Creating an Information- Sharing Culture for Homeland Security

April 2005
By Henry S. Kenyon, Robert K. Ackerman and Maryann Lawlor
E-mail About the Author

 
Tom Ridge, former secretary of the U.S. Department of Homeland Security (DHS), described the role information plays in homeland security and his experiences in establishing the DHS at AFCEA’s Homeland Security conference.

As the war on terrorism enters its fourth year, experts offer that the U.S. government can congratulate itself for successfully launching a number of bold initiatives to protect national security.

Chief among these achievements is the U.S. Department of Homeland Security (DHS), which was set up in record time under less than ideal circumstances. But now that a new web of organizations is in place, interoperability issues and interdepartmental communications difficulties that were sidelined during the department’s creation are obstacles to the smooth and timely flow of critical intelligence.

Resolving these hurdles to enhance communication and cooperation between all levels of government was the subject of AFCEA International’s fourth homeland security conference, “The New Culture—No More Excuses,” held February 22-23 at the Ronald Reagan International Trade Center, Washington D.C.

Secretary of Health and Human Services Mike Leavitt opened the event by describing his experiences with information sharing in organizations. Noting that the world is entering an era of interoperability that will require people to acquire new skills, he said that a key leadership skill for the future is the ability to collaborate with others to achieve desired objectives. Explaining that collaboration is an organic process often full of failures, Leavitt added that successful efforts are vitally important to governments and economies. Collaboration is “messy, but it works,” he said. 

Leavitt described eight elements based on his experiences that were always present in any successful collaboration. They are a common cause to bring all the stakeholders together, a person respected by all the participants to preside over the process, committed leadership, transparency, a critical mass of stakeholders to move the process along, representatives backed with the respect of their various communities, clearly defined issues to address and a formally written charter.

The conference’s first panel focused on the overlap between information sharing and interoperability and how federal, state and local organizations can best work together. DHS Deputy Director Richard Russell described how the department was created as an information-gathering system to pull data from all levels of government—from local law enforcement to national intelligence systems. He explained the need to create intelligence that is readily available to domestic law enforcement agencies. 

Craig Harber, chief information assurance architect for the National Security Agency, outlined changes in the national security architecture to control access to data, not the system itself. He maintained that operational needs must drive system requirements, necessitating the use of commercial equipment. “You can’t develop a gold-plated solution to solve this problem. You will need commercial systems,” he said.

A star attraction at the conference was the event’s featured speaker, former DHS Secretary Tom Ridge. In his first speech since stepping down as head of the department that he nurtured into existence, Ridge endorsed the conference theme of “No More Excuses” as “demanding and appropriate.” He told an overflow audience about both the challenges that lie ahead and the role that information technologies will play in ensuring homeland security.

“At the heart of what we are doing is information sharing, communication and integration,” Ridge stated. Directing his remarks to the members of the audience who work for information technology companies, the former secretary said, “I’m convinced that, at the end of the day, your engagement with the Department of Homeland Security and its partners will mean as much to homeland security as anything the department does.”

 
Panelists (l-r) Richard Russell, deputy director, DHS; Maj. Gen. Dale Meyerrose, USAF, director of command control systems, North American Aerospace Defense Command, and director of architectures and integration, U.S. Northern Command; Dr. Glen Johnson, director, Office of Verification Operations, U.S. Department of State; Craig Harber, chief information assurance architect, National Security Agency; and Dr. David Boyd, deputy director, Office of Systems Engineering and Development, DHS, discussed information sharing and interoperability.
Among the needed technologies that Ridge cited were those to detect explosives and biological agents; protection technologies such as unmanned aerial vehicles and surveillance sensors that help border personnel perform their mission better; and, above all, technologies that facilitate information sharing. The department is striving to maintain a communications architecture that keeps it at the hub of homeland security activities and avoids the trap of individual federal agencies setting up their own lines of communication with state and local authorities.

Many of these challenges relate directly to the department’s formation. Ridge described how, as part of the consolidation of federal agencies, the department “had a couple of mergers and acquisitions” that, had they taken place in the private sector, would have consumed months of work. The department then had to become “operationally more effective and internally more efficient” while continuing to safeguard the nation, he pointed out.

But the theme that Ridge kept returning to was that everyone is involved in ensuring homeland security. “There is a role for everyone in the United States to play in response to the threat of international terrorism,” he declared. Homeland security is about the integration of the entire country, not just a department or agency.

The day’s second panel examined the private sector’s role in critical infrastructure protection. Panelists spoke about how industry associations and security groups are more responsible for monitoring and protecting facilities and infrastructure in the wake of September 11, 2001. However, this information sharing has its pitfalls. Stephen C. King, a litigation, intellectual property and antitrust counsel with Hunton & Williams LLP, explained that many companies do not provide all of their information to the government because of uncertainty about how proprietary information will be used by third parties. Panelists noted that if the private sector does not move ahead to develop its own information-sharing standards, state and federal governments will develop their own regulations.

Implementing homeland security related initiatives at city, state and county levels was the subject of the day’s last panel. The discussion centered on how different local and regional organizations work together to share information in the event of an emergency. Steve Dubay, director of the Colorado Springs Office of Emergency Management, shared how the city ran a radiological disaster simulation with the U.S. Space Command and the U.S. Geological Survey. Dubay noted that the effort emphasized local information sharing of national and geospatial data for disaster coordination. “Disasters don’t respect jurisdictional boundaries,” he said.

Adm. Timothy J. Keating, USN, led off Wednesday’s presentations with an explanation of how homeland defense activities have changed since September 11. Adm. Keating, who commands both the North American Aerospace Defense Command and U.S. Northern Command (NORTHCOM), emphasized that the terrorist attacks demonstrate that U.S. defense agencies, which traditionally monitored threats from outside U.S. borders, are now keenly aware that they must be watchful for dangers from within the country as well. In addition to being prepared to respond after an attack, national defense requires proactive measures, he said.

 
Adm. Timothy J. Keating, USN, commander, North American Aerospace Defense Command and U.S. Northern Command, explained that the commands do not collect intelligence but rather are proactive in defending the United States and stand ready to support civil authorities.
Since its inception in October 2002, NORTHCOM has established the Standing Joint Force Headquarters–North, which responds immediately to emergencies and assists in high-security events such as the G-8 Summit. The command also has set up a joint force headquarters in the national capital region to address the specific security issues in the area and a joint task force in Texas to deal with illegal drug smuggling as well as terrorist threats.

The admiral explained that the military must be careful about buying new technology as a quick solution because countering threats also involves culture and processes. The U.S. Defense Department must find a way to control its appetite for bandwidth and funding, Adm. Keating said, noting that current resources are sufficient but the services must learn how to use them both effectively and efficiently. One new program that will help NORTHCOM accomplish this task is a portal system that is now being fielded to help military communities share information, he stated.

Members of Wednesday’s first panel delineated the credentialing system changes that will occur during the next several months for federal agency personnel and contractors. Curt Barker, co-chairman of the personal identification verification project, National Institute of Standards and Technology, described how his group had to address increased security, interoperability, privacy and cost as it determined the standard for a common identification card. As envisioned, the cards will include a photograph and two fingerprints and will require a personal identification number to grant both physical and logical access. According to the schedule, the identification system must be implemented by October 25, 2005.

Panelist Mary Dixon, deputy director, Defense Manpower Data Center, described how the Defense Department has undergone a similar identification card overhaul with the Common Access Card (CAC) project. The department will review its current technologies and processes to ensure that the CAC will meet the standard of the federal agency system, she said, but added that the system cannot be federated unless every agency can trust the processes used to issue the cards.

Lt. Gen. James R. Clapper Jr., USAF (Ret.), director, National Geospatial-Intelligence Agency (NGA), opened the Wednesday afternoon session of the conference by explaining how his agency has been transforming to provide warfighters with the tools they need to combat current threats. He pointed out that adversaries today move substantially faster than enemies in the past, so the environmental intelligence that the agency provides is crucial to tracking movements and coordinating precision strikes.

To track as well as to coordinate efforts to capture potential terrorists, the NGA relies heavily on commercial satellite imagery and is investing in two companies that are developing next-generation capabilities. The general’s vision for the agency includes capitalizing on all types of imagery and delivering this intelligence to workstations where users can view the information they need in context.

Panelists discussing information sharing explained how processes are changing within federal agencies to encourage collaboration. Ambassador James Holmes, deputy chief information officer and chief knowledge officer, U.S. Department of State, related that his department recognized that the need to share was as important as the need to know in 1998. Two years ago, the State Department encouraged its units to establish classified Web sites to facilitate information sharing. Holmes said that the State Department plans to have a global system for information sharing in place by 2006 so personnel worldwide can access documents and collaborate in virtual workspaces.

Bill Dawson, deputy chief information officer, intelligence community, and director of the Community Interoperability and Information Sharing Office, stated that information sharing is not an issue or a problem. “We share a lot of information. The problem is sharing the right information with the right person at the right time,” he said. When too much information is pushed to users, analysts are overloaded to the point where it is not constructive, he added. He also called for the capability to get actionable information to the lower echelons.

The final panel of the event highlighted the issues involved in coordinating and using the terrorist watch list. Russell Travers, deputy director for information sharing and knowledge development, National Counterterrorism Center, said great strides have been made since September 11. Information stovepipes are being eliminated, and the database now contains four times the information it had in September 2001. This information is more detailed, he added, and includes aliases and connections between terrorists.

 
Describing the new federal employee and contractor credential program were panelists (l-r) Mary Dixon, deputy director, Defense Manpower Data Center; Judy Spencer, chair, federal identity credentialing, General Services Administration; Neville Pattinson, director of business development, technology and government affairs, Axalto Incorporated; and Curt Barker, co-chairman of the personal identification verification project, National Institute of Standards and Technology.
Rick Kopel, principal deputy director, Terrorist Screening Center, explained that consolidated tracking information allows law enforcement personnel who encounter suspicious individuals to review information and update it after each occurrence. Justin Oberman, assistant administrator, Office of Transportation Vetting and Credentialing, Transportation Security Administration (TSA), said that administration personnel are identifying potential threats every day. He added that in August, the TSA plans to begin introducing a new program with some air carriers that will allow personnel to screen all airline passengers before they board quickly and unobtrusively. The screening technique will be implemented incrementally to all carriers within eight to 14 months after the initial launch.