This is the accessible text file for GAO report number GAO-07-455 entitled 'Information Technology: Numerous Federal Networks Used to Support Homeland Security Need to Be Better Coordinated with Key State and Local Information-Sharing Initiatives' which was released on May 4, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Chairman, Committee on Homeland Security, House of Representatives: April 2007: Information Technology: Numerous Federal Networks Used to Support Homeland Security Need to Be Better Coordinated with Key State and Local Information-Sharing Initiatives: GAO-07-455: GAO Highlights: Highlights of GAO-07-455, a report to the Chairman, Committee on Homeland Security, House of Representatives Why GAO Did This Study: A key challenge in securing our homeland is ensuring that critical information collected by the Department of Homeland Security (DHS) and the Department of Justice (DOJ) is shared in a timely manner with federal, state, and local governments and the private sector. It is important that federal networks and associated systems, applications, and data facilitate this vital information sharing. GAO was asked to (1) identify DHS and DOJ networks and Internet-based system applications that support homeland security and (2) determine whether DHS efforts associated with its Homeland Security Information Network are being coordinated with key state and local information-sharing initiatives. GAO assessed the coordination between DHS and two key state and local initiatives of the Regional Information Sharing System program. What GAO Found: The Departments of Homeland Security and Justice have 17 major networks that support their homeland security missions, including sharing information with state and local governments. Examples include DHS’s Homeland Secure Data Network and DOJ’s Justice Consolidated Network. The departments also have four system applications that use the Internet. Among the four are DHS’s Homeland Security Information Network—the department’s primary information technology system for sharing terrorism and related information—and DOJ’s Law Enforcement Online. While some networks and applications are used solely within their respective departments, others are used both within the department and by other federal, state, and local agencies and the private sector. For example, of the 17 networks, 9 are used only within their own department, and 8 are used within the department and by other federal, state, and local agencies. The reported cost to develop, operate, and maintain these networks and applications in fiscal years 2005 and 2006 was $893.1 million. DHS is statutorily responsible for coordinating the federal government’s networks and related systems with state and local governments. Federal guidance directs DHS to foster such coordination and collaboration as a means to enhance information sharing and avoid duplicative efforts. Key practices to help implement the guidance include establishing joint strategies and compatible policies and procedures to operate across agency boundaries. However, DHS did not fully adhere to these practices in coordinating efforts on its Homeland Security Information Network with key state and local information- sharing initiatives. For example, it did not work with the two key state and local information-sharing initiatives (of the Regional Information Sharing System program) to fully develop joint strategies to meet mutual needs. It also did not develop compatible policies, procedures, and other means to operate across organizational boundaries. DHS’s limited use of these practices is attributable in part to the department’s expediting its schedule to deploy information- sharing capabilities after September 11, 2001, and in doing so not developing an inventory of key state and local information-sharing initiatives. DHS officials have efforts planned and under way to improve coordination and collaboration, including establishing an advisory committee to obtain state and local views on network operations. DHS also plans to coordinate its efforts with the Administration’s Information Sharing Environment initiative that aims to improve information sharing among all levels of government and the private sector. However, these activities have either just begun or are being planned. Consequently, until DHS develops an inventory of key state and local initiatives and fully implements coordination and collaboration practices, it is at risk that effective information sharing is not occurring and that its Homeland Security Information Network may be duplicating state and local capabilities. This also raises the issue of whether similar coordination and duplication issues exist with the other homeland security networks, systems, and applications under DHS’s purview. What GAO Recommends: To improve coordination with state and local information sharing efforts and avoid duplication, GAO is recommending, among other things, that DHS inventory key state and local initiatives, implement coordination and collaboration practices, and ensure its efforts are consistent with the Administration’s information-sharing initiative. In its written comments, DHS concurred with the above recommendations and noted actions it is taking to implement them. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-455]. To view the full product, including the scope and methodology, click on the link above. For more information, contact David Powner at (202) 512- 9286 or pownerd@gao.gov. [End of section] Contents: Letter: DHS and DOJ Networks and Internet-Based System Applications That Support Homeland Security: DHS Efforts to Coordinate Its Homeland Security Information Network with Key State and Local Information-Sharing Initiatives: Conclusions: Recommendations: Appendixes: Appendix I: Briefing Provided to Staff, House Committee on Homeland Security: Appendix II: Comments from the Department of Homeland Security: Appendix III: GAO Contact and Staff Acknowledgments: Abbreviations: DHS: Department of Homeland Security:: DOJ: Department of Justice: HSIN: Homeland Security Information Network: IT: information technology: OMB: Office of Management and Budget: RISS: Regional Information Sharing System: RISSNET: Regional Information Sharing System Secure Intranet:: RISS ATIX: Regional Information Sharing System Automated Trusted Information Exchange: April 16, 2007: The Honorable Bennie G. Thompson: Chairman: Committee on Homeland Security: House of Representatives: Dear Chairman Thompson: One of the challenges in securing our homeland is ensuring that critical information collected and analyzed by the Department of Homeland Security (DHS) and the Department of Justice (DOJ) is shared in a timely and secure manner with a variety of parties within federal, state, and local governments, as well as the private sector. In 2005,[Footnote 1] and more recently in January 2007,[Footnote 2] we designated homeland security information sharing as a high-risk area. Consequently, it is important that federal networks and associated systems, applications, and data facilitate this vital information sharing, and do so in a manner that produces effective information sharing among and between the various levels of government and avoids unnecessary and duplicative efforts. This is particularly crucial for DHS's Homeland Security Information Network, which is the department's primary information technology system for sharing terrorism and related information. To address these and related information sharing challenges, the Administration, in response to congressional direction, recently issued a plan to establish, in 3 years, an Information Sharing Environment. This initiative is intended to combine policies, procedures, and networks and other technologies that link people, systems, and information among all appropriate federal, state, local, and tribal entities and the private sector. This report responds to your request that we (1) identify existing and planned communications networks and Internet-based system applications within DHS and DOJ that support homeland security and (2) determine whether DHS efforts associated with its Homeland Security Information Network are being coordinated with key state and local information- sharing initiatives. On January 24, 2007, we provided this briefing to House Homeland Security Committee staff. This report transmits the presentation slides we used to brief the staff and recommendations that we made to the Secretary of Homeland Security and the Director, Office of Operations Coordination, who is responsible for managing the Homeland Security Information Network program. The full briefing, including our scope and methodology, is reprinted as appendix I. DHS and DOJ Networks and Internet-Based System Applications That Support Homeland Security: The Departments of Homeland Security and Justice have 17 major networks that they use to support their homeland security missions, including sharing information with state and local governments. Examples include DHS's Homeland Secure Data Network and DOJ's Justice Consolidated Network. The departments also have four system applications that use the Internet. Among the four are DHS's Homeland Security Information Network and DOJ's Law Enforcement Online. The networks and system applications range from top secret to unclassified. Of the 17 federal networks, 4 are categorized as either top secret or secret, 12 are categorized as sensitive but unclassified, and 1 is unclassified. All of the four system applications are categorized as sensitive but unclassified. While some networks and applications are used solely within their respective departments, others are used both within the department and by other federal agencies, as well as state and local governments and private sector entities. Of the 17 networks, 9 are used only within their own department, and 8 are used within the department and by other federal, state, and/or local agencies. All four of the Internet-based applications are used both within the department and by other federal agencies, as well as state and local organizations. The total cost to develop, operate, and maintain these networks and applications in fiscal years 2005 and 2006, as reported by DHS and DOJ, was $893.1 million. Of this total, the networks accounted for the vast majority of the cost at $830.5 million. DHS Efforts to Coordinate Its Homeland Security Information Network with Key State and Local Information-Sharing Initiatives: DHS is statutorily responsible for coordinating the federal government's networks and other communications systems, like the department's Homeland Security Information Network, with state and local governments. The Office of Management and Budget (OMB) guidance requires DHS to foster such coordination and collaboration as a means to improve government performance, including enhancing information sharing and avoiding duplication of effort. Key practices to help implement the guidance include establishing joint strategies and developing compatible policies and procedures to operate across agency boundaries. However, DHS did not fully adhere to these practices or guidance in coordinating its efforts on the Homeland Security Information Network with key state and local information-sharing initiatives. For example, in developing the system, the department did not work with the two key state and local initiatives, which are major parts of the Regional Information Sharing System program,[Footnote 3] to fully develop joint strategies to meet mutual needs. In addition, it did not develop compatible policies, procedures, and other means to operate across organizational boundaries. DHS's limited use of these practices is attributable to a number of factors, including the department's expediting its schedule to deploy information-sharing capabilities after the events of September 11, 2001, and in doing so not developing a comprehensive inventory of key state and local information-sharing initiatives. Consequently, the department faces the risk that, among other things, effective information sharing is not occurring. It also faces the risk that the Homeland Security Information Network may be duplicating state and local capabilities. DHS officials stated that the department has efforts planned and under way to improve coordination and collaboration. For example, it is developing an integration strategy to allow other entities' applications and networks to more easily connect with its Homeland Security Information Network. In addition, the department is establishing a Homeland Security Information Network Advisory Committee, that includes state and local officials, whose charge is to advise the department on how it can better meet user needs, including examining DHS processes for deploying the Homeland Security Information Network to the states as well as assessing what resources states already have and how DHS can leverage them. DHS also plans to coordinate its improvements efforts with the Administration's initiative to establish the Information Sharing Environment. While these are steps in the right direction, they have either just begun or are being planned, with milestones for implementation yet to be defined. Conclusions: DHS and DOJ have a vast array of major federal networks and Internet- based applications, reported to cost almost one billion dollars over the past 2 years, that are key to these departments achieving their homeland security missions, including sharing information with state and local governments. While DHS is responsible for coordinating these network and system efforts among federal, state, and local governments, it has not done so effectively with regard to its primary information-sharing system and two key state and local initiatives. This was due largely to the department's hasty approach to delivering needed information-sharing capabilities; in doing so, DHS did not follow key coordination and collaboration practices and guidance or invest the time to inventory and fully understand how it could leverage state and local approaches. Consequently, the department faces the risk that effective information sharing is not occurring and that its Homeland Security Information Network may be duplicating existing state and local capabilities. DHS recognizes these risks and has improvements planned and under way to address them, but it has yet to establish dates for when the improvements will be fully completed and institutionalized. The limited use of the guidance and practices and the absence of an inventory raise doubt about whether DHS is effectively coordinating its Homeland Security Information Network efforts with all other key state and local information initiatives. DHS's activities at the state and local level also raise questions about whether it has adequately addressed coordination and duplication issues with regard to the other federal homeland security networks and associated systems and applications under the department's purview. Given what is at stake, it is extremely important that DHS authorities expeditiously address these issues and mitigate the associated risks. Further, in doing so, it is imperative to ensure that any and all efforts to address coordination issues are not done in isolation but rather in a manner that is consistent with implementation of the recently issued Information Sharing Environment plan. Recommendations: We recommend that the Secretary of Homeland Security direct the Director, Office of Operations Coordination, to ensure that the Homeland Security Information Network efforts are effectively coordinated with key state and local government information-sharing initiatives. This should include, * identifying existing and planned key state and local information- sharing initiatives and assessing whether there are opportunities for the program to improve information sharing and avoid duplication of effort; * where there are opportunities, adopting and institutionalizing key practices related to OMB's guidance on enhancing and sustaining agency coordination and collaboration, including developing documented policies and procedures to operate across organizational boundaries; and: * ensuring that its coordination efforts are consistent with implementation of the Information Sharing Environment plan. We also recommend that the Secretary of Homeland Security determine whether there are coordination and duplication issues with other homeland security networks and associated systems and applications. In each case where issues are identified, the Secretary should direct the appropriate department executive to ensure that the efforts are effectively coordinated consistent with our recommendation above. Agency Comments and Our Evaluation: In DHS's written comments on a draft of this report, which were contained in a letter signed by the Director, Departmental GAO/Office of Inspector General Liaison, the department stated it agreed with our recommendations on identifying and inventorying key state and local initiatives, implementing coordination and collaboration practices, and ensuring its efforts are consistent with implementation of the Information Sharing Environment plan. In addition, DHS described actions it is taking to address each recommendation. However, these actions did not specifically include whether the department is to identify and inventory existing and planned key state and local information-sharing initiatives. As we stated in our briefing, without this inventory, the department will have limited knowledge of state and local initiatives and will continue to risk duplicating these capabilities. With regard to our recommendation on determining whether coordination and duplication issues exist with other homeland security systems, DHS said that it is still taking the recommendation under advisement and plans to provide an update to appropriate congressional committees and the OMB within 60 days of our report's issuance. DHS's comments are reprinted in appendix II. As agreed with your office, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies of this report to the Secretary of Homeland Security, the Attorney General, and the Director of OMB. Copies are also available at no charge on the GAO Web site at [Hyperlink, http://www.gao.gov.] Should you or your office have questions on matters discussed in this report, please contact me at (202) 512-9286 or at pownerd@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made key contributions to this report are listed in appendix III. Sincerely yours, Signed by: David A. Powner: Director, Information Technology Management Issues: [End of section] Appendix I: Briefing Provided to Staff, House Committee on Homeland Security: Information Technology: Numerous Federal Networks Used to Support Homeland Security Need to Be Better Coordinated with Key State and Local Information Sharing Initiatives: Briefing to Staff of the House Committee on Homeland Security: January 23, 2007: Overview: Introduction: Objectives, Scope, and Methodology: Results in Brief: Background: Results: * Objective 1: * Objective 2: Conclusions: Recommendations: Agency Comments: Appendix I: Detailed Scope and Methodology: Appendix II: Definitions and Descriptions: Introduction: One of the challenges in securing our homeland is ensuring that critical information collected and analyzed by the Department of Homeland Security (DHS) and Department of Justice (DOJ) is shared in a timely and secure manner with a variety of parties within federal, state, and local governments, as well as the private sector. It is important that federal networks and associated systems, applications, and data facilitate this vital information sharing, and do so in a manner that produces effective information sharing among and between the various levels of government and avoids unnecessary and duplicative efforts. This is particularly crucial for DHS's Homeland Security Information Network, which is the department's primary information technology system for sharing terrorism and related information. To address these and related information sharing challenges, the Administration, in response to congressional direction, recently issued a plan to establish, in 3 years, an Information Sharing Environment that is to combine policies, procedures, and networks and other technologies that link people, systems, and information among all appropriate federal, state, local, and tribal entities and the private sector. Objectives, Scope, and Methodology: As agreed, our objectives were to: identify existing and planned communications networks and Internet- based system applications within DHS and DOJ that support homeland security, and: determine whether DHS efforts associated with its Homeland Security Information Network (HSIN) are being coordinated with key state and local information-sharing initiatives. For the first objective, we identified and analyzed descriptive data (e.g., type of network, estimated costs) on the major networks and Internet-based system applications identified by DHS and DOJ as being developed or operated and maintained by them in support of their homeland security missions. For our second objective, we analyzed the extent to which the development and use of DHS's HSIN has been coordinated with two key state and local homeland security information-sharing initiatives: the Regional Information Sharing System Secure Intranet and the Automated Trusted Information Exchange, which are major parts of the Regional Information Sharing System program. We selected these initiatives based on our discussions with state and local officials (e.g., National Association of State Chief Information Officers, National Governors Association, and state fusion centers) and our review of available documentation. We assessed the extent of coordination and collaboration between DHS and the Regional Information Sharing System (RISS) program based on the requirements of the Homeland Security Act[Footnote 4] of 2002 and other federal guidance and best practices identified by the Office of Management and Budget (OMB)[Footnote 5] and on prior GAO research and experience at federal agencies.[Footnote 6] In doing so, we also assessed how DHS and RISS ensured that this information was, among other things, relevant, reliable, and timely. Details of our scope and methodology are provided in appendix I. We performed our work from February 2006 through December 2006, in accordance with generally accepted government auditing standards. For the purposes of this review, a network is defined as data communication links that enable computer systems to communicate with each other. Definitions and descriptions of this and other terms are provided in appendix II. Results in Brief Objective 1: Objective 1: DHS and DOJ Have Numerous Networks and Internet-Based System Applications That Support Homeland Security: The Departments of Homeland Security and Justice have 17 major networks that they use to support their homeland security missions, including sharing information with state and local governments. Examples include DHS's Homeland Secure Data Network and DOJ's Justice Consolidated Network. The departments also have four system applications that use the Internet. Among the four are DHS's primary information-sharing system, HSIN, and DOJ's Law Enforcement Online (LEO). The networks and system applications range from top secret to unclassified. Of the 17 federal networks, 4 are categorized as either top secret or secret, 12 are categorized as sensitive but unclassified, and 1 is unclassified. All of the four system applications are categorized as sensitive but unclassified. While some networks and applications are used solely within their respective departments, others are used both within the department and by other federal agencies, as well as state and local governments and private sector entities. Of the 17 networks, 9 are used only within their own department, and 8 are used within the department and by other federal, state, and/or local agencies. All four of the Internet-based applications are used both within the department and by other federal agencies, as well as state and local organizations. The total cost to develop, operate, and maintain these networks and applications in fiscal years 2005 and 2006, as reported by DHS and DOJ, was $893.1 million. Of this total, the networks accounted for the vast majority of the cost at $830.5 million. Results in Brief Objective 2: Objective 2: Department of Homeland Security's Efforts to Coordinate Its Homeland Security Information Network with Key State and Local Information-Sharing Initiatives Have Been Limited: DHS is statutorily responsible for coordinating the federal government's networks and other communications systems, like HSIN, with state and local governments. OMB guidance requires DHS to foster such coordination and collaboration as a means to improve government performance, including enhancing information sharing and avoiding duplication of effort. Key practices to help implement the guidance include establishing joint strategies and developing compatible policies and procedures to operate across agency boundaries. However, DHS did not fully adhere to these practices or guidance in coordinating its efforts on HSIN with key state and local information- sharing initiatives. For example, in developing HSIN, DHS did not work with the two key state and local initiatives, which are major parts of the RISS program, to fully develop joint strategies to meet mutual needs. In addition, DHS did not develop compatible policies, procedures, and other means to operate across organizational boundaries. DHS's limited use of these practices is attributable in part to a number of factors, including the department's expediting its schedule to deploy HSIN capabilities after the events of September 11, 2001, and in doing so not developing a comprehensive inventory of key state and local information-sharing initiatives. Consequently, the department faces the risk that, among other things, effective information sharing is not occurring. DHS also faces the risk that its HSIN system may be duplicating state and local capabilities. The department has efforts planned and under way to improve coordination and collaboration, but these efforts have either just begun or are being planned with implementation milestones yet to be defined. We are making recommendations to the Secretary of Homeland Security to ensure, among other things, that HSIN is effectively coordinated with key state and local government information-sharing initiatives. Such coordination should include identifying and inventorying key state and local initiatives. In addition, where opportunities exist for improving information sharing and avoiding duplication, the department should implement the key practices related to OMB's guidance on agency coordination and collaboration and do so consistent with the President's Information Sharing Environment plan. Background: Departments of Homeland Security and Justice: DHS and DOJ are two key federal departments involved in securing the homeland. DHS's mission includes, among other things, leading the unified national effort to secure America, preventing and deterring terrorist attacks, and protecting against and responding to threats and hazards to the nation. As part of its mission and as required by the Homeland Security Act of 2002, it is also responsible for coordinating efforts across all levels of government and throughout the nation, including federal, state, tribal, local, and private sector homeland security resources. DHS's mission is carried out by its various components, including the following: Customs and Border Protection: Secret Service: Federal Emergency Management Agency: Transportation Security Administration: Immigration and Customs Enforcement: Coast Guard: The figure on the following slide shows these components' organizational placement within DHS as well as other key components that make up the department. Figure: DHS Organizational Structure (simplified): [See PDF for image] Source: GAO analysis of DHS data. [End of figure] DOJ's mission includes, among other things, ensuring public safety against threats foreign and domestic to our country and providing federal leadership in preventing and controlling crime. DOJ's mission is carried out by its various components, such as the: Bureau of Alcohol, Tobacco, Firearms, and Explosives; Bureau of Justice Assistance; Federal Bureau of Investigation; and: Justice Management Division. The figure on the following slide shows these components' organizational placements within DOJ, as well as the other key components that make up the department. Figure: DOJ Organizational Structure (simplified): [See PDF for image] Source: GAO analysis of DOJ data. [End of figure] As we previously reported, DHS, DOJ, and other agencies rely extensively on information technology (IT), such as networks and associated system applications, to carry out their mission and support homeland security. Specifically, in September 2004, we reported that DHS, DOJ, and other federal agencies identified 34 major networks that support homeland security functions-32 operational and 2 in development.[Footnote 7] We also reported that these networks in large part were used for information sharing. Of the 34 major networks, 21 were single-agency networks designed solely for internal communications, and the remaining 13 were used to share information with other organizations, such as federal agencies, state and local governments, and private sector entities. Homeland Security Information Network: A key DHS application that we reported on in 2004 is HSIN.[Footnote 8] DHS considers HSIN to be its primary communication application for transporting sensitive but unclassified information. According to DHS, this network is an encrypted, unclassified, Web-based communications application that serves as DHS's primary nationwide information-sharing and collaboration tool. It is intended to offer both real-time chat and instant messaging capability, as well as a document library that contains reports from multiple federal, state, and local sources. Available through the application are suspicious incident and pre- incident information and analysis of terrorist threats, tactics, and weapons. The application is managed within DHS's Office of Operations Coordination. The figure on the following slide shows HSIN's and the office's organizational placements within DHS. DHS Organizational Structure (simplified): [See PDF for image] Source: GAO analysis of DHS data. [End of figure] HSIN is composed of over 35 communities of interest such as emergency management, law enforcement, counterterrorism, individual states, and private sector communities. Each community of interest has Web pages that are tailored for the community and contain general and community- specific news articles, links, and contact information. The community Web pages also provide access to other resources such as the following: Document library. Users can search the entire document library within the communities they have access to. Discussion threads. HSIN has a discussion thread (or bulletin board) feature that allows users to post information that other users should know about and post requests for information that other users might have. Community administrators can also post and track tasks assigned to users during an incident. Chat tool. HSIN's chat tool, known as Jabber, is similar to other instant message and chat tools-with the addition of security. Users can customize lists of their coworkers and send messages individually or set up chat rooms for more users. Other features include chat logs (which allow users to review conversations), timestamps, and user profiles. More detailed information on HSIN is provided later in the briefing. Regional Information Sharing Systems Program: State and local governments have similar IT initiatives to carry out their homeland security missions, including sharing information. A key state and local-based initiative is the RISS program. The RISS program is a nationwide initiative, operated and managed by state and local officials, to share criminal intelligence among stakeholders in law enforcement, such as federal, state, local, and tribal law enforcement agencies; first responders; and the private sector; to coordinate efforts against crime that operates across jurisdictional lines. Established in 1974, the program consists of six regional information analysis centers that serve as regional hubs across the country. These centers offer services to RISS members in their regions, including information sharing and research, analytical products, case investigation support, funding, equipment loans, and training. Funding for the RISS program is administered through a DOJ grant. Fiscal year 2006 funding for the program was about $40 million. The six regional centers are: Western States Information Network, Rocky Mountain Information Network, Mid-States Organized Crime Information Center, Regional Organized Crime Information Center, Middle Atlantic-Great Lakes Organized Crime Law Enforcement Network, and: New England State Police Information Network. The following figure shows the RISS program's regional territories and corresponding centers. Figure: RISS Jurisdictional Map: [See PDF for image] Sources: RISS and Map Resources (map). [A] Western States Information Network. [B] Rocky Mountain Information Network. [C] Mid-States Organized Crime Information Center. [D] Regional Organized Crime Information Center. [E] Middle Atlantic-Great Lakes Organized Crime Law Enforcement Network. [F] New England State Police Information Network. [End of figure] Among others, RISS operates two key state and local information-sharing initiatives. The first is RISS Secure Intranet, which is commonly referred to as RISSNET; the second is the RISS Automated Trusted Information Exchange, or RISS ATIX.[Footnote 9] RISSNET is intended as a secure network serving law enforcement agencies throughout the United States and other countries. Through this network, RISS offers services such as secure e-mail, document libraries, intelligence databases, Web pages, bulletin boards, and a chat tool. Created in 1996, RISSNET offers resources to member agencies across the nation and internationally. RISS ATIX offers services similar to those described in RISSNET to agencies beyond the law enforcement community, including executives and officials from governmental and nongovernmental agencies and organizations that have public safety responsibilities. RISS ATIX is partitioned into 39 communities of interest, such as critical infrastructure, emergency management, public health, and government officials. Members of each community of interest contribute information to be made available within each community. According to RISS officials, the RISS ATIX application was developed in response to the events of September 11, 2001, and initiated in 2002 as an application to provide tools for information sharing and collaboration among public safety stakeholders, such as first responders and schools. As of July 2006, RISS ATIX supported 1,922 users beyond the traditional users of RISSNET. RISS ATIX uses the technology of RISSNET to offer services through its Web pages. The pages are tailored for each community of interest and contain community-specific news articles, links, and contact information. The pages also provide access to the following features: Document library. Participants can store and search relevant documents within their community of interest. Bulletin board. The RISS ATIX bulletin board allows users to post timely threat information in discussion forums and to view and respond to posted information. Users can post documents, images, and information related to terrorism and homeland security, as well as receive DHS information, advisories, and warnings. According to RISS officials, the bulletin boards are monitored by a RISS moderator to relay any information that might be useful for other communities of interest. Chat tool. ATIXLive is an online, real-time, collaborative communications information-sharing tool for the exchange of information by community members. Through this tool, users can post timely threat information and view and respond to messages posted. Secure e-mail. RISS ATIX participants have access to e-mail that can be used to provide alerts and related information. According to RISS, this is done in a secure environment. GAO Designated Information Sharing as High Risk: In January 2005, we identified[Footnote 10] establishing appropriate and effective information sharing mechanisms to improve homeland security as one of our high-risk areas to monitor. We also reported that while this area had received increased attention, the federal government still faced formidable challenges to sharing information among stakeholders in an appropriate and timely manner in order to minimize risk. To aid with aspects of this challenge, we recommended in a October 2005 report[Footnote 11] that federal agencies with overlapping homeland security information-sharing responsibilities enhance and sustain their collaborative efforts by adopting and implementing certain practices, such as establishing joint strategies and addressing needs by leveraging resources; developing compatible policies, procedures, and other means to operate across agency boundaries; and developing mechanisms to monitor, evaluate, and report on results. Based on our research and experience, these practices are also relevant for collaboration between federal agencies and other levels of government (e.g., state, local). We also noted that until these coordination and collaboration practices are implemented, these agencies face the risk that effective information sharing will not occur. In March 2006, we reported[Footnote 12] on efforts by Congress and the Administration to address these challenges. In particular, we reported that in response to congressional direction, the President had initiated an effort to establish an Information Sharing Environment that is to combine policies, procedures, and networks and other technologies that link people, systems, and information among all appropriate federal, state, local, and tribal entities and the private sector. To assist in this effort, we recommended, among other things, that the Director of National Intelligence assess progress in implementing the Information Sharing Environment, identify barriers to achieving the environment, and propose any necessary changes needed to create the Information Sharing Environment. In November 2006, the Administration issued its plan for implementing this environment and described actions that the federal government intends-in coordination with state, local, tribal, private sector, and foreign partners-to carry out over the next 3 years. Results: Objective 1 Overview Major Homeland Security Networks: Objective 1: DHS and DOJ Have Numerous Networks and Internet-Based System Applications That Support Homeland Security: DHS and DOJ have 17 federal networks that they currently use to support homeland security functions. In addition, the departments reported that they also use the Internet, a publicly available network, via four of the departments' applications to support these homeland security functions. The 17 federal networks are categorized as follows: 2 are top secret, 2 are secret, 12 are sensitive but unclassified, and: 1 is unclassified. Of the 4 applications that use the Internet, all are considered sensitive but unclassified. These federal networks and agency applications are used in some cases solely within their respective agency, while others are also used by other federal agencies, as well as state and local governments and private sector entities. Specifically, of the 17 federal networks, 9 are used solely within their agency, 8 are used both within their agency and by other federal agencies, 5 are used by state governments, and 4 are used by local governments. All of the Internet-based applications are used by other federal agencies and by state and local governments. As reported by the DHS and DOJ, the total cost to develop, operate, and maintain these networks and applications in fiscal years 2005 and 2006 is $893.1 million. Of this total, networks account for $830.5 million, and: applications account for $62.6 million. The table below summarizes the information on these DHS and DOJ networks and Internet-based applications by information security categories, use within and outside the departments, and reported costs (in millions of dollars). DOJ. Networks; Categories: Top Secret: 1; Categories: Secret: 1; Categories: Sensitive but unclassified: 4; Categories: Unclassified: -; Totals: 6; Solely intra-agency: 3; Intra-agency and Intergovernmental: Federal to federal: 3; Intra-agency and Intergovernmental: Federal to state: 2; Intra-agency and Intergovernmental: Federal to local: 2; Reported cost: 2005: $93.4; Reported cost: 2006: $157.7. Internet-Based Applications; Categories: Top Secret: -; Categories: Secret: -; Categories: Sensitive but unclassified: 3; Categories: Unclassified: -; Totals: 3; Solely intra-agency: -; Intra-agency and Intergovernmental: Federal to federal: 3; Intra-agency and Intergovernmental: Federal to state: 3; Intra-agency and Intergovernmental: Federal to local: 3; Reported cost: 2005: $15.3; Reported cost: 2006: $14.9. DHS. Networks; Categories: Top Secret: 1; Categories: Secret: 1; Categories: Sensitive but unclassified: 8; Categories: Unclassified: 1; Totals: 11; Solely intra-agency: 6; Intra-agency and Intergovernmental: Federal to federal: 5; Intra-agency and Intergovernmental: Federal to state: 3; Intra-agency and Intergovernmental: Federal to local: 2; Reported cost: 2005: $273.2[A]; Reported cost: 2006: $306.2[A]. Internet-Based Applications; Categories: Top Secret: -; Categories: Secret: -; Categories: Sensitive but unclassified: 1; Categories: Unclassified: -; Totals: 1; Solely intra-agency: -; Intra-agency and Intergovernmental: Federal to federal: 1; Intra-agency and Intergovernmental: Federal to state: 1; Intra-agency and Intergovernmental: Federal to local: 1; Reported cost: 2005: $11.9; Reported cost: 2006: $20.5. Totals: 21. Total cost: 2005: $393.8[A]; Total Cost: 2006: $499.3[A]. Source: GAO analysis of agency data. [A] Costs for DHS's C Local Area Network are not included in reported figures as the information is not publicly available. [End of table] The following slides provide, by information security categories (e.g., top secret, secret, sensitive but unclassified), each of the networks and Internet-based applications, a description of their functions, including: * how they support homeland security, and: * their use within and outside the department, and; fiscal year 2005 and 2006 costs. Results: Objective 1: Classified Networks: Top Secret: Top Secret Networks: Network name: C Local Area Network; Top Secret Networks: Description: This network, commonly referred to as the C-LAN, is used within DHS to communicate top secret information with the Intelligence Community. It provides connectivity to the Department of Defense’s Joint Worldwide Intelligence Communications System to access, receive, and share intelligence information; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: Not publicly available; Reported cost (in millions): FY 2006: Not publicly available; Total: [Empty]. Top Secret Networks: Network name: Sensitive Compartmental Information Operational Network; Top Secret Networks: Description: This network, also known as SCION, is used to transport top secret counterterrorism data, including intelligence and warning information. For example, it provides an interface with the Department of Defense’s Joint Worldwide Intelligence Communications System that allows Federal Bureau of Investigation agents and analysts to exchange top secret intelligence information with other members of the Intelligence Community; Network users: Intra-agency: DHS: [Empty]; Network users: Intra-agency: DOJ: [A]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $15.1; Reported cost (in millions): FY 2006: $35.3; Total: $50.4. Source: GAO analysis of agency data. [A] Agency uses and is responsible for operating and maintaining the network. [End of table] Results: Objective 1 Classified Networks: Secret: Secret Networks: Network name: Federal Bureau of Investigation; Secret Networks: Description: This network, commonly referred to as the FBINET, is a global-wide area network used for communicating secret information, including investigative case files and intelligence pertaining to national security; it also runs administrative applications; Network users: Intra-agency: DHS: [Empty]; Network users: Intra-agency: DOJ: [A]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $29.1; Reported cost (in millions): FY 2006: $58.6; Total: $87.7. Secret Networks: Network name: Homeland Secure Data Network; Secret Networks: Description: Also known as HSDN, this network transmits homeland security data in support of activities including intelligence, investigations, and inspections that are classified at the secret level. HSDN provides secret connectivity to civilian agencies and is to provide secret connectivity in the future for civilian agencies currently using the Department of Defense’s Secret Internet Protocol Router Network. For example, it is used to transmit intelligence summaries, secure messaging and e-mail correspondence; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [B]; Network users: Intergovernmental: State: [B]; Network users: Intergovernmental: Local: [B]; Reported cost (in millions): FY 2005: $46.2; Reported cost (in millions): FY 2006: $32.6; Total: $78.8. Source: GAO analysis of agency data. [A] Agency uses and is responsible for operating and maintaining the network. [B] Agency that uses the network. [End of table] Summary Information and Description of Sensitive but Unclassified Networks: Sensitive but unclassified Networks: Network name: Coast Guard Data Network Plus; Sensitive but unclassified Networks: Description: Commonly known as CGDN+, this network is used to transmit information such as maritime- related law enforcement information and intelligence supporting drug interdiction, maritime safety and security data, vessel tracking data, search and rescue data, environmental hazard data, border control data, and emergency sealift management data; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [B]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $15.0; Reported cost (in millions): FY 2006: $15.0; Total: $30.0. Sensitive but unclassified Networks: Network name: Critical Infrastructure Warning Information Network; Sensitive but unclassified Networks: Description: CWIN is used to transmit voice and data on infrastructure protection, communication and coordination, alert, and notification. In the event that a significant attack disrupts telecommunications networks or the Internet, the Critical Infrastructure Warning Information Network is to provide secure capability for communications across key government network operations centers, the private and public sectors, and trusted foreign partners. According to DHS, it is the critical, survivable network connecting DHS with the vital sectors that are essential in restoring the nation’s infrastructure during incidents of national significance; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [B]; Network users: Intergovernmental: State: [B]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $12.1; Reported cost (in millions): FY 2006: $12.0; Total: $24.1. Sensitive but unclassified Networks: Network name: Criminal Justice Information Services Wide Area Network; Sensitive but unclassified Networks: Description: This network is also known as the CJIS WAN. It is to provide secure electronic connectivity to information on individuals, vehicles, and property associated with crimes or terrorist organizations to state, local, tribal, and federal law enforcement agencies. It is also used to identify individuals from submitted fingerprints and to exchange deoxyribonucleic acid information, background check information, and criminal history information; Network users: Intra-agency: DHS: [Empty]; Network users: Intra-agency: DOJ: [A]; Network users: Intergovernmental: Other federal agencies: [B]; Network users: Intergovernmental: State: [B]; Network users: Intergovernmental: Local: [B]; Reported cost (in millions): FY 2005: $5.5; Reported cost (in millions): FY 2006: $5.6; Total: $11.1. Sensitive but unclassified Networks: Network name: Customs and Border Protection Network; Sensitive but unclassified Networks: Description: Commonly referred to as the CBP Network, this network is used to transmit sensitive but unclassified data related to Customs and Border Protection’s support of homeland security functions, such as protecting the nation’s borders from terrorists and regulating and facilitating the lawful movement of goods and persons across U.S. borders; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $58.7; Reported cost (in millions): FY 2006: $63.0; Total: $121.7. Sensitive but unclassified Networks: Network name: DHS Core Network; Sensitive but unclassified Networks: Description: Also known as the DCN, this network is used to transmit sensitive but unclassified data related to DHS’s homeland security mission in areas such as customs and border patrol, intelligence and warning, and domestic counter- terrorism; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $13.4; Reported cost (in millions): FY 2006: $10.3; Total: $23.7. Sensitive but unclassified Networks: Network name: FBI Unclassified Network; Sensitive but unclassified Networks: Description: Commonly known as UNet, this network is a national wide area network that provides the Federal Bureau of Investigation with access to sensitive but unclassified intelligence and law-enforcement sensitive information. For example, it provides bureau agents with access to secure mail and the Law Enforcement Online; Network users: Intra-agency: DHS: [Empty]; Network users: Intra-agency: DOJ: [A]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $4.7; Reported cost (in millions): FY 2006: $9.2; Total: $13.9. Sensitive but unclassified Networks: Network name: Justice Consolidated Network; Sensitive but unclassified Networks: Description: Also known as the JCN, this network is used to transmit, among DOJ components, fingerprint, arrest records, and other data relating to the investigation and prosecution of crimes and terrorist activities; Network users: Intra-agency: DHS: [Empty]; Network users: Intra-agency: DOJ: [A]; Network users: Intergovernmental: Other federal agencies: [B]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $30.0; Reported cost (in millions): FY 2006: $31.0; Total: $61.0. Sensitive but unclassified Networks: Network name: Justice Unified Telecommunications Network; Sensitive but unclassified Networks: Description: This network, also known as JUTNet, is used for transmitting sensitive but unclassified information (such as fingerprint and arrest information) pertaining to the investigation and prosecution of crimes and terrorist activities. In addition, it supports video-conferencing and certain voice over Internet protocol services; Network users: Intra-agency: DHS: [Empty]; Network users: Intra-agency: DOJ: [A]; Network users: Intergovernmental: Other federal agencies: [B]; Network users: Intergovernmental: State: [B]; Network users: Intergovernmental: Local: [B]; Reported cost (in millions): FY 2005: $9.0; Reported cost (in millions): FY 2006: $18.0; Total: $27.0. Sensitive but unclassified Networks: Network name: Immigration and Customs Enforcement Network; Sensitive but unclassified Networks: Description: Also known as ICENet, this network supports the data transmission needs of the DHS’s Immigration and Customs Enforcement component. For example, the major programs dependent on this network include the Office of Investigations, the Detention and Removal Office, the Federal Protective Services Office, and the Intelligence Office; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [B]; Network users: Intergovernmental: State: [B]; Network users: Intergovernmental: Local: [B]; Reported cost (in millions): FY 2005: $14.4; Reported cost (in millions): FY 2006: $19.2; Total: $33.6. Sensitive but unclassified Networks: Network name: Secret Service Wide Area Network; Sensitive but unclassified Networks: Description: Commonly referred to as the Secret Service WAN, this network supports the homeland security mission by providing security and protection to our nation’s leaders and financial systems; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $2.8; Reported cost (in millions): FY 2006: $3.1; Total: $5.9. Sensitive but unclassified Networks: Network name: Transportation Security Administration Network; Sensitive but unclassified Networks: Description: This network, also known as TSANet, is a global network used for security operations, intelligence, and law enforcement information sharing. For example, it is used to transmit alerts, fingerprints, and information from the Transportation Security Administration’s mission-critical applications; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [B]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $70.0; Reported cost (in millions): FY 2006: $105.0; Total: $175.0. Sensitive but unclassified Networks: Network name: ONENet; Sensitive but unclassified Networks: Description: ONENet is a single network that is to use dual carriers to support interoperability and data sharing, in all DHS mission areas, between all DHS components. DHS is deploying ONENet to DHS components. ONENet is to consolidate the following seven networks: Coast Guard Data Network Plus, Customs and Border Protection Network, DHS Core Network, Federal Emergency Management Agency Switched Network, Immigration and Customs Enforcement Network, Secret Service Wide Area Network, and Transportation Security Administration Network; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported cost (in millions): FY 2005: $34.6; Reported cost (in millions): FY 2006: $40.0; Total: $74.6. Source: GAO analysis of agency data. [A] Agency uses and is responsible for operating and maintaining the network. [B] Agency that uses the network. [End of table] Results: Objective 1: Sensitive But Unclassified Applications: Sensitive but unclassified applications: Application name: Bomb Arson Tracking System; Sensitive but unclassified applications: Description: Commonly referred to as BATS, this application is a partnership among DOJ, the Alcohol, Tobacco, Firearms, and Explosives’ Bomb Data Center, and members of the nation's fire and post-blast investigative communities. Its purpose is to provide these organizations with a comprehensive incident-based information-sharing system; Application users: Intra-agency: DHS: [Empty]; Application users: Intra-agency: DOJ: [A]; Application users: Intergovernmental: Other federal agencies: [B]; Application users: Intergovernmental: State: [B]; Application users: Intergovernmental: Local: [B]; Reported Cost (in millions): FY 2005: $0.2; Reported Cost (in millions): FY 2006: $0.3; Total: $0.5. Sensitive but unclassified applications: Application name: eTrace; Sensitive but unclassified applications: Description: The eTrace application is a Web-based firearm trace submission system and trace analysis module for use by approved law enforcement agencies. The purpose of the eTrace application is to improve the efficiency of the firearm tracing process and provide for the secure exchange of firearms trace-related information between the law enforcement community and Alcohol, Tobacco, Firearms, and Explosives Bureau; Application users: Intra-agency: DHS: [Empty]; Application users: Intra-agency: DOJ: [A]; Application users: Intergovernmental: Other federal agencies: [B]; Application users: Intergovernmental: State: [B]; Application users: Intergovernmental: Local: [B]; Reported Cost (in millions): FY 2005: $0.2; Reported Cost (in millions): FY 2006: $0.1; Total: $0.3. Sensitive but unclassified applications: Application name: Homeland Security Information Network; Sensitive but unclassified applications: Description: Also known as HSIN, this application provides connectivity between DHS’s National Operations Center, the National Center for Real-Time Threat Monitoring, domestic incident management and information sharing—and select private industry as well as the federal, state, and local organizations responsible for or involved in combating terrorism, responding to critical incidents, and managing special events; Application users: Intra-agency: DHS: [A]; Application users: Intra-agency: DOJ: [Empty]; Application users: Intergovernmental: Other federal agencies: [B]; Application users: Intergovernmental: State: [B]; Application users: Intergovernmental: Local: [B]; Reported Cost (in millions): FY 2005: $11.9; Reported Cost (in millions): FY 2006: $20.5; Total: $32.4. Sensitive but unclassified applications: Application name: Law Enforcement Online; Sensitive but unclassified applications: Description: This application, commonly known as LEO, is a real time on-line controlled access communications and information-sharing data repository. It supports an Internet-accessible focal point for electronic sensitive but unclassified communication and information sharing with federal, state, local, and tribal law enforcement agencies. For example, it contains information about, among other things, anti-terrorism, intelligence, law enforcement, and criminal justice; Application users: Intra-agency: DHS: [Empty]; Application users: Intra-agency: DOJ: [A]; Application users: Intergovernmental: Other federal agencies: [B]; Application users: Intergovernmental: State: [B]; Application users: Intergovernmental: Local: [B]; Reported Cost (in millions): FY 2005: $14.9; Reported Cost (in millions): FY 2006: $14.5; Total: $29.4. Source: GAO analysis of agency data. [A] Agency uses and is responsible for operating and maintaining the application. [B] Agency that uses the application. [End of table] Results: Objective 1 Unclassified Network: Summary Information and Functional Description of Unclassified Network: Unclassified networks: Network name: Federal Emergency Management Agency Switched Network; Unclassified networks: Description: This network, commonly known as the FEMA Switched Network, provides support for emergency coordination of federal, state, and local operations, disaster assistance, and government recovery efforts. For example, it is used to pass information on disaster victims and logistics for disasters, in addition to normal business; Network users: Intra-agency: DHS: [A]; Network users: Intra-agency: DOJ: [Empty]; Network users: Intergovernmental: Other federal agencies: [Empty]; Network users: Intergovernmental: State: [Empty]; Network users: Intergovernmental: Local: [Empty]; Reported Cost (in millions): FY 2005: $6.0; Reported Cost (in millions): FY 2006: $6.0; Total: $12.0. Source: GAO analysis of agency data. [A] Agency uses and is responsible for operating and maintaining the network. [End of table] Results: Objective 2 Limited Coordination: Department of Homeland Security's Efforts to Coordinate Its Homeland Security Information Network with Key State and Local Information- Sharing Initiatives Have Been Limited: As previously discussed, the Homeland Security Act of 2002 requires DHS to, among other things, coordinate the federal government's homeland security communications systems with all levels of government, including state and local. OMB guidance also requires DHS to foster such coordination and collaboration as a means to improving government performance, including enhancing information sharing and reducing or eliminating duplicative programmatic and IT efforts.[Footnote 13] In October 2005, we identified and reported on key practices related to OMB's guidance that can help enhance and sustain agency coordination and collaboration.[Footnote 14] Examples of key practices cited include: establishing joint strategies and addressing needs by leveraging resources; developing compatible policies, procedures, and other means to operate across agency boundaries; and: developing mechanisms to monitor, evaluate, and report on results. However, DHS did not fully adhere to these practices in coordinating its efforts on HSIN with key state and local information-sharing initiatives. For example, in developing HSIN, DHS did not work with two RISS program initiatives to fully develop joint strategies to meet mutual needs. DHS's limited use of these practices is attributable to a number of factors, including the department's expedited schedule to deploy HSIN capabilities after the events of September 11, 2001, and in doing so, not developing an inventory of key state and local information initiatives. Until the department fully implements these coordination and collaboration practices and guidance, it faces the risk that effective information sharing is not occurring. First, while DHS officials met with RISS program officials to discuss exchanging terrorism related documents, joint strategies for meeting mutual needs by leveraging resources have not been fully developed. Specifically: DHS did not engage the RISS program in ongoing dialogue to determine how resources could be leveraged to meet mutual needs. According to RISS program officials, they met with DHS on September 25, 2003, and January 7, 2004, to demonstrate that their RISS ATIX application could be used by DHS for sharing homeland security information. However, communication from DHS on this topic stopped after the meetings with no explanation. DHS officials told us they could not remember having the meetings and attributed this to people in the meetings no longer being at DHS. While DHS initially pursued a limited strategy of exchanging selected terrorism-related documents with the RISS program, the strategy has been impeded by technical issues and by differences in what each organization considers to be terrorism information. For example, the exchange of documents between HSIN and the RISS program stopped on August 1, 2006, due to technical problems with HSIN's upgrade to a new infrastructure. As of December 2006, the exchange of terrorism-related documents had not resumed. HSIN program management told us that they are currently working to fix this issue, and it should be resolved by February 2007. Second, DHS has not fully developed coordinated policies, procedures, and other means to operate across agency boundaries with the RISS program. For example: DHS did not work with the RISS program to develop coordinated policies, procedures, and other means for leveraging the RISS program's available technological resources. According to the program manager, DHS now plans to develop coordinated policies with, among others, state and local entities. However, DHS did not provide a date by when this will be done. Although an operating agreement was established to govern the exchange of terrorism-related documents, according to RISS officials it did not cover the full range of information available through the RISS program. Third, DHS did not develop mechanisms to monitor, evaluate, and report on the results of these collaboration efforts. According to the HSIN program manager, DHS is working on providing a feedback mechanism by which users are able to report systems issues. DHS plans to implement this by February 2007. The extent of DHS's adherence to key practices (and the resulting limited coordination) is attributable to the following: DHS was on a short schedule to deploy an information sharing application that could be used across the federal government in the wake of 9/11; in its haste, DHS did not develop an inventory of key state and local information initiatives. According to DHS officials, they currently still do not have a complete inventory of key state and local information sharing initiatives. Consistent with this, DHS's Office of Inspector General recently reported that DHS developed HSIN in a rapid and ad hoc manner, and among other things, did not adequately identify existing federal, state, and local resources, such as RISSNET, that it could have leveraged.[Footnote 15] DHS did not fully understand the RISS program. Specifically, DHS officials did not acknowledge the RISS program as a state and local based program with which to partner, but instead considered the RISS program to be one of many vendors providing a tool for information sharing. Further, DHS officials believed that the RISS program was solely focused on law enforcement information and did not capture the broader terrorism-related or other information of interest to the department. Until DHS fully implements key coordination and collaboration practices, it faces the risk that effective information sharing is not occurring. In addition, the department also faces the increased risk that it may be developing and deploying capabilities on HSIN that duplicate those being established by state and local agencies. There is evidence that this has already occurred with respect to the RISS program. Specifically: HSIN and RISS ATIX currently target similar user groups. DHS and the RISS program are independently striving to make their applications available to user communities involved in the prevention of, response to, mitigation of, and recovery from terrorism and disasters across the country. For example, HSIN and RISS ATIX are being used and marketed for use at state fusion centers[Footnote 16] and other state organizations such as emergency management agencies across the country. HSIN and RISS applications have similar approaches for sharing information with their users. For example, on each application, users from a particular community-such as emergency management-have access to a portal or community area tailored to the user's information needs. The community-based portals have similar features focused on user communities. Both applications provide each community with the following features: Web pages. Tailored for communities of interest (e.g., law enforcement, emergency management, critical infrastructure sectors), these pages contain general and community-specific news articles, links, and contact information. Bulletin boards. Participants can post and discuss information. Chat tool. Each community has its own online, real-time, interactive collaboration application. Document library. Participants can store and search relevant documents. Beyond these collaboration tools, RISSNET also provides access to other law enforcement resources such as analytical criminal data- visualization tools and criminal intelligence databases. DHS and RISS state that their applications, the HSIN Law Enforcement portal and RISSNET, comply with part 23 of title 28, Code of Federal Regulations, which requires criminal intelligence systems to protect the individual privacy and constitutional rights of individuals. Improvements Planned and Under Way: According to DHS officials, including the HSIN program manager, the department has efforts planned and under way to improve coordination. For example: The department is in the process of developing an integration strategy that is to include enhancing HSIN in a manner that allows for other applications and networks to better integrate information sharing capabilities by plugging in to HSIN, thereby allowing other federal agencies and state and local governments to use their preferred application and networks-such as RISSNET and RISS ATIX-for information sharing while allowing DHS to continue to use HSIN. The department is forming an HSIN Mission Coordinating Committee, whose role and responsibilities are to be defined in a management directive. Membership is to consist of DHS offices and components with operational missions involving information sharing, communication, and collaboration. The committee is also expected to, for example, work to ensure that all HSIN users are coordinated in information-sharing relationships of mutual value to them, as well as help define operational priorities for HSIN in support of DHS's mission. The department has recently developed engagement, communications, and feedback strategies for better coordination and communication with HSIN. The strategies are expected to facilitate the HSIN program's relationship with users by, for example, enhancing user awareness of applicable HSIN contact points and changes to the system. The HSIN program management office is being reorganized to help the department better meet user needs. According to the program manager, this reorganization has included the use of integrated process teams to better support DHS's operational mission priorities as well as the establishment of a strategic framework and implementation plan for meeting the office's key activities and vision. The program office is in the process of establishing a Homeland Security Information Network Advisory Committee. This is a panel of homeland security officials, including state and local officials, whose charge is to advise DHS on how the HSIN program can better meet user needs. According to the program manager, as part of this committee, DHS plans to examine its processes for deploying HSIN to the states, as well as to assess what resources states already have and how HSIN can coordinate with them. The program intends to coordinate these improvement efforts with the efforts to implement the Information Sharing Environment. While these are positive steps designed to address shortfalls in the department's coordination practices on HSIN, they have either just begun or are planned, with milestones for implementation yet to be defined. Until all the practices are fully implemented and institutionalized, DHS will continue to be at risk of not effectively sharing information. Conclusions: DHS and DOJ have a vast array of major federal networks and Internet- based applications, reported to cost almost a billion dollars over the past 2 years, that are key to these departments achieving their homeland security missions, including sharing information with state and local governments. While DHS is responsible for coordinating these network and system efforts among federal, state, and local governments, it has not done so effectively with regard to its primary information-sharing system and two key state and local initiatives. This was due largely to the department's hasty approach to delivering needed information sharing capabilities; in doing so, DHS did not follow key coordination and collaboration practices and guidance or invest the time to inventory and fully understand how it could leverage state and local approaches. Consequently, the department faces the risk that effective information sharing is not occurring and that its HSIN system may be duplicating existing state and local capabilities. DHS recognizes these risks and has improvements planned and under way to address them, but it has yet to establish dates for when the improvements will be fully completed and institutionalized. The limited use of the key coordination and collaboration practices and guidance and the absence of an inventory raise doubt about whether DHS is effectively coordinating its HSIN efforts with all other key state and local information initiatives. It also raises the issue of whether similar coordination and duplication issues arise with the other federal homeland security networks and associated systems and applications under the department's purview. Given what is at stake, it is extremely important that DHS authorities expeditiously address these issues and mitigate the associated risks. Further, in doing so, it is imperative that any and all efforts to address coordination issues not be done in isolation but rather in a mode that is consistent with implementation of the recently issued Information Sharing Environment plan. Recommendations: We recommend that the Secretary of Homeland Security direct the Director, Office of Operations Coordination, to ensure that HSIN efforts are effectively coordinated with key state and local government information sharing initiatives. This should include: Identifying existing and planned key state and local information sharing initiatives and assessing whether there are opportunities for the HSIN program to improve information sharing and avoid duplication of effort. Where there are opportunities, the department should adopt and institutionalize key practices related to OMB's guidance on enhancing and sustaining agency coordination and collaboration, including developing documented policies and procedures to operate across organizational boundaries. Ensuring such efforts are consistent with implementation of the Information Sharing Environment plan. We also recommend that the Secretary of Homeland Security determine whether there are coordination and duplication issues with other homeland security networks and associated systems and applications. In each case where issues are identified, the Secretary should direct the appropriate department executive to ensure that the efforts are effectively coordinated consistent with our recommendation above. Agency Comments: In commenting on a draft of this briefing, DHS officials, including the HSIN program manager, agreed with our findings and recommendations. They also provided technical comments, which we have incorporated in this report, as appropriate. Appendix I: Scope and Methodology: Scope: For our first objective, our work focused on thel7 major networks and 4 Internet-based applications that were identified as being developed or operated and maintained by the Departments of Homeland Security and Justice in support of homeland security. Our second objective focused on the extent to which the development and use of DHS's Homeland Security Information Network (HSIN) has been coordinated with two key state and local homeland security information- sharing initiatives: the Regional Information Sharing System Secure Intranet (RISSNET) and the Automated Trusted Information Exchange (RISS ATIX). We selected these initiatives based on our conversations with state and local officials who identified these systems as being key to homeland security information sharing and our review and analysis of available documentation that showed a similar assessment. Methodology: For objective one, we: assessed the current state (e.g., cost) of these networks by interviewing department officials and reviewing documentation; * identified and analyzed descriptive data on the networks, such as type of network topography, primary users, estimated costs, and future plans; and: * used the homeland security mission areas described in the National Strategy for Homeland Security;[Footnote 17] verified via the agencies the accuracy of the data about their networks (however, we cannot ensure that agencies reported on all applicable networks and Internet-based applications) and: included information about publicly acknowledged classified networks but did not collect or include classified information about these networks. For agency data that we did not substantiate, we have made appropriate attribution indicating that data's source. For objective two: We reviewed documentation and interviewed DHS officials and state and local officials, including RISSNET and RISS ATIX executives, to assess the level of coordination and collaboration among them as DHS develops the HSIN. In doing so, we also assessed how these officials ensured that this information was relevant, reliable, and timely and made available for management decision making and internal reporting. We assessed the extent of coordination and collaboration between DHS and the Regional Information Sharing System program based on the requirements of the Homeland Security Act[Footnote 18] of 2002 and other federal guidance and best practices identified by the Office of Management and Budget[Footnote 19] and prior GAO research and experience at federal agencies.[Footnote 20] In doing so, we: * asked DHS officials to provide the plans, policies, and procedures they used to identify key information-sharing initiatives; and: * assessed DHS's efforts to identify and address its information- sharing needs by leveraging resources and avoiding the creation of duplicative information applications. We assessed the number and types of contacts (e.g., meetings, conferences) the parties had in collaborating on these efforts in order to understand whether: * mutual needs and identification of joint strategies, expectations, constraints, and interfaces were discussed; * compatible policies, procedures, and other means to operate across agency boundaries were established; * memorandums of understanding or related documents were signed in order to reinforce agency accountability for collaboration and use mechanisms to monitor, evaluate, and report on results. We conducted our work at Department of Homeland Security and Department of Justice headquarters in Washington, D.C., as well as Regional Information Sharing Systems offices in Newton and West Chester, Pennsylvania. We also interviewed officials at state and local organizations such as the National Association of State Chief Information Officers, the National Governors Association, and officials from state fusion centers. We performed our work from February 2006 through December 2006, in accordance with generally accepted government auditing standards. Appendix II: Definitions and Descriptions: For purposes of this review, we used the following definitions: The term "homeland security information," as defined by the Homeland Security Information Sharing Act of 2002, 6 U.S.C. 482(f)(1), means any information possessed by a federal, state, or local agency that: * relates to the threat of terrorist activity; * relates to the ability to prevent, interdict, or disrupt terrorist activity; would improve the identification or investigation of a suspected terrorist or terrorist organization; or: * would improve the response to a terrorist act.[Footnote 21] Networks are data communication links that enable computer systems to communicate with each other. The term network refers to the data communication links and the network elements such as routers and switches that enable these computer systems to communicate with each other. * A network in a small geographic area is known as a local area network; most organizations have one or more local area networks at each of their offices. * Wide area networks connect multiple local area networks within an organization that is dispersed over a wide geographic area. * The term network also refers to virtual private networks, which are communication systems that use public networks to securely transport private intra-and interorganizational information. Computer systems are connected to local area networks and wide area networks and are often connected to the Internet. [See PDF for image] Source: GAO analysis and Art Explosion (clip art), [End of figure] Information Security Categories: Top Secret applies to classified information the unauthorized disclosure of which could reasonably be expected to cause exceptionally grave damage to national security.[Footnote 22] Secret applies to classified information the unauthorized disclosure of which could reasonably be expected to cause serious damage to national security.[Footnote 22] Sensitive but Unclassified (SBU) is a generic term used to describe information that does not meet the standards established by executive order for classified national security information but that an agency nonetheless considers sufficiently sensitive to warrant restricted dissemination. [End of section] Appendix II: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: March 12, 2007: Mr. David A. Powner: Director: Information Technology Management Issues: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Dear Mr. Powner: RE: Draft Report GAO-07-455, Information Technology: Numerous Federal Networks Used to Support Homeland Security Need to Be Better Coordinated With Key State and Local Information Sharing Initiatives (GAO Job Code 310839): The Department of Homeland Security (DHS) appreciates the opportunity to review and comment on the draft report referenced above. The Government Accountability Office (GAO) makes four recommendations. We agree with the first three recommendations and will take the final one under advisement. GAO recommends that the Secretary of Homeland Security direct the Director, Office of Operations Coordination, to ensure that the Homeland Security Information Network (HSIN) efforts are effectively coordinated with key state and local government information sharing initiatives. We believe that progress has been made in ensuring that the Homeland Security Information Network is the best possible tool to share information with all homeland security stakeholders. Key to this endeavor is ensuring efforts are effectively coordinated with key state and local government information sharing initiatives. Specific actions taken and in progress addressing the first three recommendations follow. Recommendation 1: "Identify existing and planned key state and local information sharing initiatives and assess whether there are opportunities for the program to improve information sharing and avoid duplication of effort. " DHS' Office of Operations Coordination officials agree with the recommendation. Efforts are underway to address it. Through the newly established Joint Program Office (JPO) (currently encompassing two major programs-the Homeland Security Information Network and the National Operations Center's Common Operating Picture), DHS officials have actively begun pursuing new opportunities, as well as reestablishing and revitalizing unfinished earlier attempts for improving information sharing. Specific examples follow. * There is an initiative underway to reconnect the technological bridge between the Homeland Security Information Network (HSIN) and the Regional Information Sharing System (RISS). This bridge was established to allow finished reports to automatically flow back and forth between the two systems. In June 2006, when HSIN completed a technology update, the bridge was inadvertently severed and not reconnected. Shortly after the Joint Program Office was established in October 2006, the managers of both HSIN and RISS established an implementation plan to reconnect the bridge; this effort is nearly completed. Further, the content exchanged is also being improved and expanded. The original agreement between HSIN and RISS only allowed for very narrowly defined information to be passed between the systems. This definition mandated that the content be specifically identified as terrorism information. A more liberal, flexible definition could potentially include suspicious activity that may later be deemed terrorist related. The scope and boundaries of the content to be exchanged will be finalized when the bridge is reestablished. * A newly established position within the Office of Operations Coordination will be responsible for content management and information flow. This person will represent Operations Coordination within the Information Sharing Environment (ISE) forums and working groups and will be on board before the end of March 2007. * DHS will soon host Intelink-U on HSIN. Intelink-U is well known throughout the ISE and is a widely used content repository. This enhancement will provide a broad range of relevant information to HSIN users that may not have another way to access this valuable resource. * The National Capitol Region (NCR) Data Exchange Hub (DEH) is an example of integration and innovation. The emergency management centers around the NCR use a variety of collaboration and reporting systems. These systems are owned and operated by different states and counties, funded with resources that are allocated based on different priorities. The emergency management community for the NCR worked with the Joint Program Office to connect their various systems to HSIN through the DEH. NCR personnel are now able to post information to their systems and automatically make it available for posting on HSIN. The reverse process is also available. If information comes in through HSIN that needs to be shared with the NCR, it can be exported to the DEH and made available for posting on the systems within the NCR. The technological solution is in place. Discussions about information flow - the daily business processes and procedures for what and when to share - is underway. Recommendation 2: "Where there are opportunities, adopting and institutionalizing key practices related to Office of Management and Budget's guidance on enhancing and sustaining agency coordination and collaboration, including developing documented policies and procedures to operate across organizational boundaries. " Office of Operations Coordination officials agree with the recommendation. The JPO has been focused on creating policies and procedures for all aspects of the program. Below are examples of major initiatives that will facilitate future doctrine for the program. * The Joint Program Office is actively involved in an ISE-sponsored, DOJ-led pilot project for Federated Identity Management. Operations Coordination understands the long-term possibilities of this pilot and is committed to the effort. This pilot, if successful, will allow authorized HSIN users to seamlessly traverse other participating programs' systems, gaining access to content and tools that are not available on HSIN. It will also permit other system members to gain access to the tools and content on HSIN. This is a significant step in the direction of eliminating duplication and maximizing existing systems across the entire landscape of the ISE. * The HSIN Advisory Committee will be up and running in the next few months. A Director has been hired and will begin compiling a roadmap of major milestones and decision points for the committee. It will be made of 14 various state, local, tribal, and private sector stakeholders and their input will be vital to ensuring that the needs of the users are met. This council will be expected to engage other major councils devoted to information sharing, such as Global Justice - a DOJ sponsored council that represents state and local law enforcement initiatives involving information sharing standards and policies. The Committee will be focused on removing major roadblocks inhibiting information sharing across the entire spectrum of Homeland Security partners. They will make recommendations and draft proposals for new policies that are needed to overcome many of the obstacles inhibiting information sharing. Their efforts are critical to the success of HSIN and all information sharing systems in the ISE because they will be focused on content management and information releasability. Technology cannot be effective for information sharing without enabling policies. * The Homeland Mission Coordinating Committee (HMCC) is an internal Department-wide body that will focus on mapping/aligning HSIN to DHS missions. It will create and enforce mission-aligned business practices and procedures for HSIN that transcend to external partnerships and stakeholders. Through this committee, Operations Coordination personnel will better understand the components' mission needs that can be solved with HSIN and ensure that future development and progress is appropriately aligned for Department-wide information sharing and collaboration mission success. This committee will serve to unite the Department on internal and external information sharing initiatives related to operational mission accomplishment. Its members will take ownership of external partner relationships and management, and serve as advocates for those partners related to HSIN development and operational capabilities. Recommendation 3: "Ensuring that its coordination efforts are consistent with implementation of Information Sharing Environment plan. " Office of Operations Coordination officials agree with the recommendation. They are actively involved with several ISE-mandated Working Groups. Operations Coordination is also a member of an internal department-wide council that reviews the Department's progress on all assigned ISE initiatives, provides timely updates, and seeks continuous feedback on ongoing efforts. Some of the major ISE Working Groups that Operations Coordination is involved in include Sensitive But Unclassified (SBU) Networks, Business Process, and Alerts and Notifications. All of these are directly tied to HSIN and its future effectiveness across the entire ISE. Finally, GAO recommends that the Secretary determine whether there are coordination and duplication issues with other homeland security networks and associated systems and applications and, where issues are identified, direct the appropriate department executive to ensure that the efforts are effectively coordinated. We will take this recommendation under advisement and provide an update in our sixty day response letter to appropriate Hill committees and the Office of Management and Budget. Sincerely, Signed by: Steven J. Pecinovsky: Director: Departmental GAO/OIG Liaison Office: [End of section] Appendix III: GAO Contact and Staff Acknowledgments: GAO Contact: David A. Powner at (202) 512-9286 or p [Hyperlink, pownerd@gao.gov] ownerd@gao.gov: Staff Acknowledgments: In addition to the contact named above, the following also made key contributions to this report: Gary Mountjoy, Assistant Director; Barbara Collier; Joseph Cruz; Matthew Grote; Joanne Landesman; and Lori Martinez. (310839): FOOTNOTES [1] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January 2005). [2] GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.: January 2007). [3] This program is a nationwide initiative, operated and managed by state and local officials since 1974, to share criminal intelligence among stakeholders in law enforcement, first responders, and the private sector to coordinate efforts against crime that operates across jurisdictional lines. Funding for the program is administered through federal grant money. [4] Homeland Security Act of 2002, Pub. L. No. 107-296, 116 Stat. 2135 (Nov. 25, 2002). [5] For example, Office of Management and Budget, Preparation, Submission, and Execution of the Budget, Circular A-11 (Washington, D.C.: June 30, 2006) and Management of Federal Information Resources, CircularA-130 (Washington, D.C.: Nov. 30, 2000). [6] For example, GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January 2005) and, Results-Oriented Government: Practices That Can Help Enhance and Sustain Collaboration among Federal Agencies, GAO-06-15 (Washington, D.C.: October 2005). [7] GAO, Information Technology. Major Federal Networks That Support Homeland Security Functions, GAO-04-375 (Washington, D.C.: Sept. 17, 2004). [8] GAO-04-375. [9] Formerly called the Anti-Terrorism Information Exchange. [10] GAO-05-207. [11] GAO-06-15. [12] GAO, Information Sharing: The Federal Government Needs to Establish Policies and Processes for Sharing Terrorism-Related and Sensitive but Unclassified Information, GAO-06-385 (Washington, D.C.: March 2006). [13] OMB Circular A-11 and Circular A-130. [14] GAO-06-15. [15] Department of Homeland Security Office of Inspector General, Office of Information Technology, HSIN Could Support Information Sharing More Effectively, DHS/OIG-06-38 (Washington, D.C.: June 2006). [16] A fusion center is defined as a "collaborative effort of two or more agencies that provide resources, expertise, and information to the center with the goal of maximizing their ability to detect, prevent, investigate, and respond to criminal and terrorist activity." [17] Published in July 2002. [18] Homeland Security Act of 2002, Pub. L. No. 107-296, 116 Stat. 2135 (Nov. 25, 2002). [19] For example, Office of Management and Budget, Preparation, Submission, and Execution of the Budget, CircularA-11 (Washington, D.C.: June 30, 2006) and Management of Federal Information Resources, CircularA-130 (Washington, D.C.: Nov. 30, 2000). [20] For example, GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: January 2005) and, Results-Oriented Government. Practices That Can Help Enhance and Sustain Collaboration among Federal Agencies, GAO-06-15 (Washington, D.C.: October 2005). [21] This act was enacted into law as sections 891 through 899 of the Homeland Security Act of 2002. [22] Executive Order 13292: Further Amendment to Executive Order 12958, as Amended, Classified National Security Information (Mar. 25, 2003). GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: