In the 18 months following the terrorist attacks, the U.S. government has undergone a series of structural changes. At the state and federal levels, efforts are underway to enhance communications and information-sharing infrastructures among agencies and other organizations. Public institutions also have reached out to the private sector to form partnerships designed to protect vital national infrastructures.
The creation of the U.S. Department of Homeland Security brings together 22 government agencies. The need to coordinate this undertaking and the opportunities presented by this shift across all sectors were discussed at AFCEA International’s second homeland security conference titled “Securing America: Challenge and Opportunity,” held February 26-27 at the Ronald Regan International Trade Center, Washington, D.C.
The conference’s first speaker, Mark Holman, public policy adviser, Blank Rome Government Relations LLC, detailed some of the ways the world and government have changed since the terrorist attacks. Holman, who is the former deputy assistant to the president for homeland security, said establishing the Transportation Security Administration was a key step toward travel safety. However, he pointed out that creating the organization has been more like building a ship at sea than like turning a ship at sea.
Other changes include revising the student visa system, designating immediate funding for first-responder support and creating a new mission statement for the Federal Bureau of Investigation (FBI). Collaboration has increased among law enforcement agencies. Information sharing between the FBI and the Central Intelligence Agency (CIA) is much better than it has been historically, and intelligence is moving both horizontally and vertically in these organizations, Holman stated.
James Champy, chairman of Perot Systems Corporation’s consulting practice, and corporate vice president, shared suggestions about how to make the government reorganization under the Homeland Security Department a success. During the morning’s second speech, Champy said that the same principles governing successful corporate mergers apply to government agencies.
“Leaders need to create a new value to everyone involved. No one will come to the table unless there is something in it for them,” Champy said. “In the past, when companies have cut personnel, the people left have a sense of burden, not exhilaration. As the Department of Homeland Security is formed, there will be consolidation, but there can’t be a sense of burden.”
Three principles must guide reorganization, he said. First, thinking must shift toward transparency when information is involved. Rather than protecting all information and deciding what to share, organizations must think in terms of sharing all information then choosing carefully what data must be kept secret. Standardization, the second principle, is paramount. “If we standardize the right stuff, it frees up time to focus on real issues,” Champy stated.
Harmonization in processes is the third basic principle that must guide reorganization. Businesses or government agencies must be interoperable at a high level, which means agreeing to follow a single set of processes, he said.
The conference’s first panel featured representatives from the FBI, CIA and National Security Agency (NSA), who were forthcoming about past and present problems. Larry Castro, coordinator for homeland security support, NSA, offered that the barrier between law enforcement and intelligence agencies primarily is the result of their vastly different cultures. While law enforcement preserves information flow, intelligence-gathering groups are concerned about protecting sources and methods.
John Pistole, deputy assistant director for counterterrorism, FBI, pointed out that the PATRIOT Act greatly facilitates information sharing, and today a triage is performed on data to determine the seriousness of a threat. However, adequate technology is still not in place to share information as quickly as possible.
Panelists agreed that a community strategy for sharing information has not yet been established. The Homeland Security Department will provide the required leadership to accomplish this task. In the interim, the Terrorist Threat Integration Center, a joint project between the FBI and CIA, acts as an analytical forum to allow collaboration, and center personnel can reach into NSA resources.
Speaking at Wednesday’s luncheon, Don Peterson, chief executive officer, Avaya Incorporated, said communications are central for preparedness and crisis response, and it is the commercial sector’s responsibility to protect the infrastructure. Customers and vendors must work together to create solid networks, he offered. Systems must be located in disparate places and be capable of handling balanced communications loads. The problems encountered on September 11, 2001, demonstrated that too many systems were at their full capacity; backup was not created; and contingency plans are necessary, he added.
Peterson offered suggestions to government agencies for the future. “Don’t reinvent the network. Rethink how the network is deployed. Ask for command and control by name, and put it at the forefront in requests for proposals. Challenge your suppliers about their security claims and continuity. You need single, consistent environments,” he advised.
Panelists from Wednesday afternoon’s first session echoed Peterson’s concerns. Local emergency responders must be able to communicate, collaborate and demonstrate, said Christopher David, chief technology officer for the Department of Technology Services, Arlington County, Virginia. “We need to emphasize the process side because the information technology fails if we don’t do that,” David stated at the Emergency Preparedness and Response panel session. It is important to stay at least two steps ahead in planning and three steps ahead in training, he added.
Brenton Greene, deputy manager, National Communications System, pointed out that his organization collaborates with industry to restore networks, but the private sector does the work. State and local organizations are a primary thrust when increasing capabilities. A number of new programs will ensure that first responders will be able to communicate during an emergency.
The terrorist attacks proved that federal response plans work regardless of the cause of the emergency, said Rose Parkes, chief information officer, Federal Emergency Management Agency (FEMA). However, several improvements have been put into place. Disaster management is one of 24 e-government initiatives that will provide an easy-to-use point of access to disaster management information. Project SAFECOM is an interagency initiative to accelerate wireless communications interoperability across federal, state, tribal and local public safety jurisdictions and disciplines.
Dr. William Jeffrey, senior director for research, Office of Science and Technology Policy, Homeland Security Council, outlined three current priorities. First, the Homeland Security Department is developing standards for equipment and testing. During the anthrax attack, different detection devices gave various results. A standard will ensure that the same threshold is being used.
Second, equipment is being sought that is lower in cost but has the same capabilities. Emergency response personnel can use the same equipment the military uses, Jeffrey pointed out, so dual use needs to be leveraged.
Finally, training is a priority. “The first people to respond are likely to be the local agencies. If they don’t train, the equipment may not be used or may be used incorrectly,” Jeffrey said.
Members of Wednesday’s final panel answered questions from the audience about protection against weapons of mass destruction. Panelists agreed that families and corporations should have reasonable plans for emergency situations, natural as well as manmade. For example, they should have a first-aid kit, flashlights and a radio. In addition, family members and company employees should determine where to meet or who to call if an emergency occurs when they are separated.
Panelists were quick to point out that today’s threats are so heterogeneous that one plan cannot address all crises. However, they concurred that getting information to the public is critical so that people can respond appropriately.
Thursday’s session began with a speech by Lt. Gen. Joseph Kellogg Jr., USA, director, command, control, communications and computer systems, J-6, the Joint Staff. The general outlined U.S. Northern Command’s responsibilities for homeland defense and civil support. For the command to be effective, gaps in information awareness must be closed, integrating technology to an unprecedented degree. He noted that this summer, a proof-of-concept system integrating data for the entire command will be launched. It will track incidents and alerts, detecting potential terrorist threats before they occur.
Former Michigan Governor John Engler, president of state and local government solutions and vice president of EDS Federal Government Solutions, spoke about intra-agency and intergovernmental communications and interoperability. He cautioned that federal funding is necessary for state and local security efforts because many states face massive budget shortfalls. While state governments and communities have first-responder capabilities, homeland security needs are putting stress on them. Engler warned that unfunded mandates may become unmet mandates without the government’s help.
The morning panel session dealt with border and transportation security. Robert Perez, director of the Customs-Trade Partnership Against Terrorism, highlighted the Customs Service’s homeland security efforts. The service has begun using automated risk management systems to locate and inspect potentially high-risk shipments. A major effort is the container security initiative, which is designed to extend container screenings out to the world’s major mega ports. Perez noted that the 10 busiest mega ports represent 50 percent of the trade coming into the United States.
Rear Adm. James C. Olson, USCG, director of operation capabilities, U.S. Coast Guard, described the Coast Guard’s Maritime Domain Awareness (MDA) program. MDA creates a common operational picture for the service through an infrastructure that integrates data from sensors and command and control platforms. It will collect, analyze and collate maritime data and distribute it to government and private sector elements. The architecture taps a variety of sources such as the U.S. Defense Department and commercial sector while also providing and sharing information with them. The system offers near-real-time information sharing to identify threats, deploy forces and mitigate vulnerabilities, he said.
Michael Becraft, acting deputy commissioner of the Immigration and Naturalization Service (INS), outlined the INS’ new role as a bureau in the Homeland Security Department. Among the challenges this bureau faces is how to protect the nation better while ensuring the continuity of the INS’ traditional missions. Other issues involve coordinating immigration services and enforcement with existing laws, integrating command and control across the department, creating seamless information-sharing systems and managing the merger of 177,000 employees. “There is no room to drop the ball,” he warned.
Luncheon speaker John Chambers, president and chief executive officer of Cisco Systems, outlined how the new threat environment has increased security concerns for computer networks. Addressing conference attendees via a live interactive telecast from California, Chambers explained that it is important to share information and technology across groups, such as government agencies. He added that security must move from closed networks to open systems because, although the old systems were considered secure, most attacks come from within. However, this creates challenges because intelligent information networks must be able to work with each other to identify attacks and intrusions.
The first afternoon session focused on protecting critical infrastructure and other key assets. Panel moderator Andy Purdy, senior adviser for information technology security and privacy, and deputy to the vice chair of the President’s Critical Infrastructure Advisory Board, noted that it is easy to forget about cyberspace when there is so much concern about physical terrorism. He added that a major cyberattack against the nation’s critical infrastructure may occur before action is taken.
The need for government to use industry to protect national infrastructures was discussed by Lt. Col. Kenneth Watson, USMC (Ret.), president, Partnership for Critical Infrastructure Security, and manager of critical infrastructure assurance at Cisco Systems. The colonel explained that, to enhance critical infrastructure assurance, the government must lead meetings to facilitate standards, fund research and raise awareness. Service providers need to promote the use of security features, monitor traffic flow and develop an incident response system. Additionally, vendors must provide default security features on their products, improve product development, create new technologies and develop operational best practices.
Dealing with connectivity conundrums for providing information technology for the Homeland Security Department was the final panel’s topic. Lt. Gen. Harry D. Raduege Jr., USAF, director of the Defense Information Systems Agency, highlighted similarities between Defense Department information technology efforts and those of the Homeland Security Department. He noted that the need for joint operations in the military parallels the new department’s need to communicate with other government agencies. Similar requirements exist for collaborative tools such as digital whiteboards, chat systems, file and desktop sharing mechanisms to provide common operational tools.
William P. Crowell, consultant and special adviser to the chairman and chief executive officer of SafeNet Incorporated, outlined the necessity of establishing working guidelines to balance privacy against the government’s access to information. The first goal is to maintain the constitutional rule to avoid any unreasonable searches. He added that access to private information should be controlled and rules instituted for searching government databases.