WASHINGTON – Governmental Affairs Committee Chairman Joe Lieberman, D-Conn., who has introduced legislation to create a National Department of Homeland Security, is asking Presidential Advisor Tom Ridge to detail his work to improve the security of the United States.
In a letter to Homeland Security Advisor Ridge, dated March 19, 2002, Lieberman seeks information about Ridge’s efforts in three broad categories: the re-organization of government agencies to improve homeland security, the security of the nation’s critical infrastructure, and the security of government information systems.
The letter follows 12 hearings the Governmental Affairs Committee conducted last fall on the government’s response to bioterrorism; aviation, port, and rail security; the local role in homeland security; and protection of the nation’s critical infrastructure.
Below is a copy of the Ridge letter:
March 19, 2002
The Honorable Tom Ridge Homeland Security
Advisor The White House 1600 Pennsylvania Avenue
Washington, DC 20502
Dear Governor Ridge:
Over the past five months, the Senate Committee on Governmental Affairs has conducted a series of twelve hearings on homeland security – including the government’s response to bioterrorism; aviation, port and rail security; the local role in homeland security; and the protection of our nation’s critical infrastructure. Throughout these hearings, several important themes have emerged.
Specifically, we heard about the need for:
• improved communication among the agencies and between the public and private sectors;
• better coordination of response efforts among all responsible entities;
• the resolution of conflicts between competing agency priorities (for example, the competing needs of criminal investigations vs. protection of public health); and
• a comprehensive national strategy that identifies the homeland security responsibilities of all relevant public entities.
I am following up with you to determine what is being done to address these issues. Please provide me with responses to the following questions by April 1, 2002. Over the coming weeks, of course, we will be following up with you on the status of other key homeland security issue areas. Organization for Homeland Security I believe strongly that a Department of Homeland Security is necessary to effectively secure our borders, prepare for and respond to a terrorist attack, and protect our critical infrastructure.
A Department of Homeland Security would enable us to bring under one Cabinet Secretary’s authority critical functions that are now spread across the bureaucracy. Thus far, the Administration has not embraced this approach. Even so, I am encouraged by public reports that you recognize the need for a border management agency.
I would appreciate additional information about your work on the border management agency, as well as your efforts to improve operations of key border agencies and the Federal Emergency Management Agency (FEMA) within the existing organizational structure.
1. With respect to your recently publicized efforts to create a border management agency, please describe:
• the primary shortcomings in the present organizational structure our nation uses to secure its borders, and
• the vulnerabilities our country is exposed to by the absence of the kind of border management agency which you have proposed.
2. Please describe the Office of Homeland Security’s (OHS) efforts to improve cooperation and day-to-day coordination between the Border Patrol, the U.S. Customs Service, the Immigration and Naturalization Service, the U.S. Coast Guard, and other federal agencies involved in securing our border from dangerous cargo, conveyances, and people. What are the most critical operational issues that you believe should be addressed by these agencies?
3. Please describe how OHS perceives the role of FEMA in implementing OHS’s agenda. Is the role of FEMA being enhanced? If so, how? Please also describe any actual or potential conflicts or areas that require greater coordination between FEMA and other agencies involved in the federal response to terrorism and OHS’s efforts to improve coordination.
4. The Administration’s Budget states that it seeks to nearly double spending for homeland security needs in FY 2003 to $37.7 billion. To what extent does this figure represent wholly new spending, as opposed to continuing costs that were not previously classified as “homeland security” expenses?
How was it determined which programs would be designated as “homeland security” for purposes of this Budget? Moreover, additional resources will not be enough if a comprehensive plan is not in place to ensure that these funds are spent wisely and with accountability.
Please state when the Administration’s strategy to combat homeland security threats will be completed and submitted to the Congress. How will it coordinate responses both within the federal government and between the federal government and state and local authorities? Who will be in charge of response efforts under this plan and what authority will be used to direct the actions of others?
5. The Executive Order establishing your duties as Assistant to the President for Homeland Security states that you are to play an integral role in the homeland security budget process, by advising OMB on the funding levels for homeland security programs and, before OMB forwards a proposed annual budget submission to the President, certifying that the funding levels are adequate.
News reports on March 5, 2002 indicate, however, that you recently declined a bipartisan invitation to testify on the homeland security budget, on the ground that you are an adviser to the President and are not serving in a Senate-confirmed position. Your decision not to testify hampers Congress’s ability to explore thoroughly the Administration’s plan to combat terrorism and increase national preparedness from a comprehensive perspective.
How do you propose that Congress exercise its responsibility to oversee this critical process, and your key decision-making role, without your guidance and insight? How does the Administration plan to ensure that its priorities and spending on homeland security remain accountable to Congress and therefore to the American public on a comprehensive rather than piecemeal basis? Moreover, if the OHS strategic homeland security plan is not completed until this summer, as news reports indicate, how will Congress be able to effectively evaluate the Administration’s proposed funding for homeland security efforts without this information?
6. In most if not all cases, state and local officials will be the first responders to terrorist attacks. Any effective preparedness and response effort must recognize the critical role of these first responders, utilize existing response networks and integrate State and Federal assets into a consistent whole. What has the Administration done to ensure that state and local authorities have meaningful input into the development of its comprehensive strategy to combat homeland security threats?
More specifically, what has the Administration done in the strategy development process to ensure coordination with and participation by state and local first responders in each of the key threat areas?
7. At several of the Committee’s hearings last fall, witnesses raised concerns regarding communication problems between federal agencies and between the federal government and state and local agencies, and conflicts that arose due to competing priorities among agencies, such as the needs of criminal investigators vs. those charged with protecting public health.
How will you better address the needs of first responders, to ensure that they have the information they need on a real time basis? What structure has been put in place to ensure that all relevant entities are receiving the same information and that information is flowing in all necessary directions, up and down the chain as well as across all relevant federal offices and agencies? Who will have the authority to ensure that all responders can accomplish their missions and can do so without impeding the efforts of others?
8. On March 12, 2002, you announced plans to unveil a new color-coded threat advisory system that is designed to provide better information regarding OHS’ assessment of the current threat level, from low to severe, that the country is experiencing. The reports state that each code will trigger different levels of readiness and preparedness by states and federal agencies. However, in order for agencies and for state and local authorities to be truly ready to respond to possible terrorist events, they need more specific information regarding the nature of the threat in addition to the level of risk associated with it.
While I am mindful of the need to avoid disseminating information that could compromise a criminal investigation or impede efforts to foil terrorist activity, what steps is OHS taking to provide more general information to those who may be first responders in the event of an attack? For example, is OHS coordinating with the intelligence agencies to forward information they may receive regarding a possible bioterrorist threat to other federal agencies, like Customs, and to state and local authorities so that they can be on the alert to detect and respond to a specific kind of attack? Please explain what steps OHS is taking in each of the key threat areas.
Critical Infrastructure Protection
1. As we examine how best to protect this nation’s critical infrastructure, it has become clear that we must define what constitutes our critical infrastructures. Additionally, there must be a government-wide effort to identify each agency’s key infrastructures. What steps have been taken since last October to identify the nation’s key critical infrastructures? What are the nation’s key critical infrastructures?
2. At the Committee’s September 12, 2001 hearing, Roberta Gross, NASA Inspector General, testified on the Presidential Decision Directive 63 (PDD 63) report prepared by the President’s Council on Integrity and Efficiency. One of the primary findings of this review was that many agency infrastructure plans were incomplete. What has been done to ensure that all federal agencies develop plans to protect their key critical infrastructures? Which entity in the federal government is responsible for coordinating the completion of these plans? Are these plans all now complete? If not, which agencies have not submitted complete plans and when will they be complete?
3. The Committee’s first two hearings on the protection of critical infrastructure occurred before President Bush signed Executive Order 13228, establishing the Office of Homeland Security and the Homeland Security Council, and Executive Order 13230, addressing the protection of critical infrastructure. Consequently, the testimony at these hearings reflected some uncertainty regarding the imminent changes in how the government would be organized to protect critical infrastructure.
However, Administration officials recently announced the imminent opening of a cyber security information coordination center to coordinate the government’s response to cyber attacks. According to published reports, this center is intended to unite elements of Cyberspace Security Advisor Dick Clarke’s office, portions of the Critical Infrastructure Assurance Office, and the analysis and warning section of the National Infrastructure Protection Center. Precisely how are cyber security responsibilities allocated now under this new structure? Does the Administration have plans for further reallocation and refinement of these responsibilities?
4. Because the private sector owns approximately 85% of the critical infrastructure assets in the United States, it is an extremely important partner in the protection of both publicly and privately owned infrastructure. PDD 63, which was issued in May of 1998, called for the establishment of a public-private partnership involving a number of complex relationships.
Federal agencies were designated to work with particular infrastructure sectors in the development of sectoral plans, which would then be integrated into a National Infrastructure Assurance Plan. The National Infrastructure Protection Center (NIPC) was established in the FBI to be the point of contact for the private sector for sharing information about threats, vulnerabilities, incidents, and response. Infrastructure sectors were to establish Information Sharing and Analysis Centers (ISACs) to gather, analyze, appropriately sanitize, and disseminate private sector information to both industry and the NIPC.
At our Committee’s hearing on October 4, 2002, witnesses reported that the record in establishing these information-sharing relationships was mixed. Have the strategies for information sharing changed over the intervening half year? If so, how, and what has been changed regarding these relationships? What progress has been made in developing partnerships between the federal government and the private sector?
Security of Government Information Systems
1. What will be the role of Homeland Security Advisor in furthering the security of federal information security systems? What will be the role of the Cyberspace Security Advisor? How will these two advisers relate and coordinate?
2. In early October of 2001, the Administration published a notice requesting information from industry about the feasibility of building a secure, private network for critical government services (“GovNet”). In a recent report, Howard Schmidt, vice chairman of the Critical Infrastructure Protection Board, announced that the Administration does not know whether it will go forward with GovNet. The Administration’s budget proposal would set aside $5 million to study the feasibility of the GovNet concept through FY2003. Please describe the Administration’s plans and timing for completing this evaluation and the criteria that will be used. What alternatives to GovNet are under consideration?
3. In its third annual report to the President and Congress, issued in December 2001, the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction (known as the Gilmore Commission) recommended that the OHS develop and implement a comprehensive plan for research, development, testing, and evaluation to enhance cybersecurity. Please describe in detail what the Administration is doing to obtain the necessary research and development in the area of information systems protection, including the nature of the research and development and funding being committed and the mechanisms in place to transition that technology.
4. OMB’s recent report of agencies’ security assessments revealed that many agencies have significant deficiencies. OMB’s report does not address the adequacy of agencies’ corrective action plans, and OMB does not authorize agencies to release this material to Congress or GAO. How is the Administration assuring that adequate corrective action plans are developed and implemented?
I look forward to your responses on these issues. Please feel free to contact Susan Propper of my staff at (202) 224-6599 if you have any questions.
Joseph I. Lieberman Chairman