This is the accessible text file for GAO report number GAO-05-33 entitled 'Homeland Security: Agency Plans, Implementation, and Challenges Regarding the National Strategy for Homeland Security' which was released on February 14, 2005. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Chairman, Subcommittee on National Security, Emerging Threats, and International Relations, Committee on Government Reform, House of Representatives: United States Government Accountability Office: GAO: January 2005: Homeland Security: Agency Plans, Implementation, and Challenges Regarding the National Strategy for Homeland Security: GAO-05-33: GAO Highlights: Highlights of GAO-05-33, a report to the Chairman, Subcommittee on National Security, Emerging Threats, and International Relations, Committee on Government Reform, House of Representatives: Why GAO Did This Study: The National Strategy for Homeland Security sets forth a plan to improve homeland security through the cooperation of federal, state, local, and private sector organizations on an array of functions. These functions are organized into the six distinct “critical mission areas” of (1) intelligence and warning, (2) border and transportation security, (3) domestic counterterrorism, (4) protecting critical infrastructures and key assets, (5) defending against catastrophic threats, and (6) emergency preparedness and response. Within each of these mission areas, the strategy identifies “major initiatives” to be addressed. In all, the strategy cites 43 initiatives across the six mission areas. GAO reviewed the strategy’s implementation to: * determine whether its initiatives are being addressed by key departments’ strategic planning and implementation activities, whether the initiatives have lead agencies identified for their implementation, and whether the initiatives were being implemented in fiscal year 2004 by such agencies and * identify ongoing homeland security challenges that have been reflected in GAO products since September 11, 2001, by both mission area and issues that cut across mission areas. What GAO Found: Key federal departments—Defense (DOD), Energy (DOE), Health and Human Services (HHS), Homeland Security (DHS), Justice (DOJ), and State—have addressed the strategy’s 43 initiatives to some extent in their strategic planning and implementation activities. All 43 of the initiatives were included in some of the planning or implementation activities of at least one of these six departments. Most of the initiatives (42 of the 43) also had departments identified as the lead agencies for their implementation, which helps to ensure accountability for implementation. However, many of these 42 initiatives had multiple lead agencies, indicating that interagency coordination of roles and activities will be important, particularly on those initiatives involving domestic counterterrorism and critical infrastructure protection. All of the initiatives were being implemented in fiscal year 2004 by at least one department. While GAO determined that implementation was occurring, it did not assess the status or quality of the various departments’ implementation of the initiatives. While departments have incorporated these initiatives into their planning and implementation activity, the United States faces significant challenges in fully implementing the strategy in a coordinated and integrated manner. Some of the most difficult challenges being confronted are those that cut across the various critical mission areas, such as balancing homeland security funding needs with other national requirements, improving risk management methods for resource allocation and investments, developing adequate homeland security performance measures, developing a national enterprise architecture for homeland security, and clarifying the roles and responsibilities among the levels of government and the private sector. GAO has also identified a large diversity of other challenges in each of the six critical mission areas since September 11. Proposed Fiscal Year 2005 Homeland Security Funding by Agency (budget authority in millions of dollars): [See PDF for image] [End of figure] www.gao.gov/cgi-bin/getrpt?GAO-05-33. To view the full product, including the scope and methodology, click on the link above. For more information, contact Norman J. Rabkin (202) 512-3610 or rabkinn@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: Scope and Methodology: Agency Plans, Implementation, and Challenges: Concluding Observations: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, and Methodology: Appendix II: Intelligence and Warning: Definition and Major Initiatives: Agencies with Major Roles in Intelligence and Warning: Alignment of Department Activities with the Major Initiatives: Challenges in Intelligence and Warning: Appendix III: Border and Transportation Security: Definition and Major Initiatives: Agencies with Major Roles in Border and Transportation Security: Alignment of Department Activities with the Major Initiatives: Challenges in Border and Transportation Security: Border Security: Transportation Security: Appendix IV: Domestic Counterterrorism: Definition and Major Initiatives: Agencies with Major Roles in Domestic Counterterrorism: Alignment of Department Activities with the Major Initiatives: Challenges in Domestic Counterterrorism: Appendix V: Protecting Critical Infrastructures and Key Assets: Definition and Major Initiatives: Agencies with Major Roles in Critical Infrastructure Protection: Alignment of Department Activities with the Major Initiatives: Challenges in Critical Infrastructure Protection: Appendix VI: Defending Against Catastrophic Threats: Definition and Major Initiatives: Agencies with Major Roles in Defending against Catastrophic Threats: Alignment of Department Activities with the Major Initiatives: Challenges in Defending Against Catastrophic Threats: Appendix VII: Emergency Preparedness and Response: Definition and Major Initiatives: Agencies with Major Roles in Emergency Preparedness and Response: Alignment of Department Activities with the Major Initiatives: Challenges in Emergency Preparedness and Response: Appendix VIII: Crosscutting Issues: Crosscutting Challenges: Appendix IX: Department Summary Across Critical Mission Areas: Appendix X: Homeland Security Presidential Directives: Appendix XI: Comments from the Department of Defense: GAO Comment: Appendix XII: Comments From the Department of Health and Human Services: GAO Comment: Appendix XIII: Comments From the Department of Homeland Security: GAO Comment: Appendix XIV: Comments From the Department of Justice: GAO Comments: Appendix XV: GAO Contacts and Staff Acknowledgments: GAO Contacts: Staff Acknowledgments: Related GAO Products: Tables: Table 1: Department Leadership, Planning, or Implementation Activity in the Intelligence and Warning Mission Area's Five Initiatives: Table 2: Department Leadership, Planning, or Implementation Activity in the Border and Transportation Security Mission Area's Six Initiatives: Table 3: Department Leadership, Planning, or Implementation Activity in the Domestic Counterterrorism Mission Area's Six Initiatives: Table 4: Department Leadership, Planning, or Implementation Activity in the Critical Infrastructure Protection Mission Area's Eight Initiatives: Table 5. Department Leadership, Planning, or Implementation Activity in the Defending Against Catastrophic Threats Mission Area's Six Initiatives: Table 6: Department Leadership, Planning, or Implementation Activity in the Emergency Preparedness and Response Mission Area's Twelve Initiatives: Table 7: Detailed Department Leadership and Planning/Implementation Activities in the Intelligence and Warning Mission Area's Five Initiatives: Table 8: Detailed Department Leadership and Planning/Implementation Activities in the Border and Transportation Mission Area's Six Initiatives: Table 9: Detailed Department Leadership and Planning/Implementation Activities in the Domestic Counterterrorism Mission Area's Six Initiatives: Table 10: Detailed Department Planning/Implementation Activities in the Protecting Critical Infrastructures and Key Assets Critical Mission Area's Eight Initiatives: Table 11: Detailed Department Planning/Implementation Activities in the Defending Against Catastrophic Threats Mission Area's Six Initiatives: Table 12: Detailed Department Planning/Implementation Activities in the Emergency Preparedness and Response Mission Area's Twelve Initiatives: Table 13: Summary of Department Leads, Planning, and Implementation across the Six Critical Mission Areas of the National Strategy for Homeland Security: Figures: Figure 1: Proposed Fiscal Year 2005 Homeland Security Funding by Critical Mission Area: Figure 2: Proposed Fiscal Year 2005 Homeland Security Funding by Department: Figure 3: The Five Threat Levels of the Homeland Security Advisory System: Figure 4: Proposed Fiscal Year 2005 Homeland Security Funding for Intelligence and Warning: Figure 5: U.S. Customs and Border Patrol Marine Officers on the Waters of the Rio Grande, along the United States and Mexico Border: Figure 6: Proposed Fiscal Year 2005 Homeland Security Funding for Border & Transportation Security: Figure 7: An FBI Evidence Response Team in Action at the Scene of a Terrorism-Related Exercise: Figure 8: Proposed Fiscal Year 2005 Homeland Security Funding for Domestic Counterterrorism: Figure 9: A U.S. Immigration and Customs Enforcement Helicopter Patrols the Skies over the Nation's Capital: Figure 10: Proposed Fiscal Year 2005 Homeland Security Funding for Critical Infrastructure Protection: Figure 11: First Responders Practice Emergency Decontamination: Figure 12: Proposed Fiscal Year 2005 Homeland Security Funding for Defending Against Catastrophic Threats: Figure 13: Hazardous Materials Response Unit in Action at an Exercise: Figure 14: Proposed Fiscal Year 2005 Homeland Security Funding for Emergency Preparedness: Abbreviations: APHIS: Animal and Plant Health Inspection Service: ATSA: Aviation and Transportation Security Act: CAPPS: Computer-Assisted Passenger Prescreening Program: CBP: Customs and Border Patrol: CBRN: chemical, biological, radiological, or nuclear: CIA: Central Intelligence Agency: CIP: Critical Infrastructure Protection: CSI: container security initiative: C-TPAT: Customs-Trade Partnership against Terrorism: CWC: Chemical Weapons Convention: DBT: design basis threat: DHS: Department of Homeland Security: DIA: Defense Intelligence Agency: DOD: Department of Defense: DOE: Department of Energy: DOJ: Department of Justice: EPA: Environmental Protection Agency: FBI: Federal Bureau of Investigation: FPS: Federal Protective Service: GAO: Government Accountability Office: GPRA: Government Performance and Results Act: GSA: General Services Administration: HHS: Department of Health and Human Services: HSAS: Homeland Security Advisory System: HSC: Homeland Security Council: HSPD: Homeland Security Presidential Directive: IAIP: Information Analysis and Infrastructure Protection: ICE: Immigration and Customs Enforcement: IT: information technology: MANPADS: Man-Portable Air Defense System: MTSA: Maritime Transportation Security Act: NIH: National Institutes of Health: NCR: National Capital Region: NMLS: National Money Laundering Strategy: NNSA: National Nuclear Security Administration: NRC: Nuclear Regulatory Commission: NSPD: National Security Presidential Directive: ODP: Office of Domestic Preparedness: OJP: Office of Justice Programs: OMB: Office of Management and Budget: PDD: Presidential Decision Directive: PSV: post-shipment verification: UAV: unmanned aerial vehicle: USDA: United States Department of Agriculture: USPS: United States Postal Service: US-VISIT: United States Visitor and Immigrant Status Indicator: VA: Veterans Administration: WMD: weapons of mass destruction: SSN: Social Security Number: TSA: Transportation Security Act: TTIC: Terrorist Threat Integration Center: United States Government Accountability Office: Washington, DC 20548: January 14, 2005: The Honorable Christopher Shays: Chairman, Subcommittee on National Security, Emerging Threats, and International Relations: Committee on Government Reform: House of Representatives: Dear Mr. Chairman: In an effort to increase homeland security following the September 11, 2001, terrorist attacks on the United States, President Bush issued the National Strategy for Homeland Security in July 2002 and signed legislation creating the Department of Homeland Security (DHS) in November 2002.[Footnote 1] The strategy sets forth overall objectives to prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, and minimize the damage and assist in the recovery from attacks that may occur. To accomplish these overall objectives, the strategy describes six critical mission areas and 43 initiatives. Since the strategy was issued, the President has also issued additional documents--known as Homeland Security Presidential Directives (or HSPDs)--that provide more detailed guidance on the mission areas and initiatives. The creation of DHS, which began operations in March 2003, represents a fusion of 22 federal agencies to coordinate and centralize the leadership of many homeland security activities under a single department. In addition to DHS, the Departments of Defense (DOD), Energy (DOE), Health and Human Services (HHS), Justice (DOJ), and State play an important role in implementing the strategy. These six key departments represent 94 percent of proposed federal spending for homeland security in fiscal year 2005. With the strategy now more than 2 years old, and DHS more than a year old, you asked that we review the implementation of the strategy and organize our work by critical mission area. In response, we have: * determined whether the initiatives in the strategy were being addressed by the key department's strategic planning and related activities; whether the initiatives had "lead" agencies identified for their implementation, and whether multiple departments were implementing the initiatives in fiscal year 2004; and: * identified homeland security challenges as reflected in our products since September 11, 2001, by both mission area and issues that cut across mission areas. This report establishes one framework from which to assess federal department implementation of the National Strategy for Homeland Security. Since agency homeland security activities are ongoing, this report is intended to identify a baseline from which to assess progress toward meeting homeland security objectives. In this report, we first provide the proposed fiscal year 2005 homeland security-related budget by mission area and department. Then, we discuss the homeland security planning and implementation activities of the six departments under review, as well as remaining homeland security challenges, by mission area. The appendixes that follow provide more detailed assessments of each of these sections and are also arranged by mission area. (See app. I for more information on the scope and methodology.) Further, this report should be considered in the context of several companion efforts to provide baseline information. In February 2004, we testified on the desired characteristics of national strategies and whether various strategies--including the National Strategy for Homeland Security-- contained those desired characteristics.[Footnote 2] In March, we summarized strategic homeland security recommendations made by congressionally chartered commissions and us.[Footnote 3] We organized this analysis by critical mission area, as defined in the strategy. In July, we reported on our recommendations to DHS and the department's progress in implementing such recommendations.[Footnote 4] We organized this analysis by DHS directorate or division. In September, we compared 9/11 Commission recommendations with those of the National Strategy for Homeland Security and the National Strategy to Combat Terrorism. We also provided a preliminary analysis of department planning and implementation activities with respect to the six mission areas.[Footnote 5] Together, these baseline efforts are intended to aid congressional oversight of federal homeland security activities. Results in Brief: Key federal departments have addressed the strategy's initiatives in their strategic planning and implementation activities. All 43 initiatives indicated in the strategy were included in the activities of at least one of the six departments we reviewed. For most of the initiatives (42 of 43), the strategy or HSPDs identified lead agencies, thereby helping to ensure accountability for implementation. All 43 initiatives were being implemented in fiscal year 2004 by at least one department. Thirty-three of the 43 initiatives (77 percent) were being planned or implemented by 3 or more departments. While we determined that implementation was occurring, we did not assess the status or quality of the various departments' implementation of the initiatives. While departments have incorporated these initiatives into their planning and implementation activity, the United States still faces significant challenges in implementing the strategy in a well coordinated and integrated manner. A review of our products since September 11, 2001, shows that some of the most difficult challenges being confronted are those that cut across the various critical mission areas. These challenges include: * balancing homeland security needs with other national requirements, * improving risk management methods for resource allocation and investments, * developing adequate homeland security performance measures, * clarifying the roles and responsibilities among the levels of government and the private sector, and: * developing a national blueprint--called an enterprise architecture-- to help integrate different organization's efforts to improve homeland security. In addition to these and other crosscutting challenges, we have identified a large diversity of challenges related specifically to each of the six mission areas described in the strategy and provide details on them in the remainder of the report. We provided a draft of this report to DHS, DOD, DOE, DOJ, HHS, State, and the Homeland Security Council for comment. All except State and the Homeland Security Council provided comments, which generally consisted of technical comments that we incorporated as appropriate. None of the departments disagreed with the substance of the report. Background: The National Strategy for Homeland Security sets out a plan to improve homeland security through the cooperation and partnering of federal, state, local, and private sector organizations on an array of functions.[Footnote 6] The strategy organizes these functions into six critical mission areas:[Footnote 7] * Intelligence and Warning involves the identification, collection, analysis, and distribution of intelligence information appropriate for preempting or preventing a terrorist attack. * Border and Transportation Security emphasizes the efficient and reliable flow of people, goods, and material across borders while deterring terrorist activity. * Domestic Counterterrorism focuses on law enforcement efforts to identify, halt, prevent, and prosecute terrorists in the United States. * Protecting Critical Infrastructure and Key Assets stresses securing the nation's interconnecting sectors and important facilities, sites, and structures. * Defending Against Catastrophic Threats emphasizes the detection, deterrence, and mitigation of terrorist use of weapons of mass destruction. * Emergency Preparedness and Response highlights damage minimization and recovery from terrorist attacks. Since the strategy was issued in July 2002, the President has also issued 12 HSPDs that provide additional guidance related to these mission areas. For example, HSPD-4 focuses on defending against catastrophic threats and HSPD-7 focuses on protecting critical infrastructure. These HSPDs provided some of the details that were not in the strategy, particularly with respect to agency roles and milestones. See appendix X for a complete list and description of these HSPDs. The strategy also identifies the major initiatives to be addressed within each of these six mission areas. For example, within the Intelligence and Warning mission area, 5 initiatives are indicated: (1) enhancing the analytic capabilities of the FBI; (2) building new capabilities through the Information Analysis and Infrastructure Protection Directorate of DHS; (3) implementing the Homeland Security Advisory System; (4) utilizing dual-use analysis to prevent attacks; and (5) employing "red team" techniques.[Footnote 8] Within the Border and Transportation Security mission area, 6 initiatives are cited: (1) ensuring accountability in border and transportation security, (2) creating "smart borders", (3) increasing the security of international shipping containers, (4) implementing the Aviation and Transportation Security Act of 2001, (5) recapitalizing the U.S. Coast Guard, and (6) reforming immigration services. In all, the strategy cites 43 initiatives across the six mission areas. See appendix IX for a complete list of all the initiatives by mission area. The latest available funding data from the Office of Management and Budget (OMB) for the six mission areas is illustrated in figure 1. Figure 1: Proposed Fiscal Year 2005 Homeland Security Funding by Critical Mission Area: [See PDF for image] Note: Budget authority in millions of dollars. [End of figure] The National Strategy for Homeland Security specifies a number of federal departments, as well as nonfederal organizations, that have important roles in implementing the mission areas and related initiatives. In terms of federal departments, DHS is intended to have a prominent role in implementing all of the mission areas. Other key federal departments specified in the strategy include, in alphabetical order, the Department of Defense, the Department of Energy, the Department of Health and Human Services, the Department of Justice, and the Department of State (State). These departments have their own strategic plans, which indicate how they will implement their homeland security programs (as well as other programs unrelated to homeland security). Together, DHS and these other five departments constitute 94 percent of the proposed $47.4 billion budget for homeland security- related activities in fiscal year 2005. OMB did not report funding for the Central Intelligence Agency (CIA) although it has activities related to the Intelligence and Warning mission area. As explained further in appendix II, we did not include the CIA in our analysis because of the lack of funding data and because the strategy provides little discussion of the agency. Figure 2 shows the proposed fiscal year 2005 funding for these departments as well as the proposed homeland security funding for all other agencies. Figure 2: Proposed Fiscal Year 2005 Homeland Security Funding by Department: [See PDF for image] Notes: Budget authority in millions of dollars. [End of figure] Other agencies includes the Departments of Agriculture ($651 million), Veterans Affairs ($297 million), Transportation ($243 million), Commerce ($150 million), and Treasury ($87 million), as well as the National Science Foundation ($344 million), National Aeronautics and Space Administration ($207 million), Social Security Administration ($155 million), Environmental Protection Agency ($97 million), U.S. Army Corps of Engineers ($84 million), General Services Administration ($80 million), and several smaller agencies. Additionally, OMB reported the Intelligence Community figure in aggregate; it did not break it out by individual departments (e.g., Central Intelligence Agency). The National Strategy for Homeland Security and the related HSPDs typically identify a specific federal department as being a "lead" agency for specific initiatives. However, the language varies in precision. In some cases, the documents use clear language to identify which department will lead efforts across the government. In other cases, the lead is more implied than stated. Sometimes, more than one department is identified as a lead agency--which can occur because some of the initiatives in the strategy are large in scope, and different departments lead different parts of the initiatives. The identification of lead agency is important in order to specify which agencies are accountable for the implementation of the initiatives, particularly if implementation requires the efforts of several different agencies exercising different statutory authorities. By clearly identifying the lead agency, the strategies and the HSPDs enable the federal, state, local, and private stakeholders to determine who is responsible and accountable for the implementation, and thus more effectively direct their inquiries and integrate their own actions, particularly where multiagency coordination is required. See appendix IX for a complete list of the initiatives and the departments identified as lead agencies. Congress, because of concerns about terrorism in recent years, chartered four commissions to examine terrorist threats and the government's response to such threats, as well as to make recommendations to federal, state, local, and private organizations. These national commissions included the following: * The Bremer Commission: the National Commission on Terrorism, chaired by Ambassador Paul Bremer, which issued its report in June 2000. * The Gilmore Commission: the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, chaired by Governor James S. Gilmore, III, which issued its final report in December 2003. * The Hart-Rudman Commission: the U.S. Commission on National Security/ 21st Century, chaired by Senators Gary Hart and Warren B. Rudman, which issued its final report in February 2001. * The 9/11 Commission: the National Commission on Terrorist Attacks upon the United States, chaired by Governor Thomas H. Kean, which issued its final report in July 2004. Scope and Methodology: To determine whether the key federal departments addressed strategy initiatives in their planning and implementation activity, we identified the 43 major initiatives and the six key federal departments for review. We evaluated each department's high-level strategic planning documents related to homeland security to determine if they had planning or implementation activities related to each initiative. To satisfy the planning and implementation criteria, we generally required departments to provide documentary support for one such activity, per initiative. Where classified or undocumented activities were involved, we worked with department officials to verify the activity. We provided the results of our analyses to planning officials from the various departments for their verification. Additionally, we reviewed the language in the strategy and HSPDs to determine which departments had been identified as lead agencies in implementing the initiatives. In some cases, the leadership language was clear; in other cases, it was less precise or implied. We were then able to determine whether departments demonstrated planning or implementation activities in both lead and nonlead initiatives. Our analysis is necessarily a snapshot of activity as of particular points in time. The agencies reviewed provided us with information as to their planning and implementation as of various dates, including fiscal year 2004. We recognize that the agencies continue to plan and implement their strategies and programs and have and may continue to progress beyond the status portrayed in this analysis. Finally, our work did not assess the status or quality of the work being planned or implemented. To determine homeland security challenges facing the nation, we reviewed our reports issued since September 11. This included over 250 products cutting across the gamut of homeland security activities. We summarized and categorized the challenges by critical mission area and subtopic where appropriate (e.g., the Border and Transportation Security mission area was subdivided into border security and transportation security). While our summary is limited to challenges we identified, we have noted in the text where the congressionally chartered commissions have raised similar issues. We recognize that these commissions, Congress, the executive branch, and other organizations have identified additional challenges in each of the mission areas. We conducted our work between February and November 2004 in accordance with generally accepted government auditing standards. For more details on our objectives, scope, and methodology, see appendix I. Agency Plans, Implementation, and Challenges: The following sections provide summaries of each mission area, as well as issues that cut across all six mission areas. These summaries include an analysis of federal departments' strategic planning and implementation activities and the challenges faced by these departments and the nation as a whole. Intelligence and Warning: The strategy identifies five initiatives under the Intelligence and Warning mission area. All of the initiatives are covered by at least two departments planning or implementation activities (see table 1). Examples include DOJ and DOE activities to enhance the analytic capabilities of the Federal Bureau of Investigation (FBI); DHS, State, and DOE activities to utilize dual-use analysis to prevent attacks; and DHS, DOD, and DOE activities to employ red-team techniques. Four of the five initiatives have a department identified as a lead agency. Neither the strategy nor the HSPDs identified a lead agency on the fifth initiative, which relates to the employment of red-team techniques. According to DHS strategic planning officials, it is important that a number of agencies conduct red-team techniques to test their own specific programs, so no agency would necessarily have the overall lead. See appendix II for a more detailed discussion on the implications of not having an overall lead agency identified for red- team techniques. For this mission area, the lead agency specifications are clear (rather than implied), and there are no multiple leads on any of the initiatives. All five initiatives were being implemented in fiscal year 2004 as reported by two or more departments (see table 7). DHS and DOJ cited 2004 implementation activity for each of the initiatives for which they were identified as lead agencies. Table 1: Department Leadership, Planning, or Implementation Activity in the Intelligence and Warning Mission Area's Five Initiatives: [See PDF for image] [End of table] Refer to appendix II for more specific details regarding department planning and implementation activities, including a discussion of fiscal year 2004 implementation. As explained further in appendix II, we did not include CIA in our analysis because of the lack of funding data and because the strategy provides little discussion of the agency. Our work in the Intelligence and Warning mission area since 2001 has highlighted a number of challenges that need to be addressed. Many of these challenges are directly related to initiatives in this mission area. These challenges include: * improving analysis capabilities at the FBI through better strategic information management, * developing productive information-sharing relationships among the federal government and state and local governments and the private sector, * overcoming the limitations in the sharing of classified national security information across sectors, * ensuring that the private sector receives better information on potential threats, * consolidating watch lists to promote better information and sharing, and: * maintaining a viable and relevant homeland security advisory system. These challenges are discussed in greater detail in appendix II. Many of these challenges were also discussed by one or more of the Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions. Border and Transportation Security: There are six initiatives under the Border and Transportation Security mission area. All of the initiatives are covered by at least two departments' planning or implementation activities (see table 2). Examples include DHS, DOD, HHS, State, and DOE activities to ensure accountability in border and transportation security; DHS, DOD, State, and DOE activities to increase the security of international shipping containers; and DHS, DOJ, and State activities to reform immigration services. All six initiatives have a department identified as a lead agency. One initiative (i.e., creating smart borders) has multiple lead agencies identified in the strategy and HSPDs. DHS is a lead on the most initiatives: a clear lead on two initiatives and an implied lead on four other initiatives. All six initiatives were being implemented in fiscal year 2004 as reported by one or more departments (see table 8). DHS and State cited 2004 implementation activity in each of the initiatives for which they were identified as leads. DOJ had been identified as a lead agency with respect to creating smart borders and reforming immigration services, but with the transfer of the Immigration and Naturalization Service to DHS, DOJ officials indicated that the department was no longer serving as a lead on that initiative. Table 2: Department Leadership, Planning, or Implementation Activity in the Border and Transportation Security Mission Area's Six Initiatives: [See PDF for image] [End of table] Refer to appendix III for more specific details regarding department planning and implementation activities, including a discussion of fiscal year 2004 implementation. Border and Transportation Security is another mission area where our work has indicated there are challenges to be addressed. Again, many of these challenges are directly related to initiatives in this mission area. These challenges include: * striking an acceptable balance between security and the flow of commercial activity, travel, and tourism; * processing people at our nation's land ports of entry and determining the proper role of biometric technologies for security applications; * deploying the best available technologies for detecting radioactive and nuclear materials at U.S. ports of entry; * developing a clear and comprehensive policy on the use of visas as an antiterrorism tool and improving the management and oversight of programs to track visitors; * implementing an effective system to prescreen passengers prior to their arrival at the airport, as well as achieving and sustaining improvements in airline passenger and baggage screening; and: * strengthening perimeter security at airports and countering the threat of hand-held missiles to commercial aviation. These and other challenges are discussed in greater detail in appendix III. Many of these challenges were also discussed by one or more of the Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions. Domestic Counterterrorism: The Domestic Counterterrorism mission area has six initiatives. All of the initiatives are covered by at least one department's planning or implementation activities (see table 3). Examples include DHS, DOJ, DOD, HHS, and DOE activities to improve intergovernmental law enforcement coordination; DHS, DOJ, DOD, and State activities to facilitate apprehension of potential terrorists; and DHS, DOJ, and State activities to target and attack terrorist financing. Each of the six initiatives has a department that is identified as a lead agency. All indicated leads from the strategy and HSPDs are clear leads. For three of the six initiatives, multiple departments have been identified as leads. All 6 initiatives were being implemented in fiscal year 2004 as reported by one or more departments (see table 9). DOJ cited 2004 implementation activity on each of the six initiatives for which it was identified as a lead. DHS and State also cited implementation activity on all initiatives for which they were identified as lead agencies. Table 3: Department Leadership, Planning, or Implementation Activity in the Domestic Counterterrorism Mission Area's Six Initiatives: [See PDF for image] [End of table] Refer to appendix IV for more specific details regarding department planning and implementation activities, including a discussion of fiscal year 2004 implementation. Domestic Counterterrorism is another mission area where our recent work has highlighted continuing challenges. These challenges threaten to undermine law enforcement agencies' ability to aggressively detect, deter, prevent, eradicate, and adjudicate terrorist activity. These challenges include: * transforming the FBI from an investigative organization into a proactive entity focused on detecting and preventing terrorist activity, * modifying the FBI's related workforce and business practices to focus on counterterrorism and intelligence-related priorities, * improving interagency coordination to leverage existing law enforcement resources to investigate money laundering and terrorist financing, * monitoring the use of alternate financing mechanisms by terrorists, * identifying and apprehending terrorists already present in the United States, and: * recognizing counterfeit documentation and the use of identity fraud at U.S. borders and other security checkpoints. These challenges are discussed in greater detail in appendix IV. Many of these challenges were also discussed by one or more of the Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions. Protecting Critical Infrastructures and Key Assets: The strategy identifies eight initiatives under the Protecting Critical Infrastructures and Key Assets--commonly referred to as Critical Infrastructure Protection (CIP)--mission area. All of the initiatives are covered by at least four departments' planning or implementation activities (see table 4). Examples include DHS, DOJ, DOD, HHS, and DOE activities to unify America's infrastructure protection effort in DHS; DHS, DOD, HHS, and DOE activities to develop a national infrastructure protection plan and, all six departments' activities to secure cyberspace. Each of the eight initiatives has a department identified as a lead agency. In the case of five of the eight initiatives, the leads are clear; only in the case of three initiatives (i.e., enabling effective partnership with state and local governments and the private sector, securing cyberspace, and partnering with the international community to protect our transnational infrastructure) are there implied leads. For three of the eight initiatives, multiple lead agencies have been identified. For example, DOD, HHS, and DOE are all sector leads on the same initiative--building and maintaining a complete and accurate assessment of America's critical infrastructure and key assets. These departments have the sector leads as follows, DOD for defense industrial base, HHS for public health, and DOE for the energy sector. All eight initiatives were being implemented in fiscal year 2004 as reported by two or more departments (see table 10). DHS, DOD, HHS, State, and DOE cited implementation activity on all initiatives for which they were identified as lead agencies. Table 4: Department Leadership, Planning, or Implementation Activity in the Critical Infrastructure Protection Mission Area's Eight Initiatives: [See PDF for image] [End of table] Refer to appendix V for more specific details regarding department planning and implementation activities, including a discussion of fiscal year 2004 implementation. Our work related to CIP has identified several challenges. Overcoming the challenges presented in this mission area is made even more difficult because increasing the security of one type of target, such as aircraft or federal buildings, increases the possibility that terrorists may choose another type of target, such as trains or ports. The challenges include: * refining the federal government's role in managing CIP; * developing a comprehensive and coordinated national CIP plan that delineates the roles, defines interims objectives and milestones, sets time frames, and establishes performance measures; * developing productive information-sharing relationships within the federal government and among federal, state, and local governments and the private sector; * improving the federal government's capabilities to analyze incident, threat, and vulnerability information related to critical infrastructures and key assets; * improving the security of government facilities through a variety of methods, including better training and procedures to detect counterfeit documents and identity fraud; and: * analyzing the strengths, interdependencies, and vulnerabilities of several specific industries, including the financial services sector, the shipping and postal system, drinking water, agriculture, the chemical industry, nuclear power plants, and nuclear weapons sites. These challenges are discussed in greater detail in appendix V. Many of these challenges were also discussed by one or more of the Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions. Defending Against Catastrophic Threats: There are six initiatives under the Defending against Catastrophic Threats mission area. All of the initiatives are covered by at least two departments' planning or implementation activities (see table 5). Examples include DHS, DOD, State, and DOE activities to prevent terrorist use of nuclear weapons through better sensors and procedures; DHS, DOD, HHS, and DOE activities to detect chemical and biological materials and attacks; and DHS, DOD, HHS, State, and DOE activities to harness the scientific knowledge and tools to counter terrorism. Each of the six initiatives has a department identified as a lead agency. On half the initiatives, multiple departments have been identified as leads. In the case of three initiatives, the leads are clear; in the case of the remaining three initiatives, several leads are implied. All six initiatives were being implemented in fiscal year 2004 as reported by one or more departments (see Table 11). DHS cited implementation activity in five of the six initiatives for which it was identified as a lead. It is not yet implementing the Select Agent Program. DOD, HHS, State, and DOE cited implementation activity on all the initiatives for which they were identified as the lead agency. Table 5: Department Leadership, Planning, or Implementation Activity in the Defending Against Catastrophic Threats Mission Area's Six Initiatives: [See PDF for image] [End of table] Refer to appendix VI for more specific details regarding department planning and implementation activities, including a discussion of fiscal year 2004 implementation. The challenges the nation faces in defending itself against catastrophic threats--such as the terrorist use of chemical, biological, radiological, or nuclear (CBRN) weapons--are quite broad and could have devastating consequences if not effectively addressed. Our recent work in this mission area has highlighted challenges that include: * strengthening efforts to keep weapons of mass destruction (WMD) and dual-use items (items having both commercial and military applications) out of the hands of terrorists, * controlling the sale of excess items that can be used to produce and deliver biological agents, and: * designating lead agencies for setting priorities for information systems related to terrorism. These challenges are discussed in greater detail in appendix VI. Many of these challenges were also discussed by one or more of the Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions. Emergency Preparedness and Response: For the Emergency Preparedness and Response mission area, the strategy identifies 12 initiatives. All of the initiatives are covered by at least two departments' planning or implementation activities (see table 6). Examples include DHS, DOD, HHS, and DOE activities to create a national incident management system; DHS and HHS activities to enable seamless communications among all responders; and, DHS, DOD, HHS, and DOE activities to augment America's pharmaceutical and vaccine stockpiles. Each of the 12 initiatives has a department identified as a lead agency. For 3 of the 12 initiatives, multiple lead agencies have been identified. All leads, with three exceptions, are clear leads. All 12 initiatives were being implemented in fiscal year 2004 by two or more departments (see table 12). DHS, DOD and HHS cited implementation activity in 2004 for all initiatives for which they were identified as lead agencies. Table 6: Department Leadership, Planning, or Implementation Activity in the Emergency Preparedness and Response Mission Area's Twelve Initiatives: [See PDF for image] [End of table] Refer to appendix VII for more specific details regarding department planning and implementation activities, including a discussion of fiscal year 2004 implementation. Our recent work has shown that there are many challenges in the Emergency Preparedness and Response mission area regarding efforts to effectively minimize the damage and successfully recover from terrorist attacks. We identified the following challenges: * adopting an "all hazards" approach to emergency preparedness and response; * providing better governmental planning and coordination with regard to first responder issues; * preparing first responders for incidents involving catastrophic terrorism; * restructuring the federal grant system for first responders; * strengthening public health in a variety of areas, including better information sharing, preparations for catastrophic terrorism such as bioterrorism, and more hospital equipment; * improving regional response planning involving multiple municipalities, states, and countries; * establishing and implementing preparedness standards and measures; * ensuring adequate communications among first responders and with the public; and: * defining the roles and responsibilities of DOD in defending the homeland and providing military support to civil authorities. These challenges are discussed in greater detail in appendix VII. Many of these challenges were also discussed by one or more of the Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions. Crosscutting Issues: Our recent work has also identified homeland security challenges that cut across the various mission areas. While it is important that the major mission challenges be individually addressed, it is equally important that these challenges be addressed from a comprehensive national homeland security perspective (i.e., some mission areas overlap, some challenges are common across mission areas, some corrective actions have ramifications, and there are both positive and negative challenges across mission area boundaries). Coordinated actions may substantially enhance multiple mission performance. The National Strategy for Homeland Security and the corresponding strategic plans of the agencies accountable for achieving the national strategy's objectives must address and resolve the sometimes competing issues among homeland security mission areas and between homeland security and other important national priorities and objectives. These crosscutting issues are often the most difficult to address. Some of these challenges that we have identified are governmentwide in nature--they cut across the federal, state, and local governments, and sometimes private sectors. Such governmentwide challenges that we have identified include: * balancing homeland security needs with other national requirements by formulating realistic budget and resource plans that support the implementation of an efficient and effective homeland security program; * providing timely and transparent homeland security funding information that sets forth detailed information concerning the obligation of the funding provided; * improving risk management methods for resource allocation and investments by developing a commonly accepted framework and supporting tools to guide agency analysts in providing information to management; * establishing baseline performance goals and measures upon which to assess and improve prevention efforts, evaluate vulnerability reduction, and gauge responsiveness to damage and recovery needs at all levels of government; * clarifying the roles and responsibilities within and between the levels of government and the private sector through the development and implementation of an overarching framework and criteria to guide the process; * developing a national blueprint--called an enterprise architecture-- to help integrate different organizations' efforts to improve homeland security; and: * improving governmentwide information technology management through the consistent application of effective strategic planning and performance measurement practices. These challenges are discussed in greater detail in appendix VIII. Many of these challenges were also discussed by one or more of the Bremer, Gilmore, Hart-Rudman, and 9/11 Commissions. In addition to the challenges discussed earlier, DHS--as the department most responsible for Homeland Security--faces a number of challenges. Because of this, in January 2003, we designated the overall implementation and transformation of DHS as high-risk.[Footnote 9] We gave it this designation for three reasons. First, the size and complexity of the effort make the challenge especially daunting, requiring sustained attention and time to achieve the department's mission in an effective and efficient manner. Second, the components being merged into DHS already face a wide array of existing challenges that must be addressed. Finally, if DHS cannot effectively carry out its mission, it exposes the nation to potentially very serious consequences. We are currently in the process of reviewing the challenges faced by DHS and the progress it has made to address these challenges. The results of this review will be published in a forthcoming GAO report. Concluding Observations: All 43 initiatives of the National Strategy for Homeland Security were included in plans and implementation activities in fiscal year 2004 by at least one of the six key departments we reviewed. Further, 33 of the 43 initiatives (77 percent) were being planned or implemented by at least three of the six departments. Additionally, we found that the strategy and HSPDs identified lead agencies for 42 of the 43 initiatives. For these 42 initiatives where a lead had been identified, 13 initiatives had leads that were implied rather than clear. While DHS was identified as the lead for the most initiatives (37), there were multiple leads for 12 of these 42 initiatives. Given the large number of initiatives being implemented by multiple agencies, the fact that some of the leads were implied rather than clear, and the fact that about a third of the initiatives had multiple leads, coordination across federal departments will be a key factor required for the successful implementation of the strategy. Such coordination would ensure that federal departments are working to support the lead agency, are complementing one anothers' leadership when there are multiple lead agencies, and are not unnecessarily duplicating one anothers' programs when there are multiple departments implementing the same initiatives. When implementing the strategy's initiatives, these federal departments face a number of challenges that cut across all the mission areas. In terms of resources, the nation must find the appropriate balance between homeland security and other priorities. Finding this balance will require an improved risk management framework for resource allocation and investments. It will also require an improved set of performance and results measures to gauge our progress. Further, finding that balance must take into consideration nonfederal resources, but the strategy and HSPDs have not in many cases defined the roles and responsibilities of the state, local, and private sectors. Finally, an enterprise architecture would help coordinate the larger effort across the myriad of organizations involved in implementing the strategy. One of the key challenges for the Congress is to provide oversight to ensure that federal departments are coordinating their activities as they attempt to implement the National Strategy for Homeland Security. Agency Comments and Our Evaluation: We provided a draft of this report to DOD, DOE, DOJ, HHS, DHS, the State Department, and the Homeland Security Council for comment. We received written comments from DOD, HHS, DHS, and DOJ, which appear in appendixes XI -XIV respectively. In addition to providing their written comments, these departments and DOE provided technical comments, which we incorporated as appropriate. State and the Homeland Security Council declined to provide any comments on this report. DOD stated that the report was "a thorough and accurate report." DHS indicated our summation of the strategic planning, implementation, and leads of the six departments to be "particularly useful." DOE, DOJ, and HHS neither concurred nor disagreed with the report. In addition, agencies provided comments on the many GAO reports that cumulatively describe the range of implementation challenges featured in this capping report. These comments can be found in the appropriate reports, as cited in our footnotes and listed in the Related GAO Products section. As agreed with your office, unless you publicly announce its contents earlier, we plan no further distribution of this report until 30 days after its issue date. At that time, we will provide copies of this report to appropriate departments and interested congressional committees. We will also make copies available to others upon request. In addition, the report will be available at no charge on GAO's Web site at http://www.gao.gov. If you or your staff have any questions about this report, please contact me on 512-6787. Other contacts and staff acknowledgments are listed in appendix XV. Sincerely yours, Signed by: Norman J. Rabkin, Managing Director: Homeland Security and Justice Issues: [End of section] Appendix I: Objectives, Scope, and Methodology: The first objective focuses on the extent to which key federal departments with homeland security responsibilities address the 43 initiatives of the National Strategy for Homeland Security in their planning and implementation activities. We selected departments based on a review of their fiscal year 2005 budget requests for homeland security-related issues. The six departments with the largest budget requests were selected--together they account for 94 percent of the fiscal year 2005 budget requests for homeland security. The six departments are the Departments of Defense (DOD), Energy (DOE), Health and Human Services (HHS), Homeland Security (DHS), Justice (DOJ), and State. We defined three time-oriented indicators to distinguish the timing of the departments' strategic planning or implementation activities with respect to each of the 43 initiatives of the six mission areas. * "Prior implementation" was defined as a departmental program or activity that occurred prior to fiscal year 2004. * "Recent planning" was defined as either (1) a program or activity specifically indicated by the participating department as being developed in its latest high-level planning documents (which include the department's strategic plan, annual plan, or performance plan) or (2) a program or activity, not listed in these planning documents, but indicated by department officials as being under development since July 2002 (when the strategy was issued). * "2004 implementation," in turn, was defined as a departmental program or activity that occurred during all, or part, of fiscal year 2004. A department could satisfy (a) neither of these indicators (demonstrating no strategic planning and implementation activities on a given initiative, within the prescribed time periods) or (b) combinations of one through three of these indicators, for each initiative (e.g., one department may have engaged in prior implementation that was carried over into fiscal year 2004 implementation; a second department may have engaged in recent planning, followed by 2004 implementation; and a third department may have only engaged in prior implementation, as its activity was completed or terminated.) We obtained and reviewed each department's latest strategic planning documents (i.e., their strategic plan, annual plan, and performance plan) to determine whether these documents provided specific information about the department's prior implementation and recent planning activities, with respect to each mission area initiative. We scored a department as engaging in prior implementation activity or recent planning if these documents demonstrated at least one such activity with respect to each initiative. We also reviewed the documents to determine if any programs or activities had been transferred to another department or agency. In some cases, this may account for prior implementation activity but no further planning or implementation activity. Since the latest departmental strategic documents do not sufficiently address fiscal year 2004 implementation activities, we contacted strategic planning officials at each the six departments and asked them to provide evidentiary support for their 2004 implementation activities, with respect to each relevant initiative. We scored a department as implementing activities on a given initiative if the department could demonstrate at least one such activity occurring during fiscal year 2004 with respect to that initiative. We also requested department strategic planning officials to review our findings regarding planning and implementation and to make any modifications or additions necessary. Evidentiary support was requested for any such change. Very few changes were provided across all six departments. Departments provided the data during fiscal year 2004. We did not verify the accuracy of the data or the progress of particular activities. In addition to identifying departmental engagement in planning and implementation activities, we also sought to determine departmental leadership responsibility on each initiative. To satisfy the leadership role, departments had to satisfy at least one of the following two indicators: * leadership of the entire critical mission area initiative or: * leadership in specific functional area(s) encompassed within that initiative. We identified departmental leadership roles on specific initiatives, based on a review of the provisions in the strategy and Homeland Security Presidential Directives (HSPD) one through 12. In only a few instances did a department indicate to us that subsequent legislation, regulation, or transfer of activities absolved them of their leadership roles. Because the language of the strategies and HSPDs was not always precise, we identified departments as either (a) "clear" (explicit) leads, (b) "implied" leads, or (c) no leads for each initiative. In the mission area tables, in both the letter and appendixes, departments with a clear lead on a given initiative are indicated by a hard-line box; departments with an implied lead on a given initiative are indicated by a broken-line box; departments not having any lead on a given initiative have no box designations. Drafts of this section of the report were submitted to the departments for their review. The second objective focuses on identifying the challenges the nation faces in homeland security implementation. This work is based exclusively on a review of challenges identified in GAO products issued since September 11, 2001. During this time period, we were able to identify over 250 relevant GAO products related to homeland security. These, and others, can be found in our Related Products section at the end of the report. The challenges identified are arrayed throughout the report by mission area and subtopical area. We conducted our work between February and November 2004 in accordance with generally accepted government auditing standards. [End of section] Appendix II: Intelligence and Warning: This appendix sets forth the definition and major initiatives of the Intelligence and Warning mission area and discusses the agencies with major roles, their funding, and the alignment of their strategic plans and implementation activities with the initiatives, and a summary of the key challenges faced by the nation. This appendix presents baseline information that can be used by Congress to provide oversight and track accountability for the initiatives in the Intelligence and Warning mission area. Definition and Major Initiatives: The National Strategy for Homeland Security categorizes homeland security activities into six critical mission areas, the first of which is Intelligence and Warning. This mission area includes intelligence programs and warning systems that can detect terrorist activity before it manifests itself in an attack so that proper preemptive, preventive, and protective action can be taken. Specifically, this mission area is made up of efforts to identify, collect, analyze, and distribute source intelligence information or the resultant warnings from intelligence analysis. Activities in this mission area often dovetail into the mission areas of domestic counterterrorism and, in some cases, critical infrastructure protection, as agencies move to take immediate action or develop long-term protective measures based on threat or vulnerability information.[Footnote 10] Figure 3 is an example of one of the initiatives found in the Intelligence and Warning mission area. The strategy identifies the following initiatives in the Intelligence and Warning mission area: * enhancing the analytic capabilities of the FBI, * building new capabilities through the Information Analysis and Infrastructure protection Division of the Department of Homeland Security, * implementing the Homeland Security Advisory System, * utilizing dual-use analysis to prevent attacks, and: * employing red team techniques. Figure 3: The Five Threat Levels of the Homeland Security Advisory System: [See PDF for image] [End of figure] Agencies with Major Roles in Intelligence and Warning: Of the six departments under review, the Department of Homeland Security and the Department of Justice have major roles in the Intelligence and Warning mission area. Within DHS, the Information Analysis and Infrastructure Protection Directorate (IAIP) analyzes terrorism-related threat information relevant to homeland security, associates threat analysis with infrastructures and people, and provides warnings and advisories to agencies, state and local governments, and select critical infrastructure owners and operators. The U.S. Secret Service, also a component of DHS, provides intelligence and advanced analysis for protective operations. The Department of Justice has two components involved in Intelligence and Warning activities--the Federal Bureau of Investigation (FBI) shares intelligence with other federal agencies, as well as with state and local authorities; while the Office of Justice Programs (OJP) funds counterterrorism training for senior law enforcement personnel at the state and local level. The Office of Management and Budget (OMB) reported that the total fiscal year 2005 funding request for the Intelligence and Warning mission area is $474 million, with the bulk of this funding going to DHS (61 percent), primarily for IAIP and the U.S. Secret Service. Other agencies with significant funding in this mission area include DOJ (19 percent), primarily for the FBI, and the Intelligence Community (15 percent) for the Terrorist Threat Integration Center (TTIC).[Footnote 11] Figure 4 summarizes the fiscal year 2005 budget request for the Intelligence and Warning mission area by agency. Figure 4: Proposed Fiscal Year 2005 Homeland Security Funding for Intelligence and Warning: [See PDF for image] Notes: Budget authority in millions of dollars. [End of figure] "All other agencies" includes the Departments of Agriculture ($20 million) and Treasury ($.6 million), as well as the Intelligence Community Management Account ($72 million). OMB reported the Intelligence Community figure in aggregate; it did not break it out by individual agencies (e.g., Central Intelligence Agency). OMB's reported data does not include funding for three departments that have activities under way in this mission area. These departments-- Defense, State, and Energy--have either planning or implementation activity on specific initiatives, as discussed in the next section of this appendix. On the basis of our previous work, we have noted several qualifications to OMB's figures to explain this discrepancy.[Footnote 12] According to OMB officials, there is not always a clear distinction between homeland security activities and other related activities. The OMB staff must make judgment calls about how to characterize funding by mission areas. For example, some homeland security activities have multiple purposes, so funding for these activities can be allocated among several accounts covering multiple mission areas. Moreover, some of the departments' activities, such as planning, coordination, or providing advice may support Intelligence and Warning activities, but are not included in the amounts shown. This appendix does not have any discussion of the Central Intelligence Agency (CIA) or the Intelligence Community as a whole, although they have activities related to the Intelligence and Warning mission area. There are two reasons for this omission. First, OMB's reported data do not include funding for the CIA. Second, the strategy itself is relatively silent on the CIA in terms of specific initiatives in this mission area. For example, the strategy only mentions the CIA once in the Intelligence and Warning mission area--the CIA was to provide intelligence analysts to assist the FBI enhance its analytic capabilities. Most of the initiatives in the strategy, as discussed in the next section, are led by DHS or DOJ. Similarly, there is little information on the Intelligence Community. While OMB reported data include $72 million in spending by the Intelligence Community Management Account, it does not break this amount out by specific departments or agencies. While the strategy mentions the Intelligence Community with respect to this mission area, it does not identify specific departments or agencies with specific initiatives. One potential reason for relatively little discussion of CIA and the Intelligence Community is the unclassified nature of the cost data and the strategy. Alignment of Department Activities with the Major Initiatives: This section provides more detailed information about the Intelligence and Warning mission area initiatives, and the departments involved in conducting activities related to these initiatives. This includes a discussion of specific departmental planning and implementation activities, lead agency designation, and implementation activities in fiscal year 2004, with respect to each initiative. The data are summarized in table 7. Table 7: Detailed Department Leadership and Planning/Implementation Activities in the Intelligence and Warning Mission Area's Five Initiatives: [See PDF for image] [End of table] Summary of Departmental Activities on the Initiatives: All five Intelligence and Warning initiatives are being addressed in at least two of the key departments' planning and implementation activities (see table 7). For example, DHS, DOD, and DOE implemented Homeland Security Advisory System initiative activities during fiscal year 2004. More specifically, DHS implemented the system and issued advisories; DOD personnel interacted with DHS; and DOE aligned its security system and condition alert level to meet the Homeland Security Advisory System requirements of DHS. In addition, DHS, DOD, and DOE implemented new intelligence and warning capabilities through the IAIP initiative of DHS during fiscal year 2004. Specifically, DHS conducted assessments of critical infrastructures and key assets using the IAIP system; DOD worked in conjunction with DHS on the IAIP system; and DOE enacted a Safeguard and Security Program (using infrastructure information and analysis to gauge vulnerability assessments) and plays a role in disseminating threat information to energy sector industries. The Department of Health and Human Services (HHS) also has activities related to Intelligence and Warning, but these activities are not directly included under the initiatives as laid out by the strategy. For example HHS operates the Laboratory Response Network, the Epidemic Information Exchange, and the Food and Drug Administration's food inspection activities. In addition, it supports the DHS-managed BioWatch program. While the strategy does not list these as specific initiatives, they provide surveillance of infectious diseases and could provide early warning of a bioterrorism attack. For more on HHS's role, particularly with respect to bioterrorism, see appendix VI, on Defending against Catastrophic Threats. While we have identified department activities related to these initiatives, we did not determine the quality, status, or progress of such activities with respect to stated goals or targets within this mission area. Identification of Lead Agencies on the Initiatives: For four of the five initiatives, a lead agency is identified either in the strategy or Homeland Security Presidential Directives (HSPDs). The one initiative where there was no lead identified was "the employment of red-team techniques." Red team techniques are techniques where the U.S. government would create a team (sometimes known as a red cell) to play the role of terrorists in terms of identifying vulnerabilities and planning attacks. Three departments (DHS, DOD, and DOE) had implemented activities related to this initiative. According to DHS strategic planning officials, it is important that a number of agencies conduct red-team techniques to test their own specific programs, so no agency would necessarily have the overall lead. However, terrorists are opportunistic and may purposefully plan attacks that take advantage of the seams between department programs or jurisdictions. Thus, there is some value in employing red-team techniques that look across federal departments, as well as across the state, local, and private sectors. Without an overall lead agency identified for this initiative, it is unclear which federal department will be accountable for employing red- team techniques at the interagency level against the nation as a whole. As shown in table 7, DHS is the lead on the most initiatives in this critical mission area--three out of the five initiatives (including building new capabilities through the Information Analysis and Infrastructure Protection Division, implementing the Homeland Security Advisory System, and utilizing dual-use analysis to prevent attacks). It is understandable that DHS would be the department with the most initiative leads given that DHS's strategic goals and objectives are to be directed toward preventing terrorist attacks in the United States and reducing America's vulnerability to terrorism--both of which require Intelligence and Warning system information to achieve their aims. The Department of Justice is a lead on one initiative, enhancing the analytic capabilities of the FBI. This, too, is understandable given that the FBI is an agency (or component) of DOJ. The strategy and HSPDs did not identify multiple leads on any of the five Intelligence and Warning initiatives (see table 7). In addition, these strategic documents clearly named all leads. DHS is named as a clear lead on three Intelligence and Warning initiatives; DOJ is identified as a clear lead on one initiative. Fiscal Year 2004 Implementation of the Initiatives: In fiscal year 2004, implementation activity occurred with respect to each of the five Intelligence and Warning initiatives (see table 7). DHS implemented activity in each of the three initiatives for which it was identified as a lead. DOJ implemented activity in the one initiative for which it was named as the lead (enhancing the analytic capabilities of the FBI). Additionally, several of the departments under review implemented multiple Intelligence and Warning initiative activities for which they were not identified as a lead. During fiscal year 2004, DOE cited implementation activities in four of the five Intelligence and Warning initiatives for which it did not have a lead (prior to fiscal year 2004, it cited implementation activity with respect to three of the five initiatives.) DOD cited fiscal year 2004 implementation activities in 3 of 5 initiatives for which it did not have a lead. DHS cited planning and implementation activities during fiscal year 2004 on the one initiative for which it did not have lead responsibilities; and State cited both prior implementation and 2004 implementation activity on the one initiative for it was not cited as a lead in the strategy or HSPDs. Challenges in Intelligence and Warning: With the element of surprise on their side, terrorists have the potential to do massive damage to an unwitting and unprepared target. It therefore follows that the United States must take appropriate action to develop and implement an effective Intelligence and Warning system that is capable of detecting planned terrorist activity, so that proper preemptive, preventive, and protective action can be taken. Our recent work in the Intelligence and Warning mission area has identified a number of challenges. These challenges include enhancing the analytical capabilities of the FBI, improving the coordination and mechanisms for sharing intelligence information across levels of government and the private sector, consolidating terrorist watch lists, and strengthening the homeland security advisory system. Enhancing the FBI's Analytical Capabilities: The strategy has an initiative to enhance the FBI's analytic capabilities in order to address the agency's top priority--preventing terrorist attacks. The FBI is, therefore, "creating an analytical capability that can combine lawfully obtained domestic information with information lawfully derived from investigations, thus facilitating prompt investigation of possible terrorist activity within the United States." To accomplish this, the FBI has changed its priorities and accelerated modernization of its information technology (IT) systems. However, we reported in September 2003 that the FBI will be facing a number of challenges as it begins this modernization without having yet developed a modernization blueprint, commonly referred to as an enterprise architecture (a plan that defines how an organization operates today, intends to operate tomorrow, and intends to invest in IT systems to transition to this future state).[Footnote 13] Architectures are essential to effectively managing such complex endeavors and are recognized as hallmarks of successful public and private organizations. The challenge for the FBI will be to make architecture development an institutional management priority; until this is accomplished and the architecture is developed and implemented, the FBI faces the challenge of ensuring systems currently being developed and deployed will be consistent with the yet-to-be-developed architecture. Our research and experience at federal agencies has shown that attempting a major modernization effort without a well-defined and enforceable architecture results in systems that are duplicative and not well integrated, are unnecessarily costly to operate and maintain, and do not effectively optimize mission performance. Additional challenges related to the FBI's transformation are contained in appendix IV, on domestic counterterrorism. The Bremer, Hart-Rudman, Gilmore, and 9/11 Commissions all made recommendations related to this challenge. Improving Intelligence Information Sharing: According to the strategy, "homeland security intelligence and information must be fed instantaneously into the Nation's domestic anti-terrorism efforts, and "this effort must be structured to provide all pertinent homeland security intelligence and law enforcement information--from all relevant sectors including state and local law enforcement as well as federal agencies--to those able to take preventive or protective action." Since September 11, federal, state, and local governments have established initiatives to meet the challenge of sharing information to prevent terrorism. DHS has initiatives under way to enhance information sharing (including the development of a homeland security enterprise architecture to integrate sharing among federal, state, and local authorities). In addition, the FBI increased the number of its Joint Terrorism Task Forces, the Defense Intelligence Agency (DIA) entered into an information-sharing partnership with the state of California and the city of New York; and Massachusetts has established an antiterrorism network of state, local, and federal agencies. However, our August 2003 report[Footnote 14] noted that these initiatives, while beneficial for the partners, presented challenges because they (1) were not well coordinated, (2) rsked limiting participants' access to information, and (3) potentially duplicated the efforts of some key agencies at each level of government. We also found that despite various legislation, strategies, and initiatives, federal agencies, states, and cities did not consider the information sharing process to be effective. For example, information on threats, methods, and techniques of terrorists was not routinely shared, and the information that was shared was not perceived as timely, accurate, or relevant. Additionally, federal agencies were challenged by the inability of state or city governments to properly handle classified information and their lack of security clearances. The Gilmore and 9/11 Commissions made recommendations related to this challenge. Better Dissemination of Threat Information to the Private Sector: The strategy discusses the need for threat-vulnerability integration, providing that "mapping terrorist threats and capabilities--both current and future--against specific facility and sectoral vulnerabilities will enable authorities to determine which organizations pose the greatest threat and which facilities are most at risk." However, in a March 2003 report we noted that one of the nation's challenges is to develop and implement methods for effectively sharing information between government and the private sector.[Footnote 15] For example, officials in several commercial industries have said that they need better threat information from law enforcement agencies, as well as better coordination among agencies providing threat information. Specifically, these officials stated that they did not receive sufficient specific threat information, and frequently received threat information from multiple government agencies. Similarly, DOJ observed that chemical facilities need more specific information about potential threats in order to design their security systems and protocols. Threat information also forms the foundations for some of the tools available to industry to assess facility vulnerabilities. Threat information is the foundation for hypothesizing about threat scenarios, which form the basis for determining site vulnerabilities. In reviewing security considerations involving commercial seaports, we found that similar challenges existed. Specifically, on the basis of visits to several of the commercial seaports designated by DOD as critical for use by the military for overseas deployments, we reported in October 2002 that although the organizations responsible for seaport security increased emphasis on security planning since September 11, there remained no single mechanism to analyze, coordinate, and disseminate threat information on a routine basis on the broad range of threats at each port. Most threat information was coordinated on an informal basis, increasing the risk that threats--both traditional and nontraditional ones--may not be recognized or that threat information may not be communicated in a timely manner to all relevant organizations, including private sector organizations, at the ports. The Gilmore and 9/11 Commissions made recommendations related to this challenge. Consolidating Terrorist Watch Lists: The strategy recognizes the need for "fully accessible sources of information related to suspected terrorists" through the establishment of a consolidated terrorism watch list. In April 2003 we reported that changing the federal government's diffused and nonstandard approach to developing and using terrorist watch lists--which are essential tools for performing, among other things, the nation's border security mission--involve addressing key management, technical, and legal challenges.[Footnote 16] One of these challenges involves defining and implementing a new approach that overcomes individual agencies' unique culture and mission requirements. For example, a key reason for the varying extent to which watch list sharing is done involves cultural differences among the government and private sector agencies involved in securing our borders. Another challenge to be overcome involves the tendency of the watch lists to have overlapping but not identical sets of data, which makes their consolidation difficult. Additionally, the extent to which such sharing is accomplished electronically is constrained by fundamental differences in the watch lists' systems architecture (that is, the hardware, software, network, and data characteristics of the systems). Finally, while legal requirements have historically been another challenge to sharing, recent legislation has begun to address this barrier. For example, Congress passed the USA PATRIOT ACT, which has significantly changed the legal framework for information sharing when fully implemented, it should diminish the effect of existing legal barriers. The 9/11 Commission made recommendations related to this challenge. Strengthening the Homeland Security Advisory System: The strategy calls for the implementation of the Homeland Security Advisory System as a means of disseminating information regarding the risk of terrorist acts to federal, state, and local authorities; the private sector; and the American people. Utilizing five color-coded threat levels, the system was established by HSPD-3 in March 2002. However, in a March 2004 testimony, we reported that DHS faces challenges in strengthening the advisory system and keeping it relevant and viable. For example, the system has generated questions concerning the quality and timeliness of the threat information being disseminated.[Footnote 17] Specifically, DHS had not yet officially documented communication protocols for threat information and guidance to federal agencies and states, with the result that some federal agencies and states first learn about changes in the national threat level from the media. An additional challenge relates to the comprehensiveness of information provided with regard to actions to be taken in response to changes in the threat level. For example, public warnings did not include guidance on actions to be taken in response to a specific threat. Moreover, federal agencies responding to our inquiries indicated that an additional challenge involves their inability to determine appropriate protective measures to be implemented because of a lack of specific threat information. For example, federal agencies indicated to us that, particularly, region-, sector-, site-, or event-specific threat information--to the extent that it is available--would be helpful. Since the time of our report, DHS has provided more specific warnings by both sector (e.g., the financial sector) and location (e.g., New York and Washington, D.C.). The Gilmore Commission made recommendations related to this challenge. [End of section] Appendix III: Border and Transportation Security: This appendix sets forth the definition and major initiatives of the Border and Transportation Security mission area and discusses the agencies with major roles, their funding, the alignment of their strategic plans and implementation activities with the major initiatives, and a summary of the key challenges faced by the nation. This appendix presents baseline information that can be used by Congress to provide oversight and track accountability for the initiatives in the Border and Transportation Security mission area. Definition and Major Initiatives: The National Strategy for Homeland Security categorizes homeland security activities into six critical mission areas, the second of which is Border and Transportation Security. This mission area includes programs designed to fully integrate homeland security measures into existing domestic transportation systems and focuses on promoting the efficient and reliable flow of people, goods, and services across borders, while preventing terrorists from using transportation conveyances or systems to deliver implements of destruction. Activities in this mission area often dovetail into domestic counterterrorism as agencies take law enforcement action to address potential threats to the homeland that may originate along our borders or in our transportation systems. Also, because transportation is a critical infrastructure sector, this mission area is also closely related to the critical infrastructure protection mission area. For example, homeland security actions at seaports would involve activities in both mission areas.[Footnote 18] Figure 5 shows an example of the type of activities found in the Border and Transportation Security mission area. The strategy identifies the following major initiatives in the border and transportation mission area: * ensuring accountability in border and transportation security, * creating smart borders, * increasing the security of international shipping containers, * implementing the Aviation and Transportation Security Act of 2001, * recapitalizing the U.S. Coast Guard, and: * reforming immigration services. Figure 5: U.S. Customs and Border Patrol Marine Officers on the Waters of the Rio Grande, along the United States and Mexico Border: [See PDF for image] [End of figure] Agencies with Major Roles in Border and Transportation Security: Of the six agencies under review, DHS and State have major roles in Border and Transportation Security. Within DHS, the U.S. Customs and Border Protection (CBP) conducts inspections at ports of entry to detect and prevent people and goods from entering the country illegally, while the Bureau of Immigration and Customs Enforcement (ICE) investigates and enforces laws against the unlawful presence of people and goods in the country; the Transportation Security Administration (TSA) performs some aviation security activities, while overseeing others, and coordinates the development of security measures for nonaviation modes of transportation; and the U.S. Coast Guard leads security activities at the nation's ports. State plays a role in this mission area through its administration of the visa program to ensure against travel into the United States by terrorists or others whose presence may undermine U.S. national security. Although not one of six agencies we reviewed, the Department of Agriculture (USDA) also has a role in border and transportation security. Specifically, USDA's Animal and Plant Health Inspection Service (APHIS) performs agricultural quarantine activities and risk analysis at U.S. ports of entry. OMB reported that the total fiscal year 2005 funding request for border and transportation security is $17 billion, with the majority of this going to DHS (almost $16 billion, or 93 percent), largely for CBP, TSA, and the Coast Guard. Other DHS bureaus, as well as other agencies--such as USDA and State--have significant funding in this mission area as well.[Footnote 19] Figure 6 summarizes the fiscal year 2005 budget request for the border and transportation security mission area by agency. Figure 6: Proposed Fiscal Year 2005 Homeland Security Funding for Border & Transportation Security: [See PDF for image] Notes: Budget authority in millions of dollars. "All other agencies includes USDA ($169 million) and the Department of Transportation ($19 million). [End of figure] OMB's reported data do not include funding for three departments that have activities under way in this mission area. These departments--DOD, HHS, and DOE--have either planning or implementation activity on specific initiatives, as discussed in the next section of this appendix. On the basis of previous work, we have noted several qualifications to OMB's figures to explain this discrepancy.[Footnote 20] According to OMB officials, there is not always a clear distinction between homeland security activities and other related activities. OMB staff must make judgment calls about how to characterize funding by mission areas. For example, some homeland security activities have multiple purposes, and funding for these activities is comingled in accounts that can cover multiple mission areas. In addition, some of the departments' activities, such as planning, coordination, or providing advice may support Border and Transportation Security activities but are not included in the amounts shown. Alignment of Department Activities with the Major Initiatives: This section provides more detailed information about the Border and Transportation Security mission area initiatives and the departments involved in conducting activities related to these initiatives. This includes a discussion of specific departmental planning and implementation activities, lead agency designations, and implementation activities in fiscal year 2004, with respect to each initiative. The data are summarized in table 8. Table 8: Detailed Department Leadership and Planning/Implementation Activities in the Border and Transportation Mission Area's Six Initiatives: [See PDF for image] [End of table] Summary of Departmental Activities on the Initiatives: All six Border and Transportation Security initiatives are being addressed in at least two of the key departments' planning and implementation activities (see table 8). At least three departments cited activity in four of the six initiatives. For example, DHS, DOD, State, and DOE implemented shipping container security initiative (CSI) activities in fiscal year 2004. DHS deployed Customs and Border Protection officers to Malaysia to conduct CSI activity; DOD provided an intelligence perspective on container and port security vulnerabilities, aiding in the development and deployment of technologies; State engaged in diplomatic efforts with additional countries to conclude further CSI agreements; and DOE worked with Lithuania to install nuclear detection equipment at the Vilnius Airport, as well as other airports and other locations in other foreign countries. Additionally, DHS, HHS, and State demonstrated implementation activities in fiscal year 2004 with respect to creating smart borders. DHS developed, acquired, and deployed biometrically enabled, travel document reader technology, at air, sea, and land ports of entry; the Food and Drug Administration within HHS established guidance requiring the registration of domestic and foreign facilities that manufacture, process or hold food for consumption in the United States; and State deployed biometric collection capability to consular posts worldwide. All six departments have been engaged in Border and Transportation Security initiatives. While we have identified department activities relates to these initiatives, we did not determine the quality, status, or progress of such activities with respect to stated goals or targets within this mission area. Identification of Lead Agencies on the Initiatives: For all six initiatives, a lead agency is identified either in the strategy or HSPDs. As shown in table 8, DHS is the lead on the most initiatives in the mission area--six of six initiatives. It is understandable that DHS would be the department with the most initiative leads, given that the initiatives (a) emphasize DHS's twin goals of preventing terrorist attacks and reducing border vulnerability; and (b) reflect a transfer of the Customs Service, Immigration and Naturalization Service, and Coast Guard to DHS. State is also identified as a lead on the initiative to create smart borders. Given the initiative's emphasis on visa issuance and consular office participation in detecting potential terrorists, it seems appropriate that State would be identified in a leadership capacity. DOJ had been identified as a lead agency with respect to two initiatives, creating smart borders and guarding America's critical infrastructure and key assets against "inside" threats. However, given the transfer of the Immigration and Naturalization Service and the National Infrastructure Protection Center programs to the Department of Homeland Security, DOJ officials indicated the department no longer serves as the lead on these two initiatives. Creating smart borders is the only initiative for which there are multiple leads in the Border and Transportation Security area (see table 8). The two department leads in this initiative are DHS and State. Additionally, departmental documents show that DHS is a clear lead on two initiatives and an implied lead on three initiatives. State is a clear lead on its single initiative. Fiscal Year 2004 Implementation of the Initiatives: In fiscal year 2004 implementation activity occurred with respect to all six Border and Transportation Security initiatives (see table 8). DHS implemented activity in all five initiatives for which it was identified as a lead. State implemented activity in the one initiative where it was designated a lead. Additionally, several of the departments under review implemented multiple Border and Transportation Security initiatives for which they were not identified as a lead agency in the strategy and HSPD. During fiscal year 2004, DOD cited implementation activities in three initiatives for which it did not have any lead responsibilities (prior to fiscal year 2004, DOD cited planning/implementation activity with respect to four of the six initiatives). State cited fiscal year 2004 and prior year implementation activity on three initiatives, for which it was not identified as the lead; HHS cited 2004 implementation activity on two initiatives without lead responsibilities; and DOE cited both 2004 and prior implementation with respect to one initiative. DOJ has not demonstrated fiscal year implementation activity in any initiative within this critical mission area; a DOJ official indicated that this is due to program transfers. In accordance with the Homeland Security Act of 2002, DOJ transferred its Immigration and Naturalization Service programs to DHS. Challenges in Border and Transportation Security: The strategy calls for ensuring the "efficient and reliable flow of people, goods, and services across borders, while preventing terrorists from using transportation conveyances or systems to deliver implements of destruction." Our recent work in the Border and Transportation Security mission area has identified a number of challenges. Among the challenges faced is striking a balance between increased border security with concerns for facilitating legitimate travel and the flow of goods, the need to address problems associated with processing people at the nation's ports of entry, training border security personnel to detect counterfeit documents and fictitious identities, determining the proper role for biometric technologies for security applications, developing a clear and comprehensive visa process, and improving the management of key programs. The challenges that we have identified in ensuring that our transportation system is secure include implementing an effective system to prescreen airline passengers; achieving and sustaining improvements in airline passenger, baggage, and cargo screening; strengthening perimeter security and access controls at airports; adequately addressing rail and mass transit security issues; and recapitalizing the U.S. Coast Guard. Border Security: Balancing Security Concerns with Economic Needs: The strategy recognizes the long-standing challenge of balancing our nation's security and commercial needs and states that the "efficient flow of people, goods, and conveyances engaged in legitimate economic and social activities" must not be impeded. Primary responsibility for ensuring the balance between security and commercial needs falls on DHS's CBP. In a June 2003 testimony, we reported that CBP faces many challenges in trying to accomplish its mission.[Footnote 21] Concerning the efficient flow of people, challenges include detecting false admissibility documents, unifying and enhancing inspector training, providing timely intelligence to the field, and successfully implementing the new entry-exit system. With respect to cargo, CBP has attempted to select and inspect the highest-risk incoming cargo while enabling legitimate cargo to be cleared in a timely manner. These efforts pose a range of challenges, from the availability of threat assessments and actionable intelligence to the capability of nonintrusive inspection technology to detect potentially harmful contraband. Additional challenges faced by CBP include the need to improve its trade compliance program and to successfully implement its new trade-processing information system. The Gilmore, Hart-Rudman, and 9/11 Commissions made recommendations related to this challenge. Effectively Processing People at Land Ports of Entry: The strategy calls for DHS to "verify and process the entry of people in order to prevent the entrance of contraband, unauthorized aliens, and potential terrorists." However, in a June 2003 testimony and an August 2003 report, we indicated that CBP, the entity within DHS that is responsible for carrying out this task, faces several challenges at land ports of entry related to the determination of traveler admissibility and other vulnerabilities in the inspection process.[Footnote 22] In 2003, we testified that CBP inspectors faced a variety of challenges at the ports, including the need to make quick decisions on whether to immediately admit a traveler into the country or refer the traveler for more intensive inspection. This task is made more challenging because (1) United States and certain Canadian citizens may enter this country without presenting a travel document if they make an oral claim of citizenship that satisfies the inspector and (2) travelers who are required to show an identity document can present a variety of documents, some of which can be easily counterfeited. In fact, in October 2003, we testified about the challenges posed by identity fraud and how counterfeit identification can be easily produced and used to create fraudulent identities. We also identified other challenges for CBP at the borders, including ensuring that inspectors are adequately trained in conducting inspections and detecting fraudulent documents and challenges regarding the collection, analysis, and use of intelligence information in the field. The Gilmore, Hart-Rudman, and 9/11 Commissions made recommendations related to this challenge. Effectively Employing Biometric Technologies: The strategy states that the "United States will require visitors to present travel documentation that includes biometric indicators." However, in a November 2002 report and in March and September 2003 testimonies, we reported that challenges exist in determining the proper role of biometric technologies for security applications.[Footnote 23] The first challenge involves recognizing that the use of biometric technology not a panacea for the border security problem. Instead, it is just a piece of the overall decision support system that helps determine whether or not a person is allowed to enter the United States. For example, while biometrics may be useful in reducing document fraud, it may not have much effect on the ability of people to enter the United States through other than official ports of entry. Another major challenge involves questions regarding the technical and operational effectiveness of biometric technologies in applications as large as border control. Additional challenges to be addressed include determining (1) the system's effect on existing border control procedures and people; (2) the costs and benefits of the system, including secondary costs resulting from changes in processes or personnel to accommodate the biometrics; and (3) the system's effect on privacy, convenience, the economy, and relations with other countries. The 9/11 Commission made recommendations related to this challenge. Deploying Effective Technologies for the Detection of Weapons of Mass Destruction: The strategy states that the nation will "develop and deploy non- intrusive inspection technologies to ensure rapid and more thorough screening of goods and conveyances." We reported in October 2002,[Footnote 24] however, that challenges exist with regard to the acquisition and deployment of radiation detection equipment. In particular, we have concerns that DHS has not yet deployed the best available technologies for detecting radioactive and nuclear materials at U.S. border crossings and ports of entry. Specifically, we have found that CBP's primary radiation detection equipment--radiation pagers--have certain limitations and may be inappropriate for the task. For example, according to U.S. radiation detection vendors and DOE laboratory specialists, pagers are more effectively used in conjunction with other radiation detection equipment, such as portal monitors and radio isotope identifiers. A further challenge is the need for a comprehensive plan for installing and using radiation detection equipment at all U.S. border crossings and ports of entry. A comprehensive plan would address, among other things, vulnerabilities and risks; identify the complement of radiation detection equipment that should be used at each type of border entry point--air, rail, land, and sea--and whether the equipment could be immediately deployed; identify longer-term radiation detection needs; and develop measures to ensure that the equipment is adequately maintained. Finally, there is a challenge that goes beyond simply deploying equipment--personnel must be effectively trained in radiation science, the proper use of the detection equipment, and how to identify and respond to alarms. Using Visas as an Antiterrorism Tool: The strategy calls on DHS to "build an immigration services organization that administers immigration laws in an efficient, expeditious, fair, and humane manner" while ensuring "that foreign visitors comply with entry conditions." In carrying out its goal of reforming our nation's immigration services, DHS faces a number of challenges. The first involves the development of a clear policy on how to balance national security concerns with the desire to facilitate legitimate travel when issuing visas. Specifically, we reported in October 2002 that this process should be strengthened for use as an antiterrorism tool.[Footnote 25] We also identified the need for more coordination and information sharing to realize the full potential of the visa process. In addition, there is a need for more human resources and more training for consular officers. An additional challenge concerns the lack of a governmentwide policy on the interagency visa revocation process. This process is an important tool for preventing potential terrorists from entering the country and identifying potential terrorists who have already entered. However, we testified in June 2003 that weaknesses in the process we first identified in June 2003 have not been eliminated, especially those related to the timely transmission of information among government agencies.[Footnote 26] Our review of visas revoked for terrorism concerns from October through December 2002 showed that delays occurred in screening names of suspected terrorists for visa holders, transmitting recommendations to revoke individuals' visas, revoking visas after receiving recommendations to do so, and posting lookouts. We also found delays in notifying immigration officials of the need to investigate individuals with revoked visas who may be in the country and in initiating field investigations of those individuals. Finally, challenges exist because of unresolved legal and policy issues regarding the removal of individuals from the United States based solely on their visa revocation. For example, there needs to be clear, comprehensive policies governing visa processes and procedures so that all agencies involved agree on the level of security screening for foreign nationals both at our consulates abroad and at ports of entry. A third challenge concerns the Visa Waiver Program. This involves discussing the process established by the Departments of Justice and State for determining whether a country is eligible to participate in the program. For example, one of the laws passed since the terrorist attacks of September 11, requires participating countries to issue passports that contain biometric identifiers, such as fingerprints. However, it is unclear whether these requirements will be fully implemented by the deadlines called for in the law. In our November 2002 report,[Footnote 27] we also pointed out that the national security challenges created by eliminating the Visa Waiver Program are difficult to determine, but that doing so could affect U.S. relations with other countries, U.S. tourism, and State Department resources abroad. For example, if the program were eliminated, we estimated that the department's initial costs to process the additional workload would range between $739 million and $1.28 billion, and annual recurring costs would likely range between $522 million and $810 million. It could take 2 to 4 years or longer to put the necessary people and facilities in place to handle the increased workload, according to State officials. An additional challenge involves reducing the time taken to adjudicate visas for science students and scholars. Specifically, we reported in February 2004[Footnote 28] that the time it takes to adjudicate a visa for a science student or scholar depends largely on whether an applicant must undergo a security check that is designed to protect against sensitive technology transfers. We took a random sample of these security checks for science students and scholars sent from posts abroad between April and June 2003 and found it took an average of 67 days for security checks to be processed and for State to notify the post. Officials from the State Department and FBI acknowledged there have been lengthy waits, but reported having measures under way that they believe will improve the process. However, additional challenges remain, such as interoperability issues between State's and FBI's computer systems. Finally, a challenge exists in balancing national security concerns with the expeditious processing of visa applications. Specifically, we reviewed[Footnote 29] the visa operations at U.S. posts in Canada and provided information on the perceptions of consular staff that adjudicate U.S. visas regarding the importance of national security in the visa process, including impediments that could interfere with efforts to make security a top priority in visa processing. Consular officers and managers at U.S. posts in Canada said that despite rising workloads and increasingly labor-intensive visa-processing requirements, they were placing an emphasis on security in visa operations. Some officers reported that new post-September 11 processing requirements for visas could reduce the time available for face-to-face interviews. While most officers believed that they had enough time to screen applicants carefully for possible security risks, some of the newer officers at posts in Canada expressed concern about their ability to remain vigilant if the workload increased. The Bremer and 9/11 Commissions made recommendations related to the challenges found in this section. Improving the US-VISIT Program: Integral to the effort to reform immigration services and the strategy's call for a "border of the future," is the implementation of the United States Visitor and Immigrant Status Indicator (US-VISIT) program, which is designed to collect, maintain, and share information, including biometric identifiers, on selected nationals who travel to the United States. We testified in March 2004[Footnote 30] that this implementation is challenging because of the type of program it is and the way it is being managed. US-VISIT is to perform a critical, multifaceted mission, its scope is large and complex, it must meet a demanding implementation schedule, and its potential cost is enormous. One critical aspect of the program's mission is to prevent the entry of persons who pose a threat to the United States. DHS estimated that the program would cost $7.2 billion through fiscal year 2014, but this estimate did not include all costs and underestimated some others. In addition, several factors related to the program's management increase the risk of not delivering mission value commensurate with costs or not delivering defined program capabilities on time and within budget. Also, the requirements for interim facilities at high-volume land ports of entry are not only demanding, they are based on assumptions that, if altered, could significantly affect facility plans. Despite these challenges, the first increment was deployed at the beginning of 2004. DHS's fiscal year 2004 US-VISIT expenditure plan and related documentation at least partially satisfies all conditions imposed by Congress. US-VISIT largely met its commitments for implementing an initial operating capability in early January 2004, including the deployment of entry capability to 115 air and 14 seaports of entry. However, challenges remain because DHS has not employed rigorous, disciplined management controls typically associated with successful programs. More specifically, testing of the initial phase of the implemented system was not well managed and was completed after the system became operational. In addition, multiple test plans were developed during testing, and only the final test plan, completed after testing, included all required content. Such controls, while significant for the initial phases of US-VISIT, are even more critical for the later phases, as the size and complexity of the program will only increase. Finally, as we reported in May 2004,[Footnote 31] DHS's plans for future US-VISIT resource needs at the land ports of entry are based on questionable assumptions, making future resource needs uncertain. The 9/11 Commission made recommendations related to this challenge. Transportation Security: Effectively Prescreening Aviation Passengers: Developing an effective system to prescreen passengers before they even arrive at the airport is one of the challenges alluded to in the strategy's discussion of the implementation of the Aviation and Transportation Security Act (ATSA) of 2001. DHS's solution to this challenge was the development of the Computer-Assisted Passenger Prescreening Program (CAPPS II), which was designed to identify passengers requiring additional security attention. As we said in a February 2004 report and in a March 2004 testimony,[Footnote 32] key activities in the development of this program have been delayed or not addressed. We also identified three additional challenges TSA faces that may impede the success of CAPPS II. These challenges are developing the international cooperation needed to obtain passenger data, managing the possible expansion of the program's mission beyond its original purpose, and ensuring that identity theft cannot be used to negate the security benefits of the system. Recently the Transportation Security Administration scrapped the CAPPS II program and created a follow-on program called Secure Flight, which could face many of the same challenges we identified. The 9/11 Commission made recommendations related to this challenge. Improving Airline Passenger and Baggage Screening: Another of the challenges alluded to in the strategy's discussion of ATSA is the effective and efficient screening of passengers and baggage. This has been a long-standing concern, and although significant actions have been taken, we testified in February and March 2004 that challenges in achieving and sustaining improvements remain.[Footnote 33] For example, while TSA met its mandate to establish a federal screener workforce by November 2002, it continues to face challenges in hiring and deploying passenger and baggage screeners. Additionally, while TSA is making progress in measuring the performance of passenger screeners, it has collected limited performance data related to its baggage screening operations. Moreover, testing of screeners has identified weaknesses in their ability to detect threat objects, while essential training is hampered by staffing shortages and a lack of adequate technical capability to access online training programs. Still another challenge involves deploying and leveraging screening equipment and technologies. For example, TSA continues to face operational and funding challenges in its efforts to achieve a mandate to screen all baggage using explosive detection systems. The 9/11 Commission made recommendations related to this challenge. Strengthening Airport Perimeter Security and Access Controls: Another key requirement of ATSA, as discussed in the strategy, is the "protection of critical infrastructure assets," including airports. In June 2004[Footnote 34] we reported that while TSA has begun evaluating the security of airport perimeters and access controls, the agency has not yet determined how the results will be used to address the challenges faced. Specifically, these challenges include addressing concerns with perimeter and access control security that have been raised in compliance inspections and vulnerability assessments; setting priorities for funding airport security needs, developing a plan for implementing new technologies to meet security needs, and implementing certain mandated actions to reduce the security threats posed by airport workers. Countering Threats Posed by Hand-Held Missiles: Another consideration for ensuring the security of our aviation system involves the issue of aircraft protection, specifically countering the threats posed by Man-Portable Air Defense Systems (MANPADS). These hand-held missile systems have been used by terrorists against commercial aircraft. In January 2004, we reported[Footnote 35] that DHS faces significant challenges in adapting a military counter-MANPADS system to commercial aircraft, such as establishing system requirements, developing technology and design to sufficient maturity, and setting reliable cost estimates. Our work on the best practices of product developers in government and industry has found that such challenges can be successfully overcome by using a knowledge-based approach. Additionally, in a May 2004 report,[Footnote 36] we found that further improvements are needed in U.S. efforts to keep MANPADS out of the hands of terrorists. Although the State Department made important progress in 2003 to control the global proliferation of MANPADS, its ability to assess further progress is limited because multilateral forums have no mechanisms to monitor members' implementation of commitments. DOD has sold thousands of Stinger missiles (a U.S. MANPADS) to 17 countries and Taiwan, but DOD agencies responsible for end-use monitoring are not required to maintain records on the number and destination of Stinger sales. In addition, DOD officials overseas use inconsistent practices when inspecting Stinger inventories because DOD lacks procedures for conducting these inspections. For example, DOD has no requirements for DOD organizations responsible for end-use monitoring to keep records on the number and destinations of these Stingers. Effectively Addressing Rail and Mass Transit Security Issues: The strategy recognizes "the importance of security for all forms of transportation." As we testified[Footnote 37] in March and September 2003, certain characteristics of mass transit systems make them inherently vulnerable to terrorist attacks and a challenge to secure. By design, mass transit systems are open (i.e., have multiple access points and, in some case, no barriers) so that they can move large numbers of people quickly. In contrast, the aviation system is housed in closed and controlled locations with few entry points. The openness of mass transit systems can leave them vulnerable because transit officials cannot monitor or control who enters or leaves the systems. In addition, other characteristics of some transit systems--high ridership, expensive infrastructure, economic importance, and location (e.g., large metropolitan areas or tourist destinations)--also make them attractive targets because of the potential for mass casualties and economic damage. Moreover, some of these same characteristics make mass transit systems difficult to secure. For example, the number of riders that pass through a mass transit system--especially during peak hours--makes some security measures, such as metal detectors, impractical. In addition, the multiple access points along extended routes make the costs of securing each location prohibitive. Further complicating transit security is the challenge faced by transit agencies in balancing security concerns with accessibility, convenience, and affordability. Because transit riders often could choose another means of transportation, such as personal automobile, transit agencies must compete for riders. To remain competitive, transit agencies must offer convenient, inexpensive, and high-quality service. Therefore, security measures that limit accessibility, cause delays, increase fares, or otherwise cause inconvenience could push people away from mass transit and back into their cars. The size and diversity of the freight rail system make it a challenge to adequately secure. The freight rail system's extensive infrastructure crisscrosses the nation and extends beyond our borders to move millions of tons of freight each day. There are over 100,000 miles of rail in the United States. The extensiveness of the infrastructure creates an infinite number of targets for terrorists. In addition, protecting freight rail assets from attack is made more difficult because of the tremendous variety of freight hauled by railroads. For example, railroads carry freight as diverse as dry bulk (grain) and hazardous materials.[Footnote 38] The transport of hazardous materials is of particular concern because serious incidents involving these materials have the potential to cause widespread disruption or injury. In 2001, over 83 million tons of hazardous materials were shipped by rail in the United States across the rail network, which extends through every major city as well as thousands of small communities. The 9/11 Commission made recommendations related to this challenge. Effectively Implementing the Maritime Transportation Security Act: The strategy calls for "targeted improvements in the areas of maritime domain awareness, command and control systems, and shore-side facilities." In response to concerns regarding port security, Congress passed the Maritime Transportation Security Act (MTSA), mandating specific security preparations for America's maritime ports. Passed in November 2002, MTSA imposed an ambitious schedule of requirements on a number of federal agencies. MTSA called for a comprehensive security framework--one that included planning, personnel security, and careful monitoring of vessels and cargo. Agencies responsible for implementing the security provisions of MTSA and have made progress in meeting their requirements. However, in a September 2003 testimony, we identified challenges that merit attention and further oversight.[Footnote 39] The main security-related challenge involves the implementation of a vessel identification system. MTSA called for the development of an automatic identification system. Coast Guard implementation calls for a system that would allow port officials and other vessels to determine the identity and position of vessels entering or operating within the harbor area. Such a system would provide an "early warning" of an unidentified vessel or a vessel that was in a location where it should not be. To implement the system effectively, however, requires considerable land-based equipment and other infrastructure that is not currently available in many ports. As a result, for the foreseeable future, the system will be available in less than half of the 25 busiest U.S. ports. Challenges also exist regarding the proposed approach for meeting MTSA's requirement that the Secretary of DHS approve security plans for all vessels operating in U.S. waters. Vessel security plans include taking such steps as responding to assessed vulnerabilities, designating security officers, conducting training and drills, and ensuring that appropriate preventive measures will be taken against security incidents. To implement this MTSA requirement, the Coast Guard has stated, in general, that it is not the Coast Guard's intent to individually approve vessel security plans for foreign vessels. The Coast Guard provides that it will deem a flag-state approval of a vessel security plan to constitute the MTSA-required approval of MTSA vessel security plans. However, MTSA does not mention any role for foreign nations in the required approval of vessel security plans, and some concerns have been raised about the advisability of allowing flag states--some with a history of lax regulation--to ensure the security of vessels traveling to the United States. Another security-related challenge involves the Coast Guard's efforts to address MTSA's security planning requirements through a series of security assessments of individual ports. Security assessments are intended to be in-depth examinations of security threats, vulnerabilities, consequences, and conditions throughout a port, including not just transportation facilities but also factories and other installations that pose potential security risks. The Coast Guard had begun these assessments before MTSA was passed and decided to continue the process, changing it as needed to meet MTSA planning requirements, which include developing area security plans based on the evaluation of specific facilities throughout the port. Issues were found in the scope and quality of the assessments and their usefulness to port stakeholders. The Gilmore Commission made recommendations related to this challenge. Improving Container Cargo Security: The strategy states that "containers are an indispensable but vulnerable link in the chain of global trade" and has an initiative to "increase the security of international shipping containers." As we stated in our July 2003 report,[Footnote 40] CBP has taken steps to address the challenge of terrorist threats to oceangoing cargo containers through a targeting strategy. CBP faces continuing challenges in targeting containers for inspections. CBP needs upon which to target containers for inspection. CBP does not have a national system for reporting and analyzing inspection statistics, and the data are generally not readily available by risk level (e.g., low, medium, high), were not uniformly reported, were difficult to interpret, and were incomplete. Further, we testified in March 2004, space limitations and safety concerns about inspection equipment constrain some ports in their utilization of screening equipment, which has affected the efficiency of examinations.[Footnote 41] The Gilmore Commission made recommendations related to this challenge. Directly related to the challenge of improving cargo container security are the challenges associated with the CBP's implementation of its Container Security Initiative, which allows CBP officials to screen for high-risk containers at key overseas ports, and its Customs-Trade Partnership against Terrorism (C-TPAT), which is designed to improve global supply chain security in the private sector. Both of these programs were launched quickly in an effort to secure ocean containers bound for the United States. However, a number of challenges must be overcome if these programs are going to accomplish the desired outcome and achieve long-term effectiveness. One of the these challenges is the development of human capital plans that clearly describe how CSI and C- TPAT will recruit, train, and retain staff to meet their growing demands as they expand to other countries and implement new program elements. Another challenge involves the expansion of efforts already initiated to develop performance measures for CSI and C-TPAT that include outcome-oriented indicators. Finally, strategic plans must be developed that clearly lay out CSI and C-TPAT goals, objectives, and detailed implementation strategies. Recapitalizing the U.S. Coast Guard: The continued recapitalization of the U.S. Coast Guard is specifically called for in the homeland security strategy. In 2002, the Coast Guard began its largest and most complex recapitalization challenge in its history, the Integrated Deepwater System program. As part of the Deepwater program, the Coast Guard is estimated to spend about $17 billion over 20 years to replace or modernize its fleet of cutters, aircraft, and communications equipment used for missions generally beyond 50 miles from shore. Just 3 years into the program, the Coast Guard has already experienced management challenges. In March 2004,[Footnote 42] we reported that key components needed for the Coast Guard to manage the program and oversee the system integrator's performance have not been effectively implemented. For example, we reported that the Coast Guard's integrated product teams have struggled to effectively collaborate and accomplish their missions, and management has not measured the extent of competition among suppliers or held the system integrator accountable for taking steps to increase competition in order to control future costs. In addition, in June 2004,[Footnote 43] we expressed concern that the Coast Guard had not updated Deepwater's original 2002 acquisition schedule. We noted that maintaining a current acquisition schedule for programs of similar scope--s