Skip to Highlights
Highlights

Established in March 2002, the Homeland Security Advisory System was designed to disseminate information on the risk of terrorist acts to federal agencies, states, localities, and the public. However, these entities have raised questions about the threat information they receive from the Department of Homeland Security (DHS) and the costs they incurred as a result of responding to heightened alerts. This report examines (1) the decision making process for changing the advisory system national threat level; (2) information sharing with federal agencies, states, and localities, including the applicability of risk communication principles; (3) protective measures federal agencies, states, and localities implemented during high (codeorange) alert periods; (4) costs federal agencies reported for those periods; and (5) state and local cost information collected by DHS.

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Directorate of Information Analysis and Infrastructure Protection 1. The Secretary of Homeland Security should direct the Under Secretary for Information Analysis and Infrastructure Protection to document communication protocols for notifying federal agencies and states of changes in the national threat level and for providing guidance and threat information to these entities, including methods and time periods for sharing information, to better manage these entities' expectations regarding the methods, timing, and content of information shared.
Closed - Implemented
In June 2004, we reported on several aspects of the Homeland Security Advisory System that was established to disseminate information regarding the risk of terrorist acts to federal agencies, states and localities, and the public utilizing five color-coded threat levels. At that time, we reported, among other things, that the Department of Homeland Security (DHS) had not yet officially documented its protocols for communicating threat level changes and related threat information to federal agencies and states. As a result, we recommended that DHS document communication protocols for notifying federal agencies and states of changes in the national threat level and for providing guidance and threat information to these entities, including methods and time periods for sharing information, to better manage these entities' expectations regarding the methods, timing, and content of information shared. In February of 2007, DHS issued guidance that documents the procedures its staff are to follow in notifying federal agencies, states, and others when changes occur in the national threat level including roles and responsibilities associated with these notifications and the methods by which agencies, states, and others are to be notified. This guidance specifically discusses the text of the announcement to be included in the notification, such as when the change is effective, the sectors or geographic area impacted, the rationale for the change (e.g., intelligence or open-source threat), and any special guidance or recommended actions for the entity to take in response to the change. As a result, DHS is better positioned to
Directorate of Information Analysis and Infrastructure Protection 2. The Secretary of Homeland Security should direct the Under Secretary for Information Analysis and Infrastructure Protection to incorporate risk communication principles into the Homeland Security Advisory System to assist in determining and documenting information to provide to federal agencies and states, including, to the extent possible, information on the nature, location, and time periods of threats and guidance on protective measures to take in response to those threats.
Closed - Implemented
In June 2004, we reported on several aspects of the Homeland Security Advisory System that was established to disseminate information regarding the risk of terrorist acts to federal agencies, states and localities, and the public utilizing five color-coded threat levels. At that time, we reported, among other things, that federal agencies and states and territories generally indicated that they did not receive specific threat information and guidance on actions to take when the national threat level was raised from code yellow (that is, an elevated or significant risk of terrorist attacks) to code orange (that is, a high risk of terrorist attacks). As a result, we recommended that the Department of Homeland Security (DHS) incorporate risk communication principles into the Homeland Security Advisory System to assist in determining and documenting information to provide to federal agencies and states, including, to the extent possible, information on the nature, location, and time periods of threats and guidance on protective measures to take in response to those threats. Since our report was issued, DHS has provided more specific warnings by both sector and location and provided additional guidance. For example, in August 2004, DHS raised the threat level from code yellow to code orange for the financial services sectors in New York City, Northern New Jersey, and Washington, D.C. and suggested protective measures for personnel at the affected locations. Similarly, in July 2005, DHS raised the threat level from code yellow to code orange for mass transit in the transportation sector and requested that state and local leaders as well as transportation officials enhance their protective measures, such as adding perimeter barriers and increased video surveillance. In August 2006, DHS raised the threat level from code yellow to code red (that is, a severe risk of terrorist attacks) for flights originating in the United Kingdom bound for the United States, and from code yellow to code orange for all commercial aviation operating in or destined for the United States. Thus, DHS has taken action to incorporate risk communication principles into the Homeland Security Advisory System to assist those impacted by threat level changes in taking appropriate action to prepare for and respond to terrorist attacks.

Full Report