"We must open lines of communication and support like never before between agencies and departments, between federal and state and local entities and between the public and private sectors. We must be task oriented. The only turf we should be worried about protecting is the turf we stand on." Gov. Tom Ridge in accepting the post as director of the Office of Homeland Security.
In his acceptance speech last October, newly named Homeland Security Director Tom Ridge specified two essentials for homeland defense: top-to-bottom communication and support among government agencies and the private sector, and eliminating the turf that has so often stopped cooperative efforts. Last year's terrorist attacks opened many eyes to the necessity for information sharing. However, as pointed out by officials from all levels of government, while the need to share and cooperate is now understood, uprooting old habits and building the necessary skills are still difficult.
Sen. Fred Thompson R-Tenn., said in a June hearing on "Homeland Security and the Intelligence Community" that government is not good at some of the basics of information-sharing systems. Information technology, managing human capital, financial management and overlap and duplication, are all high-risk activities for government. "All of the things that are vital to this are things we are awful at," said Thompson.
Jim Flyzik, senior advisor to Tom Ridge, and vice chair of the Federal CIO Council, while acknowledging the problems ahead, was a bit more optimistic as he briefed IPC delegates. Flyzik said he was responsible for drafting a national strategy by July. "Once we deliver our national strategy to the president," he said to state and local delegates, "you will see more outreach efforts." The first goal, he explained, will be to tear down federal information silos. The second will be to share homeland security information with state, local and private-sector entities. "Technology will be one of the easier issues to deal with," he said. "Ridge said the only turf is the one we're standing on; we're not going to tolerate agency heads that dig in. Paul O'Neill is giving us Customs and Treasury and all he said was: 'this is the right thing to do.'"
A Status Check
"Homeland security has to begin with first responders," said Javier Gonzalez, president of the National Association of Counties. He pointed out to IPC delegates that first responders to last year's terrorist attacks came from local government. When the Pentagon was attacked, for example, the first responders came from Arlington County, Va. Gonzalez, however, while pointing out the heroic efforts in New York City and the well-coordinated response in Pennsylvania, admitted that at the local government level, information sharing has technical and political problems that can bring even simple projects to a halt. Gonzalez, a supervisor from Santa Fe County, N.M., said that in his own area, local government first responders use cell phones to call the various dispatch centers, because they have no shared public safety communications system.
Another county official discussed the human impediments to something as simple as compiling a county telephone directory. The sheriff didn't want jail personnel listed. Some county executives didn't want to be bothered by phone calls, others wanted to be the only contact in their offices. The project slowed then stopped, and the only thing that worked, said the official, was patience and face-to-face communication to explain the project, handle concerns and build trust.
State and federal agencies have their own information disconnections. One state CIO said she worked for a year and a half to get five justice agencies to talk, spending most of that time with their attorneys deciding if they could even divulge what they should share. Another state CIO said that while Tom Ridge has called for coordinated state homeland security plans, no guidelines have been issued on how to develop them, so states are left collecting information, waiting for some direction.
And the story is similar among federal agencies as well. "The list that Customs checks against is not the same one that INS checks against," said Flyzik, "and that's not the same one the FBI uses."
The extent - and the potential consequences - of such a data disconnect was exposed when, six months after Mohamed Atta and Marwan al-Shehhi crashed two airliners into the towers, the INS sent them student visas for flight training.
There is some urgency in resolving the problems of information sharing and cooperation. On one hand are warnings that more attacks will occur, "not if, but when." On the other hand is the fact that things have been relatively quiet for nearly a year, and the public pressure to get these tough problems resolved may be dwindling. "The public has hit the snooze switch and gone back to sleep," said Eric E. Holdeman, of the King County, Wash., Office of Emergency Management. "The window of opportunity is coming to a close."
IPC delegates agreed that the goal of information sharing is not to share "everything all the time," saying instead that information should be available when and where it is needed, and security should be sufficient to reassure the data owners so that sharing with authorized parties can occur. "Public utilities don't want to tell you where every transformer is," said one participant, "but in an emergency, you should be able to find them."
Flyzik said that a vision of what a border information system should look like, for example, would be that when a person or an object comes across the border, there would be connections between various systems to make pertinent data available. "In the short run," he said, "we can put middleware in place, use data mining tools and analytical tools that check all these watch lists. We don't necessarily need to know the source of the information. What we care about is that that person or thing is of interest to someone, and [the system] triggers it to go back to the group that needs to take action."
Progress in the Face of Reality
In the meantime, pieces of what may eventually comprise a comprehensive information sharing system are being implemented. The INS last December was given $37 million to develop SEVIS, the Student and Exchange Visitor Information System, to track student visa holders. The deadline for colleges and universities to link to the new system is Jan. 1, 2003.
However, Sen. Dick Durbin said in a Senate hearing recently that the INS six years ago was charged with developing a system to keep track of visa holders who exit the country so that an "inventory" could be maintained of people in the country on visas. Durbin complained that at a recent meeting, Justice officials said they were "years away" from completing such a system.
Durbin went on to say that the FBI has some of the last computers in existence that don't even have a "word search" capability. He compared homeland security technology to the United States' program to develop an atomic bomb. That project - which began in 1939 - languished until Pearl Harbor was attacked, at which time sufficient authority and money was allocated and the job got done. Durbin called for an information technology "Manhattan Project" in the cause of homeland security.
IPC delegates, did have some good news, however. A FEMA delegate said his agency will roll out a disaster management portal this summer, and a second more comprehensive version by the end of the calendar year. And Flyzik cited project SAFECOM as an intergovernmental project that will have broad benefits.
"The intent of Project SAFECOM," said Treasury Deputy CIO Mayi Canales recently in a release, "is to accelerate the implementation of interoperable public safety wireless communications at all levels of government throughout the nation. The goals of the program are to save lives through immediate public safety communications and coordination. By addressing federal to federal, federal to state/local, and state to local interoperability we will be able to provide effective public safety and emergency support communications for not only emergency response situations, but also for daily operations and task-force support for public safety agencies." Canales said Treasury would use an enterprise architecture working group "to identify interoperability requirements across all levels of government, and to achieve interoperability solutions and cost savings through standardization, resource sharing, frequency spectrum management, and sharing of information between partners."
Flyzik said that local first responders and local FBI agents have been leading the way in intergovernmental cooperation and information sharing. King County's Holdeman agreed, saying his county reached out to local FBI agents, and now the FBI participates in the county's emergency operations. "We had to build the cooperation," Holdeman said. "Cooperation is not a naturally occurring event."
State officials are working on data-sharing issues as well, and Aldona Valicente, president of the National Association of State CIOs (NASCIO), said her group is about to issue a white paper on data integration.
"This is history in the making," Flyzik said. "There has never been anything done to this scale since World War II." Motivating it, he said, are the pictures of planes flying into the Trade Center towers. "We know the stakes," he said. "The stakes are lives."