. Baker for your great leadership as
well. This is as much progress as may have been made. There is
clearly more to do. It is not a time to rest on our laurels.
I like to say that everything I do, I know I can do better,
and clearly the same is true in terms of protecting our
homeland.
So we leave here knowing that on this very special day we
have learned a lot of lessons, and I think we have taken a lot
of the appropriate steps to better secure our Nation. But
obviously there is a whole lot more that we can do.
Dr. Coburn gave me a really good idea earlier this year,
and that is that we should do a top-to-bottom review of the
Department and try to figure out how we go about reauthorizing
the Department. He said this is an appropriate time to start
that process. And what you have done today in laying out for us
really a banquet of knowledge, just a font of great ideas, this
is enormously helpful to us in this process. So we thank you
for all that. It is great to see you.
I want to thank our staffs for pulling this hearing
together. You have all done a great job, and we are grateful to
each of you.
With that having been said, the hearing record will remain
open for 15 days until, I think, September 26th at 5 p.m. for
the submission of statements and any questions for the record.
With that, again, our thanks and our thoughts and prayers
for those whose lives we remember today. God bless. Thanks.
We are adjourned.
[Whereupon, at 12 noon, the Committee was adjourned.]
A P P E N D I X
----------
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
[ all]
�