[Senate Hearing 112-612]
[From the U.S. Government Printing Office]
S. Hrg. 112-612
THE FUTURE OF HOMELAND SECURITY
=======================================================================
HEARINGS
before the
COMMITTEE ON
HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
ONE HUNDRED TWELFTH CONGRESS
SECOND SESSION
__________
EVOLVING AND EMERGING THREATS--JULY 11, 2012
THE EVOLUTION OF THE HOMELAND SECURITY DEPARTMENT'S ROLES AND
MISSIONS--JULY 12, 2012
__________
Available via the World Wide Web: http://www.fdsys.gov/
Printed for the use of the
Committee on Homeland Security and Governmental Affairs
U.S. GOVERNMENT PRINTING OFFICE
76-059 WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office, http://bookstore.gpo.gov. For more information, contact the
GPO Customer Contact Center, U.S. Government Printing Office.
Phone 202-512-1800, or 866-512-1800 (toll-free). E-mail, [email protected].
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
JOSEPH I. LIEBERMAN, Connecticut, Chairman
CARL LEVIN, Michigan SUSAN M. COLLINS, Maine
DANIEL K. AKAKA, Hawaii TOM COBURN, Oklahoma
THOMAS R. CARPER, Delaware SCOTT P. BROWN, Massachusetts
MARK L. PRYOR, Arkansas JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri ROB PORTMAN, Ohio
JON TESTER, Montana RAND PAUL, Kentucky
MARK BEGICH, Alaska JERRY MORAN, Kansas
Michael L. Alexander, Staff Director
Christian J. Beckner, Associate Staff Director for Homeland Security
Prevention and Protection
Nicholas A. Rossi, Minority Staff Director
Brendan P. Shields, Minority Director of Homeland Security Policy
Eric B. Heighberger, Minority Professional Staff Member
Mark K. Harris, Minority U.S. Coast Guard Detailee
Trina Driessnack Tyrer, Chief Clerk
Patricia R. Hogan, Publications Clerk
Laura W. Kilbride, Hearing Clerk
C O N T E N T S
------
Opening statements:
Page
Senator Lieberman........................................... 1, 39
Senator Collins............................................. 3, 41
Senator Carper.............................................. 21, 58
Senator McCain............................................... 24
Senator Johnson............................................. 28, 62
Senator Akaka................................................ 66
Prepared statements:
Senator Lieberman.......................................... 79, 148
Senator Collins............................................ 81, 151
Senator Carper............................................... 153
WITNESSES
Wednesday, July 11, 2012
Hon. Michael V. Hayden, Principal, Chertoff Group................ 5
Brian Michael Jenkins, Senior Adviser to the President, RAND
Corporation.................................................... 7
Frank J. Cilluffo, Director, Homeland Seurity Policy Institute,
George Washington University................................... 9
Stephen E. Flynn, Ph.D., Founding Co-Director, George J. Kostas
Research Institute for Homeland Security, Northeastern
University..................................................... 12
Thursday, July 12, 2012
Hon. Jane Harman, Director, President, and Chief Executive
Officer, Woodrow Wilson International Center for Scholars...... 44
Admiral Thad W. Allen, U.S. Coast Guard (Retired), Former
Commandant of the U.S. Coast Guard............................. 48
Hon. Richard L. Skinner, Chief Executive Officer, Richard Skinner
Consulting..................................................... 51
Alphabetical List of Witnesses
Allen, Admiral Thad W.:
Testimony.................................................... 48
Prepared statement with an attachment........................ 157
Cilluffo, Frank J.:
Testimony.................................................... 9
Prepared statement........................................... 102
Flynn, Ph.D., Stephen E.:
Testimony.................................................... 12
Prepared statement........................................... 114
Harman, Hon. Jane:
Testimony.................................................... 44
Prepared statement........................................... 154
Hayden, Hon. Michael V.:
Testimony.................................................... 5
Prepared statement........................................... 83
Jenkins, Brian Michael:
Testimony.................................................... 7
Prepared statement........................................... 86
Skinner, Hon. Richard L.:
Testimony.................................................... 51
Prepared statement........................................... 168
APPENDIX
.................................................................
Response to post-hearing questions for the Record of July 11,
2012:
Mr. Hayden................................................... 125
Mr. Jenkins.................................................. 127
Mr. Cilluffo................................................. 135
Mr. Flynn.................................................... 142
Response to post-hearing questions for the Record of July 12,
2012:
Ms. Harman................................................... 179
Admiral Allen with an attachment............................. 183
Mr. Skinner.................................................. 200
THE FUTURE OF HOMELAND SECURITY: EVOLVING AND EMERGING THREATS
----------
WEDNESDAY, JULY 11, 2012
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 10:09 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Joseph I.
Lieberman, Chairman of the Committee, presiding.
Present: Senators Lieberman, Carper, Pryor, Collins,
Coburn, Brown, McCain, and Johnson.
OPENING STATEMENT OF CHAIRMAN LIEBERMAN
Chairman Lieberman. The hearing will come to order. I
apologize to my colleagues for being late. I got a call about a
pending legislative matter that I had to attend to. And I thank
Senator Collins for resisting the urge to grab the gavel.
[Laughter.]
Although a twist of fate may take somebody at this table to
the gavel in January.
This is the first of two hearings that this Committee will
hold this week, today and tomorrow, and other hearings will
probably follow in a series that is aimed at looking backward
and forward to both the terrorist threat to our country,
particularly to our homeland, and how the Department of
Homeland Security (DHS) has done in responding to that threat
and what it should do to respond to the threat, be ready to
meet the evolving threat in the decade ahead.
This review is engendered first and most significantly in
anticipation of the 10th anniversary of the Homeland Security
Act being passed, in November 2002, that created the Department
of Homeland Security legislation, which this Committee
sponsored and originated.
I suppose in a different sense more directly related to the
Committee, as I said a moment or two ago, there will be a
change in leadership of this Committee in the next session
since I am leaving the Senate at the end of this term. I
personally thought that it would be responsible for me in the
last 6 months of my chairmanship to try to build a record,
particularly from outside experts such as those we have here
today, but also from the Department and others in government in
later hearings, to help guide the new leadership of the
Committee as it continues its work in the next session of
Congress.
This first hearing is going to examine the mid- to long-
term evolution of the terrorist threat and other threats to our
homeland security. It will focus less on current or near-term
terrorism threats.
In September, the Committee will hold once again our annual
threat hearing with Secretary Janet Napolitano, Federal Bureau
of Investigations (FBI) Director Robert Mueller, and National
Counterterrorism Center (NCTC) Director Matthew Olsen that will
focus more on the current threat picture, and then tomorrow
with another set of witnesses, we will take a look at how the
Department of Homeland Security has evolved over the last 10
years, how it has done, and what it will need to do in the
decade ahead.
Within the longer-term time frame that we are going to
discuss today, I hope we will answer questions such as this: To
what extent will the terrorist threat to the homeland 5 to 10
years from now resemble the current threat picture? What is the
mid- to long-term significance of Osama bin Laden's death and
the death of other al-Qaeda operatives for core al-Qaeda
external operations? Will the historic developments in the Arab
world politically--the Arab Spring or Arab Awakening--affect
the terrorist threat to our homeland in any way? And then, more
broadly, what societal or technological factors are likely to
have an impact on the future threat within the time frame that
we have talked about?
For example, how will the continued expansion of online
social networking impact the way terrorist groups recruit and
radicalize individuals? And in a different way, what will be
the impact of current demographic trends in different parts of
the world--the Middle East, Africa, and Europe?
So those are some of the kinds of questions that I hope we
will deal with today. We have a really extraordinary panel of
witnesses, and I am grateful to the four of you for being here.
Very briefly, General Michael Hayden, one of our Nation's
leading intelligence and security experts, served within the
last decade as Director of the Central Intelligence Agency
(CIA), Deputy Director of National Intelligence, and Director
of the National Security Agency (NSA). A retired four-star
general from the Air Force, General Hayden is now currently a
principal at the Chertoff Group, which is a strategic
consultancy led by former DHS Secretary Michael Chertoff.
Brian Jenkins is a senior analyst at RAND and has been a
greatly respected expert on terrorism and related issues since
the 1970s. He was very young at the time he first appeared as
an expert in this regard. He has authored dozens of reports on
homeland security and terrorism issues in the last decade.
Frank Cilluffo is Director of the Homeland Security Policy
Institute at the George Washington University (GW), one of the
leading think tanks for homeland security issues in our
country. Before working at GW, he served from 2001 to 2003 as
Special Assistant to President Bush for Homeland Security,
working in the White House Office of Homeland Security as a
Principal Adviser to Governor Tom Ridge.
And Steve Flynn, Founding Co-Director of the Kostas
Research Institute for Homeland Security at Northeastern
University. Prior to this, he was President of the Center for
National Policy and a senior fellow at the Council on Foreign
Relations. He has testified dozens of times before Congress on
homeland security issues and is the author of two books,
``America the Vulnerable,'' and ``The Edge of Disaster:
Rebuilding a Resilient Nation.''
I could not ask for four better people to help us look
back, look forward, and build the kind of record that we want
to build. I appreciate your presence here.
With that, I will yield to Senator Collins.
OPENING STATEMENT OF SENATOR COLLINS
Senator Collins. Thank you, Mr. Chairman.
The terrorist threats facing our country have evolved since
the horrific attacks on September 11, 2001 (9/11). That awful
day steeled our national resolve and drove us to rethink how
our intelligence agencies were organized and how our
instruments of national power ought to be used.
Since then, we have taken significant actions to better
counter the terrorist threat, but the terrorists have
constantly modified their tactics in an effort to defeat the
security measures we have put in place. An example is the
October 2010 air cargo plot originating in Yemen in which al-
Qaeda apparently sought to avoid improvements in passenger and
baggage screening by exploiting vulnerabilities in cargo
security.
Let me emphasize that it is extremely troubling that
terrorists have been aided in their efforts to circumvent our
security by the all-too-frequent leaks regarding our
counterterrorism activities and capabilities. As we consider
the challenges posed by emerging threats, we simply cannot
tolerate giving our adversaries information that they can turn
against us.
When Chairman Lieberman and I authored the Intelligence
Reform and Terrorism Prevention Act of 2004 (IRTPA), our goal
was to create a coordinated effort among the Department of
Homeland Security, the Director of National Intelligence (DNI),
and the National Counterterrorism Center as well as other
Federal partners and stakeholders.
One instrument used in these collaborative efforts has been
the network of 77 State and local fusion centers that help
manage the vital flow of information and intelligence across
all levels of government. These centers are recipients of
national intelligence products, but they must also become
robust aggregators and analyzers of information from their own
areas that can be shared so that trends can be identified and
the understanding of threats to our homeland can be
strengthened.
An example of the effectiveness of fusion centers occurred
on June 25 of last year when officers from the Colorado State
Patrol attempted to pull over a man who was driving
erratically, fled authorities, and eventually crashed. As the
police processed the driver and information about his pick-up
truck, they learned from the Colorado Fusion Center that he was
linked to an attempted bombing of a book store. That driver is
now in custody facing Federal charges.
This type of grassroots teamwork is essential to combat a
deceptive and often elusive enemy. As discussed in a recent
report by the Homeland Security Policy Institute at George
Washington University, however, fusion centers have yet to
achieve their full potential. Questions have been raised about
their analytic capabilities and about whether they are
duplicative of the work of the Joint Terrorism Task Forces.
The reforms enacted in response to the 9/11 attacks have
helped to ensure that there have been no other large-scale
attacks in the United States. The absence of such attacks and
our success in thwarting terrorist plots at home and abroad
should not lull us into a false sense of security, for this is
no time to rest as gaps in our security net remain.
We continue, for example, to witness the growing threat of
violent Islamist extremists within our own borders. Sometimes
these terrorists have been trained overseas. Others have taken
inspiration from charismatic terrorists via the Internet,
plotting the attacks as lone wolves.
Last year, as Members of this Committee well know, two
alleged al-Qaeda terrorists were arrested in Bowling Green,
Kentucky. This highlighted a gap where elements of our security
establishment had critical fingerprint information that was not
shared with those granting access to these three men to our
country.
Another growing and pervasive threat is that of cyber
attacks. Earlier this year, the FBI Director warned that cyber
threats will soon equal or surpass the threat from terrorism,
and just last month, several former national security officials
warned that the cyber threat is imminent and represents one of
the most serious challenges to our national security since the
onset of the Nuclear Age 60 years ago. They further wrote that
protection of our critical infrastructure is essential in order
to effectively protect our national and economic security from
the growing cyber threat, and that is exactly what Chairman
Lieberman and I have been working with our colleagues on
legislation that would accomplish the goal of helping to secure
our Nation's most critical infrastructure, such as the power
grid, nuclear facilities, water treatment plants, pipelines,
and transportation systems. I can think of no other area where
the threat is greater and we have done less to counter it.
There is also a growing threat from transnational organized
crime. The Director of National Intelligence has testified that
these criminal organizations, particularly those from Latin
America, are an abiding threat to U.S. economic and national
security interests. Our intelligence community needs to focus
on their evolution and their potential to develop ties with
terrorist groups and rogue states.
The 9/11 Commission devoted substantial attention to the
challenge of institutionalizing imagination. In an
understatement, the Commission's report observed that
imagination is not a gift usually associated with
bureaucracies. Yet imagination is precisely what is needed to
address emerging and future threats. We must persistently ask:
What are the future threats? What technology could be used? Do
we have the intelligence that we need? How can we stop these
leaks that compromise our security? Are we prepared to thwart
novel plans of attack? What will our enemy even look like in 2,
5, or even 10 years?
Surely we are safer than we were a decade ago, but we must
be relentless in anticipating the changing tactics of
terrorists. As the successful decade-long search for Osama bin
Laden has proved, America's resolve and creativity are our most
powerful weapons against those who seek to destroy our way of
life.
Thank you, Mr. Chairman.
Chairman Lieberman. Thank you, Senator Collins, for that
excellent opening statement.
General Hayden, let us go right to you, and thanks again
for being here.
TESTIMONY OF HON. MICHAEL V. HAYDEN,\1\ PRINCIPAL, CHERTOFF
GROUP
General Hayden. Well, thank you, Mr. Chairman, Senator
Collins, and other Senators. Thank you for the invitation to be
here.
---------------------------------------------------------------------------
\1\ The prepared statement of General Hayden appears in the
Appendix on page 83.
---------------------------------------------------------------------------
Mr. Chairman, as you pointed out, I am with Secretary
Chertoff and the Chertoff Group, and we actually deal with a
lot of the issues that we are going to discuss today. But I am
here, of course, in a personal capacity, and I am really
delighted to be here with this team. And I know the other
members of the panel are going to drill down into some specific
issues in their own areas of expertise. So what I would like to
do is maybe just step back a little bit and perhaps provide a
broader context in which we can place some of this morning's
discussion.
One of my old bosses, General Brent Scowcroft, wrote very
recently for the Atlantic Council--and I am kind of
paraphrasing what the General said here--that he had spent his
professional career dealing with a universe that was dominated
by nation-states in which the pieces on the board were by and
large influenced by what all of us today would call ``hard
power.''
And he writes that is no longer true. Because of
globalization, the international structure that was actually
created by the Treaty of Westphalia about five centuries ago is
no longer dominant. General Scowcroft points out that during
the age of industrialization practically everything tended to
make the state stronger. In today's era of globalization,
practically everything tends to make the state weaker and less
relevant.
And in addition to eroding the traditional role of the
nation-state, globalization has pushed on to the international
stage actors that we have never seen before, and it has made
immediate and direct threats that a few decades ago were, at
best, distant and oblique.
And here we sit with institutions, built for that age
General Scowcroft governed in, practiced to be methodical,
thorough, and stable, which are attributes, Senator Collins,
none of which you listed as to what we need to be in terms of
this new age.
So that really demonstrates our challenge. How do we adapt
to these new dangers, be they terrorism or cyber or
transnational crime? Frankly, I would suggest they are all
merely specific expressions of this new reality of what we
have, an intensely interconnected world that empowers
individuals and small groups beyond all previous experience.
Now, with that as a premise as to what we are facing, let
me illustrate both the challenge we face, repeating some of the
things already mentioned, and the difficulty we are having
forming an appropriate response. My personal experience: Prior
to 9/11, we all believed, wrongly, that we had little to fear
personally from religious fanatics living in camps in
Afghanistan. We were wrong.
Prior to that, we saw no need for a Department of Homeland
Security, and we were well practiced and very comfortable
protecting both our liberty and our security by creating
barriers to separate things that were foreign from things that
were domestic, dividing things that were intelligence related
to those things that were law enforcement related, and,
frankly, that model worked just fine for about two centuries.
But they failed, and now we are still adapting, and as this
Committee knows, we are adapting with a great deal of
controversy.
Again, pulling out of my personal experience, the Terrorist
Surveillance Program that we created at NSA, designed to close
an obvious gap: Detecting the communications of foreign
terrorists operating from within the homeland. A very
controversial program. You embraced that controversy in 2008
when you debated changes to the Foreign Intelligence
Surveillance Act (FISA). And it is still controversial as the
Senate debates even now an extension of the FISA Amendments
Act.
We all agreed, for example, in the 9/11 Commission report
that we needed a domestic intelligence service and that it was
probably best to put it in the FBI. And despite that agreement,
look at the reaction even today when the Bureau tries to
collect information on anything without a criminal predicate,
in that area we would call ``spaces between cases.''
And heaven help us and save us from the Associated Press if
the New York City Police Department tries to do anything like
the same thing.
Now, over two administrations, we have had measurable
success against al-Qaeda, against those who attacked us on
September 11, 2001. Dangers remain, though. Al-Qaeda Central
could still reconstitute if we ease up the pressure on it; al-
Qaeda franchises continue to pose danger, and at least one of
them, al-Qaeda in the Arabian Peninsula (AQAP), is intent on
showing global reach. And finally, and, frankly, I think,
Senator Collins, you suggested this, quite disturbingly, that
homegrown radicalized threat, self-radicalized threat, still
persists. Also persisting is the question about what
constitutes an appropriate, lawful, and effective response from
us.
We are seeing this same thing play out in the cyber domain
where the threats are all too obvious but, frankly, where our
response is very late to need. I know this Committee knows more
than most what we are losing out there in terms of state
secrets, private information, and intellectual property being
stolen by foreign governments; how much of our wealth is being
pilfered by criminal gangs; and how much of our infrastructure
is now vulnerable to cyber-enabled malcontents and anarchists.
And here our response--and I know you know this--is even
slower and more difficult to organize than we have seen in the
fight against terror. There are some who fear regulation being
too burdensome. Others fear a loss of civil liberties. And yet
all of us should fear the loss of privacy, ideas, jobs, and
wealth that is going on right now.
As we encountered 10 years ago in the fight against terror,
the old forms do not fit. They do not fit the new cyber
dangers. But here, absent that catastrophic stimulus of a 9/11,
we are moving very slowly to adapt to new realities.
Now, as you suggested, Senator Collins, there are other
dangers out there, and I know we are going to touch on
transnational crime. But, again, I am trying to suggest the
immediacy of all of these--terror, cyber, and transnational
crime--and why it is so threatening today, is this new effect
of globalization.
Our response has to be synchronized, and the challenge is
we have optimized our institutions across all three branches of
government for a different world, and now we have to undertake
the same tasks our political ancestors undertook over two
centuries ago. How do we best secure our safety and our liberty
in our time?
This Committee has been relentless in its efforts to answer
that question in a way consistent with our enduring values, and
I congratulate you on that.
It is hearings like, frankly, what we are doing today that
help push this necessary debate forward.
Thank you again for the opportunity to contribute my
personal views, and I know we will have more detailed questions
as we go forward. Thank you.
Chairman Lieberman. Thanks, General. That was really a
perfect way to begin the discussion. I appreciate it. You raise
a lot of questions in my mind which I look forward to asking
you.
Mr. Jenkins, thanks for being here.
TESTIMONY OF BRIAN MICHAEL JENKINS,\1\ SENIOR ADVISER TO THE
PRESIDENT, RAND CORPORATION
Mr. Jenkins. Mr. Chairman, Senator Collins, and Members of
the Committee, thank you very much for inviting me to address
these important matters. I have prepared some written
testimony, which I suspect will provoke some questions, but let
me just highlight some of the headlines.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Jenkins appears in the Appendix
on page 86.
---------------------------------------------------------------------------
Looking ahead, the United States confronts a more diverse
terrorist threat. Al-Qaeda, still our principal concern, is
exploiting the turmoil created by the Arab uprisings to make
tactical advances and open new fronts. Several incidents in the
past year suggest a resurgence of Iranian-sponsored terrorism.
South of our borders, Mexico faces what some analysts are
calling a ``criminal insurgency,'' which could expose the
United States eventually to the kind of savage violence we have
seen in that country.
The global economic crisis has sparked mass protests, which
are entirely legitimate. But these in turn attract violence-
prone anarchists and other extremists seeking venues and
constituents. Anti-Federal Government sentiments have become
more virulent, fueled in part by economic dislocation that
transcends the current economic crisis, by long-term
demographic shifts, and by deep national divisions and
rancorous partisanship. For now, the anti-government extremists
seem content to talk about armed resistance, but the hostility
runs deep, and the potential for violence, long-term violence,
is there.
Let me come back to al-Qaeda. Al-Qaeda today is more
decentralized, more dependent on its affiliates and allied
groups and on its ability to activate homegrown terrorists. It
is exploiting opportunities created by the Arab uprisings in
Yemen, in the Sinai, in the Sahara, and most recently in Syria,
where it can attach itself to local insurgencies and resistance
movements.
Now, al-Qaeda's presence in a particular part of the world
where it has not been before does not always present an
immediate threat to U.S. security. While local insurgents may
welcome al-Qaeda's brand name and assistance, this does not
necessarily mean that they embrace al-Qaeda's war on the ``far
enemy.'' That is us. The longer-term threat is that al-Qaeda
will be able to deepen relationships that ultimately give it
new operational bases and recruits for international terrorist
operations.
Its own operational capabilities degraded, unable to
directly attack the West, al-Qaeda has emphasized--embraced,
really--a do-it-yourself strategy supported by an intensive
online recruiting campaign. They have had modest success. In
fact, the meager response suggests that thus far this marketing
effort appears to be failing. It is still a danger, but they
are not selling a lot of cars.
Since 9/11, there have been 96 cases of homegrown terrorism
involving 192 persons who offered support to jihadist groups or
plotted to carry out terrorist attacks in this country. Of 37
homegrown jihadist terrorist plots since 9/11, 34 were
uncovered and thwarted by the authorities.
Our success in preventing further terrorist attacks is owed
largely to our own intensive intelligence collection efforts
worldwide and at home, plus unprecedented cooperation among the
intelligence services and law enforcement organizations
worldwide. That latter aspect is going to become more difficult
to sustain in the future, in part because of fiscal
constraints, in part because of a certain amount of
complacency, but also in part because we are going to be
dealing with governments in the Middle East that are being
challenged by their own citizens whose efforts we support in
principle, and also we are going to be dealing with governments
for which counterterrorism is no longer their top priority. It
is new political institutions, it is the creation of jobs. We
are going to be dealing with some governments whose leaders may
have very different ideas about terrorism--for example, the
recent statements by the new president of Egypt. This places an
increased burden on our domestic intelligence capabilities.
Now, Senator Collins, I certainly agree with you that our
domestic intelligence collection, although not optimized,
certainly has been a remarkable success. It is, however, under
assault, in part motivated by concerns about civil liberties,
but also by personal, ideological, and political agendas which
in some cases are further fueled by organizational rivalries.
Now, intelligence collection is always a delicate business
in a democracy, and review is always appropriate. But the
dismantling of the intelligence effort, which seems to be the
politically correct desire of some, I think would be extremely
dangerous.
The recent string of terrorist plots by Iranian-trained
operatives in Azerbaijan, Georgia, India, Thailand, Kenya, and
the United States, itself, I think indicate a resurgence in
Iranian-sponsored terrorism. Its future trajectory will depend
on Iran's perceptions of Western intentions and its own
calculations of risk. And, of course, the uncovering of a plot
in this country I think really raises some questions about our
calibrations of their willingness to accept risk.
Let me make a couple comments briefly about the terrorist
targets and tactics. Terrorists have contemplated a wide range
of targets: Government buildings, public transportation,
hotels, tourist sites, and religious institutions predominate,
but they remain obsessed with attacking commercial aviation,
currently with well-concealed explosive devices that are
difficult to detect, hoping to kill hundreds. I think that
protecting airliners will remain a matter of national security.
But while terrorists consider airlines gold medal targets,
when it comes to slaughter, they do their work on surface
transportation, which offers easier access and crowds of people
in confined spaces.
Let me just follow on something that General Hayden has
said here, and that is, it is really a long-term trend that we
are struggling with. We have known for some years that power--
and here I mean power defined crudely, simply as the capacity
to kill, destroy, disrupt, compel us to divert vast resources
to security--is coming into the hands of smaller and smaller
groups, into the hands of gangs whose grievances, real or
imaginary, it is not always going to be possible to satisfy.
And how we deal with that within the context of a democracy and
remain a democracy I think is one of the major challenges we
face in this century. Thank you.
Chairman Lieberman. Thank you. Right you are. I think you
both pointed to the changes that are affecting the nature of
the threat. I am going to wait until the question period to say
more.
Mr. Cilluffo, thanks for being here again. Good to see you.
TESTIMONY OF FRANK J. CILLUFFO,\1\ DIRECTOR, HOMELAND SECURITY
POLICY INSTITUTE, GEORGE WASHINGTON UNIVERSITY
Mr. Cilluffo. Thank you, Chairman Lieberman, and not to
soften you up for the question period, but I do want to say we
all owe you a debt of gratitude in terms of your oversight on
homeland security. It is really sad that these are the last
rounds of hearings, but really we are pleased you have
contributed so much to all of our efforts here.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Cilluffo appears in the Appendix
on page 102.
---------------------------------------------------------------------------
Let me also say thank you to Senator Collins, a good friend
and a big champion on these issues, distinguished Members of
the Committee, and even those from other committees, which I
think is really important in terms of Senator McCain, which,
when you look at cyber, you cannot look at the world through
the boxes and organization charts that make up our governments
and agencies because these threats require us to look at it
holistically. So when you talk cyber in particular, it
obviously transcends any particular department and agency, but
also any particular committee, so thank you, Senator McCain,
for being here as well.
All too often, hearings along these lines are after a
crisis occurs, what we ``coulda, shoulda, woulda.'' I think it
is really important that we take the time in advance--I guess
it was President Kennedy who said that the time to fix your
roof is when it is sunny, not when it is raining. And I think
it is important to be able to reflect, it is important to be
able to recalibrate, because ultimately that is the objective
here, to be able to try to shape outcomes.
Before jumping into the particular issues, I almost think
that, General Hayden, maybe the NSA does spy because you guys,
I think, hacked my system. You said everything I wanted to be
able to say. So I will try to pick up on a couple of very brief
points here.
I think it was Yogi Berra who said this--``the future ain't
what it used to be.'' I would add some time since the end of
the Cold War, threat forecasting has tended to make astrology
look respectable. That said, the best way to predict is to
shape, and I think we do have an opportunity to shape and are
doing so right now.
It was Mark Twain, or Samuel Clemens at the time, who said,
``While history may not repeat itself, it does tend to rhyme.''
And let me say we have some rhyming that is warrant for
concern.
Senator Collins, you mentioned complacency. I am very
concerned that complacency is setting in. That is stymieing
some of the initiatives that could be moving at a faster clip
and ought to be moving at a faster clip.
General Hayden, one point I may disagree a teeny bit with
you on is whereas technology, tactics, techniques, and
procedures continue to change and advance based on new
advancements, human nature never changes. So to think that we
are out of the woods right now would be a big mistake. And I
get the sense that we are not necessarily recognizing that.
Ding, dong, the witch is not dead. Good news that we have
had some very successful strikes against Osama bin Laden and
Anwar al-Awlaki, I would say most significantly underdiscussed
is Ilyas Kashmiri. He was one of these guys that cut across all
the jihadi organizations. And the threat today comes in various
shapes, sizes, flavors, and forms, ranging from al-Qaeda senior
leadership that has proven to be resurgent, able to pop up
again, is resilient, so let us not take our eye off the ball
there; but also to its affiliates that are growing by leaps and
bounds. Whether it is AQAP, home to one of the world's most
dangerous bomb makers, Ibrahim al-Asiri; al-Qaeda in the
Islamic Maghreb spreading all throughout the Sahel; al-Shabaab
in Somalia; or across Africa, you are seeing fall under an arc
of Islamist extremism right now, from east to west. I mean,
Timbuktu, who would have thought that would fall to Islamist
extremists, but it has. So all the news is far from good.
One of the more concerning trends when you look at some of
these organizations, historically they had very indigenous,
regional, and local objectives. More and more they are
ascribing to al-Qaeda's goals, to the broader global jihad, and
who is in the crosshairs? Obviously, the United States, Israel,
and India--the West generally. So that warrants additional
concern.
Then let us look at the Federally Administered Tribal
Areas. We have had major success here, but do not think it is
happening in a vacuum. It is because we are applying pressure,
continuing to apply pressure. If we take a foot off the gas
pedal, you are going to see instantaneously our adversaries re-
emerge. Think of it as suppressive fire. They are looking over
their shoulder, spending less time plotting, less time
training, and less time carrying out attacks. So as much as we
can--and I know drones are not the complete answer, but I think
some of these approaches have been very successful in terms of
some of our counterterrorism opportunities.
Pakistan, a big issue. You see a witch's brew of terrorist
organizations there, from Tehrik-i-Taliban to Harkat-ul-Jihad
al-Islami (HuJI) to the Haqqani Network, which I think should
be designated a foreign terrorist organization (FTO)--if you
guys are jumping into that--to a number of other organizations.
So when you look at the threat, by no means gone.
Then, as Mr. Jenkins touched on, the homegrown threat. I
take a little different perspective than perhaps Mr. Jenkins
does. I think it is very significant. We have seen 58 plots,
according to the Congressional Research Service (CRS), that
have been disrupted, ranging from very sophisticated plots,
such as Najibullah Zazi, down to less sophisticated. But at the
end of the day, let us keep in mind terrorism is a small-
numbers business. You do not need big numbers to cause real
consequences. Nineteen hijackers--look at the impact they had.
And to me, the missing dimension of our counterterrorism
statecraft is, to paraphrase Bill Clinton, it is not the
economy, stupid--or maybe it is--but it is the narrative,
stupid. We have not done enough in combating violent Islamist
extremism to go after the narrative, the underlying fuel or
blood that makes the system fly.
So we need to expose the hypocrisy, unpack, dissect, and
attack that narrative, expose it for what it is. It is
ideologically bankrupt. And I would argue that part of that is
also looking at--I see we have a good friend of mine here,
Carie Lemack, and others--the role of victims. Why do we know
all the martyrs, why do we know all the terrorists, why don't
we know al-Qaeda's victims of terrorism? To me that has to be
part of the equation. So defectors, disaggregate, deglobalize,
and ultimately remember the victims.
Two words on cyber. I know I am over time. I have never had
an unspoken thought. I think it is fair to say in terms of
cyber we are where we were in the counterterrorism environment
shortly after September 11, 2001. We do not need any more
examples, anecdotes, and incidents to be able to wake us up.
What we do lack is strategy, and I may disagree with everyone
here, and am probably a minority position, but I do not feel we
can firewall our way out of this problem. Yes, we need to get
security high enough, we need to raise the bar, but to me we
need to ultimately communicate a clear and articulated cyber
deterrent strategy aimed to dissuade, deter, and compel our
adversaries from turning to computer network exploit,
espionage, or attack. We have now named names: China, Russia.
We have all known this for a long time. But what are we doing
to compel them to stop continuing what they are doing?
To me, it is about investing in some of our computer
network attack capabilities. We need the cyber equivalent of
nuclear tests that ultimately demonstrate a need to respond.
And critical infrastructure. If anyone is doing the cyber
equivalent of intelligence preparation of the battlefield, that
is not for stealing secrets. That can only be as an advance
equivalent of mapping our critical infrastructure that can be
used in a time of crisis. Completely unacceptable. I hope we
can act on legislation, and information sharing is critical,
but we need to go the next step as well.
Thank you, Mr. Chairman.
Chairman Lieberman. Thank you very much. Cybersecurity
legislation, as you know, is the No. 1 priority of this
Committee, and hopefully the Senate will take up the bill soon,
and we will have a good and open debate and get something done.
Mr. Flynn, great to see you again. Welcome back. Please
proceed.
TESTIMONY OF STEPHEN E. FLYNN, PH.D.,\1\ FOUNDING CO-DIRECTOR,
GEORGE J. KOSTAS RESEARCH INSTITUTE FOR HOMELAND SECURITY,
NORTHEASTERN UNIVERSITY
Mr. Flynn. Thank you very much, Mr. Chairman, Senator
Collins, and other Senators. It is an honor to be here. As I
went back to prepare for this testimony, I reflected on my
first time appearing before you, Mr. Chairman. It was when this
was still the Governmental Affairs Committee, and it was
literally a month after Sepember 11, 2001, on October 12, 2001.
And at that point, I concluded my testimony essentially arguing
that we need to fundamentally rethink and reorganize how we
provide the security for this Nation in this new and dangerous
world. And you, Mr. Chairman, have really taken up that mantle
with Senator Collins, and I really want to express my gratitude
for the enormous service you have done to this Nation over the
last 10 years. I am honored to be here at this hearing.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Flynn appears in the Appendix on
page 114.
---------------------------------------------------------------------------
I am now here in my new capacity as the founding co-
director of the Kostas Research Institute for Homeland
Security, made 10 years after 9/11 as a result of a very
generous gift from a graduate and trustee from Northeastern
University, and I was honored to take on this role at a
university that has made security one of its three focal areas
for research. That I think speaks to the greatest strength of
this country that we have not yet really tapped, which is the
everyday citizens who are out there, who are patriotic and
willing to give, and also our universities that have largely
been missing in action unless we have bribed them into it to
play an effective role. In the Second World War, we harnessed
the best talents we had across our Nation, from our civil
society to universities that mobilized for the war. Today, to a
large extent, civil society has been left on the sidelines.
When we come to today's hearing topic on the nature of the
threat, I would certainly suggest that what we have heard so
far and what I think we are going to continue to see in terms
of evidence going forward is we really need to recalibrate, to
have that engagement with civil society happen with a greater
order of magnitude.
What do we know? We know essentially that there are limits
to the war on offense. That was pretty much the approach we
took in the immediate aftermath of 9/11. We even used the terms
often of ``we do it over there so we do not have to do it
here,'' and ``the only defense is offense.'' That effort,
certainly a case can be made, has helped to protect this
country from another 9/11 scale attack, but it does not and did
not succeed at eliminating the threat.
The reality is now the threat has morphed into the more
smaller-scale attacks that have one key attribute highlighted
by the testimony we have heard so far that I think should give
us a little pause, which is they are almost impossible to
prevent. These smaller-scale attacks, particularly with
homegrown dimensions, essentially do not hit enough tripwires.
They are really not that sophisticated. They can be done
relatively nimbly and quickly, so it means we are going to have
them from time to time.
The second thing we know is that al-Qaeda is not the only
threat that we need to be dealing with to the homeland. What we
also have, with the example of 9/11, is the illustration of how
warfare will be waged against the United States in the 21st
Century. This is a country that is so dominant on the
conventional military realm, it is just insane for an adversary
to want to take on our second-to-none armed forces. The future
battle space, therefore, is in our civil and economic space,
with the critical infrastructure that underpins the great
strength of this Nation. That genie came out of the bottle on
9/11, and we see it primarily in terms of the current threat
environment in the cyber realm, where, through the use of cyber
attacks on critical infrastructure, we are not only talking
about disruption of service but sabotage of those key
components with loss of life and huge economic losses.
Any current and future adversary of the United States will
essentially gravitate to wanting to target the critical
infrastructure that underpins the power of this country, and we
have to think about defensive measures to deal with that.
The other key hazards that we definitely face that falls
under the homeland security mission are always clear, always
present, age-old; they are natural disasters. In the big scheme
of things, one it is hard put in some cases to come up with a
terrorist attack that can come close to causing the loss of
life and disruption of property as what Mother Nature can throw
our way. And in that regard, we have to be prepared to deal
with natural disasters because we cannot prevent them.
Now, what is the implication arising from the fact that we
have smaller attacks that are more difficult to prevent, a
growing asymmetric threat largely through cyber that we have to
defend against, and the ongoing risk of natural disasters? It
is that we really have to take homeland security very seriously
and not imagine, as General Hayden also pointed out, that all
threats can be managed beyond our shores. We have to manage
them here at home.
How do we go about doing that? I argue that three key ways
are important. One is we have to reset some expectations with
the American public. There are limits to what the Federal
Government can do to prevent every possible hazard, and
responding to them is all-hands evolution. We have to say
frequently and often that bad stuff is going to happen from
time to time, and the measure of an individual's character as
well as our Nation's character is how you cope, not necessarily
that you prevent every bad thing from happening. Overcoming
adversity has always been part of our national DNA, and it is
something that we are going to continue to need as we move
forward.
The other is this real tension over secrecy--and, Senator
Collins, you certainly highlighted it--about the leak issue. On
the one hand, you cannot engage civil society unless we are
more forthcoming about threat, about vulnerability, and, very
importantly, what it is we all have to do. So we really have to
figure out how we not keep everything in a cone of silence, but
we really push the envelope on pushing information out. These
small attacks have almost always been broken up by locals or by
citizens. We have to make them a part of the solution.
And the last thing I suggest is that an overarching focus
going forward is this concept of resilience, of building a more
resilient society. In a world where there are no risk-free
zones--and I have yet to find one--it will be the communities,
the companies, and the countries that are best able to manage
risk, to withstand it, to promptly respond and recover from it,
and to adapt to it that will be a competitive advantage over
everybody else. People will not invest in and live in places
that when they get knocked down, cannot get back up. They will
live in places that can manage risk very well.
America historically has done that, and we need to harness
that capability again, and the focus has to be around
individual resilience, our self-sufficiency, self-reliance,
character that was very much a part of our Nation's blood, our
companies, our communities. It is, in other words, a bottom-up
effort that we need to be engaged in versus a top-down one. And
taking on this effort, I would argue, has a remarkably
beneficial effect. It reminds us why we come together as
communities in the first place, because there are some problems
we cannot manage all by ourselves. And it turns out that we
have to work together as a society in order to nail down these
problems.
So a call to the American people is necessary because the
threat and the ongoing hazard risk necessitates the engagement
of the private sector and necessitates the engagement of
everyday citizens and companies. We need to move away from
essentially a largely offense-based and largely overreliance on
Federal capability and not one that engages on the lowest
levels.
I just want to finish with a final number to help us put
this all in context on the away-versus-home sort of investment.
If we take the rough number of the cost of war operations
since 9/11, the number that is used is roughly about $1.3
trillion. That is what we have invested in those war operations
to make this country a bit safer. Well, that turns out to be a
burn rate of $350 million a day every single day for a decade,
$15 million an hour every hour, 24 hours a day for a decade.
Fifteen million dollars is the highest we have spent as an
annual investment in Citizen Corps, which is a program designed
to get everyday citizens to play a voluntary role in supporting
front-line first responders. That is one hour of our investment
in war operations in a decade.
I think we need to put some resources where the need is,
and that is in how we basically make our Nation a bit more
secure in defense and preventing and prepare to dealing with
the kinds of challenges that are facing us today.
Thank you so very much, Mr. Chairman.
Chairman Lieberman. Thank you, Mr. Flynn. Again, an
excellent statement. And I agree with you. We have found in
some ways, through the See Something, Say Something programs
that began in New York, a way to involve the citizenry, and it
has been effective. But we have only begun to do that here.
We will do 7-minute rounds of questions.
General Hayden, I will start with your evocative beginning
and ask a question that is either an overview of the
philosophical or even strategic stakes. You said that ``. . .
most of the attributes of the age of industrialization made the
state stronger and more relevant. Most of the effects of
today's globalization make the state weaker and less
relevant.'' I presume that within the term ``globalization''--I
know you are quoting General Scowcroft, or paraphrasing him--
that he must have meant digitalization, information technology,
and the whole array of modern technological development.
General Hayden. I think he did, Senator, and that actually
might be the best poster child for the whole process.
Chairman Lieberman. Yes.
General Hayden. But it is just not confined to that. Look
at manufacturing.
Chairman Lieberman. Right.
General Hayden. You pull the question of supply chain
issues in a global economy. It is impossible to build even
critical systems in an autarchic sort of way in which you have
control over everything. Everything has just gotten so much
more interconnected that it allows, again, actors that were
very small, self-motivated, as Mr. Jenkins pointed out, and
cannot be satisfied. A degree of destructive power that we have
just never experienced.
Chairman Lieberman. I agree. So let me make this statement
and then ask you to respond. Certainly in terms of the threat
to us, as you just cited Mr. Jenkins, small groups, non-state
actors, like we saw on 9/11 and since, can do great damage to
us. But I want to just mention this irony, and I think you are
right that the developments of digitalization and
globalization, ``have made the state weaker and less
relevant.'' And notwithstanding the exchange I just had with
Mr. Flynn about the citizens' responsibility, it is the state
ultimately that in our country still has the constitutional
responsibility to provide for the common defense.
So really part of what I hear you saying, paraphrasing
General Scowcroft, is that the state has to figure out how to
get in the new game in a defensive way, how to protect the
citizenry, which is our fundamental responsibility in the
Federal Government.
General Hayden. Senator, that is exactly the message I was
trying to lay out. The effects of the broader environment work
against state power, make it more difficult for states to
influence events for a variety of reasons. It does not change
the moral, political, or legal responsibility of the state to
protect its citizens, and that is precisely the dilemma we now
have.
I will use an example. We are very sensitive in this
country because of our political culture and--God bless us, I
believe in it strongly--foreign and domestic intelligence and
law enforcement that protected our liberties very well, and the
threat to our security that created for two centuries, not so
much. Now it does. And so we now need a new formula.
I am sure Senator McCain is very aware of this. Getting NSA
involved in terms of defending something other than ``dot-mil''
Web sites seems to be an obviously clear thing to do because of
its capability. But our old structures work against that. It is
very difficult for us to digest that institution assuming that
new role.
Chairman Lieberman. You are absolutely right, and, in fact,
that is exactly what we are dealing with now in the
cybersecurity legislation because you really want NSA, which
has traditionally, and still does largely, had responsibility
for protecting the country and operating overseas, protecting
us from overseas attack, but then you have DHS with a set of
responsibilities for homeland security, and now the FBI with
law enforcement responsibilities. We have a challenge of how we
break through the traditional stovepipes and get them all at
the table together to protect our security against state actors
and non-state actors in a cyber world is a challenge we have. I
appreciate that exchange.
Let me ask one of those questions we tend to ask, which is
I would ask you to be much more simplistic than I know you want
to be, but I want to ask each of you. Tell me what you would
say today are the two or three, your choice, most significant
threats to our homeland security. And then give us a guess--and
I agree with what Mr. Cilluffo said, that prophecy in this area
is pretty close to astrology. But give us your guess about
whether your ordering of the threats to our homeland security
will be the same 5 years from now or 10 years from now.
Mr. Flynn. Senator, I will begin with the one I have been
testifying for a long time before this Committee about, which
is I think the ongoing vulnerability of the intermodal
transportation system profound disruption. I think the fact is
while some measures have been put in place to improve the
ability for it not to be used essentially as a weapons delivery
device, that threat still exists. My concern is not so much the
successful attack, which is certainly quite worrisome, but it
is that the only tool in the tool bag likely is to throw a kill
switch to sort it out afterwards and then try to figure out how
to restart it. And what we will have, basically, is a meltdown
of the global economy in the interim. So what we have there in
short is a very critical system infrastructure that currently
is quite fragile if we are spooked, and more work I think needs
to be done there.
Chairman Lieberman. So that would be by a terrorist bombing
or by cyber attack.
Mr. Flynn. Yes, there are two sides there, I guess. For
that one, it is essentially the bomb in the box scenario that
basically gets everybody looking at trains and worried.
Chairman Lieberman. Right, a traditional terrorist attack.
Mr. Flynn. Then my next would go to highlight the cyber
threat, like a cyber attack on the grid, because everything
requires electricity. We have some huge vulnerabilities with
industrial control systems across all our critical
infrastructure, and that one is, I think, a newer one that we
need to really step out smartly on.
Chairman Lieberman. Thanks. How about your guess about
whether that ordering will be the same 5 years from now?
Mr. Flynn. Well, I think on the current trajectory in terms
of dealing with the cyber threat, our government response does
not look like it is going to get any better. I worry unless we
have a large incident that motivates some change--both of these
problems are solvable in the next 5 years.
Chairman Lieberman. Right.
Mr. Flynn. The question really is our actions, not
necessarily those of the terrorists.
Chairman Lieberman. That is up to us,
Because my time is up, I am not going to even ask you to be
more simplistic. Just give me your two or three top ones and
whether you think they will change in 5 years, Mr. Cilluffo.
Mr. Cilluffo. I agree with Mr. Jenkins and General Hayden.
Al-Qaeda senior leadership, and those that are in one way or
another affiliated with al-Qaeda are still No. 1 right now.
Chairman Lieberman. Right.
Mr. Cilluffo. No. 2, and based on consequence, not
necessarily likelihood, but if you were to break out the risk
management, I would put the government of Iran and other
countries that may look to asymmetric forms of attack that can
have catastrophic implications. So I would not discount state
sponsors of terrorism, looking to proxies and the convergence
of crime and terrorism. I mean, this is scary stuff. Who knows
who is exploiting Anonymous even?
Chairman Lieberman. Right.
Mr. Cilluffo. If it is foreign intelligence services or
other organizations.
Chairman Lieberman. Same 5 years from now?
Mr. Cilluffo. I actually think on the terrorism threat, I
am hoping our actions will mitigate that. I think cyber and
nation-states and their capabilities------
Chairman Lieberman. Will become a greater threat. Mr.
Jenkins.
Mr. Jenkins. I am not nationally recognized in the field of
prophecy, so I am going to be very cautious about----
Chairman Lieberman. But we will convey that authority on
you officially today. [Laughter.]
Mr. Jenkins. I am not going to try to identify the group or
the event, but rather I'll talk about something really
internally on our side, and that is our psychological
resilience.
Look, terrorists cannot win by force of arms. They can hope
only to create terror that will cause us to overreact or
destroy our own economy or sap our will, and that makes our
determination, our courage, our self-reliance, our sense of
community part of the assessment, and these are really
difficult to measure. But there are some vulnerabilities here
in terms of our tendency to overreact and the divisions that we
have in our own society.
So I really look internally and say, ``What really can we
do''--as Mr. Flynn and the others were saying--``about really
strengthening our own capacity, not just our physical capacity
but our psychological capacity?''
Chairman Lieberman. Right.
Mr. Jenkins. And I think that is going to remain the same.
I hope it does, because there are some trends that say some of
these divisions in our society are going to get worse.
Chairman Lieberman. Well said. I agree. General Hayden.
General Hayden. Senator, I would agree with all that, and
let me just add one. If you look at dangers in the cyber
domain, the actors, the sinners, you have criminals,
anarchists--now often called hacktivists. States are generally
stealing our stuff, and I know some states can be very
dangerous, and they are very capable. But, in essence, a state
has to judge whether or not they are making themselves
vulnerable to retaliation.
Criminals are stealing our money. They are in a symbiotic
relationship with their target. Parasites are generally not
motivated to destroy their hosts so they do not bring about
catastrophic damage. I am really worried about that third
layer, the anarchists or the hacktivists. They are currently
the least capable, but as time goes on, the water level for all
these ships is rising in the harbor. So imagine a world in 2,
3, or 4 years in which the hacktivist groups, the ones that
cannot be deterred, who cannot be satisfied----
Chairman Lieberman. You are talking about cyber attacks?
General Hayden. Yes, sir. Those that cannot be deterred,
cannot be satisfied, begin to acquire tools and skills we
associate with nation-states today, and I think it gives you
some sense of how dramatic that threat can be.
Chairman Lieberman. Thank you. Senator Collins.
Senator Collins. Thank you, Mr. Chairman.
General Hayden, I want to draw a distinction between what
Mr. Flynn said about the need for more citizen involvement
versus the leaks that I think have made it more difficult for
our country to defend ourselves against both current and future
threats. I certainly agree with Mr. Flynn that an alert
citizenry in many ways is our best defense. We have seen that
over and over again. The Times Square Bomber, for example, was
caught by an alert street vendor. The Chairman and I are the
authors of the See Something, Say Something law that applies to
the transportation sector.
But it seems to me that is very different from leaks from
within agencies, from within the Administration, perhaps from
within the White House, that reveal highly classified
information, may compromise sources that are working with us,
and that, for example, identify the President's personal role
in targeting terrorists.
Could you comment on the impact of these national security
leaks, of which there have been a great many recently, on our
ongoing counterterrorism efforts as well as our larger effort
to stay ahead of those who would do us harm?
General Hayden. Senator, as I think Mr. Flynn pointed out,
this is a hard question in a democracy, but let me take the
negative side first and then maybe treat very briefly some of
the dialogue that might be more appropriate and proper with
regard to what espionage services do or do not do.
I think the single greatest toll on us by the unauthorized
disclosure of information--for whatever purpose, even for
policy reasons that may have some legitimacy or political
reasons that are understandable, if not forgivable--is the
confidence in potential partners in working with us and their
belief that we can be discreet. And that works down to the guy
on the street who is going to betray the organization of which
he is a part, only if he has confidence that you can keep that
relation secret, to the foreign intelligence service who might
be willing to do something very edgy with you, lawful,
certainly, but politically very edgy in our government and in
their government, they will only do it if they can count on
your discretion
Let us use one that was authorized, one I am very familiar
with. The Administration decided several summers ago to release
the Department of Justice memos when it came to the CIA
detention and intelligence program. A separate question,
something fully within the ability of the President to do. That
is not the issue. But that was over the objection of the then
current CIA Director and six of his predecessors. I can imagine
intelligence chiefs around the world saying, ``When I meet with
that person and he gives me assurances of secrecy and
discretion, it is now clear to me that he does not have
absolute control over that process inside the American
political system.'' That is the dilemma we face.
Now, to echo something that Mr. Flynn said earlier, though,
when I came to NSA in 2000, I actually tried to make some of
what the Agency was doing more public, and the reason I did
that was I did not think the American people would give us the
authority and the resources to do that which I thought we had
to do without having a greater comfort level with regard to
what the Agency was, with whom it was populated, and how it
deeply respected American privacy. So there is this need to
have this dialogue.
Let me end with this, Senator. I had a panel of outside
experts, a board of advisers at the CIA. I gave them tough
problems. The toughest problem I gave them was this: Can
America continue to conduct secret espionage in the future
inside a society that every day demands more transparency and
more accountability from every aspect of national life? And
that is where we are. That is where the dilemma is.
Senator Collins. I would say that I think there is an
easily drawn distinction between educating the American people
about the threat generally, the role played by various Federal
agencies, the need for certain authorities versus getting into
the details of specific counterterrorism actions that may
compromise the agent involved--I think of that poor physician
in Pakistan, for example, who is now in jail; I think of other
cases more recently that have occurred in Yemen--and also would
jeopardize, as you said, the willingness of foreign
intelligence services to work with us, to trust us not to
reveal the details in a way that may compromise their
government politically or may truly put in danger sources and
methods.
General Hayden. I agree totally, Senator.
Senator Collins. Thank you. Mr. Cilluffo, I want to get
back to an issue that you touched on which I think is so
important, and in some ways it contradicts a little bit or
takes a different view from Mr. Jenkins' testimony in which he
talks about a failure of al-Qaeda, a marketing failure, to
spread its ideology in a large-scale way.
You, on the other hand, were critical that there is a lack
of a strategy to counter the narrative that inspires people,
whether as larger groups or countries or as individual lone
wolves. And this is an issue that the Chairman and I have
brought up over and over again with the Administration, the
failure to appoint a point person to come up with a narrative,
the failure to recognize the term of Islamist extremism within
our country.
What do you think we should be doing to more effectively
put out a counter-narrative to help dissuade young people in
particular who may be drawn to the radical perversion of a
great religion, Islam, that they are seeing on the Internet?
Mr. Cilluffo. Thank you, Senator Collins. I do not want to
suggest we are completely out of step in some of this thinking,
but I do think our efforts to address the counter-narrative and
counter-radicalization in countering violent extremism (CVE) is
lacking at best. In fact, I think that is the missing dimension
of our counterterrorism statecraft right now. We are having
major successes kinetically. We have to continue to do that,
but it needs to be a full complementary approach, all
instruments of statecraft. And let me also note that I very
much supported the letter you and the Chairman sent to Mr.
Brennan in terms of the release of what could very liberally be
called the CVE strategy.
My view--this is personal, and I am not sure everyone else
will see it this way. It is about going negative. It is not
about what is great and this, that, and the other thing. Think
of a negative political campaign, expose the hypocrisies,
expose the lies, and illuminate the seamy connections to drug
traffickers. It really is kind of frustrating that the country
that invented the Internet, the country that is home to Madison
Avenue, the country that is Silicon Valley is getting our butts
kicked in this space.
So I would feel we need to be able to--rather than try to
look at--just expose the negatives and then bring up the
defectors. There have been so many defectors of al-Qaeda who
are going to have much more resonance, they are going to have
more balance, or street cred, as my kids might say, with the
community than any of us will simply because they have come
out. They have made the arguments justifying acts of--well,
they should be--we should have a Web site where you can get all
of that. And then it is not because Carie Lemack is here, but
the victims are so important, and why don't we know their
stories? Why don't we know their dreams? Why don't we know
their lives' aspirations? We simply do not.
So this is not to be pejorative, but we need a Facebook of
the dead. We need the equivalent of all these voices, all these
dreams--faces, visuals, and pictures, not nouns and verbs,
actual visuals. And I think that to me has been lacking. The
State Department is doing some decent work at the Center for
Strategic Counterterrorism Communication right now, but more
needs to be done.
Senator Collins. Thank you.
Chairman Lieberman. That was a great answer. Thank you.
Thanks for mentioning Carie Lemack. I join you in welcoming
her. If it was not for her and a lot of the other survivors of
9/11, we probably would not have passed the Homeland Security
Act in the first place and would not have created the 9/11
Commission and would not have passed the 9/11 legislation.
Second, your reference to negative campaign advertising is
very--it is relevant.
Mr. Cilluffo. I am all for that.
Chairman Lieberman. It is relevant. So maybe what we should
do is form a Super PAC to begin to negative advertise against
Islamist extremism.
Mr. Cilluffo. Sounds good to me.
Chairman Lieberman. I have one or two people I can think of
who might contribute to that.
I apologize to my colleagues because my late arrival may
have affected the order somewhat because our rule is that we
call in order of seniority on the Committee before the gavel,
and then after the gavel in order of arrival. So for your
information, the order is Senators Carper, Coburn, McCain,
Johnson, Brown, and Pryor.
Senator Carper.
OPENING STATEMENT OF SENATOR CARPER
Senator Carper. Thanks, Mr. Chairman. I want to commend you
and Senator Collins on assembling really an exceptional panel,
and we thank you each for joining us again today and for your
testimony and for your responses. This is really time well
spent.
I have been slipping back into the anteroom here a couple
times during the hearing. We have a group of soybean farmers
from the Delmarva Peninsula, and to go back to the point that
you raised, Mr. Flynn, we are experiencing a drought on
Delmarva, high temperatures, no rain for some time, and it is
not just a drought in our part of the country, but it is
apparently a nationwide drought. And the threat that poses to
our homeland, to our economic security, is really significant
and could be severe.
I mention that because the nature of the threats to our
country tend to change over time. The war that Senator McCain
and I served in in Southeast Asia, the kind of threat and the
way we fought that war was different than the war that my Uncle
Ed fought in Korea a generation earlier. The Persian Gulf War
was different from what we did in the Vietnam War. And the war
in Iraq is different from really the Persian Gulf War, although
the terrain was pretty much the same. In Afghanistan, it is
different still.
We figured out, thanks to people like David Petraeus, how
to be successful in Iraq and I think how to be successful in
Afghanistan. And we need to figure out how to be successful in
this next threat that we face, growing threat that we face, and
that is cybersecurity.
This is a panel where, as you know, we get along pretty
well here, Democrats, Republicans, occasionally we let in an
Independent. [Laughter.]
But we work well on this Committee, and the fellow to my
left here, a dear colleague, and the fellow over there, are
close friends, and they have a different take on what we ought
to be doing on cybersecurity legislation. And we are not going
to have a better panel, I suspect, than what we have right now
to help us find a little something closer to common ground.
I am going to start with you, General Hayden. Looking at
the legislation that Senator Collins and Senator Lieberman have
introduced with the support of a number of us, how do we make
it better? How do we make it better in terms of more effective,
and how do we make it better in terms of getting something done
politically so that we can help address this threat?
One of our dear colleagues is Senator Michael Enzi from
Wyoming. He has something called the 80/20 rule. And I said,
``What is the 80/20 rule, Michael?'' Several years ago, I was
talking about him and Senator Kennedy working so well together,
and he said, ``Ted Kennedy and I agree on 80 percent of this
stuff. We disagree on 20 percent of this stuff. And what Ted
and I have decided to do is focus on the 80 percent on which we
agree.''
Now, I do not know in cybersecurity if we should have an
80/20 rule or 70/30 rule or a 60/40 rule, but we need to get
something done here this year, and we cannot go home without
completing action. And if we only do 60 or 70 percent of the
deal, that is a lot better than nothing.
General Hayden.
General Hayden. Yes, sir, I will be very brief and probably
overly simplistic. I would do it all. I do not view these
fundamentally to be competing bills. I would get NSA in on the
field. I would try to get standards into our critical
infrastructure. And I would take Congressman Mike Rogers and
Congressman Dutch Ruppersberger's bill about information
sharing, and I would do that, too. I think they are all steps
in the right direction. And we can adjust fire in a year or
two. With clear, close, and conscientious oversight, we will
make adjustments. But sitting here freezing ourselves into
inaction is--I hesitate to say any course of action is better
than standing still, because obviously there are some that
could be very destructive. I do not view any of these in that
light at all. I think they will all move in a positive
direction, and we can make adjustments as needed.
Senator Carper. I am going to ask you to say that again.
Mr. Chairman, Senator Collins, I am looking for some common
ground with Senator McCain over here and the renegade group
that he is running around with. But I just said it to General
Hayden--Where is the common ground? Where does it lie? And he
gave us about one minute that was very insightful.
General Hayden. I would do them all. We need NSA in on the
field. We really do. We need information sharing. The bill
coming out of the House Intelligence Committee, Chairman Rogers
and Congressman Ruppersberger, we need standards for critical
infrastructure, check, check, check. I would do it all, and I
would keep an open mind, and I would adjust fire 1, 2, or 3
years into the future as each of these begin to roll forward.
Senator Carper. All right. Mr. Jenkins, any thoughts or
reactions to that or other thoughts that you have, please?
Mr. Jenkins. No, I certainly would agree with that. Look,
we are dealing with a technology that moves at about 150 miles
an hour here. Legislation moves at about 15 miles an hour. And
our adversaries are somewhere in between. They move very fast
and exploit vulnerabilities with the new technologies as fast
as they come out. And we spend a long time trying to catch up
with them.
The longer we delay in implementing these things, the
greater that gap grows. In that particular case--I guess you
are going to have two former soldiers here that are agreeing--
you do something now. It is not going to be 100 percent right.
And you watch it carefully, and then you make adjustments as
you go forward. So get these things moving, as opposed to
waiting to try to find the absolute perfect piece of
legislation, and by the time we do that, the technology is
going to be 1,000 miles ahead of us.
Senator Carper. Thank you. Mr. Cilluffo, please?
Mr. Cilluffo. Senator Carper, I think it is an important
question. It is a significant set of issues. I do feel you can
meld the various pieces together. There are some areas of that
20 percent of disagreement that are not trivial. But I do not
see them as mutually exclusive either/or propositions.
A couple of fundamental things. One, it is not about
regulation. It is about building standards, self-initiated,
that the various sectors can identify. I kind of feel like it
is kids' soccer, and I have a daughter who just made it to the
finals in regionals, so they get better when they get older, I
promise you. But when they are younger, they all swarm the
ball. So at the end of the day, let us not look at the
technology du jour. But I can tell you this. If we do not act
now, whatever is going to come after something occurs will be
much more draconian, and it will not be as constructive as I
would argue it could be.
Two, the other thing to keep in mind, we are very reactive.
The cyber domain is very much reactive. There is nothing in
prevention. We need active defenses. We need to look at
deterrents. We need to enhance our offensive capabilities. We
need to do so in a way that articulates but does not compromise
operations and secrets, to Senator Collins' point. We have not
done any of that, which to me is a little frustrating.
So the time to act is now. Long on nouns, short on verbs.
Let us get it done.
Senator Carper. Thanks so much. Mr. Flynn.
Mr. Flynn. I just want to emphasize again that we will need
standards, and the debate really has got to be about just how
we can achieve those. We have a number of models, and they are
not all regulation, but we need standards, and we need
incentives for standards. So let us just move forward on that.
I would suggest a piece that could be quite helpful in
getting to a mature end state is missing, which is engaging
universities to be a part of the solution. We talk about
private-public cooperation, but completely missing from this is
the role of universities. A consulting professor out of
Stanford University, literally as something is going up on the
white board, is thinking about how to market it. The government
is coming in multiple years later. The universities are
creating some of the problem, but we are trying to retrofit to
fix. Let us get them engaged. They can be helpful, honest
brokers. They can bring some expertise. And they try to change
the culture that you need, or we all need, to be mindful of the
risks that are associated with cyberspace. And I do not see
much role given to universities a part of the legislation, and
I think anything could be added to that. They are one of the
few institutions Americans still somewhat respect, so let us
get them in the game and make sure that expertise and some of
that honest broker role, I think, can be harnessed.
Senator Carper. Good. Those are very helpful responses. I
would just say to my colleagues, Senator Lieberman and I, and
probably Senator Collins, have talked with the Majority Leader
just in the last 24 hours about how do we move forward. He has
committed to bring cybersecurity legislation to the floor
during the course of this work period, and it is imperative
that we do that. He is reluctant to provide an unending amount
of time. We cannot spend a week or two doing this. But to the
extent that we can take some of what you said here today to
heart and to enable us to quicken our pace, maybe get something
done, we can make very good use of that week, and we need to.
Chairman Lieberman. Thanks, Senator Carper, for your line
of questioning, for what you said. Thanks to the witnesses for
their response. It was interesting to me that in the response
to my questions about the threat to homeland security today and
what it would be 5 years from now, there is a clear presence in
your answers of the cyber threat and the extent to which you
feel it will grow. So we really have to act. We have a chance
to act thoughtfully this year, to begin something so that we
are doing it not reacting to an attack in which, I agree, what
we do in reaction will be much less well thought out. And I
agree, we have to find a way to do it all, do information
sharing and do standards as well.
Senator Carper. Mr. Chairman, could I just have another 30
seconds? I will be very brief.
Chairman Lieberman. Sure.
Senator Carper. Some people think we do not get much done
around here. Just in the last 7 months, we have actually agreed
on bipartisan legislation on the Federal Aviation
Administration reauthorization; on patent reform legislation;
free trade agreements with three major countries, trading
partners; Export-Import Bank reauthorization; the so-called
Jumpstarting Our Business Startups Act to improve access to
capital; transportation legislation; Food and Drug
Administration reform; and flood insurance. We passed a good
postal bill in the Senate, and a good agriculture bill. That is
a pretty good track record. And what we need to do, I think, in
the Senate, is to try to set the example for our colleagues in
the House and just to get something done.
Chairman Lieberman. Thanks, Senator Carper. I know that
Senator McCain is inspired by your statement. [Laughter.]
And I could see the smile on his face. You made him very
happy with that report. Senator McCain, welcome.
OPENING STATEMENT OF SENATOR MCCAIN
Senator McCain. Dare I point out that we have not done a
single appropriations bill? Dare I point out that we have not
done the defense authorization bill? Dare I point out that we
have done literally no authorizing bills with the exception--12
bills have been passed by this Congress. That is the least in
any time in history. But we will continue that debate at a
later time.
Chairman Lieberman. Senator McCain, you are up. Senator
Coburn was next, but he had to leave.
Senator McCain. Thank you, and I appreciate the enthusiasm
and the positive attitude of my dear friend from Delaware.
First of all, my friends, in all due respect to your
comments, I have been around here 25 years, and I have grown to
believe over time that the Hippocratic Oath is the first thing
we should observe: First, do no harm. I have seen legislation
pass this body that has done a great deal of harm, so when you
say do something, one thing we should not do is not get it
right. And one of the things we should not get wrong is giving
the Department of Homeland Security the authority to issue a
blizzard of regulations unchecked and unmonitored. Also,
information sharing has to be done. You mentioned the
universities. How about Silicon Valley? They are the people
that really know how to react rather than the Department of
Homeland Security. The next time you go through an airport, you
will go through the same procedure that you went through right
after September 11, 2001. So my confidence in the Department of
Homeland Security to be the lead agency is extremely limited.
With that, I would like to move on quickly. General Hayden,
would you say that these cyber leaks about Stuxnet and these
others is a significant blow to national security as well as
our relationship with other nations?
General Hayden. Senator, the common denominator is the blow
to relationships with regard to discreet relationships, the
lack of confidence. That has to be very painful, and we will
suffer for that over the long term.
Each of the leaks in terms of its specific harm had a
different effect. The one about how we do or do not do drone
activity, for example.
Senator McCain. I am specifically talking about cyber.
General Hayden. On cyber, whether the story was true or
false, a publication that the United States was responsible for
that activity is almost taunting the Iranians to respond at a
time and in a manner of their own----
Senator McCain. I was just going to say, if I were the head
of Iranian intelligence, I would have been in the Supreme
Leader's office the next day.
General Hayden. Senator, it is Qasem Soleimani, and I would
have gone in saying ``Remember that briefing I gave you about a
year ago, and you told me to put it on the back burner? Well, I
have brought it forward.''
Senator McCain. Would you say that given the nature of it
and given the book, I mean, like people being taken up to the
presidential suite in Pittsburgh to be briefed on Iran, that
these leaks probably came from the highest level?
General Hayden. Senator, I will defer. Although I have
assigned the book as a textbook, I have not yet read it.
Senator McCain. All right. Mr. Jenkins, let us talk about
Mexico really quickly. They just had an election. Obviously,
the Mexican people are extremely frustrated. As you pointed out
in your testimony, 50,000 people have been murdered. The
Mexican people, with some justification, believe that the
United States is the destination. Why should they be the fall
guy for all these deaths, terrorism, killing of journalists,
and all the terrible things that are going on in Mexico?
How much effect do you think over time this situation is
going to affect the United States of America as far as violence
and also corruption in our country?
Mr. Jenkins. I think it is already having an effect. Look,
the criminal cartels in Mexico are acquiring vast sums of
money. They are diversifying. They are going into legitimate
businesses, and that is going to give them increased revenue
flows. But the one thing they are going to do is move
downstream; that is, in the drug business, which is their
primary form of commerce in this country, the profits increase
as one gets closer to the retail level. That is, at the
cultivation level, at the production level, the profit margins
are narrower. As you go on through the process, the big profits
increase.
They are going to move downstream to take control in an
alliance with gangs already in the United States, exploiting
those alliances to take increasing control of the drug traffic
in this country. That is going to set off wars between them and
wars with others in this country, and we have seen the quality
of violence with which they conduct those wars in Mexico. So
this is going to put them in increasing direct conflict with
U.S. authorities. They will try first, as they always do, to
suborn those authorities with cash and with other means, and
when that fails, with the kind of direct challenges to society
itself where you get this quality of violence, not just
violence as a norm but beheadings, torture----
Senator McCain. I understand.
Mr. Jenkins [continuing]. Things of this sort, as an effort
to intimidate the entire society.
Senator McCain. It is my understanding that the price of an
ounce of cocaine on the street in any major city in America has
not gone up one penny. Is that correct, in your assessment?
Which means that we have had no success in restricting the
flow, the old supply-and-demand situation. So we can identify
the leaders of the drug cartels in Mexico, but we do not seem
to be able to identify the leaders in the United States of
America.
Mr. Jenkins. I do not know that we cannot identify or
actually, I think----
Senator McCain. But if the price has not gone up, isn't the
point that we have to do something different?
Mr. Jenkins. That is true. The fundamental strategy, to the
extent that we base our strategy entirely upon either crop
substitution or interdiction, we have to do those. But that is
not the most effective way we can respond. The strategy has to
be fundamentally altered.
Senator McCain. Should we have a conversation in the United
States about the demand for drugs?
Mr. Jenkins. We have to do demand reduction. If we can do
demand reduction, then we can suck the profits out of a lot of
this.
Senator McCain. Do you think it will be very interesting
what strategy the new President of Mexico is going to adopt?
Mr. Jenkins. The new President of Mexico has addressed the
issue where violence in Mexico has become the issue itself, not
the criminality that creates the violence, but just the
existence of the violence itself.
Senator McCain. And the corruption.
Mr. Jenkins. The solution that he has proposed in his most
recent speech is that he is going to basically put the army
back into the barracks and respond with police. Now, that
sounds good, and it will create a new police force, and that is
what he is promising to do. That will take time and resources.
In the meantime, the only way you can significantly reduce
the violence in Mexico is by achieving some level of
accommodation with the cartels themselves. Now, that brings us
potentially back to the bad old days.
Senator McCain. That brings us back to the Colombian
experience under President Pastrana.
Mr. Chairman, I have just a short time. Maybe Mr. Cilluffo
and Mr. Flynn would like to comment.
Mr. Cilluffo. Just very briefly on Mexico, I think it also
does require rethinking our own doctrine--it is a mixture, a
hybrid threat, a hybrid set of issues from a counterinsurgency,
counter narcotics, counterterrorism, even from a tactical
perspective, as well as counter crime. So, I mean, it depends
how we look at it.
I think you brought up Plan Colombia. When that was rolled
out, I do not think one person in any room would have thought
that would have been a success many years later. And if you
look at it, it is a success. But it also required more than a
traditional straight-up law enforcement function. It did
address the corruption issues, judicial issues, law
enforcement, but ultimately you had a para-law enforcement or
paramilitary role that I think played a significant role in its
success.
Senator McCain. Mr. Flynn, doesn't it also indicate that we
still have significant problems with border security?
Mr. Flynn. Thank you, Senator. The first time I actually
testified before Congress in 1991 was on this issue. In terms
of what Mr. Cilluffo just said about Plan Colombia, one of the
things that I remember commenting on a decade ago was that
while that may have some prospect for success, almost certainly
it will displace the drug trade into Mexico, and Mexico is a
much more difficult problem for us to deal with being literally
on our border. And yet there was no catcher's mitt strategy. We
were so focused on who the current bad guys are and how we
disrupt it, we were not thinking about how the commodity might
actually flow and figure out what the plan to respond should
be.
Senator McCain. Which is also true of Central America as
well as Mexico.
Mr. Flynn. Absolutely. At its core, the arithmetic is
pretty straightforward which you have laid out. Cocaine is just
as available today in terms of price, actually at higher
quality, than it was in 1980, adjusted for inflation. That is
the reality.
The bulk of the money is made in retail, as Mr. Jenkins
just pointed out here, in the United States. The arithmetic is:
Take a kilo of cocaine--the amount of dollars that the coca
farmer gets is roughly about $100. Then if he turns it into
paste, he gets $300. If they turn it into refined the high-
quality pure cocaine, then it is up to $1,000. They land in the
United States with about 12,000 kilos, and if we distribute it,
about $100,000. So that is where the money is. If you do not
get at the demand, you are really not going to affect the
dollars, and this trend that Mr. Jenkins highlighted of
essentially moving retail, capturing where the money is, is
something I think should be deeply worrying for us. At its
core, though, this is why this is such an ugly problem. Ninety
percent of the use is by addict population. When we reduced
half the casual use of drugs in the 1990s, that would affect
roughly about 5 percent of the demand. Your addicts consume the
overwhelming majority of drugs because they have very high
tolerance levels, and it is a daily activity. And so if you do
not go after your addict population, you are not going to make
a dent on the market, and that is a messy population to try to
deal with to drive down demand. But that is the economics of
it.
Senator McCain. Thank you, Mr. Chairman.
Chairman Lieberman. Thanks, Senator McCain, for focusing on
that unique and serious threat to our homeland security.
Senator Johnson.
OPENING STATEMENT OF SENATOR JOHNSON
Senator Johnson. Thank you, Mr. Chairman, first of all, for
your leadership, as well as Senator Collins, on this issue, and
for holding this hearing. I would also like to thank the
witnesses for their time and very thoughtful testimony.
One common thread here is the power of information, and I
would like to go back to what Senator Collins was talking
about--and Senator McCain also talked about--in terms of our
intelligence gathering and the damage caused by these leaks. I
do not want to rerun the testimony in terms of how damaging
they have been. I want to talk about how we repair that damage.
What is the way we can improve our information in our
intelligence-gathering capability if we are going to secure the
homeland? And, General Hayden, I would like to go to you.
General Hayden. Well, Senator, it is almost better than a
locked door because there are many opportunities to do a lot of
things better. Let me depart from the first point about
protecting sources and methods, and I think that is what
Senator Collins was saying is the distinction. You can talk
about how law-abiding your force is, maybe even how effective
it is. But when you get into revealing sources and methods, it
is at a great cost. And so I think we need to be especially
protective of that.
Let me give you a bit of a dilemma. Some of the things we
are doing--and let me use targeted killings against al-Qaeda as
an example because a lot of that has been declassified. So much
of that is in the public domain that right now this witness
with my experience, I am unclear what of my personal knowledge
of this activity I can or cannot discuss publicly. That is how
muddled this has become. And I think to a first order, just
clarity so that folks understand what is on the one side and
what is on the other in terms of public discussion. That would
be the first order.
Senator Johnson. Mr. Cilluffo, you talked about deterrence
when it came to cybersecurity. I guess I would like to ask the
question in terms of deterrence so we do not have future leaks.
Now, we do have a couple prosecutors assigned to this case,
ones that I do not necessarily have confidence in. I think
there is some conflict of interest. Is there a way that we can
provide that deterrence in a more rapid fashion? I think our
Chairman mentioned that the last successful prosecution of a
leak was 25 years ago. Can we really rely on the Justice
Department to provide that deterrence in the future?
Mr. Cilluffo. I do not have a good answer for you, but I
think it is the right way to look at it, because if there are
not consequences, then behavior will continue in whatever space
we are looking at.
The big impact is what General Hayden was saying. Potential
relationships with third-party and other intelligence services
could suffer. And if we are not able to build some of that
cooperative relationship, none of whom wants to advertise it,
we will know what the impact has been. As to the leakers
themselves, that is a question far beyond my ability to answer.
But you need consequences, absolutely.
Senator Johnson. So in order to get to this in a rapid
fashion, I guess, if we cannot rely on the Department of
Justice, which I do not believe we can, I believe we have to
rely on Congress. And I believe it is really this Committee
that has jurisdiction, so I guess I may be unfair to turn to
the Chairman here, but I think what we really need to do--and I
would like your comments on this--is start holding hearings. If
they have to be classified, fine. But I think we need to get to
the bottom of these leaks. We need to figure out where the
leaks occurred, whether crimes occurred. And I guess I would
just ask the Chairman and Senator Collins to potentially
consider doing those types of hearings.
General Hayden, can you comment on that?
General Hayden. Sure. It has proven very difficult within
the judicial system to push this forward in a way you are
describing that creates a deterrent--the laws, the First
Amendment, a whole host of things. And here we are trying to
impose a judicial punishment.
Senator I have not thought it through, but I have begun to
think broadly personally that maybe this is best handled by the
political branches, that the consequences may be in terms of
policy and politics as opposed to judicial. And in that case,
the Congress with its oversight authority could use that
function to perhaps create the kind of deterrence that you are
describing, because we have not been successful going down a
purely judicial track for lots of reasons, some of which
actually I understand and appreciate in terms of the First
Amendment.
Senator Johnson. Right, and we have talked about
complacency. If we sit back as a Congress and do nothing,
doesn't that just feed right into that complacency?
Mr. Flynn. Yes, I think it certainly can, Senator. One of
the concerns that I have--and I have spent a lot of time
talking to particularly critical infrastructure owners, the
private sector, and folks in the civil, State, local levels--is
if the impulse of the Federal folks who have information to
share it is to keep it close to the chest because of the fear
of consequence, then we really stifle the flow of information
that needs to go down. I would just say that there are clearly
some things that absolutely are disgraceful in terms of being
released, have national security implications, the kind of
things that General Hayden said, and we have to figure out how
to deal with those.
My worry is sometimes the way bureaucracies respond to
those very visual events is essentially to circle the wagons,
and then you can have the most common-sense piece of
information not passed out to critical players. So you have
cases where a former senior Secret Service agent cannot be told
something because his clearance has lapsed when it is the bank
he now works at is being targeted. Some of that has been
improved, but there is still too much of that going on because
the impulse is to keep the cards close to the chest, and that
is one of the consequences of this challenge.
Senator Johnson. You mentioned the word ``disgrace,'' and
that might be the best deterrence, to expose it, disgrace the
individuals that leak the information, that have harmed our
national security, and, again, that is what I think only
Congress can do and do it in a timely fashion. So that would be
my recommendation.
Let me turn to cybersecurity very quickly. The reality of
the situation is it is going to be very difficult to pass a
bill, so from my standpoint, I think we start with a step-by-
step approach of what is necessary to pass. We talked about
standards. I would like to ask just two questions. Who would be
best to develop those standards? And then, what would be the
next top priority thing that should be passed? Is it
information sharing? Is it something else? Let us start with
General Hayden.
General Hayden. Yes, sir. Information sharing, I think,
sets the groundwork. We do not get action because we do not all
have a common view of the battle space, so to speak. And the
more we can create this common view of the battle space, I
think good people will all want to and will do the right
things. So I would put an exclamation point next to that one.
Senator Johnson. And that is kind of what the House bill
does--really centers on that, correct?
General Hayden. Yes, sir.
Senator Johnson. What about setting standards? Mr. Jenkins,
do you have a comment on that?
Mr. Jenkins. I think standards are extremely important
here. The fact is, the critical infrastructure is vulnerable to
the extent that it is connected to the systems that can be
penetrated by hackers and so on. We have to set standards that
break that easy access into the operating systems. Now, in my
personal view, in many cases, that connectivity was put in
there because of convenience, not because of operational
necessity. We have operating systems that are hooked up to the
Internet that do not have to be hooked up to the Internet. They
are not directly hooked to the Internet, but they are hooked to
the corporate management structure which in turn is hooked to
the Internet, and that provides a path in. And we have to
separate those operating systems--somebody can mess with the
corporate sites, that is one thing. But to get down into the
operating systems, I think that is the real vulnerability.
Senator Johnson. Just briefly, again, I come from a
manufacturing background where we have International
Organization for Standardization standards set by industry. I
guess that is what I am getting at. Because technology moves at
such a rapid pace, should we be looking to industry to set
these standards themselves as opposed to the Department of
Homeland Security?
Mr. Cilluffo. Senator, in my testimony that is my preferred
approach. I mean, ultimately the sectors are going to know
their systems and vulnerabilities best. How do you ensure that
they are meeting certain objectives and goals? So, to me, I
almost think the ideal answer, which may be a bridge afar now,
is you have a trusted third party. Think of a Good Housekeeping
Seal of Approval. That is neither public nor private. That
ultimately has the ability to be able to red team test
vulnerability and systems, looking at it across the board.
One thing, though, that I would argue--and General Hayden I
think was right--I mean, we cannot allow the information-
sharing piece not to occur. You cannot expect the private
sector to defend themselves against foreign intelligence
services. That information, we need to build on the Defense
Industrial Base Initiative, the pilot that is going on right
now. That should be to other critical sectors.
So I do not think this should become a cigarette wrapped in
asbestos. We do not want the lawyers defining the outcomes. We
want the security experts. But if we do not do it now, that is
who is going to define it. So, to me, let us get to that level
of standards. And as much as it can be self-initiated, we
should, they should.
Senator Johnson. Mr. Flynn, quickly. I am out of time.
Mr. Flynn. I think we have some analogues for how to do
this, some examples. But I do believe it needs to be the
standards that are built with private sector input. They know
where the vulnerabilities are. They know what the workable
competitive solutions are. There has to be some enforcement,
basically because there are often a lot of free riders. Big
companies are responsible with brands, but there are small
players who come in who do not want the cost. So everybody has
to know it is a level playing field. So third parties, that is
often a fee-based approach to make sure everybody is playing by
the rules, is important.
Security, though, is a public good, so I do think you need
to essentially audit the auditors. The model that I come out
of, my Coast Guard background, we have standards set for very
complicated things--the safety of ships. They are enforced by
private third-party players like the American Bureau of
Shipping and the fees cover that. But the Coast Guard spot-
checks the system, and the way it ends up being enforced is if
it stops a vessel that clearly got an approval by a third party
but is not up to speed, not only is that vessel held, but
everybody else who used that lousy classification society gets
held. And that keeps the standards up.
So there is a role for government, I believe, because it is
a public good we are talking about. But I think it is that
building block. Industry develops the standards. The third
party is a largely enforcement role, but government has a role
to provide some oversight. I hope we could come to some
reasonable closure on this because it is so important, the risk
is so great.
Senator Johnson. Thanks a lot, Mr. Chairman.
General Hayden. Senator, if I may just add one additional
thought?
Chairman Lieberman. Go ahead.
General Hayden. As we create standards, we all know what
the standards should be, and then industry has to decide. There
are costs and benefits. There is risk you embrace, risk you
cannot embrace, and so on. We need something overarching to
help identify and categorize and quantify risk because if an
industry is left with its own field of view, the risk will be
adjudged based upon how much it costs the industry rather than
how much it costs the broader critical infrastructure. An
overly simplified example, we lost power in Northern Virginia a
week or two back. That obviously cost something to the
electrical industry. But its impact was infinitely beyond the
electrical industry. So we need something that infuses that
into the calculus when you do cost and gain.
Chairman Lieberman. Thanks, Senator Johnson. Thanks to the
panel for their responses. The bill that not only the Committee
reported out but that has been negotiated since really follows
the model of a lot of what you have described.
Incidentally, I agree with you that if we do not do
something, the lawyers will do it, and the lawyers will do it
in the sense that there will be an attack and then there will
be litigation to hold companies liable for what they did not do
to protect customers from the attack. And then it will be done
by lawyers arguing in court, and that is exactly the wrong
place for it to happen.
We are trying to build a system in our bill where the
private sector is involved in a collaborative effort to set
standards for who is covered by this, just to get to the point
that General Hayden was talking about, and we only want to
cover the most critical infrastructure defined in a very
demanding way. And then in the same collaborative process, to
approve standards but standards that we do not want to be too
prescriptive. They are basically outcome requirements, and we
are going to leave it to the private sector to comply with
those. But at some point--and we are open in the bill to
certified third-party auditors, if you will, private sector
auditors--it could be universities, probably will be
universities in a lot of cases, who the government will say,
OK, you are a credible operation, you are not a fly-by-night
operation, so we are going to rely on you to tell us whether
the companies have met the standards. And once you do that,
obviously you get some benefits, one of which is protection
from liability.
Mr. Flynn.
Mr. Flynn. Mr. Chairman, just to add one more thing as you
come to closure of the hearing, first, thank you for your
extraordinary leadership during your tenure here.
Chairman Lieberman. Thank you.
Mr. Flynn. I would also like to commend your extraordinary
staff, this bipartisan role with you, Senator Collins. I deal a
lot across this body, and the staff that works so well
together, I think, is a real tribute to the leadership that you
both provide and also to the majority and minority staff
directors.
One thing I would commend to you is the amount of knowledge
that is in your staffs, and it would be, I think, a tremendous
service to all of us for that staff to prepare a report of its
findings based on what has been learned over the course of this
past decade. There is a lot of turnover at DHS.
Chairman Lieberman. Right.
Mr. Flynn. This used to be a very unpopular business before
September 11, 2001. It was a lonely one. It got a little more
popular. It is getting a little more lonely again. So
harnessing that enormous capability that I see behind you here
would be, I think, a service to the Nation.
Chairman Lieberman. Thank you for your kind words, and I
agree with you. We have been very lucky with our staff, and I
appreciate you giving them that substantial assignment.
[Laughter.]
I have one more question, and I think Senator Collins may
have one more question, too.
We talk a lot about state-sponsored terrorism. The State
Department has a list of state sponsors of terrorism. But,
really, we have been focused over the last decade much more on
non-state actors, particularly al-Qaeda and the various
iterations of al-Qaeda. But as one or two of you have said, we
now have the kind of reappearance on a global scale of Iran-
backed terrorism.
I wanted to start with you, Mr. Jenkins, and ask you how,
if in any way, we should alter our response to this kind of
state-based terrorism as compared to non-state terrorism? Or is
it basically the same?
Mr. Jenkins. Well, in terms of dealing with the Iranian
thing, the terrorist campaign, these incidents that we have
seen thus far, is really only one small component of a much
broader set of issues in which we are engaging with Iran. And
from their perspective, what they are doing with these
terrorist attacks is in part saying that there is going to be a
cost for what they perceive as a campaign of sabotage and
assassination directed against their nuclear program. I will
not get into whether that is a correct perception or not, but
certainly that is their perception.
Their future use of this terrorism is going to depend very
much on what they calculate our intentions are about the
Islamic Republic itself. If they believe--and there are radical
elements within Iran that I suspect do believe this--that the
aim of the United States is to ultimately bring about the fall
of the Islamic Republic, then that is going to affect their
risk calculations, and they are going to basically conclude
they do not have a lot to lose. And they would be willing to--
they will be willing to--escalate that.
Now, this implies, by the way, that there is a rational
actor model: That is, what they do is in response to what we
do, which is in response to what they do. And people who will
challenge that rationality model, saying, no, we are dealing
with apocalyptic types here who are not always going to behave
rationally; but right now, in terms of our efforts to stop
their nuclear weapons program, we are depending on that model
to work.
How do we respond to this? I think, in fact, we are going
to see the continuation of a long-term, complicated, shadow
terrorist war, not simply involving the United States and Iran.
It will involve Israel, it will involve Saudi Arabia, it would
involve others. This is a tool that they have, and here I would
go back to underscore a point that Mr. Flynn made, and that is,
no one can take us on in an open, conventional way. That simply
is not going to work. So they have this as an instrument. They
feel righteous about its use. They have capacity, and so I
think that capacity is going to be used going forward. And I do
not think there is any way, any easy way, out of this contest.
Chairman Lieberman. Barring some shockingly surprising
rapprochement with Iran and settlement of the dispute over
their nuclear weapons capability program, no, I agree. I think
the emergence of Iran-backed terrorist acts or attempted acts
over the last year or so is obviously related to the tension
that is going on between us, the Israelis, the Saudis, and a
lot of others in the Arab world with Iran about their nuclear
weapons development program. So they are sending a message by
these acts or attempted acts.
Mr. Jenkins. Well, you said barring some dramatic reversal
of their policy with regard to nuclear technology. And, of
course, the trajectory can go the other way as well.
Chairman Lieberman. Correct.
Mr. Jenkins. And, that is, the tensions can increase,
hostilities can look as if they are imminent.
Chairman Lieberman. Right.
Mr. Jenkins. And then I think our operative presumption has
to be that there will be an escalation in the terrorist
campaign directed against their targets in the region as well
as targets further on.
Chairman Lieberman. And the second scenario, today you
would have to say based on what has happened in the P5+1 talks
with Iran and in their lack of any change in response to the
sanctions, the second scenario is the more likely.
Mr. Jenkins. The most positive assessment would be a
continuation of things as they are. That would be good news?
Chairman Lieberman. Yes, right.
Mr. Jenkins. If it is going to move one way or the other,
it probably looks as if it will head----
Chairman Lieberman. In a worse direction.
Mr. Jenkins. In a worse direction, yes.
Chairman Lieberman. Mr. Cilluffo, do you want to add
something quickly? Then I want to yield to Senator Collins.
Mr. Cilluffo. Mr. Chairman, I just want to be very brief.
The red lines we historically looked at are out of focus today.
From Beirut to Bangkok to Baku, I mean, you are starting to see
an uptick in activity, by whom precisely is unknown, the
Revolutionary Guard, the Ministry of Information, or others.
But at the end of the day you are seeing an uptick in
activity. The cyber issue that came up in the conversation--I
mean, cyber is made for plausible deniability. That is why the
extra shame if what has been said is accurate in the New York
Times that we are even discussing these sorts of issues. I
recently testified on the House side on Iran and cyber before
all these leaks, and they are investing heavily in this space.
And I would argue that they will not be discriminate. In other
words, who really should shed a tear? I think it was the right
thing to do to go to stymie Iran's nuclear programs and slow
that down a little bit. Do not think that their response in
kind would be discriminate. And those same vulnerabilities that
can be used there could be exploited in other ways.
So, to me, it is a significant set of issues, and the Los
Angeles Police Department, I might note, has elevated the
government of Iran and Hezbollah as a Tier 1 threat, highest
potential threat. So their intelligence requirements are
starting to kick in.
Chairman Lieberman. That is significance. Thank you.
Senator Collins
Senator Collins. Thank you, Mr. Chairman. First, I am
grateful that my friend Senator Johnson has stayed to the very
end of the hearing because I do want to put into context, and
to some extent counter his commission on cybersecurity and what
we need to do by reminding him that General Hayden's first list
was we need to do all three, and that includes protecting
critical infrastructure.
Mr. Flynn reminded us that critical infrastructure is
vulnerable to sabotage. We have seen just in the last week what
a natural disaster can do, the chaos, the loss of life, the
decreased economic activity, the hardship, and the accidents
that occurred at non-working traffic lights. Well, that would
be multiplied many times over by a sustained cyber attack that
deliberately knocked out our electric grid. And as Mr. Flynn
also pointed out, not only is there a lack of protection of our
critical infrastructure, but it is not as resilient as it
should be, and that is why here we still have people without
power in West Virginia and some parts of Virginia as well.
I would also point out as my final comment that while all
of us, everybody agrees that improved information sharing is
absolutely essential, it is far from a panacea that will lead
to improved cybersecurity. A joint report by the Center for
Strategic and International Studies and McAfee that was
published just last year found that 40 percent of critical
infrastructure companies were not taking even the most basic
security precautions such as regularly installing software
patches or changing passwords, just basic precautions that all
of us know we ought to be taking. And given the unending
publicity about almost daily cyber attacks--including, I might
add, a cyber attack that infiltrated the Chamber of Commerce's
own computers for many months without their being aware of it.
Given all of that evidence, I think that we can conclude that a
completely voluntary system where we do nothing related to
critical infrastructure will not solve the problem.
And I would ask all of our witnesses just very quickly,
even if you think that information sharing may be No. 1 or some
other step, such as better intelligence gathering, may be No.
1, are we truly going to improve the security of critical
infrastructure in this country--our electric grid, our
transportation system, our financial systems--if we do nothing
legislatively related to critical infrastructure? General
Hayden.
General Hayden. Ma'am, obviously the information sharing
helps, but I stand by my original statement, as you pointed
out. All three of these are good ideas, and we need to move out
on all three fronts.
Senator Collins. Thank you. Mr. Jenkins.
Mr. Jenkins. No, I think it is essential that we do
something now in terms of addressing the vulnerabilities in our
critical infrastructure. I mean, we have seen these threats
mount, and to go back to earlier comments made, what is likely
to take place in the wake of some type of cyber catastrophe is
going to be messier and not nearly as useful as doing something
now. So the choice is not doing something or not doing
something now. The choice is doing something thoughtful,
perhaps 90 percent right, hopefully, versus doing something
later on which is likely to be really messy.
Senator Collins. Thank you. Mr. Cilluffo.
Mr. Cilluffo. I think it absolutely does require
legislative prescriptions. All my views aside, I do think the
intelligence and information-sharing piece is priority No. 1.
But you have other pieces that need to be addressed, and quite
honestly, we have not made the business case for cybersecurity.
So, to me, that is where we need to be looking, because we need
to look at what the carrots are as well as the sticks. The fact
that the insurance and reinsurance sectors, they have always
had more success in inducing changes in behavior, the fact that
they are not in this space to me is a little upsetting. The one
thing I would argue against is we tend to look at this issue
reactively, and I am not just talking legislatively. I am
talking cyber generally. Think about it this way: After your
system gets broken into, what do you do? You get a patch. That
would be like in a physical domain, after someone breaks into
your home, you are calling the locksmith first, not a police
department, and you are not dealing with prevention.
So let us just make sure we are not only looking at it
picking up the pieces after they have already fallen. I want to
get a little more proactive. I think we need to invest in
active defenses. This will require legislation, too. So these
are the sorts of issues I think we need to also include.
Senator Collins. I cannot tell you how many chief
information officers of major companies have come to me and
said, ``I know we need to invest in this area. We are so
vulnerable. But we cannot get the attention of the chief
executive officer.'' I have heard that countless times.
Mr. Flynn. I would very much reinforce what has just been
said. The need for standards is critical, and they have to be
enforced in order to change this behavior, the behavior right
now as the system is wide open. And the risk is--and as I
constantly say to industry--the morning-after problem. When we
have an incident--you will have legislation, and there will not
be as much time for industry input. So let us use this moment
now when you have a voice at the table where there are clearly
trade-offs that have to be made here, engage.
I wanted to really reinforce something that General Hayden
said about one of the challenges of dealing with just purely a
sector-by-sector approach with each group setting standards.
Take the Port Authority of New York and New Jersey. At rush
hours, which, of course, it has in the morning and evening,
there are 1.8 million people inside Port Authority facilities--
on the bridges, in the tunnels, on the trains, or in its
airports. When the power goes out, those folks get stranded in
those facilities. You have to deal with that. The Port
Authority does not produce any power. It is depending on
utilities to do that. But its core mission, mobility, depends
on that.
The utilities have to go to raise their rates to state-run
public review boards in order to get the investment for
security. So, again, the tension becomes, absent a regulation
or a requirement, how do they make a case when other sectors
are being impacted? There is some need for some adult
supervision here. And it is also important to insurers and
reinsurers. If there are no standards, you are not going to
insure. Insurers, if they have to go out and do all the
enforcement themselves, which has costs, to make sure that
people buy off on the standard, that is not a profitable market
for them to do. They need to know there are standards. They
need to know there is a mechanism like third parties to do it.
Then they can come up with incentives. But they are not going
to give anybody incentives if they do not know anybody is
complying with it, and that basically is where this whole thing
has broken down.
Senator Collins. We often bemoan the fact that there was a
failure to connect the dots prior to the attacks on us on 9/11.
This time, there have been so many warnings that we are
vulnerable to a major cyber attack that shame on Congress if we
do not take steps now to try to avert a cyber 9/11. This is not
a case where there was a failure to connect the dots. This is a
case where every expert has told us that a cyber attack could
happen at any time, and indeed happens every day. And this
poses a threat not only to our national security but to our
economic prosperity, because we are not only in danger of being
disrupted from a national security perspective, but we are
losing trade secrets and intellectual property, research and
development developed by American firms every single day. And
to me, that is another compelling reason that we must act.
Mr. Jenkins. Can I add a comment here? This body can pass
legislation, and this Committee's responsibilities cut across
government. But actually, when you pass that legislation, some
portion of government is going to have to have the
responsibility for implementing these pieces, and it looks as
if DHS is going to have a heavy role here. And that really
raises a question of capacity, in terms of the capacity to
assess threat, to do the analysis, to ensure that this thing is
being implemented properly. And there is a real-question mark
about the existence of that capacity right now.
So the legislation, however good it is, is not going to
work unless there is the machinery somewhere in government to
do it. And I am not sure it is there right now.
Senator Collins. Well, that is why, as we did with the
Intelligence Reform Act in 2004, we created a National
Counterterrorism Center that brought together, as General
Hayden well knows, expertise from many agencies, which we do in
our bill, and we also tap into the private sector repeatedly in
a collaborative relationship.
Finally, I would say that having personally spent a lot of
time at the cyber center that DHS has now, I think most people
would be impressed with the progress that has been made. And
they have done it with cooperation with NSA, which is an
absolutely vital player, and with many other agencies as well.
But the point is, while we may have differing views on exactly
how to structure this, if we let those disagreements sink a
bill that requires critical infrastructure to meet certain
standards in order to get liability protection, for example, I
think we will be failing the American people. And when the
attack comes--and it will come--everyone will be saying why
didn't we act. And then we will rush to act, and we will do far
less good a job, and the damage will have been done. Thank you,
Mr. Chairman.
Chairman Lieberman. Thanks, Senator Collins. I was going to
add something, but you have said it all. Senator Johnson, do
you have another question you would like to ask?
Senator Johnson. No. I would just like to make a comment.
First, I do not really believe there is much I would
disagree with anything that has been said by anybody here. The
point I was trying to make in my questioning is based on the
failure of this Stop Online Privacy Act (SOPA) and PROTECT IP
Act (PIPA) legislation. I think it is critical that we do move
forward on this, and I am just trying to ask to prioritize it.
It sounds to me like standards would be the first thing, to set
those so that we can start maybe using the private sector and
insurance markets to start enforcing things, then information
sharing. I was just trying to get the priority of things that,
if we cannot go for the full loaf--I would love to pass a
perfect piece of legislation. I just think it is going to be
very difficult. What are the confidence-building steps we can
pass now to start the process going?
That was the only comment I was trying to make. Thank you.
Chairman Lieberman. I appreciate that, and as you know,
there is a lot of, I think, very constructive work going on
which Senator Collins and I have encouraged and are keeping in
touch with, that is in a bipartisan process being led by
Senator Sheldon Whitehouse and Senator Jon Kyl. I do not know
that it will produce common ground that everybody will want to
occupy, but I am hopeful that it will produce common ground
that at least 60 Senators will want to occupy.
I thank the panel. You have really been extraordinary. Just
looking at you, each one of you has given great service to our
country in various capacities, and I think you have added to
that by the written statements that you have submitted for the
record and by your testimony here today, and I appreciate it
very much.
We will leave the record of this hearing open for 15 days
for any additional statements or questions. We will be back
here tomorrow morning with part two, which will be a review of
the first decade of the Department of Homeland Security and
some looks forward into the next decade. The witnesses will be
our former colleague, Jane Harman, now at the Woodrow Wilson
Center, Admiral Thad Allen, and Richard Skinner, who is a
former Inspector General at the Department of Homeland
Security.
So, with that, I thank you all, and the hearing is
adjourned.
[Whereupon, at 12:21, the Committee was adjourned.]
THE FUTURE OF HOMELAND SECURITY: THE EVOLUTION OF THE HOMELAND SECURITY
DEPARTMENT'S ROLES AND MISSIONS
----------
THURSDAY, JULY 12, 2012
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 10:03 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Joseph I.
Lieberman, Chairman of the Committee, presiding.
Present: Senators Lieberman, Akaka, Carper, Collins, and
Johnson.
OPENING STATEMENT OF CHAIRMAN LIEBERMAN
Chairman Lieberman. Good morning, and the hearing is
convened. Thank you all for being here, particularly thanks to
the witnesses who we will introduce in a few moments.
This is the second in a series of hearings the Committee is
holding on the past, present, and future of homeland security
in our country, coincident with the 10th anniversary of the
adoption of the Homeland Security Act in November of 2002--
obviously following the events of September 11, 2001 (9/11).
Also, Senator Collins has been good enough to support my
desire, as I end my service in the Senate, to take a look back
at where we have been in homeland security over the last 10
years, but really more importantly, to look forward and to try
to discuss some of the unfinished business and to anticipate
how we can meet evolving threats. I hope thereby to create a
record which will be of help to this Committee in its new
leadership next year.
We had a very good hearing yesterday with a panel that was
describing the evolving homeland security threat picture. Today
we are going to focus in on the Department of Homeland Security
(DHS) itself, how it has done over almost 10 years now, and
what it should be doing in the years ahead.
The Department of Homeland Security does not include all of
the Federal Government's major homeland security agencies.
Obviously, the Departments of State, Defense, Justice, Health
and Human Services, along with the key intelligence agencies of
our government, all play very important roles in protecting our
homeland security. And, of course, State and local partners as
well as the private sector, and, as we discussed yesterday, the
American people themselves all have significant
responsibilities. But really the center of homeland security
was intended to be the Department of Homeland Security. It was
intended to be not only the center point but the coordinating
point of the agencies that were brought within it and also to
make sure that we were interacting with a lot of other agencies
over the Federal, State, and local governments that had both
the responsibility and some opportunity to contribute to our
homeland defense.
As I look back, I would say that the Department has come an
awful long way in its first decade, but this is a mission that
it has that in a sense has no final destination point. It has
to continue getting better, and there are ways to meet the
evolving threat, and there are ways in which in the first
decade there were some things that happened that were not as
good as we wanted.
But as I go back to 10 years ago, I think the vision that
Congress had for the Department of Homeland Security when we
created it was to have a Department that would be more than the
sum of its parts, a Department that would integrate key
homeland security functions such as border preparedness and
infrastructure protection, and a Department that would help
ensure, as we said over and over again after 9/11, that we
would never again fail to connect the dots so that we would
prevent the next 9/11 from happening.
As I said, I think the Department has made tremendous
strides forward in the nearly 10 years since the passage of the
Homeland Security Act in achieving some of these broad goals
that we have talked about and that we had in mind 10 years ago.
Al-Qaeda, which we were focused on, of course, because it
claimed credit for the attacks against America, and its
affiliates have not carried out a successful attack, certainly
not one anywhere near the catastrophic dimensions of September
11, 2001 since 9/11, which I think is a credit not only to our
offensive forces led by the U.S. military and intelligence
communities, but also to the tremendous work that the Homeland
Security Department has done.
Let me talk about some of the areas where I think there has
been significant progress. We have a screening system now at
points of entry into the United States that is integrated with
information from the intelligence community and others and has
become very effective at detecting bad actors trying to enter
our country. Our aviation screening system is vastly improved
from what we had before 9/11. We also now have much more robust
two-way information sharing on potential threats, not only
within the Federal Government but with State and local
governments, and that is in large measure due to the leadership
of the Department of Homeland Security and its support for
State and local fusion centers.
In a different aspect of the DHS responsibilities, our
Nation's preparedness and response efforts, led by the Federal
Emergency Management Agency (FEMA), have improved significantly
in the 7 years since Hurricane Katrina, which obviously showed
how inadequate FEMA was at that point, and their response to
just about every natural disaster that has occurred in our
country since then has been significantly better and drawn very
positive reviews.
These are important achievements, and we should not forget
them in the occasional griping from people who do not like to
take their shoes off or go through magnetometers or whatever
else at airports. But the Department still has a way to go to
fully realize what we want it to be, and let me just mention a
few of the areas where I think that there is much more to be
done. And, interestingly, most of these have to do with the
administration of the Department, with process, if you will,
but process is important.
For example, the Department's operational components I
think are still not adequately integrated with its headquarters
and with each other, and that causes problems. That causes at
least less than optimal use of the Department's resources.
The Department of Homeland Security continues to have
workforce morale challenges, as reflected in the annual ratings
done in the Federal Human Capital Survey. These have improved
over the years, but nowhere near to the extent needed.
The Department of Homeland Security also struggles with
setting requirements and effectively carrying them out for
major acquisitions and ensuring that these acquisition programs
stay on track while they are underway. The Department of
Homeland Security unfortunately is not unique among Federal
agencies in this problem, but this is the Department that we
helped create, and we have oversight responsibility for it, and
we have to be honest and say their performance in this regard
has not been adequate.
And, of course, in the years ahead, the Department in a
different way will need to take actions to anticipate and
respond to evolving homeland security threats, including
continuing to increase its improving capabilities with respect
to cybersecurity in response to cyber attacks on our country.
The greater challenge, of course, is that the Department of
Homeland Security, along with every other Federal agency, will
have to find a way to do this in a period of flat or perhaps
even declining budgets. In a budget environment like the one we
are in today, the natural tendency is to focus on preserving
and protecting current capabilities, but the risk of doing only
that is that we will be underinvesting in systems needed to
meet evolving and new threats of tomorrow.
So I think in its second decade, the Department of Homeland
Security will have to be, if I may put it this way, as agile as
our enemies, and that may mean that the Department will have to
cut back in some of its now traditional areas of responsibility
if they seem less relevant to the threat and take that money
and invest it in programs to meet new threats that come along.
The three witnesses that we have--Congresswoman Harman,
Admiral Allen, and Mr. Skinner--are really uniquely prepared by
experience and capability to contribute to our discussion and
build exactly the kind of record that I hope this Committee
will build to hand over to the leadership in the next session.
I cannot thank you enough for being with us this morning, and I
look forward to your testimony.
Senator Collins.
OPENING STATEMENT OF SENATOR COLLINS
Senator Collins. Thank you, Mr. Chairman.
Nearly 10 years ago, the creation of the Department of
Homeland Security brought together 22 different agencies into a
single Department to focus like a laser on protecting our
country and its citizens. Yesterday, as the Chairman indicated,
we explored the emerging security threats our Nation is likely
to confront. In my judgment, the largest threat in that
category is a cyber attack. Today we will examine whether DHS
is well positioned to address these emerging threats as well as
other longer-standing threats.
The changing threat landscape at home and abroad requires
the Department to be nimble and imaginative, effective and
efficient--qualities not often associated with large
bureaucracies. Yet the men and women of DHS can take pride in
the absence of a successful large-scale attack on our country
during the past decade and in the Department's contributions to
thwarting numerous terrorist plots.
There have been successes and failures over the past 10
years. Information sharing has improved, but remains very much
a work in progress. Ten years ago, we envisioned that DHS would
be a clearinghouse for intelligence. Although incidents like
the failed Christmas Day underwear bomber made clear that
information sharing is still imperfect, numerous public and
classified counterterrorism successes since 9/11 demonstrate
that information sharing has indeed improved.
This is also true with respect to information sharing
between DHS and the private sector, an essential partner in the
protection of our country since 85 percent of our critical
infrastructure is privately owned. The growing network of State
and local fusion centers also presents opportunities not only
for the improved dissemination of information but also for the
collection and analysis of intelligence at the local level.
As we discussed yesterday, however, these centers have yet
to achieve their full value. They have yet to truly become
successful aggregators and analyze local threat information in
too many cases.
The Transportation Security Administration (TSA), the
agency within DHS that is most familiar to the public, has
strengthened airline passenger risk analysis, but it still
troubles many Americans to see screeners putting the very young
and the very elderly through intrusive and in most cases
unnecessary patdowns. TSA is making progress toward
implementing more intelligence-focused, risk-based screening
through such efforts as Pre-Check, but many challenges remain
for TSA.
DHS has also bolstered the security of our borders and
identification documents, yet two Iraqi refugees associated
with al-Qaeda in Iraq were arrested in Kentucky last year. When
a bomb maker whose fingerprints we have had for some time is
able to enter our country on humanitarian grounds, it is an
understatement to say that ``work remains,'' as DHS's self-
assessment states.
In order to meet and overcome current and future threats,
DHS must support its component agencies with stronger
management. Since 2003, the Government Accountability Office
(GAO) has designated the Department as high risk. It has done
so because of the management and integration challenges
inherent in any large undertaking. But what people often do not
realize is the high-risk designation refers not to just being
at risk for waste, fraud, and abuse; it is at risk for program
failure and, thus, the consequences of being on the high-risk
list are serious indeed. DHS must implement changes that will
hasten the day when the Department is no longer included on
GAO's high-risk list.
The roles of the Department's components have evolved over
time. As a positive example, I would note the adaptability and
can-do attitude of the Coast Guard. I do not believe that there
is another agency within DHS that has done a better job of
adapting to the new challenges and its expanding mission in the
post-9/11 world. This was never more clear than after Hurricane
Katrina.
As this Committee noted in its report on Hurricane Katrina,
the Coast Guard demonstrated strength, flexibility, and
dedication to the mission it was asked to perform, and saved
more than half of the 60,000 survivors stranded by this
terrible storm.
Many experts have predicted a disaster in the cyber realm
that would compare to Hurricane Katrina. Compared to 10 years
ago, the cyber threat has grown exponentially. Clearly, this
requires an evolution in the Department's mission to secure
critical systems controlling critical infrastructure, such as
our transportation system, our nuclear power plants, the
electric grid, our financial systems--a goal that we hope to
accomplish through the enactment of legislation that Chairman
Lieberman and I have championed.
Despite the fact that DHS has made considerable strides
over the past decade, it still has a long way to go by any
assessment. To understand what challenges the Department is
facing, what changes are needed, and to prioritize our limited
resources, we must learn from the Department's past mistakes
and be able to better measure what has worked and what has not.
To do so requires metrics and accountability, an area where the
Department has been challenged.
I very much appreciate that we have such outstanding
experts here with us today to help us in evaluating the
Department's progress and its future direction.
Thank you, Mr. Chairman.
Chairman Lieberman. Thanks very much, Senator Collins.
Our first witness, I am delighted to say, is Congresswoman
Jane Harman. With Senator Collins, Congresswoman Harman, and
myself here, we have three of what we used to call ``the Gang
of Four.''
Ms. Harman. ``The Big Four.''
Chairman Lieberman. ``The Big Four.'' Much better. We could
say ``The Final Four.'' No. [Laughter.]
What I am referring to in this inside conversation is that
we were privileged to constitute bipartisan and bicameral
leadership on the processing and ultimate adoption of the 9/11
legislation, which actually followed the creation of the
Department of Homeland Security. And I had known Ms. Harman, of
course, before but really got to know her well, greatly admire
her, and even like her.
Ms. Harman comes to us today as the President of the
Woodrow Wilson Center. Her tenure in the House included service
as Chair of the House Committee on Homeland Security's
Subcommittee on Intelligence, Information Sharing, and
Terrorism Risk Assessment, and as Ranking Member of the House
Permanent Select Committee on Intelligence. So I am really
delighted that you could make it, and we welcome your testimony
now.
TESTIMONY OF HON. JANE HARMAN,\1\ DIRECTOR, PRESIDENT, AND
CHIEF EXECUTIVE OFFICER, WOODROW WILSON INTERNATIONAL CENTER
FOR SCHOLARS
Ms. Harman. Thank you, Mr. Chairman and Senator Collins and
friends, for the opportunity to join you and to return to
Capitol Hill to testify on a topic I am passionate about, which
is the security of our homeland.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Harman appears in the Appendix on
page 154.
---------------------------------------------------------------------------
I am also honored to be testifying with Admiral Allen, who
is here in facial disguise, and Mr. Skinner. They have far more
hands-on experience with this topic than I do.
Our collaboration, which you just referred to, over many
years I believe shows that bipartisanship--indeed
tripartisanship--is possible. We had a good gig going during my
nine terms in the House, and our legislative efforts, as you
said, yielded significant results--and many special times.
Well over 10 years ago--my goodness how time flies--I
joined you, Mr. Chairman, and a hardy little band of
legislators who thought a homeland security function made sense
in the aftermath of 9/11. What we had in mind, however, was
something far less ambitious than the plan ultimately sketched
out by then White House Chief of Staff Andy Card.
As I recall, we envisioned a cross-agency ``jointness''
similar to the concept we were able to enact into law as the
2004 Intelligence Reform Act. And, by the way, yes, we were the
Big Four, along with Pete Hoekstra. But I would point out that
two of the Big Four happened to be female, so, of course, we
did 98 percent of the work, and that is why the bill passed.
[Laughter.]
Chairman Lieberman. I want to note from this perspective
that the women in the room laughed at that. [Laughter.]
Ms. Harman. I saw Senator Carper laugh.
Senator Carper. That is the feminine side of me coming
through. I always thought of you as the ``Fab Four.''
[Laughter.]
Ms. Harman. Back to the homeland bill, I remember that once
the White House proposal had been announced, we all decided to
embrace it because that would ensure presidential support. And
so it was.
Although DHS comprised of 22 departments, as Senator
Collins said, and agencies, Congress tried to organize that
around four main directorates: Border and Transportation
Security, Emergency Preparedness, Science and Technology, and
Information Analysis and Infrastructure Protection. That is the
intelligence function.
The Information Analysis Directorate was supposed to
analyze intelligence and information from other agencies, as I
think you said, including the Central Intelligence Agency
(CIA), the Federal Bureau of Investigation (FBI), the Defense
Intelligence Agency (DIA), and the National Security Agency
(NSA), involving threats to the homeland and to evaluate
vulnerabilities in the Nation's infrastructure--something we
definitely need to be doing. Emergency Preparedness would
oversee domestic disaster response and training. Border
Security would streamline all port-of-entry operations, and the
Science and Technology (S&T) Directorate would acquire
scientific and technological skills, mostly from the private
sector--this was the idea--to secure the homeland.
Well, the initial strategy morphed into something
different, and we all learned, if we did not know it before,
that merging government functions is difficult, and the threats
against us are evolving, and so are our enemies. So it is
important that we take this look today that you have suggested.
While DHS has experienced real success, there have also
been what I would call hiccups and significant growing pains.
It is certainly not the first Department to run into problems.
But my bottom line is that, to fix those problems, we
should not rearrange the deck chairs again. What we should do
is make a clear-eyed assessment of what works and what does
not.
Here are some of the functions that execute well:
Last year, as you said, I think, Mr. Chairman, Customs and
Border Protection (CBP) stopped more than 3,100 individuals
from boarding U.S.-bound aircraft at foreign airports. And CBP
was able to process more than 15 million travelers at 15 pre-
clearance locations in the same year. That is like picking
needles from a haystack.
TSA now fully implements Secure Flight, the program
screening all passengers on flights from, within, or bound for
the United States against government terror watch lists.
Extending our ``borders'' by using real-time, threat-based
intelligence in addition to multiple layers of security is
working.
The Department expanded ``If You See Something, Say
Something'' to dozens of States, cities, transit systems,
fusion centers, Federal buildings, etc. Local residents are the
first line of defense against terror plots in this country
because they know what looks suspicious in their neighborhoods.
That is why I think fusion centers are so important. Last
year, the Colorado fusion center helped identify an attempted
bombing suspect. And fusion centers around the country worked
together to share tips and leads necessary to arrest and
convict Faisal Shahzad, the 2010 Times Square bomber. There are
problems with them which we can discuss, but some are terrific.
Finally, the Office of Infrastructure Protection conducted
more than 1,900 security surveys and 2,500 vulnerability
assessments on the Nation's most significant critical
infrastructure to identify potential gaps.
But the challenges are significant. I do not want to abuse
my time here, so I will rush through them.
First, the intelligence function has never fully developed.
Part of the reason is that President George W. Bush stood up
the Terrorist Threat Integration Center (TTIC), which is now
the National Counterterrorism Center (NCTC), outside of the
Department of Homeland Security. So a significant portion of
its jurisdiction moved out.
Intelligence reports are meant to be consumed by State and
local law enforcement, but many of those entities consider what
DHS reports to be ``spam,'' cluttering overflowing inboxes. In
many cases, law enforcement still reports that State fusion
centers provide better information.
The new DHS Strategic Plan for fiscal years 2012-16 said
that intelligence is an area needing ``enhancement,'' and we
can discuss that if you want.
Chairman Lieberman. Excuse me a second. If you want to take
a few extra minutes, you should go ahead and do that.
Ms. Harman. Thank you.
One of the enhancements necessary, in my view, is writing
reports that are actually useful to local law enforcement, and
that was the point of establishing the Interagency Threat
Assessment and Coordinating Group (ITACG), which I understand
may suffer some funding problems, and I want to thank you, Mr.
Chairman, just as a citizen out there for fighting to restore
the funds that may be taken away.
Second, the homeland mission is so large that the
Department must assess where it can be most effective and where
it cannot. For example, I believe that DHS will never be the
leader in preventing cyber attacks. But I do think it can
perform the mission that you in your legislation suggest, and I
think it is absolutely crucial that the legislation Congress
enacts include parts that protect critical infrastructure. So I
support your bill over the one that the House has been
considering, and I hope that Congress will move forward on
legislation promptly.
Third, I think that Congress has been a very disappointing
player in this process. Not this Committee, but Congress has
failed to reorganize its committee structure, and the homeland
jurisdiction here, but more significant in the House, is
anemic. The Department still has to report to more than 80
committees and subcommittees. We have simplified that somewhat
but not enough. And the one recommendation of the 9/11
Commission that remains basically unimplemented is the
recommendation to reorganize Congress.
So what are the biggest opportunities?
First, while the Department should be praised for
overhauling its privacy and civil liberties office, which I
know you care about, it should not stop there. You and I all
urged the White House to appoint the membership of the Privacy
and Civil Liberties Oversight Board, which is mandated in the
2004 law. In the Bush Administration, that Board barely
functioned. I think that would be fair. And in this
Administration, finally all the members have been nominated,
they have been reported from committee, but they are not
confirmed. So we do not have that function yet.
Second, DHS should do much more to reduce
overclassification of intelligence. Your Committee worked for a
year to help pass the Reducing Overclassification Act of 2010,
but very little has happened to implement it. I think it should
be a high priority.
And, finally, the Secretary must continue to be the face of
homeland security. Janet Napolitano happens to be an old friend
of mine, and before she took office, I suggested that she be
the Everett Koop of threat warnings--just as he was the
Nation's most trusted anti-smoking crusader. And, frankly, this
reminds me of a kind of silly thing. Once there was a color-
coded system for homeland security warnings. I remember the
Department saying that we were moving from pale yellow to dark
yellow, and I commented that the Homeland Security Secretary
should not be an interior designer. That prompted a hilarious
call from Tom Ridge, but the point of this is there are some
homeland functions that only the Secretary can carry out, and
one of them is being the respected voice to warn the rest of us
of the threats we face and to prepare us.
In conclusion, as you said, Mr. Chairman, no major attack
on U.S. soil has occurred since 9/11. DHS deserves some real
credit, but so does this Committee.
As you said, soon you will join the ranks of what I would
call policy wonks and grandparents--like me--who work outside
of Congress. And just this week--I think it happened already.
Did Senator Collins break Cal Ripken's record?
Senator Collins. Today.
Ms. Harman. Today, 5,000 votes. Can we all applaud you?
[Applause.]
And next month, you will taste married life. Both of you
bring such skill and dedication to this work. I strongly doubt
that your new roles will diminish your passion, and mine
remains as strong as ever.
I really salute you, dear friends. Thank you, Mr. Chairman,
for the opportunity to testify.
Chairman Lieberman. Thanks very much for your testimony.
I was watching TV the day that Cal Ripken broke the
previous record, and it was one of many occasions when my wife
was befuddled by my behavior because, as Ripken circled the
field, receiving the adulation of the crowd, I began to cry.
She did not understand that. But I am going to try to control
my tears today. [Laughter.]
Ms. Harman, you said something that I just want to draw
attention to because this is the kind of--with all the problems
and unfinished work DHS has, you cited some statistics that I
did not cite about border security and counterterrorism
prevention, and almost nobody in the country knows this, but
people ought to have a greater sense of confidence--I believe
they do--when they get on a plane. Last year, CBP stopped more
than 3,100 individuals from boarding U.S.-bound aircraft at
foreign airports for national security reasons. And that is out
of 15 million travelers at 15 pre-clearance locations that they
cleared.
So it took very sophisticated data systems and
implementation of those systems to make that happen, but we are
all safer as a result of it. Thank you very much for your very
thoughtful testimony.
Next, Admiral Thad Allen served as Commandant of the Coast
Guard from 2006 to 2010. As we all remember, he led the Federal
Government's response to Hurricane Katrina and the Deepwater
Horizon oil spill, and in both really distinguished himself. In
Hurricane Katrina, he was the singular source of reassurance to
the American people that somebody really was in charge and was
effectively coordinating response efforts and aid to the people
who suffered, which really was a great moment for our country.
Admiral Allen, I believe Congresswoman Harman suggested you
may be undercover as a result of your facial hair, but I know
better that you are now currently a senior vice president at
Booz Allen Hamilton, Incorporated. Thanks very much for being
with us this morning.
TESTIMONY OF ADMIRAL THAD W. ALLEN,\1\ U.S. COAST GUARD
(RETIRED), FORMER COMMANDANT OF THE U.S. COAST GUARD
Admiral Allen. Mr. Chairman, Senator Collins, and Members
of the Committee, I have sat before these hearings countless
times and said I am delighted to be here. This morning, I
really mean it. [Laughter.]
---------------------------------------------------------------------------
\1\ The prepared statement of Admiral Allen appears in the Appendix
on page 157.
---------------------------------------------------------------------------
Chairman Lieberman. Thank you.
Senator Carper. How about all the other times?
Admiral Allen. And it is an honor to be here with Jane
Harman and Richard Skinner, my colleagues. We have worked
together a lot in the past. She has been a tremendous leader at
the Port of Long Beach in the past, and Mr. Skinner and I
worked very closely in the last 10 years over the evolution of
the Department of Homeland Security.
The perspective I am trying to bring this morning, Mr.
Chairman, is one of somebody that has worked this problem from
the inside out from the onset. I was the Atlantic Commander on
9/11 when we closed Boston Harbor after the planes took off
from Logan Airport. We closed New York Harbor, with the
tremendous challenge of evacuating people off of Lower
Manhattan, and we closed the Potomac River north of the Woodrow
Wilson Bridge, and it marks a sea change for the Coast Guard in
how we addressed that end of the fall of 2001 and the winter of
2002. As you talked about, there was much discussion about how
to aggregate these types of functions and increase the security
for the United States.
I consulted with the Commandant at the time, who was
Admiral James Loy, and there was some kind of a feeling there
would be some kind of an aggregation of functions, as
Representative Harman said, and then I believe it was in June
2002, the Administration placed the bill on the Hill proposing
the creation of a new Department. Sir, I know you were right in
the middle of all of that, including the very robust discussion
on work rules.
Chairman Lieberman. Yes.
Admiral Allen. I want to settle a context for my testimony
by just recounting some of this because I think it is really
important to have it on the record.
There was an initial push, as you know, to have this bill
passed by the first anniversary of 9/11. That did not happen
for a lot of reasons, and you are familiar with that.
When the bill finally passed, the President was in a
position where the bill had to be signed right away, and it was
signed on the November 25, 2002. It required that the
Department be established in 60 days and then by March 1, 2003,
the components moved over. So that means from the time the bill
went on the Hill until the Department was created was basically
about a year. And from the time of the enactment of the bill
until the first component had to move over was a little over 3
months.
Now, we are all astounded when government operates at light
speed, but when you do it that fast, you lack the elements of
deliberate planning and analysis of alternatives on how you
want to do it to actually execute the legislation correctly.
And I have talked for years about how the conditions under
which the Department was formed are some of the issues we have
had to deal with.
The legislation was passed between sessions of Congress, so
there was no ability for the Senate to be empaneled and confirm
appointees, although Secretary Ridge was done I believe a day
before he was required to become the Secretary. We moved people
over that had already been confirmed because we could do that.
And it took up to a year to get some of the other senior
leaders confirmed.
We were in the middle of a fiscal year. There was no
appropriation, so in addition to the money that was moved over
from the legacy organizations from the Department where they
were at, some of the new entities, we had to basically
reprogram funds from across government. It was a fairly chaotic
time to try and stand up the organic organization of the
Department and put together a headquarters. Emblematic of that
would be the location of the Department that still exists, the
Nebraska Avenue complex, and the unfortunate situation where we
are right now where we have been able to resolve the St.
Elizabeths complex there.
Because of that, what happened was we had the migration of
22 agencies with legacy appropriations structures, legacy
internal support structures, different shared services, and
different mission support structures in the Departments where
they came from. And because of that, a lot of the resources
associated with how you actually run the components or need to
run the Department rest in the components and still do today.
And I am talking about things like human resource management,
information technology (IT), property management, and so forth,
the blocking and tackling of how you have to run an agency in
government.
Over the past 10 years, there have been repeated attempts
in the Department to try and tackle some of these problems. The
two most noteworthy are consolidation of financial management
systems and the ability to create a core accounting system, and
the other one would be the attempts to create a standardized HR
system for personnel across the Department. These are
emblematic, in my view, of the difficulty which you encounter
when you try and do these things when they are not pre-planned
and thought out. When the legislation went to the Hill, they
established a Transition Planning Office in the Office of
Management and Budget (OMB) under an Executive Order, but they
were legally barred from sharing that because the law had not
been enacted and there was not anybody to make a hand-off and
that caused some duplicative work.
I will not dwell on the past, but when I talk to folks
about how the Department was formed, I think we need to
understand that was a very difficult time, and we still carry
the legacy of that moving forward.
That said, as we look forward, I think we need to
understand that we are confronting greater complexity and a
kind of challenge as to the way we think about the Department's
missions. And I do not think we can look at them as a
collection of components with individual authorities and
jurisdictions. We have to have more of a systems of systems
approach moving forward. And I think that is the challenge in
trying to define the mission set because once you do that, then
you know the capabilities and competencies that you need to
have a discussion, and then we can talk about the mission
support function, which has not matured to where it needs to be
and needs to move forward in the future.
If I could take just a couple of examples, there has been a
lot of talk about secure borders, protecting our borders, or
managing our borders. And when you really think about it, our
borders are not a monolithic line drawn in the land. It is a
combination of authorities and jurisdictions, some of which
have physical and geographical dimensions, some of which are
bands of authority, like the ocean, which extend from our
territorial sea out to the limits of the exclusive economic
zone. We also do many of our sovereign border functions through
analysis of data that facilitates trade and does targeting to
understand based on manifests and so forth whether or not there
is a threat that is coming into the country.
I think as we move forward, we need to understand that we
need to take the collective threat environment out there and
look at the consolidated authorities and jurisdictions of the
Department and whether or not that is a match.
We have had the first Quadrennial Homeland Security Review
(QHSR). That basically validated the budget priorities that
were established when the Administration came in in 2009, which
pretty much focused on terrorism, the border, disasters, and so
forth.
I think after 10 years we need to probably take a look at
the fact of whether or not we got the legislation right to
begin with, some of the confirming legislation about the legacy
authorities that have moved over, and what do the aggregate
authorities and jurisdictions of the components that have not
significantly changed since the Department was created, and
aggregated produce the right legislative base for the
Department to move forward and meet these emerging threats as
we look to the future.
I think there is an opportunity to do that as we move to
the second QHSR. That was my counsel when I was the Commandant
of the Coast Guard. I know the Department is working on that.
But I think we need to take a look at things like the cyber
threat, the fact that resiliency involves not only natural
disasters but the interface of the human built environment with
the ever-changing natural environment, and take a new strategic
view on how we approach the missions of the Department of
Homeland Security.
I see my time is up. I thank you for having me here this
morning. I would be glad to take any questions you may have for
me.
Chairman Lieberman. Thanks very much, Admiral. Excellent
and very helpful.
Richard Skinner, welcome back. I am sure it has always been
a pleasure for you to testify before the Committee.
Mr. Skinner served as Inspector General (IG) of the
Department of Homeland Security from 2005 to 2011 and was
Deputy IG from the Department's inception in 2003 to his
confirmation as IG in 2005. In both of those capacities, Mr.
Skinner was enormously helpful to this Committee in carrying
out its oversight responsibilities. He comes to us today as an
independent consultant, and we welcome you.
TESTIMONY OF HON. RICHARD L. SKINNER,\1\ CHIEF EXECUTIVE
OFFICER, RICHARD SKINNER CONSULTING
Mr. Skinner. Thank you, Chairman, and it is good to be back
and good to see everyone again, Senator Collins and Members of
the Committee. And it is truly an honor to be here today. I was
excited about the opportunity to testify today, and I am
especially honored to be with such a distinguished panel here.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Skinner appears in the Appendix
on page 168.
---------------------------------------------------------------------------
I have worked with Admiral Allen over the years when I was
the IG, and he is one of the leaders in the Department that I
have always admired and respected, and I commend him for his
service at the Coast Guard and all he has done for the Coast
Guard.
When we talk about Homeland Security and its failings or
its shortcomings and its successes, we always tend to want to
talk about the operational side of the house, that is, our
border security, our transportation security, or our
intelligence capabilities. And I think what is often overlooked
are those functions that are supporting all of that, behind the
scene, so to speak, and that is the management support
functions, particularly financial management, acquisition
management, IT management, and grants management.
Those are the functions which, in my opinion and my
experience at DHS, that constitute the platform on which the
Department's programs must operate and are critical to the
successful accomplishment of the Department's mission. Some of
those challenges that were inherited, those management
challenges that Admiral Allen hit upon, when we stood up, the
management support functions were, in fact, shortchanged. We
brought over all of the operational aspects of 22 different
agencies, but we did not bring the management support functions
to support those operations. And as a result, we have been
digging ourselves out of a hole ever since.
Now it has been 10 years. You would think we would have
made more progress than we should have, and we have not. There
are a variety of reasons for that, and a lot of it is cultural,
a lot of it is budget issues, etc. But the Department is not
where it should be as far as maintaining an effective
management support operation to support its real mission in
protecting our homeland.
Financial management is a good example, and this has been a
problem since we stood up in 2003. In 2011, the Department made
some progress. For the very first time, it was able to get a
qualified opinion on its balance sheet. It reduced its
management weaknesses, I think from some 18 materials
weaknesses to five. That is a significant accomplishment. But
it is also unfortunate because the Department is not continuing
to invest in taking its financial management systems the next
step forward, and if it does not do that and if it does not
invest in building an integrated financial management system,
it is unlikely that the progress that it has achieved over the
last 10 years, which has been slow, but that progress will not
continue.
The Department in 2011 decided to change its strategy for
financial management or its Financial System Modernization
Program. Rather than implement a department-wide integrated
financial management solution, which we know it has tried twice
and failed, they are now taking a more disciplined, and I think
a very wise decentralized, approach to modernize its financial
management systems at the component level. However, if we look
at the 2012 budget, you will see that these initiatives have
been curtailed, and as a result, they have been put on hold
indefinitely. It is not now clear whether the Department will
resume its modernization strategy, nor is it clear whether this
new decentralized approach, if and whenever it is implemented,
will ensure that the component financial management systems can
generate reliable, useful, and timely information for managers
to use to make informed decisions about their limited
resources.
Second, with regard to IT modernization, DHS and its
components are still struggling to this day to upgrade or
transition their respective IT infrastructure, both locally and
enterprise-wide. There has been progress. I remember when we
first stood up back in 2003, we did not even know how many IT
systems we had. It took us 12 months just to do an inventory.
And we found we had well over 2,000, many of them archaic,
outdated, and actually useless. Within 2 years from the
development of that inventory, I think DHS reduced its systems
down to 700, and it has been reduced even further.
So there has been progress, but integrating the systems and
networks and capabilities to form a single infrastructure for
effective communications--and I think someone hit upon that
earlier today, how important it is that we can communicate on a
real-time basis and exchange information still to this day
remains one of the Department's biggest challenges.
Program and field offices continue to develop IT systems
independently of the chief information officer (CIO), and they
have been slow to adopt the agency's standard information IT
development approach. As a result, systems are not integrated,
do not meet user requirements, and do not provide the
information technology capabilities agency personnel and its
external partners need to carry out critical operations in a
timely, efficient, and effective manner.
For example, earlier this week, I believe on Monday, the
Office of Inspector General (OIG) reported that the IT
environment and the aging IT infrastructure within CBP does not
fully support CBP's missions. According to the IG report,
interoperability and functionality of the technology
infrastructure have not been sufficient to support the CBP
mission's activities fully. As a result, CBP employees,
particularly out in the field, have created workarounds or
employed alternative solutions, which could hinder CBP's
ability to accomplish its mission.
Technical and cost barriers, aging infrastructure that is
difficult to support, outdated IT strategic plans to guide
investment decisions, and stovepiped system development have
and continue to impede the Department's efforts to modernize
and integrate its IT systems.
Third, with regard to acquisition management, as we all
know, those that were around here in 2003, we inherited such a
large organization with close to a $40 billion budget, but we
had a skeleton staff. We were spending about 40 percent of our
budget at that time on contracts, very complex, large
contracts, yet we had a skeleton staff to provide oversight and
to manage those contracts. And, of course, as a result, a lot
of things went south on us, as we know by SBInet, the TSA
hiring program, the Coast Guard's Deepwater program, which has
since been corrected. But the Department has recognized this.
When I was the IG, I would like to point out that Secretary
Napolitano and Deputy Secretary Jane Holl Lute both showed a
genuine commitment to improve the Department's acquisition
management functions and has been working very hard to do that.
However, much work remains to fully implement those plans and
address those challenges. Most notably, the Department needs to
identify and acquire the resources needed to implement its
acquisition policies.
The urgency and complexity of the Department's mission will
continue to demand rapid pursuit of major investment programs,
as we all know. The Department will continue to rely heavily on
contractors to accomplish its multifaceted mission and will
continue to pursue high-risk, complex acquisition programs. To
effectively manage those complex and large-dollar procurements,
the Department will need to show a sustained commitment to
improving its acquisition function, increase resources to
manage those complex contracts, and engage in smarter processes
to administer and oversee the contractors' work.
Finally, I would just like to touch briefly upon grants
management because this is something that we spend billions of
dollars on year in and year out. I believe to date, since the
Department's stand-up in 2003 through 2011, FEMA has
distributed over $18 billion through the Homeland Security
Grant Program. However, according to an OIG report that, again,
was just released this past Monday, FEMA still does not have a
system in place to determine the extent that homeland security
grant funds enhance the States' capability to prevent, deter,
respond to, and recover from terrorist attacks, major
disasters, and other emergencies.
According to the OIG, in their report that was released
earlier this week, FEMA needs to make improvements in strategic
management, performance measures, and oversight. Many of the
States cannot demonstrate what progress they have made or what
improvements have actually occurred as a result of these grant
programs, and FEMA or the Department of Homeland Security
cannot demonstrate how much safer we are today as a result of
spending billions and billions of dollars over the years. That
needs to change.
I think that the Department has to develop performance
metrics and start holding the States accountable. Without a
bona fide performance measurement system, it is impossible to
determine whether our annual investments are actually improving
our Nation's homeland security posture. Furthermore, without
clear, meaningful performance standards, FEMA and DHS lack the
tools necessary to make informed funding decisions. In today's
economic climate, it is critical that FEMA concentrate its
limited resources on those threats that pose the greatest risk
to our country today.
It is evident that the Department's senior management are
well aware of these challenges and are attempting to fix them,
and they have actually made some headway. Does the Department
have the resolve and wherewithal to sustain these efforts? The
ability of the Department to do so is fragile, not only because
of the early stage of development that the initiatives are in,
but also because of the government's budget constraints and the
current lack of resources to implement planned corrective
actions. In today's environment of large government deficits
and pending budget cuts, the new challenge will be to sustain
the progress already made and at the same time continue to make
necessary improvements.
Unless the Department and Congress stay focused on these
challenges, it will be harder than ever to facilitate solutions
to strengthen the Department's critical management functions
and ultimately to ensure the success of homeland security.
This concludes my statement. I will be happy to answer any
questions you may have.
Chairman Lieberman. Thanks, Mr. Skinner. You two were very
helpful and very direct. I appreciate it a lot.
We will start with 7-minute rounds of questions for each
Senator.
It is striking, of course, and not surprising, I suppose,
that each of you in different ways has focused on the
unfinished work, the deficiencies in the management operations
of the Department. There is a natural tendency, as one of you
said, to focus on operations, and operations have gone pretty
well; but unless the management functions are carried out
efficiently, then the operation of the Department is obviously
going to suffer.
I thought you all were helpful in reminding us of the
circumstances under which the Department took shape, which were
quite hurried both because of the sense of threat that remained
very much in the air after 9/11, but also just because of the
time it took us to get it going.
I have fallen into the habit of saying that this was the
most significant change in our national security apparatus
agencies since the end of the Second World War. Certainly
together with 9/11 changes in the intelligence community it
was. But we did them very quickly.
So let me give you a chance just to give a quick answer on
what you think, as this Committee and the Department go
forward, are the most important things that the Department and
we ought to do to improve the management functions of the
Department. In other words, is it money? Is it personnel? Is it
for some reason a lack of will to focus on management? What
needs to be done? Mr. Skinner, do you want to start first?
Mr. Skinner. Yes, it is a variety of issues, I think, that
are holding us back. Of course, one of them is a resource
issue. But we could have done a lot better job with the
resources that we were given. We were given a lot of
opportunities to make changes, and we did not take advantage of
them, and we more or less were spinning our wheels,
particularly in the areas of financial management. But it is
also a cultural issue. The Department and its components need
to come together and realize that for the good of the
Department, for the good of the country, and for the good of
the mission that they have been entrusted to perform, they have
to start working better together. They are going to have to
give up some of their turf, so to speak, and work in a more
collaborative, cooperative, and integrated fashion. And I think
that is one of the big things that is really holding everyone
back, and this is particularly evident when we talk about the
integration of our IT systems. Everyone agrees at the highest
level it needs to be done, but when it gets down into the
grassroots where it is going to affect our operations, that is
where we start seeing pushback and the tendency of saying,
well, no, I do not want to give up my systems to do this.
Chairman Lieberman. Right.
Mr. Skinner. We have to overcome that.
Chairman Lieberman. And, not surprising, we watched that
happen over the decades, really, in the integration of the
Department of Defense, for instance. But what you are saying is
that a lot of the components agencies--maybe all of them--have
still maintained too much of an independent management
structure, including something as critical as IT.
Mr. Skinner. Yes, and the CIO--and I have issued reports,
and I think I have testified previously on this topic--needs to
be given the authority to ensure compliance and that components
are entering into the department-wide domain with their IT
enterprise reforms.
Chairman Lieberman. So that is something you think we
should do legislatively?
Mr. Skinner. That is, I think, something that the
Department needs to do internally. I think Admiral Allen stated
in his testimony that there are three alternatives: One, top-
down; two, bottom-up; or, three, the least feasible would be
external driven through legislation.
Chairman Lieberman. Right.
Mr. Skinner. But unless they do something--because now they
are 10 years old. They are no longer infants. They are
teenagers. Now they can comprehend what is right and what is
wrong. So unless they start doing something to ensure that they
are going to be moving in the right direction so that they can
support its operations, then maybe external forces would have
to be brought into play.
Chairman Lieberman. Admiral Allen, let me bring you into
this, because in your prepared remarks you focus on the need
for improved unity of effort and operational coordination
within the Department, and there is no question that was a main
objective that we had in mind in the creation of the
Department. So I wonder if you would talk a bit about what you
think, if anything, we in Congress should be doing to promote
or facilitate those efforts in the years ahead.
Admiral Allen. Mr. Chairman, in regards to operational
coordination and execution, there have been several attempts to
establish a robust planning and execution system that takes
place through the National Operations Center on behalf of the
Secretary. One of the problems is it was kind of a come-as-you-
are department, and a lot of people stayed in the facilities
where they were at in Washington, and there was a Balkanization
of the facilities. There are a lot of command centers around
town that are independent of the Department. FEMA runs the
National Response Coordination Center at FEMA headquarters.
There is a command center at Coast Guard headquarters.
I am not proposing that we go to a joint structure like we
have in the military. That is far too organized for the rest of
the government to handle, quite frankly, but to create unity of
effort, you need to have at a minimum a way to do planning and
coordinated operations that are synchronized to have the
Department fulfill the promise that was created in the Homeland
Security Act, not only in the Department but, as you said in
your opening remarks, to basically help coordinate that process
across the Federal Government.
At that point it comes down to two things. Representative
Harman talked about the information intelligence analysis
sharing that is necessary to create a common intelligence
picture, but all this needs to come together at a fused
operations center where all the agencies are represented to
create that kind of unity of effort. And there was an attempt
made to establish an operational planning and coordination cell
up there. There was headway made into the fall of 2008, but I
think that needs to move forward, and it is going to require
the components to have to participate in that, to put some skin
in the game, if you will, to have people up there that are
actually working the problem set every day that can reach back
to their components to create that unity of effort.
Chairman Lieberman. I appreciate that answer.
Congresswoman Harman, my time is running out, but would you
want to add anything to that?
Ms. Harman. Yes. I think the key is sustained leadership by
the Secretary and the Deputy Secretary. You cannot legislate
leadership, but they need to articulate what the focus of the
Department is, and presumably Congress should support that
articulation or participate in making it. But the Department
cannot do everything equally well, and I would suggest that
some of the functions should be narrowed, including the
intelligence function. I think there is a huge role to collect
information from all of the agencies inside the Department and
fuse that information together. But I do not think the
intelligence function at the Homeland Security Department needs
to compete with the CIA or NCTC. I think those agencies are
better able to do what they do. And as part of the other
structure we set up, this joint command over 16 agencies, the
homeland function in a more targeted way I think would be
accomplished better. And there is an example of doing less but
doing it in a much more effective way.
Chairman Lieberman. Good. Thank you.
Admiral Allen. If I could add a comment to Representative
Harman's statement?
Chairman Lieberman. Please.
Admiral Allen. I think to strengthen the language between
the Department and the Director of National Intelligence (DNI),
there has been an ongoing discussion whether or not there needs
to be a domestic intelligence management function that is
resident in the DNI that could create that link. And I think
that is something that really needs to be put in place.
Ms. Harman. But it would be in the DNI.
Admiral Allen. Right, in the DNI.
Ms. Harman. It would not be in the Homeland Security
Department. It would be a coordinating function.
Chairman Lieberman. And, again, that is possible to do
without statutory authority.
Admiral Allen. Yes, it is, sir.
Chairman Lieberman. Thank you. Senator Collins.
Senator Collins. Thank you, Mr. Chairman.
Congresswoman Harman, you have had extensive experience not
just on the Homeland Security Committee in the House but on the
Intelligence Committee, and I know you have continued your
interest in homeland and national security at the Wilson
Center.
Our Committee, over the past decade, has held a variety of
hearings to try to highlight possible vulnerabilities that our
country has and how we should respond to them. In your
testimony, you have pointed out that DHS has evolved and so
have our enemies.
One of the problem that I believe DHS has is figuring out
what is the greatest threat and what resources should be
concentrated on which threats. Is it a weapon of mass
destruction smuggled into a cargo container coming into our
seaports? Is it an act of bioterrorism? Is it cargo security?
Is it homegrown terrorism? Which we have done a great deal of
work on, at your suggestion, I might add. Is it a cyber attack?
If you were Secretary of the Department, what would be your
priority? What do you believe the Department's chief focus
should be?
Ms. Harman. That is a very hard question, and my first
answer is it should not just be the Department's
responsibility. It is a government-wide responsibility. We have
coordinated our intelligence agencies under the Office of the
Director of National Intelligence, and I think part of the
answer to your question has to come from there. DHS has a role,
but not an exclusive role. And as I mentioned, I think DHS is
not in the prevention business, certainly not in the cyber
prevention business, but it is much more in the consequence
management business.
So I think we have to keep in mind that our enemies, at
least in this era of terror, are attacking us asymmetrically.
They are looking for our weakest links. So if we announce we
are focusing on three things, they will attack us in the fourth
area. So I do not think that is a great idea.
I think we just have to keep agile and keep looking. Cyber
security is near the top or at the top of my list now--and I
brought a prop. I thought you would be impressed. Today's
Washington Post has an article about cyber risks, and there are
these new gizmos that integrate everybody's information, and
that just makes richer targets out of all of us, so this
article says, and I actually believe it. So I think this is a
place where the Homeland Security Department, if your
legislation passes, should beef up its intelligence and
prevention and consequence management capability. There is one
issue.
Another issue is I think lone wolves are the growing
threat, people with clean records who are radicalized on the
Internet, something I tried to work on when I was in the House
and still care about.
I think the bigger attacks are harder to pull off because
we have been quite effective, and we have also decimated at
least core al-Qaeda. That does not mean they cannot happen. And
they might happen using ingredients inside our country. It is
not always a border question. So, for example, something I have
always worried about is some of the radiation materials in
machines in hospitals which could be compromised and made into
dirty bombs.
So it is a huge problem, but we have to keep agile and
understand how these people are coming at us.
Senator Collins. Thank you.
Mr. Skinner, I was interested when you described the gains
made by the Department as ``fragile,'' and I think that is a
good cautionary note to us. When I think back over the past
decade of this Department, I can come up, off the top of my
head, with numerous examples of failures in procurements: the
SBInet program; the puffer machines at TSA; the problems with
improper and fraudulent payments in the wake of Hurricane
Katrina, which approached $1 billion and your office did so
much work on; and IT projects throughout the Department--and
the Department is not unique in this regard--that have failed.
And you talked about some of those management failures and the
importance of having a robust acquisition staff. But another
important safeguard is having an effective IG, and you were
certainly a very effective watchdog who brought to light a lot
of those problems.
Right now, the Department is without an IG, just an Acting
IG. Could you share with us what qualities you think the
Administration and this Committee should be looking for in a
new Inspector General? And if you could also describe for us
the scope of the office. This is not only a huge Department.
Isn't the Office of the IG one of the biggest in the Federal
Government?
Mr. Skinner. Yes, it is. I think it is probably somewhere
between the third, fourth, or fifth largest IG in the Federal
Government. In my opinion, the next IG is someone who is going
to require extensive executive experience with demonstrated
leadership skills. This is not a place for training a leader.
This is someone that should have already demonstrated their
leadership abilities, and preferably someone that has some type
of background or appreciation for audits, investigations, and
inspections and who can provide the leadership and the vision
for the office. Just like the Department, the IG has multi-
missions. Although it is just a microcosm of the Department, it
does have multi-missions with regards to policy evaluations and
with regards to financial audits. The background that we had in
the old days--back in the 1950s and 1960s, I hate to say it,
when I entered the government--was strictly financial. But now
we have learned that you have to be able to recruit and
motivate a whole wide range of people, people that are
competent in doing policy evaluations, people that have
engineering backgrounds, people that have public administration
backgrounds. It goes way beyond just the audit and financial
management. The individual who leads this organization should
have demonstrated management skills and should have, I think,
extensive executive experience.
Senator Collins. Thank you. Thank you, Mr. Chairman.
Chairman Lieberman. Thanks, Senator Collins. Senator
Carper.
OPENING STATEMENT OF SENATOR CARPER
Senator Carper. Again, let me just reiterate our thanks to
each of you, not just for being with us today but a lot of
other days as well, and for your willingness to continue to
serve our country in different ways.
I just want to follow up, if I could briefly, on a point
that Senator Collins was making. We play what I call
``Executive Branch Swiss cheese'' from Administration to
Administration. It is getting worse, not better. And 2 or 3
years into this Administration, we still have gaping holes in
major leadership roles because in some cases the Administration
could not figure out who to nominate, but in many cases, when
they did, it took forever to vet them, to go through the
nomination process, and the confirmation process in the Senate.
We have ended up with big problems in a number of departments.
One of those is the acquisition side in the Department of
Defense. In the Bush Administration we saw it. We saw it again
in this Administration. And when you see major weapons system
cost overruns growing about $400 billion--and having to go 18
months with having a vacancy in the top watchdog position in
the Department of Defense is just, I think, unthinkable.
But I want to come back to the point that Senator Collins
was making with respect to filling the position that you once
held and performed admirably. I do not know that the
Aministration is going to come back to us and say, well, this
is who we think ought to be the person or the right kind of
person to fill this role. You have given us some ideas what the
Administration should be looking for, and they certainly make
sense. But this has to be a priority, and I know it is
something you care a lot about, and it is something we just
need to work together with the Administration to make sure we
get it done. Maybe this is one of those deals that we do and it
gets done after the election. I do not know. But it is really
important.
These are great hearings, and I think it is unfortunate
that more of our colleagues are not here, but I just want to
thank you, Mr. Chairman, for providing these for us and for our
staffs.
At our hearing we had yesterday with three panelists, there
was a fair amount of focus on cybersecurity and looking for a
to-do list on cybersecurity. Actually what we are looking for
was common ground with Senator McCain sitting to my left and
Senator Lieberman over here, our Chairman, to my right and
Senator Collins to see if the panel could give us some ideas of
what we could do to define the 80 percent or the 70 percent on
which we agree and do that this year and not waste more time.
I really would like to ask--this is not a fair question, I
suspect, for Mr. Skinner, but I think for Congresswoman Harman
and for Admiral Allen, in terms of when you look at the
different approaches between the two major bills here in the
Senate, a bipartisan bill and the legislation that Senator
McCain and others have worked on, where do we find the common
ground? Give us some advice on how to meld these together in
ways that make sense and get that done this year.
Ms. Harman. Well, bring back the Big Four. That would be my
first answer. But, unfortunately, I think the hangup is this
debate that we keep having about the role of government. I
think the argument that the better bill's sponsors make is that
infrastructure has to be in the bill. If we are not protecting
against cyber threats against critical infrastructure, we are
not protecting the country. I am there. I think that is right.
I do not think it is a Republican or a Democratic argument. I
think it is a proper role of government to provide for the
common defense. It is in the Constitution. It is an oath I took
and you all still take. And if we are going to provide for the
common defense, we have to protect our critical infrastructure.
So I start there.
I suppose if I were doing it, I would find any possible way
to keep that in the bill, and then I would negotiate on the
other stuff. I know that one of the issues that some of the
outside groups are concerned about is how information is shared
and about violation of privacy. But, of course, again, if we
had a Privacy and Civil Liberties Oversight Board that was
functioning, that could help us or help the government develop
the regulations that would be appropriate to implement the
cyber bill. But with no cyber bill, as Keith Alexander has said
recently, ``Our country is extremely vulnerable, and those of
us who have been briefed in classified settings on both
offensive and defensive cyber understand the capability of this
tool now.''
And just one final point: Ten years ago, when we were
setting up this Department, I do not think any of us was
talking about this. I do not even know what capability existed
then. Certainly there was cyber. And as this threat evolves, we
have to evolve. This is a core requirement I think now for the
Homeland Security Department, and it is overdue that some
strong legislation should pass.
Senator Carper. All right. Thank you. Admiral Allen, help
us out.
Admiral Allen. I think Representative Harman hit it right
off the bat there. This is really a question about what is
inherently governmental and what is the role of government. In
a really complex regulatory environment, we always have these
questions. I am sure the same questions were raised when the
nuclear industry came about, and what should the private
industry be doing and what should government be doing.
We faced some of the same problems and challenges looking
at port security right after 9/11. I will tell you this. We
used to say if you have seen one port, you have seen one port.
And I guess you could say if you have seen one sector, you have
seen one sector. And when you go between the sectors, I think
there is probably a different varying ability for the markets
to clear this type of functionality and protect their assets.
In other cases, there is not a market-driven reason to do that,
and there is probably a valid role for government.
I think what we probably need to do is understand what the
standards and the performance are trying to achieve to secure
the infrastructure and then apply those standards to each
sector. That may produce a different outcome in each one, but
at least there is a standard way to think about it and move
ahead. And in some cases where there is not a market solution,
there is inevitably a role for government. If there is a role
for government, there is probably already a standing department
that has the legal authorities to do that. It becomes a matter
of execution and proper oversight regarding private citizen and
personal information.
We need a bill. I cannot urge you more strongly to get a
bill out this year. Exactly where that line is on the role of
the government from a harder regulatory stand that is requiring
these audits and the development of covered assets that are
covered in your bill, information sharing, and industry-led
organizations, I think those are things that need to be worked
in the Congress as a bill moves through. But I think a bill is
necessary. There is a valid role for the government if the
government is to play. That role is homeland security. We
should build on what has already been done there, even if the
progress we have seen to date has not been as significant as we
think, but we should move to pass a bill.
Senator Carper. All right. That is very helpful. There is
some convergence here, actually a fair amount of convergence
here in the views we just heard, and also with the panel that
was here earlier this week. That gives me not just cause for
encouragement but just strengthens my belief that we have to
move.
Mr. Chairman, I do not know if you are keeping a bucket
list, a to-do list of things you want to check off before the
end of the year. Clearly we want to finish postal reform. We
have already spent plenty of time on that, and the House of
Representatives continues to delay taking up legislation. We
passed very good bipartisan legislation, not perfect
admittedly, but instead of actually taking up a bill and
passing it, they continue to delay it and the Postal Service
loses $25 million a day. It makes no sense. I do not want to
come back and have to deal with that next year. I am sure
Senator Collins does not. I might not be back next year. You
never know. But I hope to have a chance to serve with her and
my colleagues for a bit longer.
The other one that is just crying out to get done is
cybersecurity. It is crying out to get done, and my hope is
that we will do that.
If I could, just one concluding thought. A lot of times at
a hearing like this, during an exercise like this, we focus on
the stuff we have not done well, the to-do list that still
needs to be done. GAO still has management integration on their
high-risk list for waste, fraud, and abuse. A lot of good has
been done. There are thousands, maybe tens of thousands of
people in this country that are still alive, unharmed,
unmaimed, they have lives, jobs, families, and so forth because
of the protections that are put in place, in no small part
because of the work that has been done by the Department that
we stood up 10 years ago. I think that is important to keep in
mind.
The other thing, I am a Senator, like some of you, who
cares a lot about trying to make sure we figure out what works,
as Congresswoman Harman said, and to make sure that we are
spending taxpayers' money as cost-effectively as we can. We are
looking at this fiscal cliff at the end of this year. We are
going to have to figure out how to raise revenues. We are going
to have to figure out how to spend more cost-effectively. One
of the very encouraging things for me, as the guy who was
involved, along with Senator Bill Roth years ago, in the
creation of the Chief Financial Office and Federal Financial
Reform Act of 1990, which said all Federal agencies have to
have auditable financials. And lo and behold, Secretary
Napolitano announced earlier this year, maybe late last year,
they are going to be auditable way ahead of the Department of
Defense. Finally the leadership we had been hoping for. And I
think you cannot manage what you cannot measure, and I think we
are making progress there.
So there is some very good work that has been done in the
last 10 years, and we need not lose sight of that. Thank you
all.
Chairman Lieberman. Thanks very much, Senator Carper.
Just responding to your question, I do have a bucket list,
and, as a matter of fact, I think I have engaged Senator Jon
Kyl at least in the formation of a Bucket List Caucus, and I
will tell you that at the top of the list is cybersecurity. And
Senator Kyl is working very hard now with Senator Sheldon
Whitehouse in a bipartisan effort to reach a meaningful
compromise on the cybersecurity bill. But the priorities for
the Committee I think are clearly cybersecurity and postal.
Incidentally, just to say what I think all the witnesses
know, but it cannot be said too much, just reflecting on your
strong statements about the need to have a cybersecurity bill
adopted this year--unfortunately there seems to be somewhat of
a partisan divide on this question in Congress. Among those who
have had responsibility for our national and homeland security
across the last two Administrations--that is, the Bush and
Obama Administrations--there is real unanimity of opinion that
we have to adopt a bill, and I think I am not stretching to say
that they support a bill like the one that came out of our
Committee. So it is not just people in the current
Administration and the President, but Secretary Michael
Chertoff, Admiral Mike McConnell, who I believe is your
colleague, Admiral Allen, at Booz Allen, and Stewart Baker. So
I hope that will have an impact in helping us get over 60 votes
in the Senate.
Senator Carper. If I could just add quickly. Senator
Collins, you, and I said to our respective leaderships on
postal, the only way we are ever going to finish a postal bill
is to get the bill on the floor, debate it, amend it, and vote
on it. And I think the same is probably true with cyber. We
have to get the bill on the floor. I am encouraged that the
Democratic leader--and I hope the Republican leader--believes
in that and during this work period, while we are here before
August, will actually do that.
Chairman Lieberman. Thank you.
Senator Johnson, I was just thinking, as we referred to Cal
Ripken, I would say you are the rookie with the most Cal
Ripken-like record on this Committee, which I appreciate. You
have really been very steadfast in your contributions here.
OPENING STATEMENT OF SENATOR JOHNSON
Senator Johnson. Well, thank you, Mr. Chairman, and thank
you and Senator Collins for holding these hearings. For
somebody new, these are extremely helpful. I am learning a lot,
so thank you.
And I would also like to thank the witnesses for your time
and your testimony and also for all of your service to the
country.
As somebody new--I was not around here, you were--I would
like to ask each one of you, what was the primary rationale or
reason for establishing the Department. I want to go down the
list. And if a previous answer is your answer, you can tell me
the second one, but I also want you to acknowledge that was the
reason. I will start with you, Congresswoman Harman. And, by
the way, for the record, I want to say I smiled when you said
that 90 percent of the work was done by the women on Fab Four.
[Laughter.]
Ms. Harman. I appreciate that.
I remember the time vividly. We were all here on 9/11, and
I was then a very senior member on the House Intelligence
Committee, walking to the dome of the Capitol, which most
people think was the intended target of the fourth plane that
went down in Pennsylvania, so it focuses the mind. We had no
evacuation plan here. We, unfortunately, closed these
buildings. A huge mistake. We reopened them later in the day,
but, nonetheless, it was terrifying, which is the point of a
terror attack.
At any rate, I felt--and I certainly know that Chairman
Lieberman did--that our government organization was completely
inadequate to the new set of threats, and we needed something
different. We had missed clues, obviously. Two of the hijackers
were living in plain sight in San Diego, and the FBI did not
talk to the FBI internally and, of course, did not talk to the
CIA, or we might have been able to find them and unravel the
plot. So the goal was to somehow find a better way to put
government functions together.
As I mentioned in my testimony, many of us thought there
was a simpler way to do this, but we embraced what President
Bush proposed because we knew he would support that and we
would get something done.
Senator Johnson. Admiral Allen.
Admiral Allen. Senator, the concept of a border security
agency actually predates 9/11. There were discussions about
trying to do something like this clear back in the Nixon
Administration regarding border control on the Southwest
Border. So the concept itself is not novel.
As former Commandant of the Coast Guard and somebody that
has worked with these agencies for nearly 40 years before I
retired, the relationships between the Coast Guard, FEMA,
Immigration, and Customs have never been better. FEMA is a
better organization because they are in a Department with the
Coast Guard, and the Coast Guard is a better organization
because they are in a Department with FEMA. And I testified to
that after Hurricane Katrina.
I was also asked by Senator Frank Lautenberg one time, what
was the best thing about the Coast Guard being moved out of the
Department of Transportation, because he was our Chairman,
moving to the Department of Homeland Security. At the time I
said we got our appropriations on time. I am not sure anybody
can say that anymore.
There was an all-out bureaucratic war between the Coast
Guard and Customs in the mid-1980s over who would do air
interdiction and maritime interdiction in this country. It was
internecine warfare and it was ugly. That does not happen
anymore, and while there have been overlaps and things to talk
about how we can coordinate better and create unity of effort,
some of the bureaucratic struggles that I saw throughout my
career have gone away.
Senator Johnson. That was how many agencies? About five
that you are talking about that you were originally thinking
about?
Admiral Allen. The original border security, that has been
a discussion that has gone on for years. Sometimes it was just
border focused.
Senator Johnson. But of the 22 agencies, how many of
those----
Admiral Allen. I think originally they would be talking
about Immigration, Customs, Coast Guard--the organizations that
actually have a physical presence on the air, land, or sea
domains and borders. But it had been something that had been
discussed for quite a while.
Senator Johnson. Mr. Skinner.
Mr. Skinner. I agree with Admiral Allen. The whole concept
of homeland security predates 9/11 actually. As a matter of
fact, I think there was actually a bill that was introduced and
it was closeted a couple years prior to 9/11. It was brought
out and dusted off, and I think that started the ball rolling
for getting the legislation that we now have through the
Congress so fast.
Quite frankly, the whole concept was to have unity of
effort, to bring together the different functions within
government so that they can work better together to not only
protect or prevent another terrorist attack, but also to
develop a resilience and an ability to respond and recover from
a terrorist attack should one occur. So it brought together
these different elements that would sit under one roof, one
leadership, with one common mission, that is, to prevent,
protect, respond, recover, and mitigate against not only a
terrorist attack but also natural disasters.
Senator Johnson. Here is my concern. My bias, having been
part of a small company that got bought by a larger
conglomerate and then demerged, I have gone through that
merging process on a far smaller scale, I understand that, but
I also understand that when you go into a larger organization,
so much of your effort then is directed toward basically
feeding the beast, trying to do all these things we are trying
to do with integration, and I guess that is my question. Have
we created something that is simply too big to manage? We have
a Department now that is 200,000 people. It has $6.5 billion
worth of overhead. And should we be taking a look at maybe
splitting out some of those? Should we maybe demerge some of
these into some different areas? I guess I always thought it
was kind of breaking down the silos, information sharing, maybe
take that back to the national intelligence level for that
sharing. Is there a more intelligent way of potentially taking
a look at this? These agencies were large bureaucracies to
start with. Now we have made something even larger, and have we
actually made it less effective?
Ms. Harman. Well, on the front end, I think we bit off too
much, but we made a tactical, political decision that, along
with the President's proposal, this was the fastest, easiest
way to get something to happen. There have been huge growing
pains. It has been 10 years, and still some functions are not
done well.
Yes, I would recommend narrowing some of the functions. But
I would be against rearranging the deck chairs again because I
think that is an extremely painful exercise for any
organization, and this one is finally, in many respects,
becoming a cohesive organization. More leadership to integrate
some functions that are still not integrated would be good.
Sustained leadership in the next Administration would be
excellent. But I think it has come a long way, and it really
has served the function, by and large, of protecting our
country along with oversight of Congress.
If I had to pick an area to reorganize right this minute,
it would be Congress. I think this Committee should have a lot
more jurisdiction than it does, and that is true on the House
side, too.
Senator Johnson. Thank you.
Admiral Allen. Sir, I think it is hard to disaggregate the
inelegant conditions under which the Department was formed that
I discussed earlier and the issues you talked about, about
management, the size, the span of control, and so forth.
We are going to have to get over the first part. It has
been 10 years. The country expects the Department is going to
start functioning better, and I think that is a mandate for the
Department.
I think, on the other hand, there is a leadership
management imperative here that has not been exhausted yet, and
I would support Representative Harman's comments there. I think
we have an opportunity, as we move to a new Administration or
continuity of the current Administration, to have a leadership
management agenda that is focused on the Department, that takes
care of the basic X's and O's of blocking and tackling. And I
think until we have done that, we have not exhausted the
potential for the Department.
Mr. Skinner. Senator, I would like to also add that I agree
wholeheartedly with Congresswoman Harman. This is not a time to
rearrange the deck chairs. If you study the history of the
creation of the Department of Homeland Security, you have to
understand the environment in which it was created. It was a
very emotional environment. This country was very upset with
what happened on 9/11, at what happened in New York, here at
the Pentagon, and also in Pennsylvania.
This bill was pushed through very quickly, at a historic
pace, and we were not given the opportunity to think it through
so that we could prepare ourselves. We saw this at TSA when we
stood that up, hiring all the screeners in record time, and as
a result, we had to go back and redo a lot of that. But that
environment in which we stood up created a lot of our problems
when we did not think it all the way through. For example, I
said earlier we shortchanged the management support functions
when we stood it up. We brought in all the operations without
the management support to back these operations.
Senator Johnson. Let me just close with an interesting
article that I read in Newsweek where basically Secretary
Robert Gates was talking about when he came in, Secretary
Donald Rumsfeld said there were 17 layers between his command
decision and the implementation in the military. Now it is 30.
That is not moving in the right direction in terms of
efficiency, and that is my primary concern about the Department
of Homeland Security as well.
Mr. Skinner. Actually, the Department has reduced layers,
because when it was originally stood up, the Secretary had the
opportunity, and the President, with congressional approval, to
reorganize, which they did, and they have actually removed
layers. Now I think the layers that remain need to be
empowered, particularly in the management support arena. The
progress we have made to date I think is substantial. I do not
think the Department does a very good job of marketing itself.
It still has a long way to go. The biggest threat I think the
Department has for its success right now is the budget
constraints, the ability to sustain what they have already
started and the ability to make the improvements they need to
move forward and to address evolving threats.
Senator Johnson. Thanks a lot. Thank you, Mr. Chairman.
Chairman Lieberman. Thanks, Senator Johnson. That was a
really constructive exchange.
Senator Akaka, welcome. Senator Akaka is another Member of
our retiring class who is characteristically involved in a very
constructive way on our Committee's two priorities, which are
the cybersecurity bill and the postal reform bill. So thank you
for that, Senator Akaka, and it is your turn for questioning.
OPENING STATEMENT OF SENATOR AKAKA
Senator Akaka. Thank you very much, Mr. Chairman, and also
I also want to thank Senator Collins for her efforts on this
Committee and for holding this hearing to examine DHS, and also
to discuss some reforms that can improve the efficiency and
delivery of services of this Department for our country. So I
want to thank you very much for this opportunity.
I also want to take the time to thank the Federal workers.
As you know, I have always been concerned about our human
capital, and here it is, one of those situations where our
Federal workers have responded, and I want to thank them for
their response, called to service since September 11, 2001. And
so here we are now examining what has happened and how we can
improve it.
I would like to ask Congresswoman Harman, your written
testimony notes improvements of the DHS Privacy Office and an
urgent need to stand up the Privacy and Civil Liberties
Oversight Board. I strongly agree. As you know, dramatic
technical advances in the past decade allowed DHS to obtain and
use Americans' personal information in new ways.
What are the key privacy challenges that DHS will face in
the future? And is the Department really equipped to address
these challenges?
Ms. Harman. Well, thank you for that question, Senator
Akaka. And, by the way, life outside of Congress is quite
sweet. I want to assure you and Senator Lieberman that I am
really OK and enjoying my life.
On this, I watched carefully as the Department developed,
and I have seen progress and good effort in the privacy
protection area. So I do not want to be critical. What bothers
me as a more general matter is the absence of people inside the
Executive Branch as policy is formulated there, as regulations
are developed or new actions are contemplated, who say, wait a
minute, there is another way to think about this or there are
more things to think about. As I have often said--in fact,
Benjamin Franklin said it first, I am sure, better than I am
going to say it--security and liberty are not a zero sum game.
You either get more of both or less of both. You have to factor
them both in on the front end. If you think of them as a zero
sum game and we have threats against us, then we are going to
basically shred our Constitution. None of us wants to do that.
And if you, alternatively, just punt, then after we are
attacked, we are definitely going to shred our Constitution.
Bad idea.
So my basic point is we need advocates all over, in the
right rooms, at the right time, as the Executive Branch
contemplates security actions. What DHS is doing inside of DHS
is pretty good, although I have seen some problems. They relate
to what information is collected, how long it can stay there,
and who has access to it--the usual stuff like that. But,
again, I think the others here, maybe Mr. Skinner, more than
any of us, can answer whether the systems are working.
But I saw a couple of things there that I was able to stop.
One of them was the National Applications Office (NAO). It was
going to task satellites, basically our defense satellites, to
accomplish certain homeland security missions over the
continental United States, and that worried me because I did
not think the guidelines were specific enough. And what ended
up happening was NAO, I think, was discontinued, which I
thought was a very good outcome.
Senator Akaka. Thank you, Congresswoman Harman. This week
the National Journal poll released information that almost two-
thirds of respondents said that the government and businesses
should not be allowed to share cybersecurity information
because it would hurt privacy and civil liberties. You also
note in your testimony the need to protect personal information
in the event of a cyber attack.
Will you please discuss the importance of including robust
privacy and civil liberties safeguards in any cybersecurity
legislation considered on the Senate floor?
Ms. Harman. I think it is very important. What the final
version of the legislation should look like I do not know. But,
again, it is the same point, that security and liberty are not
a zero sum game. We have to think about how to protect
information as we also are blocking access by either business
interests that are stealing information or government interests
that pose, I think, a grave threat to all of the dot-mil, dot-
gov, and dot-com space. These are serious tools, and the point
of cybersecurity legislation, obviously, is to protect our
personal information, but also our government secrets. So that
is the point of the legislation. But individuals should not be
forced by the legislation to share data that it is unnecessary
to share.
So it is complicated. I just have to look at the specific
language. But I think the bill authored by Senator Lieberman
and Senator Collins is closer to what I think would keep our
country safe and protect our critical infrastructure.
Senator Akaka. Thank you, Mr. Chairman.
Chairman Lieberman. Thanks very much, Senator Akaka.
If the witnesses have time, I have just one more line of
questions, a little bit different than we have focused on, and
it builds on yesterday's hearing when we discussed with the
experts an interesting, in some ways unsettling range of
potential future homeland security threats. And I wanted to ask
you what your assessment is of the current capabilities within
DHS to assess and identify future threats and then obviously to
take actions to address them, and if it is not adequate, what
we might do about it. And I do want to go down the road, and,
Admiral Allen, as you well know, the Coast Guard has an
internal futures planning initiative called Project Evergreen,
and I would like you to talk about that and how it might
relate, if it does, to DHS overall.
Congresswoman Harman, do you want to begin that? Is there
within DHS the capability to accurately, or adequately anyway,
anticipate changing threats and respond?
Ms. Harman. I think I am least qualified on this panel to
answer that because I have not been in the operating mechanism
of the Department. But I think it is uneven, would be my
answer. I think some threats are better understood than others.
And as I mentioned in my answer to Senator Collins, if we give
a pat answer to that question, then the bad guys will somehow
plan around us. We cannot do that. We have to be ever agile and
reassessing that all of the time.
But I do not think most of the planning mechanisms are that
good. The ones I have seen that I like the best have to do with
airplane and airport security, which I think work very well.
And we authored legislation, Senator Collins and I, on port
security, which involves--and obviously Admiral Allen knows all
about that--pushing borders out and layers of protection. And I
think that one works pretty well. But I do not know how to
answer that across the whole range of threats.
Chairman Lieberman. Good enough. Admiral Allen.
Admiral Allen. Yes, sir. To answer your first question,
about 10 years ago or 12 years ago, the Coast Guard initiated a
project called the Longview Project, and this was trying to
look strategically into our future using alternative scenario
planning, which is a planning method the Royal Dutch Shell
Company had put in about 20 years ago, a leading consultative
method to try and figure out what you should do to plan for the
future. To summarize it, you get your senior leaders, you look
at the consequential trends that are out there, and you develop
alternative worlds that you might see. And then you reduce that
to the four or five highest risk or most consequential. Then
you isolate teams, and they come up with strategies on how you
would cope with that world. And they do not talk to the other
ones.
When you bring them back in, you compare what they all
said, and if you have five very different worlds, of the 10
strategies they come up with each world, three or four of them
the same--those are robust, apply to a variety of threats, that
is something you should probably look at as you try and look at
your own capabilities and competencies.
The Coast Guard is on its third or fourth iteration. We
termed it the ``Evergreen process'' because our goal was to
regenerate it about every 4 years. It has been extremely
helpful to us. When I became chief of staff of the Coast Guard
after 9/11, I actually graded our performance on 9/11 against
what we thought was going to happen when we did not know the
events in New York were going to occur, and there were 10
things that we said we should do. We did six or seven of them.
The three that we did not do would have helped us had we done
them. And my response was from that old management book, ``Who
Stole My Cheese?'' What would you do if you were not afraid?
And we thought it was very insightful.
Regarding the larger question, what I said in my written
testimony--and I will try and summarize it succinctly here--you
cannot stand at a port of entry and view homeland security and
say, ``What is it I should do?'' You cannot stand at a
screening line either in the country or in Dublin and say,
``What should I do regarding airline passengers?'' I think we
need to understand that we have both a physical and a virtual
dimension of our borders where we need to carry out sovereign
responsibilities. And for ease of explanation, what I usually
say is we have air, land, sea, and actually a space domain, and
they are all surrounded by cyber. And through those domains we
have flows of things we need to be concerned about.
Deputy Secretary Lute has a good way of saying it. We need
to interrupt the supply chain of trouble. And the things that
flow through those domains are things like people, cargo,
conveyances, but it is also weather, germs, electrons, and
money.
I think what we need to start understanding is,
notwithstanding the components and their individual authorities
and jurisdictions, as I alluded to earlier, at the departmental
level, in both principle as well as policy and operational
planning and coordination, how do we sense those domains and
those environments? What is passing through them? What
represents the threats in those domains? You can almost look at
a portfolio and you can start making tradeoffs based on risk of
where you need to put resources, including redeploying
workforces on the Southwest Border, redeploying maritime
forces, heightening threat levels in advance of a national
security event, and so forth. It requires, in my view, to step
back and view the homeland security enterprise radically
different than the collection of the authorities and
jurisdictions of the components.
Chairman Lieberman. Thank you for that. You give us a lot
to think about. Mr. Skinner, do you have a reaction to the
question?
Mr. Skinner. It would be hard to add to what he just said.
Chairman Lieberman. That was a pretty good answer.
Mr. Skinner. It certainly was. As the IG, I do recall doing
some reviews with the Department, particularly in TSA and CBP.
We were always looking for emerging threats because they knew
if they shut down one lane, they would find other avenues to
smuggle contraband or illegal items onto airplanes or through
our borders. So I know that from a stovepipe perspective we
were always looking at what are they going to do next now that
we have identified this technique.
As far as strategic planning and strategic assessments of
what our threats are, I am not aware of that occurring within
the Department, but that does not mean that it is not
occurring.
Finally, I would just like to make the point that when we
talk about evolving threats, this is not just a DHS
responsibility. This is a governmentwide responsibility.
Chairman Lieberman. Right.
Mr. Skinner. And we have to rely heavily within the
Department on what is going on outside government, and I think
Admiral Allen put it very well. It is the intelligence that we
garner, dealing with what is going through our systems or what
is happening inside that cyber circle. So people who have those
expectations saying this is solely a DHS responsibility--I
think it would be misleading or a big mistake just to focus on
DHS.
Chairman Lieberman. Yes, I agree. I just want to come back
and ask you a final question, Admiral Allen, about that
exercise you went through with the Coast Guard. I assume you
were looking at a lot of factors that might not to the
immediate observer seem like they were relevant to the Coast
Guard function. In other words, it seems to me that one of the
things I would hope that DHS does is look at worldwide
demographic trends. I also mean, of course, with regard to
natural disasters, environmental, or meteorological trends. But
I also hope they think about the terrorism threat, what is
happening out in the world that we may not be thinking about
now that, nonetheless, could--or what is happening in the
technological world that may be converted to a weapon against
us, as you know, planes and cyberspace have been.
Admiral Allen. That is what we try to do, sir. One of the
scenarios was you try and drive at the polar extremes. One is
globalization where financial markets drive to the point where
it starts to question the value of nation-states. The other one
is a pandemic that basically goes global and redefines socio-
political boundaries and implications related to that, or
natural disasters. And what you do is you try and bring your
leaders in and try to understand which one of those are most
consequential or impactful or provide the greatest risk. And
you can talk about it from an agency standpoint.
There was a project called Project Horizon where the State
Department tried to do this on an interagency basis about 10
years ago.
Chairman Lieberman. Yes.
Admiral Allen. But it really never got the traction inside
the government. It is a useful project. It requires some
investment in time. It requires some championship at the
leadership level. But it also allows you to learn about some
junior and mid-grade people that take part in these things as a
leadership grooming process. There are current admirals in the
Coast Guard that I first met as lieutenants in these work
groups talking about what they thought might happen in a port
after a weapon of mass destruction event. You were able to see
these people being very thoughtful and very resourceful in how
they bring their thinking to the problems.
Ms. Harman. Senator Lieberman, could I just add one thing?
Chairman Lieberman. Yes, ma'am.
Ms. Harman. As we think about these big, huge threats or
potential catastrophic threats, it is still important to drill
down on the smaller threats. Senator Collins mentioned the
underwear bomber who was unable to detonate--good news--a bomb
that was external to his body. Now the worry is that tradecraft
has evolved so that there can be internal bombs. Much like
human mules carrying drugs, that will evade some of our
detection systems. And at that level, I think we need very
sharp focus because I think that things of that kind are going
to continue to happen. There is one particular bomb maker in
Yemen--who seems to be the ace bomb maker of all time--who
still is alive and well and doing this. Maybe there will be
others, and maybe there will be others in this country. So it
is not just a question of borders. It is a question of very
smart, focused thinking about what these people could do next.
Chairman Lieberman. Good point.
Admiral Allen. You mentioned technology, Mr. Chairman. I
think when you look at the advances in nanotechnology, mass
computation in smaller areas, battery technology, and things
like that, you start creating the art of the possible and ways
where threats can be applied in different ways. So I think
there is a technological thing that we have to keep our eye on.
Chairman Lieberman. Yes, I agree. This is a tall order, but
investing a little bit in this kind of future thinking out of
the box for right now probably would save us a lot in the years
ahead. Thank you very much. Senator Collins.
Senator Collins. Thank you, Mr. Chairman.
Admiral Allen, it was very helpful to hear from you some of
the problems that existed prior to the Department of Homeland
Security's creation to remind us that it is not as if all these
agencies were working cooperatively before they were brought
together and somehow bringing them together made them not work
as well.
Nevertheless, as I was reading your testimony, I could
sense a certain frustration with how the Department could be
functioning better. For example, you talk about a lack of
uniformity, comparability, and transparency in budget
presentations across the Department. You say that the
Department has struggled to evolve in operational planning and
mission execution coordination capability. And you say in your
conclusion, ``Something has to give.''
What do you believe needs to be done to solve some of the
problems that you illustrated in your written testimony?
Admiral Allen. If I could, as I did in my written
testimony, I would like to divide it into two answers. One
involves mission execution, and one involves mission support. I
used to tell the people that worked for me in the Coast Guard,
``If you go to work every day, you either execute the mission
or you support the mission. And if you cannot explain what you
are doing, we made one of two mistakes. Either we have not
explained your job or we do not need your job.'' So I would
like to give you two answers.
On the mission support side, let us go to appropriations,
because I think you hit the place where there is discretion to
do something.
We moved components into the Department with different
appropriations structures from the legacy departments. And you
are all familiar with this. I am talking about the
appropriations level, the project, program, and activity levels
that create the firewalls which you need to reprogram between
and how you represent personnel costs, operating costs, capital
investment costs, IT costs, and so forth.
Right now, because of the way the budgets were formed in
the legacy departments, you cannot put the budgets side by side
and look at comparability on personnel costs, salaries,
operations and maintenance, and capital investment. There are
two sides to this. The Administration needs to put forward a
budget that has comparability in the way the numbers are
presented, and the Appropriations Committees are going to have
to understand that there is going to have to be some
flexibility to put this together where we have a comprehensive
and understandable basis by which to us how we are funding the
Department and the costs associated with that.
That is something that does not need any legislation. That
is a management activity both in the Department, at OMB, which
plays a big part in this, and on the Hill.
One key thing regarding this is the requirement in the
Homeland Security Act to have a Future Years Homeland Security
Plan like the Future Years Defense Plan. We have never realized
that. There are a lot of forces inside the Office of Management
and Budget that do not want to commit to a 5-year projection,
but this really kills capital investment and acquisitions
management. We have breaches in acquisition programs that are
budget-induced, but you do not see that because there is never
an open discussion about having a sustained, consistent 5-year
capital budgeting plan.
On the mission execution side, it has everything to do with
unity of effort, which is undergirded by operational
coordination and planning. If you talk about the threat
environment that I discussed and all the different domains,
that is hard to do at a component level. But we need to create
the capacity and the competency at the departmental level to be
able to look at this thing as a portfolio and to talk about
future cases, to look at how do you trade off what can pass
through those domains--germs, electrons, money, people,
conveyances, and so forth.
We have to create the capacity to be able to discern the
important few from the many that are out there that they have
to deal with every day. And we have to create the capacity and
the capability to do that close to the Secretary so the
Secretary can be consequential in the planning and the
execution of ongoing operations, then export that competency
with credibility across government.
Senator Collins. Thank you.
Mr. Skinner, you talked about how the Department initially
had, I think it was 2,000 different IT programs and that had
been narrowed down, but there are still many different IT
programs operating within the Department. And I was thinking
when Senator Johnson was talking about the tension between
being part of a great big organization versus a smaller
organization, which can be more efficient and effective, that a
fundamental issue that has never really been answered about the
Department has to do with the amount of authority at the
Department level, the Chief Information Officer (CIO), the
Chief Financial Officer (CFO), Chief Acquisition Officer, all
of those positions should have.
What is your view on that? Should the Secretary-level
positions have authority over the component agencies in the
area of information technology, for example?
Mr. Skinner. If you go back and look at some of the work
that we have done over the years, we have always had concerns,
first, that the CFO did not have the appropriate authorities to
compel the components to follow certain guidelines or to
perform in a manner in which the Department or the Secretary
had envisioned. Second, I had reported and made recommendations
that the CIO did not have sufficient resources in the Office of
the CIO. And the same holds true with the Chief Financial
Officer. We have studied and made recommendations that the
Chief Financial Officer as well be given additional resources
and authority to ensure compliance at the component level.
One of the things I would like to add is that because when
we stood up and the components were brought together, they
retained their authority, oftentimes because it was the
environment in which we were living, and it was a very
emotional environment--expectations were too high. We thought
now that we have the Homeland Security Department, all of our
problems are going to be solved. Well, we knew that was not
going to happen, but the public did not know that, and the
media took advantage of that. And, second, it was that the
mission demands that were put on us at that point in time in
our history trumped good business practice, because we were
hearing we expect this to happen, we expect to secure our
borders, stop illegal immigration--everything had to be done
yesterday, and that trumped good practice. We made a lot of
mistakes, and I think we have learned from that. The dust has
settled. Now we are able to analyze exactly what we have done,
what lessons were learned, and where we want to go. Now it is
just a matter of getting the resources and authorities to get
it done.
Senator Collins. Thank you. Admiral Allen.
Admiral Allen. Coming back to Senator Johnson, because your
analogy to the business world, and I understand it, you have
every right to ask that question. This was probably done
without due diligence.
Chairman Lieberman. Thanks, Senator Collins.
I want to give Senator Johnson and Senator Akaka a chance
to ask questions if they have more. Congresswoman Harman, I
understand you may have to leave soon. If you do, we will
understand--and still love you.
Ms. Harman. Is that a hint?
Chairman Lieberman. No. I do not think I have ever said
that to a witness before. [Laughter.]
Ms. Harman. Well, thank you, Mr. Chairman. I love you, too.
Chairman Lieberman. Thank you.
Ms. Harman. If it is one more round of questions by two
people?
Chairman Lieberman. Just Senator Johnson and Senator Akaka.
Ms. Harman. Yes, I would be happy to stay.
Senator Johnson. Just a quick one. When we were talking
about cybersecurity yesterday, I was asking about, again, the
priorities of what needed to be done, and I really came away
from that as the first thing is we have to set the standards.
So I just want to quickly ask all three of you: Who do you
believe is best capable of setting the standard on
cybersecurity?
Ms. Harman. I think the technical expertise on
cybersecurity is in the NSA and should remain there. They are
best at it.
In terms of being the public face to do the cybersecurity
work that is especially not in the dot-mil and dot-gov space, I
think the Homeland Security Department has to do it, implement
it. But I do not think it should try to re-create the technical
expertise of the NSA.
Admiral Allen. I think there is a role for government in
oversight of the standards. If I could give you an analogy, the
blowout preventer that failed in the Deepwater Horizon spill 2
years ago was built to industry standards, but was not subject
to independent third-party inspection mandated by the
government. It is now. So I think we need to understand what
the role of government is and how we produce the effect. I
think there should be oversight. I think it is logical it
should be in the Department of Homeland Security. How you
evolve the standards can be part of how the legislation is put
together, but that has to be affirmed, there has to be
accountability, and somebody has to be able to act on behalf of
the American people.
Senator Johnson. Thank you. Mr. Skinner.
Mr. Skinner. I believe it is going to be a collaborative
effort. I think NSA plays a major role. I also believe the
National Institute of Standards and Technology (NIST) plays a
role, and the Department of Homeland Security plays a role as
far as establishing standards. And those standards are not
going to be set in stone. They are going to evolve over time
because cybersecurity is evolving over time.
And as far as providing the oversight at least on the
domestic side of the house, I believe that should rest within
the Department of Homeland Security. That is a logical home for
it.
Senator Johnson. Those were very government-centric
answers. Is there any role outside in terms of the private
sector in terms of the service providers and that type of
thing?
Admiral Allen. If I could just add, I think that is a
performance outcome. My basic training in public administration
is in executive, legislative, and regulatory management. I
worked in the regulatory field for a couple of decades. One of
the things we have to watch out for is we do not get this into
a rulemaking process that takes 10 years. That just cannot
work. So whatever we do that involves government has to break
the paradigm to bring the best of the private sector and get to
a conclusion. What we want is a violent attack of sanity. The
question is how to do it.
Ms. Harman. And if I could just add, as Senator Collins
said, 85 percent, I think, of our capacity is in the private
sector, and the private sector in this area is much more agile
than the government sector. So this has to be a collaborative
effort. I thought you were asking about the standard setting.
Yes, the legislation should set the standards or set up the
process to set the standards. The point I was making is that
inside government, our technical competence on this is at the
NSA.
Senator Johnson. Thank you. Thank you, Mr. Chairman.
Chairman Lieberman. Thank you, Senator Johnson. Senator
Akaka?
Senator Akaka. Thank you very much, Mr. Chairman. I know
time is valuable to the Congresswoman, and I just want to say I
do not have any more questions for you if I am the last here,
meaning you can leave if you need to.
Mr. Skinner, I want to say that we have a great panel of
leaders and experts here today, and we are fortunate to have
you. Mr. Skinner, as you noted in your written testimony, DHS
has relied heavily on contractors since its inception, in
particular in service contractors working side by side with
Federal workers. I have worked closely with the Department on
its efforts to right-size its Federal employee-to-contractor
mix.
Does the Department currently have the right Federal
employee-to-contractor balance to achieve its mission in the
future?
Mr. Skinner. I can only say at the time of my retirement,
no, it did not. But at the same time, I was aware of the
initiatives to bring that right balance, and I have been
reading reports and observing what is going on within the
Department. I am still emotionally attached, even though I am
retired. And I see that there is progress being made there.
But, nevertheless, there is still an imbalance. I know
recently the Coast Guard has made tremendous progress in
bringing in in-house employees to do what was inherently
governmental jobs instead of relying on contractors. But at the
same time, they still do not have--and this is as recently as
maybe 2 to 3 months ago that I read this--sufficient resources
to complete their mission. So they are still relying on
contractors to do what they would like to be doing themselves.
But there is a very concerted effort, and I think this has been
at all the components as a result of the leadership that I have
seen Secretary Napolitano and Deputy Secretary Lute bring to
the acquisition management process.
Senator Akaka. Admiral Allen, as you know, the Department
has worked very hard to improve its strategic human capital
functions. However, DHS still faces challenges in implementing
its department-wide workforce objectives and goals, such as
improving employee morale and retention.
What are the most pressing challenges facing the DHS
workforce? And how do we address them going forward with DHS?
Admiral Allen. Thank you for the question, Senator. I have
provided the staff with a statement I made, and they can
provide it for the record.\1\ In March, I testified before
Representative McCaul's subcommittee, the House Homeland
Subcommittee on the Partnership for Public Service rankings and
morale at the Department. There is a more extensive discussion
on that there. I will try and highlight some of the issues
here.
---------------------------------------------------------------------------
\1\ The testimony referenced by Admiral Allen appears in the
Appendix on page 186.
---------------------------------------------------------------------------
Some of the issues derive from the nature by which the
Department was formed that I have talked about. Let me hit
those real quick because they are technical, and then I will
get to the other ones, which I think are equally important.
I will give you a good example. When the Immigration and
Naturalization Service went away and we formed Immigration and
Customs Enforcement (ICE) and the CBP, we recombined two
different workforces that came from two different departments
with different appropriations structures, different pay/benefit
structures, different work rules, and different grade
structures. The ability to try and estimate salaries in that
environment continues to be a problem today in CBP, plus a lot
of their salaries are funded by, I think, five or six different
fees that are legacy fees from Agriculture, Immigration, and
Land Border Entry. That is a pretty difficult environment to
try and manage and create a human resource program and
adequately address and estimate salaries.
The implications of that is there is not enough money, they
have to do things in the middle of the year, employees know
that, and it affects morale. So I think fixing some of these
structural issues will have a salutary effect on the workforce,
in my view.
Now, separate from that, on the discussion of morale of the
Department, what I said in my previous testimony was morale is
not something that you mandate or set out as a goal and
achieve. Morale is a by-product of performance in the
workplace, where employees feel they are empowered and have the
right tools and understand that their leadership are doing the
things that are going to enable them to be successful. When you
have that, you have morale. And so I think what the Department
needs to do is put the conditions in place which improve the
performance that we have talked about here today, and I think
morale becomes a natural by-product of that.
I think we need to understand people do not leave
organizations. They usually leave bad bosses. So I think there
is an imperative on leadership training in the Department.
There is a DHS fellows program. They have just established a
Department of Homeland Security capstone program for senior
executives. We now have a leading edge program for executives
across the Federal Government.
I believe there ought to be some leadership development
programs that are created, fenced off in the budget to become
programs of record that do not require the people that are
managing these programs to go hand to hand every year and try
to deal with reprogrammed funds or what is left over at the end
of the year.
Senator Akaka. Well, thank you very much for that.
I would like to finally ask Mr. Skinner, in particular, it
seems as though we have had morale problems, for instance, in
TSA. The turnover there is great and has been, and it seems as
though it is a part of DHS where the workers have problems.
Can you make any expressions on that and the problem and
the challenges that we face in particular in TSA?
Mr. Skinner. Senator, this is something I have never
studied with regards to TSA. I was well aware of the turnover
issues there, and we did discuss this with the TSA
administrators when I was there in private meetings.
One of the problems that we have observed with regards to
TSA is just the pure nature of its work. It is very tedious,
hard work, and people's expectations when they take these jobs
are not always met.
Second, when you talk about the leadership, this is the
leadership up and down the chain of command. At the individual
airports themselves there was oftentimes a lack of leadership,
and people's expectations of their leaders were not being met.
But to actually come up with empirical information or a
conclusion as to why there is a high turnover rate, at least
when I was the IG, we had never completed a study in that area.
Senator Akaka. Thank you. Thank you very much, Mr.
Chairman.
Chairman Lieberman. Thanks, Senator Akaka.
This has been a very productive morning. I want to thank
the three witnesses. Each of you in different ways has given
great service to our country, and if I may say so, I think you
added another step in that direction by both your prepared
testimony, which was very thoughtful and will be part of the
permanent record, and by your testimony this morning. You have
given the Committee a lot to think about. I think you will give
the new Committee leadership in the next session a lot to think
about. And, frankly, I think you will give both the current and
new leadership of the Department an agenda for action to
continue what has been a first decade of real progress, but
obviously a lot of work to be done.
Senator Collins, do you want to add anything?
Senator Collins. I just want to add my thanks to those of
the Chairman. I have enjoyed working with all three of our
witnesses over the years, and it is terrific to have them back
today to share their extraordinary experience and insights with
our Committee. So thank you all.
Chairman Lieberman. Thank you.
So the record of the hearing will remain open for 15 days
for any additional statements or questions. Again, thank you
very much.
The hearing is adjourned.
[Whereupon, at 12:17 p.m., the Committee was adjourned.]
A P P E N D I X
----------
[GRAPHIC] [TIFF OMITTED] T6059.001
[GRAPHIC] [TIFF OMITTED] T6059.002
[GRAPHIC] [TIFF OMITTED] T6059.003
[GRAPHIC] [TIFF OMITTED] T6059.004
[GRAPHIC] [TIFF OMITTED] T6059.005
[GRAPHIC] [TIFF OMITTED] T6059.006
[GRAPHIC] [TIFF OMITTED] T6059.007
[GRAPHIC] [TIFF OMITTED] T6059.008
[GRAPHIC] [TIFF OMITTED] T6059.009
[GRAPHIC] [TIFF OMITTED] T6059.010
[GRAPHIC] [TIFF OMITTED] T6059.011
[GRAPHIC] [TIFF OMITTED] T6059.012
[GRAPHIC] [TIFF OMITTED] T6059.013
[GRAPHIC] [TIFF OMITTED] T6059.014
[GRAPHIC] [TIFF OMITTED] T6059.015
[GRAPHIC] [TIFF OMITTED] T6059.016
[GRAPHIC] [TIFF OMITTED] T6059.017
[GRAPHIC] [TIFF OMITTED] T6059.018
[GRAPHIC] [TIFF OMITTED] T6059.019
[GRAPHIC] [TIFF OMITTED] T6059.020
[GRAPHIC] [TIFF OMITTED] T6059.021
[GRAPHIC] [TIFF OMITTED] T6059.022
[GRAPHIC] [TIFF OMITTED] T6059.023
[GRAPHIC] [TIFF OMITTED] T6059.024
[GRAPHIC] [TIFF OMITTED] T6059.025
[GRAPHIC] [TIFF OMITTED] T6059.026
[GRAPHIC] [TIFF OMITTED] T6059.027
[GRAPHIC] [TIFF OMITTED] T6059.028
[GRAPHIC] [TIFF OMITTED] T6059.029
[GRAPHIC] [TIFF OMITTED] T6059.030
[GRAPHIC] [TIFF OMITTED] T6059.031
[GRAPHIC] [TIFF OMITTED] T6059.032
[GRAPHIC] [TIFF OMITTED] T6059.033
[GRAPHIC] [TIFF OMITTED] T6059.034
[GRAPHIC] [TIFF OMITTED] T6059.035
[GRAPHIC] [TIFF OMITTED] T6059.036
[GRAPHIC] [TIFF OMITTED] T6059.037
[GRAPHIC] [TIFF OMITTED] T6059.038
[GRAPHIC] [TIFF OMITTED] T6059.039
[GRAPHIC] [TIFF OMITTED] T6059.040
[GRAPHIC] [TIFF OMITTED] T6059.041
[GRAPHIC] [TIFF OMITTED] T6059.042
[GRAPHIC] [TIFF OMITTED] T6059.043
[GRAPHIC] [TIFF OMITTED] T6059.044
[GRAPHIC] [TIFF OMITTED] T6059.045
[GRAPHIC] [TIFF OMITTED] T6059.046
[GRAPHIC] [TIFF OMITTED] T6059.125
[GRAPHIC] [TIFF OMITTED] T6059.126
[GRAPHIC] [TIFF OMITTED] T6059.047
[GRAPHIC] [TIFF OMITTED] T6059.048
[GRAPHIC] [TIFF OMITTED] T6059.049
[GRAPHIC] [TIFF OMITTED] T6059.050
[GRAPHIC] [TIFF OMITTED] T6059.051
[GRAPHIC] [TIFF OMITTED] T6059.052
[GRAPHIC] [TIFF OMITTED] T6059.053
[GRAPHIC] [TIFF OMITTED] T6059.054
[GRAPHIC] [TIFF OMITTED] T6059.055
[GRAPHIC] [TIFF OMITTED] T6059.056
[GRAPHIC] [TIFF OMITTED] T6059.057
[GRAPHIC] [TIFF OMITTED] T6059.058
[GRAPHIC] [TIFF OMITTED] T6059.059
[GRAPHIC] [TIFF OMITTED] T6059.060
[GRAPHIC] [TIFF OMITTED] T6059.061
[GRAPHIC] [TIFF OMITTED] T6059.119
[GRAPHIC] [TIFF OMITTED] T6059.120
[GRAPHIC] [TIFF OMITTED] T6059.121
[GRAPHIC] [TIFF OMITTED] T6059.122
[GRAPHIC] [TIFF OMITTED] T6059.123
[GRAPHIC] [TIFF OMITTED] T6059.124
[GRAPHIC] [TIFF OMITTED] T6059.062
[GRAPHIC] [TIFF OMITTED] T6059.063
[GRAPHIC] [TIFF OMITTED] T6059.064
[GRAPHIC] [TIFF OMITTED] T6059.065
[GRAPHIC] [TIFF OMITTED] T6059.066
[GRAPHIC] [TIFF OMITTED] T6059.067
[GRAPHIC] [TIFF OMITTED] T6059.068
[GRAPHIC] [TIFF OMITTED] T6059.069
[GRAPHIC] [TIFF OMITTED] T6059.070
[GRAPHIC] [TIFF OMITTED] T6059.071
[GRAPHIC] [TIFF OMITTED] T6059.072
[GRAPHIC] [TIFF OMITTED] T6059.073
[GRAPHIC] [TIFF OMITTED] T6059.074
[GRAPHIC] [TIFF OMITTED] T6059.075
[GRAPHIC] [TIFF OMITTED] T6059.076
[GRAPHIC] [TIFF OMITTED] T6059.077
[GRAPHIC] [TIFF OMITTED] T6059.078
[GRAPHIC] [TIFF OMITTED] T6059.079
[GRAPHIC] [TIFF OMITTED] T6059.080
[GRAPHIC] [TIFF OMITTED] T6059.081
[GRAPHIC] [TIFF OMITTED] T6059.082
[GRAPHIC] [TIFF OMITTED] T6059.083
[GRAPHIC] [TIFF OMITTED] T6059.084
[GRAPHIC] [TIFF OMITTED] T6059.085
[GRAPHIC] [TIFF OMITTED] T6059.086
[GRAPHIC] [TIFF OMITTED] T6059.087
[GRAPHIC] [TIFF OMITTED] T6059.088
[GRAPHIC] [TIFF OMITTED] T6059.089
[GRAPHIC] [TIFF OMITTED] T6059.090
[GRAPHIC] [TIFF OMITTED] T6059.091
[GRAPHIC] [TIFF OMITTED] T6059.092
[GRAPHIC] [TIFF OMITTED] T6059.093
[GRAPHIC] [TIFF OMITTED] T6059.094
[GRAPHIC] [TIFF OMITTED] T6059.095
[GRAPHIC] [TIFF OMITTED] T6059.096
[GRAPHIC] [TIFF OMITTED] T6059.097
[GRAPHIC] [TIFF OMITTED] T6059.098
[GRAPHIC] [TIFF OMITTED] T6059.099
[GRAPHIC] [TIFF OMITTED] T6059.100
[GRAPHIC] [TIFF OMITTED] T6059.101
[GRAPHIC] [TIFF OMITTED] T6059.102
[GRAPHIC] [TIFF OMITTED] T6059.103
[GRAPHIC] [TIFF OMITTED] T6059.104
[GRAPHIC] [TIFF OMITTED] T6059.105
[GRAPHIC] [TIFF OMITTED] T6059.106
[GRAPHIC] [TIFF OMITTED] T6059.107
[GRAPHIC] [TIFF OMITTED] T6059.108
[GRAPHIC] [TIFF OMITTED] T6059.109
[GRAPHIC] [TIFF OMITTED] T6059.110
[GRAPHIC] [TIFF OMITTED] T6059.111
[GRAPHIC] [TIFF OMITTED] T6059.112
[GRAPHIC] [TIFF OMITTED] T6059.113
[GRAPHIC] [TIFF OMITTED] T6059.114
[GRAPHIC] [TIFF OMITTED] T6059.115
[GRAPHIC] [TIFF OMITTED] T6059.116
[GRAPHIC] [TIFF OMITTED] T6059.117
[GRAPHIC] [TIFF OMITTED] T6059.118
|
NEWSLETTER
|
|
Join the GlobalSecurity.org mailing list
|
|
|
