[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]



 
ORGANIZATIONAL AND POLICY PROPOSALS FOR THE FISCAL YEAR 2008 DEPARTMENT 
                  OF HOMELAND SECURITY AUTHORIZATION:

=======================================================================


                              FULL HEARING

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                             MARCH 20, 2007

                               __________

                           Serial No. 110-18

                               __________

       Printed for the use of the Committee on Homeland Security
                                     
[GRAPHIC] [TIFF OMITTED] CONGRESS.#13

                                     

  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html

                               __________


                  U.S. GOVERNMENT PRINTING OFFICE
35-277                    WASHINGTON : 2009
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office  Internet: bookstore.gov Phone: toll free (866) 512-1800 
Fax: (202) 512-2250  Mail: Stop IDCC, Washington, DC 20402-0001




                     COMMITTEE ON HOMELAND SECURITY

               BENNIE G. THOMPSON, Mississippi, Chairman

LORETTA SANCHEZ, California,         PETER T. KING, New York
EDWARD J. MARKEY, Massachusetts      LAMAR SMITH, Texas
NORMAN D. DICKS, Washington          CHRISTOPHER SHAYS, Connecticut
JANE HARMAN, California              MARK E. SOUDER, Indiana
PETER A. DeFAZIO, Oregon             TOM DAVIS, Virginia
NITA M. LOWEY, New York              DANIEL E. LUNGREN, California
ELEANOR HOLMES NORTON, District of   MIKE ROGERS, Alabama
Columbia                             BOBBY JINDAL, Louisiana
ZOE LOFGREN, California              DAVID G. REICHERT, Washington
SHEILA JACKSON LEE, Texas            MICHAEL T. McCAUL, Texas
DONNA M. CHRISTENSEN, U.S. Virgin    CHARLES W. DENT, Pennsylvania
Islands                              GINNY BROWN-WAITE, Florida
BOB ETHERIDGE, North Carolina        MARSHA BLACKBURN, Tennessee
JAMES R. LANGEVIN, Rhode Island      GUS M. BILIRAKIS, Florida
HENRY CUELLAR, Texas                 DAVID DAVIS, Tennessee
CHRISTOPHER P. CARNEY, Pennsylvania
YVETTE D. CLARKE, New York
AL GREEN, Texas
ED PERLMUTTER, Colorado
VACANCY

       Jessica Herrera-Flanigan, Staff Director & General Counsel

                        Todd Gee, Chief Counsel

                     Michael Twinchek, Chief Clerk

                Robert O'Connor, Minority Staff Director

                                  (ii)


                            C O N T E N T S

                              ----------                              
                                                                   Page

                               STATEMENTS

The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security..............................................     1
The Honorable Peter T. King, a Representative in Congress From 
  the State of New York, and Ranking Member, Committee on 
  Homeland Security..............................................     2
The Honorable Gus M. Bilirakis, a Representative in Congress From 
  the State of Florida...........................................    21
The Honorable Christopher P. Carney, a Representative in Congress 
  From the State of Pennsylvania.................................    22
The Honorable Yvette D. Clarke, a Representative in Congress From 
  the State of new York..........................................    24
The Honorable Henry Cuellar, a Representative in Congress From 
  the State of Texas.............................................    13
The Honorable David Davis, a Representative in Congress From the 
  State of Tennessee.............................................    13
The Honorable Charles W. Dent, a Representative in Congress From 
  the State of Pennsylvania......................................    16
The Honorable Bob Etheridge, a Representative in Congress From 
  the State of North Carolian....................................    18
The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas........................................    48
The Honorable Eleanor Holmes Norton, a Delegate in Congress From 
  the District of Columbia.......................................    46
The Honorable Christopher Shays, a Representative in congress 
  From the State of Connecticut..................................    26

                               Witnesses
                                Panel I

Mr. Robert A. Mocny, Acting Director, US-VISIT, Department of 
  Homeland Security:
  Oral Statement.................................................     3
  Joint Statement................................................     5
    Accompanied by,
Mr. Richard Robert Zitz, Deputy Under Secretary for Preparedness, 
  Department of Homeland Security................................
Oral Statement...................................................     9
Mr. Richard Stana, Director, Homeland Security and Justice 
  Issues, Government Accountability Office.......................     7

                                Panel II

James Jay Carafano, Ph.D., Senior Fellow, The Heritage 
  Foundation:
  Oral Statement.................................................    33
  Prepared Statements............................................    35
Ms. Michele A. Flournoy, President and Co-Founder, Center for a 
  New American Security:
  Oral Statement.................................................    29
  Prepared Statement.............................................    31
Mr. Asa Hutchinson, Founder Partner, Hutchinson Group:
  Oral Statement.................................................    39
  Prepared Statement.............................................    40

                               Appendixes

Appendix A:  For the Record:
  The Honorable Tom Davis, a Representative in Congress, From the 
    State of Virginia, Prepared Statement........................    55
Appendix B:  Questions and Responses:
  Mr. Robert A. Mocny Responses..................................    57
  Mr. Richard Stana Responses....................................    62
  Mr. Richard Robert Zitz Responses..............................    65


                  POSITIONING US-VISIT FOR SUCCESS AND



      ESTABLISHING A QUADRENNIAL HOMELAND SECURITY REVIEW PROCESS

                              ----------                              


                        Tuesday, March 20, 2007

                     U.S. House of Representatives,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The committee met, pursuant to call, at 10:06 a.m., in Room 
311, Cannon House Office Building, Hon. Bennie Thompson 
[chairman of the committee] presiding.
    Present: Representatives Thompson, Harman, Norton, Jackson 
Lee, Etheridge, Cuellar, Carney, Clarke, King, Shays, Dent, 
Bilirakis, and Davis of Tennessee.
    Chairman Thompson. [Presiding.] The Committee on Homeland 
Security will come to order.
    The committee is meeting today to receive testimony on 
Organizational and Policy Proposals for the Fiscal Year 2008 
Department of Homeland Security Authorization: Positioning US-
VISIT for Success and Establishing a Quadrennial Homeland 
Security Review Process.
    I called this hearing today to look at two issues that are 
extremely important the security of this country, US-VISIT and 
the strategic planning for the Department of Homeland Security.
    We welcome our witnesses and look forward to the productive 
discussion.
    For over 10 years, Congress has called for the development 
and implementation of an entry-exit system to ensure that we 
know who is entering and leaving the country. I have watched 
with great interest the department's efforts to implement US-
VISIT.
    While I applaud the department for its efforts, there is 
still a long way to go. The exit piece of the system seems no 
closer to being implemented than when it was first authorized 
over 10 years ago.
    We have a vested interest in seeing US-VISIT succeed. That 
is why we have a lot of questions about the recent decision to 
move US-VISIT to the National Protection and Programs 
Directorate.
    The skeptic in me wants to say that instead of fixing what 
is wrong with the program, the department is redefining it and 
moving it around. We have seen this before. It falls to Mr. 
Mocny and Mr. Zitz to convince us that this move will bring 
about the results that Congress is seeking.
    I am inclined to believe that the right place for US-VISIT 
may be at Customs and Border Protection, the agency that 
actually does screening at the border. After all, SBInet and 
the Western Hemisphere Travel Initiative are both located 
within CBP.
    I am concerned that this move will create new stovepipes 
between CBP and US-VISIT. Our security cannot wait for the 
problems to make their way up the chain of command.
    Additionally, we will be looking today at how to ensure a 
clear and coherent strategy behind US-VISIT as well as the 
department's other vital problems.
    One of the ways to do this is to provide a way for the 
department to better organize its strategic planning. Congress 
has mandated that Department of Defense undertake quadrennial 
reviews. We are here today to see if a similar process will 
work for the department.
    A clear vision for the department and a strong US-VISIT 
program are key issues that will likely be considered in the 
authorization bill that the committee expects to take up next 
week.
    So we have some important matters before us, and I look 
forward to the witnesses' testimony.
    The chair now recognizes the ranking member of the full 
committee, the gentleman from New York, Mr. King, for an 
opening statement.
    Mr. King. Thank you, Mr. Chairman. I appreciate the time.
    And I also want you to know how I fully support the purpose 
of this hearing. I think it is essential that we move US-VISIT 
forward.
    Where we may have a difference and we will wait until the 
hearing is completed as to whether or not US-VISIT should be in 
CBP, my own instinct and somewhat educated guess is that we 
allow the Department of Homeland Security to go through with 
the reorganization that both has been within the department and 
which has been imposed on it, rather than having another 
change.
    On the other hand, obviously US-VISIT has not achieved what 
it was supposed to. We still do not have the exit portion of 
the program functioning. But I am right now reluctant to 
support it being in CBP.
    Having said that, I look forward to the hearing. I look 
forward to reading the testimony and seeing how this process 
goes forward.
    As far as the quadrennial review, I do believe that that is 
something that should be done. It is modeled on what is 
happening at the Pentagon or what has gone on at the Pentagon, 
and I believe this is something that we should have.
    So with that, I will yield back the balance of my time and 
look forward to the hearing as we go forward. Thank you.
    Chairman Thompson. Thank you very much. Other members of 
the committee are reminded that, under the committee rules, 
opening statements may be submitted for the record.
    Our first panel of witnesses will include Mr. Robert Mocny, 
who is the acting director of the US-VISIT program. Our second 
witness is Mr. Richard Stana, director of homeland security and 
justice issues at the Government Accountability Office. And our 
third witness is Mr. Robert Zitz, deputy undersecretary for 
preparedness at the Department of Homeland Security.
    Without objection, the witnesses' full statements will be 
inserted in the record.
    I now ask each witness to summarize his or her statement 
for the record, beginning with Mr. Mocny, for his statement.
    Mr. Mocny?

   STATEMENT OF ROBERT A. MOCNY, ACTING DIRECTOR, US-VISIT, 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Mocny. Thank you.
    Chairman Thompson, Ranking Member King, distinguished 
members of the committee, thank you for inviting me to explain 
the rationale for placing US-VISIT under the proposed National 
Protection and Programs Directorate.
    Let me first say, Mr. Chairman, I have heard, and quite 
frankly, I appreciate and share your concern for US-VISIT. Both 
personally and as the program's strongest advocate, I am eager 
for this change and confident in the future leadership.
    I am honored to be joined by Deputy Undersecretary Zitz, 
who is already a staunch supporter of the program.
    As Mr. Zitz will address, establishment of the NPPD is the 
department's response to Congress' demand for a collaborative 
approach to homeland security that eliminates the short-sighted 
effects of silos.
    At the same time, the directorate will cultivate the 
expertise, the skills and the risk reduction potential of each 
program across the department and effectively utilize that 
across federal, state and local levels to ensure that we can 
identify, mitigate and, where possible, eliminate risks to our 
security.
    By positioning US-VISIT under NPPD, US-VISIT will fully 
realize its congressional mandate and at the same time be 
better equipped to meet our goals to enhance the security of 
our citizens and visitors, protect the privacy and facilitate 
legitimate travel and trade all while ensuring the integrity of 
our immigration and border management system.
    Mr. Chairman, I do not intend to argue that US-VISIT does 
not provide critical support for the screening of foreign 
travelers. It does.
    Nor do I intend to argue that the program is not focused on 
deploying biometric exit screening capabilities. We are 
committed to doing this.
    Nor will I deny US-VISIT's significant irreplaceable role 
in our immigration and border management system. We clearly 
play a crucial role in that system and take pride in that role.
    Rest assured, though, I am here to argue that we would be 
remiss to confine the program to such a narrow focus.
    US-VISIT's biometric-based solutions for identity 
management directly support agencies government-wide, not only 
U.S. Customs and Border Protection, but also Citizenship and 
Immigration Services, Immigration and Customs Enforcement, the 
Coast Guard, other DHS components including TSA, and also the 
Departments of Justice and State and the intelligence 
community.
    The biometric information that US-VISIT collects, stores 
and manages is just one part of the service that we provide to 
these entities. The other part is the analysis and vehicle for 
delivery of this information.
    It is this other part that makes us different from, though 
very critical to, the work that our immigration and border 
management programs do.
    Mr. Chairman, your passionate commitment as well as this 
entire committee to ensuring that our first lines of defense, 
those decision-makers at the state and local level, have the 
necessary tools when and where they need them to protect our 
country that passion and commitment is simultaneously driving 
US-VISIT's realignment with NPPD so that we can expand this 
information-sharing across even more lines of defense, such as 
critical infrastructure and cybersecurity.
    Today, I wanted to share some real-life examples of what 
US-VISIT has currently enabled agencies across federal, state 
and local levels to do.
    A person traveling under the Visa Waiver Program arrived at 
a U.S. airport. Although the name did not hit against any 
biographic watch list, the person's biometric matched those of 
US-VISIT. CBP officers confirmed the person's true identity and 
history of heroin smuggling and passport forgery. US-VISIT's 
services helped CBP deny this known criminal entry.
    Recently, sheriff officials submitted an assault suspect's 
fingerprints during a routine booking procedure. Because of a 
new process testing the interoperability of US-VISIT's and the 
FBI's fingerprint databases, the fingerprints were checked 
against criminal and immigration information.
    In the past, biometrics confirmed the person's criminal and 
immigration violation history. This new process notified law 
enforcement and immigration officials of this information, and 
now DHS will be able to remove this person after local 
prosecution.
    Recently, the Coast Guard arrested 22 migrants attempting 
to enter the United States through the Mona Pass between Puerto 
Rico and the Dominican Republic.
    Because of the biometric matching to US-VISIT data, part of 
the pilot program to use biometrics to establish and verify 
true identities of persons at sea, three of these persons are 
now being prosecuted.
    And finally, even more recently, a smuggling and kidnaping 
suspect was identified in our systems after our fingerprint 
examiners removed latent prints from a crime scene that was 
provided to us by ICE.
    These cases are only a few of the many successes that US-
VISIT is facilitating. The very cross-cutting nature of this 
program demands structure and leadership that will foster 
intergovernmental collaboration to provide the nation with 
imperative risk reduction capabilities. The NPPD provides such 
a platform.
    Mr. Chairman, it is a comfort to know that there are 
advocates like you for this program. As an advocate myself, I 
believe this move will enable US-VISIT to expand its value to a 
breadth of agencies.
    Our nation's security requires this of us. And thank you.
    [The statement of Mr. Mocny and Mr. Zitz follows:]

      Prepared Joint Statement of Robert Zitz and Robert A. Mocny

                             March 20, 2007

    Chairman Thompson, Ranking Member King, Members of the Committee--
Good Morning. Thank you for the opportunity to appear before you to 
discuss the National Protection and Programs Directorate (NPPD) and the 
movement of US-VISIT into this new Directorate.
    Secretary Chertoff and the Department continue to make progress in 
many areas. Our mission is straightforward and guided by four goals:
        Goal 1. Protect our Nation from Dangerous People
        Goal 2. Protect our Nation from Dangerous Goods Goal
        Goal 3. Protect Critical Infrastructure
        Goal 4. Build a Nimble, Effective Emergency Response System and 
        a Culture of Preparedness
    In an interconnected and interdependent global economy, managing 
risk requires adaptability to a wide range of individual scenarios. 
These scenarios create a very complex risk environment when it comes to 
protecting America. The risk environment is dynamic and our approach to 
managing this risk environment must be equally dynamic.
    Our approach is focused on the most significant risks; we apply 
resources in the most practical way possible to prevent, protect 
against, and respond to manmade and natural hazards. That means making 
tough-minded assessments and recognizing that it is simply not possible 
to eliminate every threat to every individual in every place at every 
moment. Discipline is required to assess threats, review 
vulnerabilities, and weigh consequences; we then have to balance and 
prioritize our resources against those risks so that we can ensure that 
our Nation is protected.
    Decades of experience in dealing with natural disasters have 
provided sufficient data to understand their risk. By contrast, there 
have been far fewer terrorist events within the United States, making 
our comprehension of risk less encompassing.
    We must continue to guard against infiltration of this country by 
international terrorists who have the capability and intent to cause 
damage to our people and our economy. The most recent illustration of 
this kind of a scenario is the plot in London that was uncovered last 
summer. Had it been successful, it would have cost the lives of 
hundreds of people and could have dealt a significant blow to the 
functioning of our entire system of international trade and travel.
    We have to recognize that there are individuals who sympathize with 
terrorist organizations or embrace their ideology and who are prepared 
to use violence as a means to promote a radical, violent agenda. To 
minimize this potential emerging threat, we have to work across 
Federal, State, and local jurisdictions to prevent domestic terrorism.
    Risk is interdependent and interconnected and must be managed 
accordingly. For example, a port closure will not only have an impact 
on a given port area, but also on manufacturing facilities thousands of 
miles away that depend on the timely delivery of materials. One of the 
best examples of this interdependency is petroleum refinery capacity 
along the Gulf Coast following Hurricane Katrina. The day before 
Hurricane Katrina, facilities in Houston, Texas, produced 25 percent of 
the Nation's petroleum. The day after Hurricane Katrina, with the 
facilities closed along the Gulf Coast, these same facilities were 
producing 47 percent of the Nation's petroleum. This example 
demonstrates how significant supply chain interdependencies are in 
managing a full range of risk. So we understand that managing risk 
requires us to look at a broad continuum across a wide geographical 
area.
    The National Protection and Programs Directorate is being created 
so that the United States is better prepared to meet these challenges.

NPPD Mission and Overview
    The main responsibility of the NPPD is to advance the Department's 
risk-reduction mission. To achieve this goal, the NPPD protects 
infrastructure through the identification of threats and 
vulnerabilities. It develops risk-mitigation strategies and defines and 
synchronizes Departmental doctrine for protection initiatives that 
involve significant coordination and integration of efforts among our 
Federal counterparts and partners in the State, local, tribal, and 
private sector communities. The Department's ability to identify and 
assess risks to the Nation depends to a significant degree on its 
capacity to detect and evaluate threats to the United States.
    Threats posed by individuals wishing to do the Nation harm 
generally fall into two categories: physical and virtual. Reducing risk 
requires an integrated approach that encompasses these physical and 
virtual threats, as well as the human elements that pose those threats. 
Currently, there are multiple components within DHS working 
independently to reduce our comprehensive risk. Three of these are:
         The Office of Infrastructure Protection (IP), which 
        addresses physical risks;
         The Office of Cyber Security and Communications 
        (CS&C), which addresses cyber risks; and
         US-VISIT, which addresses human risks.
    All three of these offices use the same approach to reduce risk by 
utilizing data gathering, data analysis, and dissemination of 
information to operators.
    DHS believes that it can increase the synergies between, and 
improve the output of, the aforementioned offices by not only 
recognizing their commonalities, but also integrating their work more 
closely.
    All these programs are flexible, critical resources that can be 
leveraged by any agency within DHS. This structure promotes information 
sharing and integration, both of which are key to the Department's 
long-term strategy for developing a unified immigration and border 
management enterprise. Expanding access to US-VISIT's identity 
management services supports three of the NPPD's critical missions:
         Fostering stronger and better integrated national 
        approaches among key strategic homeland security activities;
         Protecting the Nation's critical infrastructure, both 
        physical and virtual; and
         Enhancing the security of our citizens and visitors by 
        facilitating legitimate travel with appropriate safeguards.

The US-VISIT Program
    The US-VISIT program was created in response to a congressional 
mandate for an entry/exit system. In the beginning, it expended 
considerable effort to support the Customs and Border Protection (CBP) 
officers responsible for screening travelers applying for admission 
into the United States, as well as the Department of State consular 
officers who issue visas. However, US-VISIT has expanded its role and 
now provides significant support to U.S. Citizenship and Immigration 
Service (USCIS), Immigration and Customs Enforcement (ICE), the U.S. 
Coast Guard (USCG), and other DHS components; the Department of 
Justice; and the intelligence community.
    The US-VISIT program is leading one of the Department`s key 
initiatives--the transition from 2-print to 10-print capture and 
interoperability, an initiative that will include not only the 
Department of Justice, but State and local law enforcement entities as 
well.
    US-VISIT is supporting DHS' goals of promoting international 
information sharing and screening by working with other countries that 
are currently developing, or interested in developing, their own 
biometrics-based systems. Close ties with the Department of State and 
its BioVisa Program are also extending the boundaries of the United 
States beyond the country's physical borders, to the point where the 
biometrics of all visa applicants are collected and used for risk and 
threat assessment purposes long before those individuals enter our 
country.
    These myriad efforts do not divorce US-VISIT from its initial 
purpose; rather, they allow the program to fulfill its potential as an 
identity management services program. US-VISIT provides the capability 
for agencies with immigration and border management responsibilities to 
establish an individual's identity through the capture of biometric 
information and its association with biographic information. US-VISIT 
enables the enrollment and subsequent verification of an individual's 
identity at any point within the immigration and border management 
process. Through identity management, decision-makers will be able to 
access information (appropriate to their business needs) that is 
associated with any one individual, including results of watch list and 
criminal background checks.
    By increasing the number of individuals known to the United States 
(and to our allies), we are allowing our governments to focus precious 
time and resources on unknown individuals and those who may wish to do 
us harm. Thus, the inclusion of US-VISIT with other risk-reduction 
activities will increase the program's ability to serve as a risk-
reduction service provider across the Department as a whole.

Closing
    When Congress passed legislation to create the Department of 
Homeland Security, it sent a clear message that bureaucratic turf 
battles and programmatic ``stove piping'' needed to stop. The solution 
to the protection of the homeland was a single entity empowered with a 
broad, cooperative outlook to address the challenges that face our 
Nation. With its mission to support all DHS components and Executive 
Branch agencies, the NPPD is exactly the kind of post-9/11 cooperative 
thinking that Congress called for when it authorized the creation of 
DHS.
    Let me assure the Committee that all of the benefits to border 
security which US-VISIT has brought to CBP and other agencies 
responsible for protecting our Nation will continue to be delivered by 
the new reporting structure. US-VISIT and its biometric identity 
management capabilities will continue to be available to all DHS 
components.
    I would like to thank the Committee for its time today, and I 
welcome your perspective on the themes I have articulated.

    Chairman Thompson. Thank you for your testimony.
    I now recognize Mr. Stana to summarize his statement for 5 
minutes.

  STATEMENT OF RICHARD STANA, DIRECTOR, HOMELAND SECURITY AND 
        JUSTICE ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Stana. Thank you, Chairman Thompson and members of the 
full committee. I am pleased to be here today to discuss the 
status and direction of the US-VISIT program.
    As you know, the program is designed to collect, maintain 
and share data on selected foreign nationals entering and 
leaving the country at air, sea and land ports of entry. Data 
is captured to learn and verity visitors' identities, screen 
information against watch lists, and record arrival and 
departure.
    My prepared statement summarizes our work over the last 
several years on the status of the program, but for now I would 
like to summarize three key points.
    First, although US-VISIT has conducted exit demonstration 
projects at a small number of ports, a biometric exit 
capability is currently not available.
    At land ports, implementing a biometrically based exit 
recording system that mirrors entry would require more than $3 
billion in new infrastructure and could produce major traffic 
congestion because travelers would have to stop their vehicle 
upon exit for processing.
    The RFID technology tested at five land ports was subject 
to numerous performance and reliability problems in fact, it 
had a success rate of only 14 percent in one test and provided 
no assurance that the person recorded as leaving the country is 
the same one who entered.
    At air and sea ports, the exit environment could support a 
biometric exit capability, although the exit alternative tested 
was estimated to have a 24 percent compliance rate.
    It is important to note that DHS has not yet provided to 
Congress a statutorily mandated report which was due by June 
2005 on plans to fully implement the entry-exit program.
    Second, DHS deserves credit for installing the entry 
portion of US-VISIT at nearly all of the air, sea and land 
ports, and this was done with minimal new construction or 
changes to existing facilities.
    But officials at 12 of the 21 land ports we visited told us 
about US-VISIT-related computer slowdowns and freezes that 
adversely affected processing times and could have compromised 
security.
    These problems were not routinely reported to headquarters 
in part because of the lack of coordination between US-VISIT 
and CBP.
    The introduction of 10-fingerprint technology and e- 
passports could help with the traveler identification process, 
but they could also increase inspection times and crowding and 
affect port operations at aging and space- constrained 
facilities.
    Lastly, US-VISIT continues to face longstanding management 
challenges. Importantly, after spending 4 years and over $1 
billion on the program, US-VISIT has not yet issued a strategic 
plan that articulates how it will strategically fit with other 
border security initiatives and mandates such as the Secure 
Border Initiative and the Western Hemisphere Travel Initiative, 
nor has it put in place selected management processes and 
controls to better ensure effective program implementation and 
to reduce program risks.
    In the limited time I have remaining, I would like to raise 
three issues that members of this committee may wish to 
consider in connection with the theme of today's hearing.
    First, a clear mission statement and a strategic plan 
provide the foundation for the expectations and results that 
any organization seeks to achieve. With respect to US-VISIT, 
the mission is both knowing who is entering and leaving the 
country and managing identity information.
    While the primary focus had been on deploying an entry- 
exit system, more recently increased emphasis is being placed 
on managing identity information under Unique Identity.
    Without a strategic plan, we do not know how US-VISIT will 
balance resources and levels of effort between the two 
missions, and DHS stakeholders are less certain what to expect 
in their areas of interest.
    And if the primary focus shifts to Unique Identity, who 
will take responsibility for implementing an exit capability?
    Second, any organization's alignment needs to support its 
mission and strategic goals. Where a component is placed on an 
organization chart usually follows from an alignment of its 
activities, core processes and resources with those of key 
stakeholders.
    If US-VISIT's primary mission is to be Unique Identity, 
then alignment with NPPD could be appropriate. If the primary 
mission is implementing entry-exit, then alignment with key 
stakeholders, like CBP, SBI, Trusted Traveler programs and so 
on, would seem appropriate.
    Either way, the alignment decision should flow from the 
mission and the plan, not the other way around. And appropriate 
crosswalks need to be established to ensure effective 
coordination with the other aligned components.
    And third, what does Congress think the US-VISIT program 
should accomplish and by when? By statute, the program is to 
both implement an entry-exit system and manage identity 
information.
    But what is Congress' priority? At this point, is it more 
important to roll out a unique identity program? Is it to shore 
up the entry program at the ports? Or is it to implement an 
exit capability?
    Knowing this could help inform DHS where the US-VISIT 
program should be located.
    It is also important to note that there currently is no 
statutory deadline for deploying an exit capability. Right now, 
exit demonstration projects are planned or under way at 12 of 
115 airports, two of 14 seaports, and none of the 170 land 
ports.
    DHS has not yet set a date for full implementation, nor has 
it articulated what the biometric exit capability will 
ultimately look like.
    This concludes my oral statement, and I would be pleased to 
respond to any questions that members of the committee may 
have.
    [The statement of Mr. Stana follows:] \1\
---------------------------------------------------------------------------
    \1\ GAO, Homeland Security: US-VISIT Program Faces Operational, 
Technological, and Management Challenges, GAO-07-632T (Washington, 
D.C.: Sept. 19, 2003).
---------------------------------------------------------------------------
    Chairman Thompson. Thank you very much for your testimony. 
I now recognize Mr. Zitz for any comments he may have, 
recognizing that you submitted a joint statement with Mr. 
Mocny.

     STATEMENT OF RICHARD ZITZ, DEPUTY UNDER SECRETARY FOR 
                  PREAPREDNESS, DEPARTMENT OF

    Mr. Zitz. Chairman Thompson, Ranking Member King, 
distinguished members of this committee, thank you for inviting 
me today to appear before you and discuss the realignment of 
US-VISIT into the department's newly established National 
Protection and Programs Directorate, or NPPD.
    I would like to begin this morning by noting I am pleased 
to be joined by Bob Mocny, acting director of US-VISIT. The 
many successes already demonstrated by US-VISIT are due in 
large part to Bob's leadership and the talent and dedication of 
the entire US-VISIT team.
    Also by Rich Stana, director of homeland security and 
justice issues of GAO. We appreciate the ongoing dialogue with 
GAO.
    The secretary has provided clear direction in the steps the 
department needs to take to enhance our protection of America. 
His goals are clear: One, protect the nation from dangerous 
people. Two, protect the nation from dangerous things. Three, 
counter the threat of weapons of mass destruction. Four, 
protect the nation's critical infrastructure. Five, build a 
culture of preparedness and strengthen our ability to respond.
    It is with the congressional changes in response to Katrina 
and with the secretary's goals in mind that NPPD was formed. 
NPPD integrates the risk reduction activities of the Office of 
Infrastructure Protection, the Office of Cybersecurity and 
Communications and US-VISIT.
    I can assure you that the department's decision to include 
the US-VISIT program as part of NPPD was neither arbitrary nor 
capricious. Rather, this decision is based on sound management 
principles.
    The main responsibility of NPPD is to advance the 
department's risk reduction mission. Risk reduction is about 
getting the right information into the right hands in time to 
act.
    The department's ability to identify and assess risk to the 
nation depends to a significant degree on its capacity to 
detect and evaluate threats to the United States.
    Threats are posed by individuals wishing to do the nation 
harm, and they naturally fall into two categories, physical and 
virtual. Reducing risk requires an integrated approach that 
encompasses human, physical and virtual aspects.
    US-VISIT, infrastructure protection and cybersecurity and 
communications all use the same approach for risk reduction 
through data gathering, data analysis and electronic 
dissemination of information to operators.
    Further, all three offices engage in routine and extensive 
coordination across every level of government and with the 
private sector.
    In addition, by specifically positioning the US-VISIT 
program within NPPD, DHS is aligning the office with other 
components that serve as a departmental-level resource for our 
top decision makers.
    US-VISIT has evolved. When US-VISIT was created in response 
to a congressional mandate for an entry-exit system, it 
expended considerable effort to support the customs and border 
protection officers who are responsible for screening travelers 
who apply for admission into the United States.
    However, US-VISIT also provides significant support to U.S. 
Citizenship and Immigration Service, Immigration and Customs 
Enforcement, the U.S. Coast Guard, the Departments of State and 
Justice, the intelligence community, and other DHS components.
    The US-VISIT program will continue to fulfill its 
critically important entry-exit identity management services. 
Its inclusion in NPPD will not diminish this responsibility.
    Rather, its inclusion in NPPD recognizes the far- reaching 
impact of its innovative people, processes and technologies to 
help break down stovepipes, enhance information sharing, and 
further reduce risks to the nation.
    The US-VISIT program in its innovative biometrics-based 
technology solutions offers a range of opportunities for 
information-sharing and risk-reduction activities beyond their 
core mission.
    We won't take our eye off the ball. US-VISIT has clear 
deliverables that must be realized. But it would be an 
opportunity lost to not take advantage of its additional 
potential. Thank you for your time this morning, and I look 
forward to answering any questions you may have.
    Chairman Thompson. Thank you very much for your testimony, 
each of you.
    I now thank the witnesses for their testimony, and I yield 
myself 5 minutes.
    Mr. Mocny, US-VISIT in its inception was supposed to be an 
entry-exit program. Do you have enough history to know why we 
have shifted the emphasis of the original intent of the 
program?
    Mr. Mocny. I believe I do, Mr. Chairman. I was formerly 
with the Immigration Service, and I was the director of the 
entry-exit program prior to the DHS being stood up.
    And then we moved into DHS and we became the US-VISIT 
program through a series of name changes. So frankly, I have 
been there from the very beginning.
    And you are absolutely right. This was about the 
establishment of several sections of law passed back as far as 
1996 when Congress first became interested in the illegal 
immigration population.
    There were laws passed in 2000 that called for the Visa 
Waiver Program having an automated entry-exit system. And then 
9/11 occurred, and of course, we know the laws that are passed 
since then.
    And repeatedly, the Congress has said that we needed to 
have a better way of managing our foreign nationals coming 
into, staying in and leaving from the United States.
    So where we were first stood up and if I can kind of 
analogize it to a police case where you have to get the 
perimeter secured first, that was certainly what it was its 
initial job to do, get the ports of entry fixed, get the 
Department of State biometric visa issuing process stood up, so 
you stem the tide and have the perimeter secure.
    We have always had, from the very beginning, a five- 
process approach to this. There is pre-entry, which, of course, 
is the State Department and anything we might gather from the 
airlines via the Visa Waiver Program and Advance Passenger 
Information Service.
    There is entry, which is clearly a CBP role, which is when 
that person arrives at a port of entry. Then there is status 
management, what happens to that individual once they get here. 
And then there is exit. Of course, we are talking about that. 
And finally, analysis.
    So between pre-entry, entry, status management, exit and 
analysis the US-VISIT strategic plan and thinking has always 
been around those five core business processes. We are focused 
today, or have been, on the entry process as appropriate.
    We need to focus on the exit part, which we will be able to 
do. But I can tell you that, as the deputy undersecretary 
states, we have evolved, and we have evolved as planned from 
just entry to now a larger piece.
    Chairman
    So are you telling the committee today that we have both 
the entry and exit components established and in place?
    Mr. Mocny. Absolutely not, no. We have the entry 
established, clearly, at the 119 airports and the seaports and 
the 154 land-water ports of entry, that which was mandated by 
Congress to be completed by 2003, 2004, 2005, every December 
31st.
    The exit portion is something that we have to work on. 
There was no date as Mr. Stana indicated, no date given for 
that particular piece of it, but we clearly are working on 
exit. We have got some pilot programs that we are running. And 
that is something we want to address this year at the air 
locations.
    Chairman Thompson. Okay. Well, I guess, then, there is 
obviously two different schools of thought from the testimony.
    You just referenced a strategic plan. Can you provide the 
committee with a copy of your strategic plan for the US- VISIT 
program?
    Mr. Mocny. That is the goal that we are trying to get that 
through the process here. It is certainly going to be part of 
our appropriations. And we owe you a 7208 report as part of the 
Intelligence Reform Act to get that to you.
    And all I can say is we are working through the process, 
through DHS, through OMB, but the plan is to get you that plan 
so that you can see the broader aspect of the program.
    Chairman Thompson. When was that plan due?
    Mr. Mocny. It was due in 2005, sir.
    Chairman Thompson. So you are 1.5 years behind.
    Mr. Mocny. Yes, sir.
    Chairman Thompson. When can we expect it?
    Mr. Mocny. I was asked to predict this in another committee 
before. I can't give you definitive. I can say soon. I would 
say within weeks. And I hope to say between 30 days and 40 
days. That was the date that I gave last time, and I would 
hope--
    Chairman Thompson. Well, you can understand where we are. 
You tell us that we have a program, we have this, but we don't 
have a plan by which we are operating. And that causes a little 
concern on the part of the committee, because if you don't have 
a plan, then you are saying, ``Trust us and we will do it.''
    I guess the other thing, too is there any idea when the 
department is going to move you away from being acting to being 
the permanent person?
    Mr. Mocny. I have no indication of that. I think there has 
been a desire on some, but I haven't had--
    Chairman Thompson. How long have you been acting?
    Mr. Mocny. For about 10 months, 8 months, 10 months now.
    Chairman Thompson. Yes. You know, one of our criticisms of 
the department historically has been the turnover, the acting 
people in very important positions.
    And the committee has expressed on several occasions, from 
a leadership as well as management perspective, you need 
permanent people in place to get the job done.
    I guess my last comment is to Mr. Stana. Ten years, over $1 
billion, no strategic plan could you from GAO's perspective 
give me your analysis of the program for the committee?
    Mr. Stana. Well, in broad terms, we know that entry is 
pretty much in place. There are a few managerial issues that 
have to be attended to, one of which is making sure proper 
evaluations and performance measures are in place and so on.
    And of course, Mr. Mocny mentioned the 7208 report needed 
to be there.
    Exit is nowhere near completion. There have been some 
pilots at both air--including air, sea and land, none of which 
has been particularly effective. They continue to pilot. There 
is no deadline for completion.
    And although I am sure that the program office would like 
to have it in better shape than that, the fact is exit is 
likely a ways away.
    There are other management issues, not the least of which 
is the one you mentioned. And that is understanding where the 
US-VISIT office is to fit strategically and operationally 
within homeland security.
    Without a strategic plan, not only do you not know exactly 
what to expect of the program, and who is accountable for what, 
and what the linkages are to other related programs, but 
neither do other stakeholders in the department.
    It is not that the unit absolutely has to be located in one 
place or another. But understanding exactly what the program 
is, what it has become, what its strengths, limitations are, 
and how the crosswalks from that program are going to be linked 
to other components is something that is just not known yet.
    I might point out that something in my mind that adds to 
the confusion--when I see paperwork that describes what US-
VISIT is in the NPPD, I see reference to managing identity 
information. I see very few references to entry-exit. And so 
that concerns me.
    Although in the budget documents there is a pledge of sorts 
to complete the entry-exit part of it, it just seems that that 
has taken a secondary role. And I am not sure that that is 
where or how they really want to portray that, or if that 
really is the fact. But that does add to confusion.
    Chairman Thompson. Thank you very much.
    My time has expired.
    I now recognize the gentleman from Tennessee, Mr. Davis.
    Mr. Davis of Tennessee. Thank you, Mr. Chairman. Just to 
follow up on the exit, that seems to be where the problem is 
at. When do you foresee a solution to the exit?
    Mr. Stana. Well, we have known for years that exit is the 
tough part. The Department of Justice inspector general did a 
report back in the late 1990s about the predecessor, the I-94 
form that you are supposed to turn in, and what some of the 
problems were getting a reliable count on people leaving using 
that form.
    DMIA task teams have done two reports on the exit process, 
and both have pointed to problems with getting an effective 
technology to help out so that you don't slow the lines, 
particularly at land ports. And our own report last December 
pointed it out.
    Now, when is this going to happen? When is it going to be 
completed? I don't know. And I haven't seen a date from the 
department that would give me an indication of when that is 
going to happen.
    I also haven't seen yet from the department any information 
showing exactly what the exit capability is going to look like. 
In fact, it is still being piloted at the air and seaports, and 
there are no pilots currently under way at land ports, so that 
is a completely open question.
    Mr. Davis of Tennessee. Do you have a number of how many 
people are here what I would consider to be illegally if they 
are beyond their visa expiration date? Do you know how many 
people that would be in America?
    Mr. Stana. I have seen estimates from 12 million to 20 
million illegal aliens in the country, and estimates are that 
about 40 percent of those are here as visa overstays. So if you 
do the math, that is roughly five million people here as visa 
overstays.
    Mr. Davis of Tennessee. Thank you. That is all I have.
    Chairman Thompson. Thank you very much.
    We now recognize the gentleman from Texas, Mr. Cuellar.
    Mr. Cuellar. Thank you, Mr. Chairman. Let me talk about US-
VISIT on land ports. Being from a land port and lived all my 
life, I can tell you that there are certain structural issues 
that we have to deal with, which is mainly the facilities.
    I understand technology is important, and I think we have 
spent a lot of money on the technology part of it. But you have 
still got to look at personnel to address it.
    In my district--and I think I have got about 10 ports of 
entry, two international airports, one international rail, 
probably more crossings than any other congressman in the 
nation we get about 12 million north-and southbound pedestrians 
a year, roughly.
     We talk about technology. We have to talk about the right 
staffing. But the other thing, which is an expensive part of 
it, is the infrastructure.
    If I can just have you imagine having a bridge that got 
built there in the late 1950s, the narrow streets that we have 
there at the port of entries, and then thinking about trying to 
get all those people in, and then if we have to do the exit out 
and I am in agreement with the overall goals.
    But if you don't have personnel and, of course, the 
technologies where we spend most of our time on--but if you 
don't have the right infrastructure, because of the crammed, 
constrained facilities, you are going to have difficult times.
    My area has complained, as you know--you have seen some of 
those folks have complained when the US-VISIT was coming in, 
and it was coming from the business people, because people were 
concerned about the impact that it would have on trade and 
business.
    And one of the concerns that I always look at is I believe 
in homeland security, but if it impedes your local economy 
people in Washington, you know, have to make sure that they are 
aware of the local impact on the economy.
    So what I am looking at is what plans do we have for the 
infrastructure investments that we need to have, because you 
can talk about all the beautiful technology, and you can talk 
about trying to get more staffing, but if you don't have the 
infrastructure, because of the constrained spaces and I have 
been to a lot of those bridges there.
    And I have done that for years and years. I mean, port 
entries the POEs. I mean, we are going to be behind the eight-
ball on this simply because of this.
    So I have a responsibility to my constituents, including 
the business community, because of the impact it would have. 
What are your thoughts and this is to all three of you all. 
What are your thoughts on the infrastructure?
    Because there hasn't been an investment on infrastructure. 
There has been little piecemeal--you know, put a little thing 
here, put a little thing here. But if we are going to address 
this issue, we have to look at infrastructure for the port 
facilities.
    Mr. Mocny. Well, Congressman, that is exactly one of the 
reasons why we are looking at the land border differently than 
the air and sea.
    We are committed to getting an air and sea solution 
beginning this year. We are going to be working with the 
airlines so that you do have a viable biometric exit.
    And I would like the committee to understand we do have 
biographic exit today, so everybody who leaves from an airport, 
from a seaport, has that information biographically recorded, 
sent to us by the airlines and by the cruise industry, that 
goes to DHS, and we record the entries and the exits on the 
biographic side.
    But you are right, the biometric side is a challenge. We 
looked at that very issue we had five pilot tests that Mr. 
Stana refers to where we looked at using radio frequency 
technology to capture that data, because there is no 
infrastructure.
    I mean, the air and sea present their own infrastructure 
issues in and of themselves, because we don't have, as many 
nations have, departure control at the air, at the sea, or at 
the land border ports of entry.
    But the land is most critical, and of course that is where 
80 percent of the people come and leave from the U.S. So that 
is why we have taken what we believe to be a more intelligent 
approach by saying air and sea exit we can do and we can 
handle, and we have got that moving ahead as we speak right 
now.
    The land border we are going to have to make sure that we 
have the correct infrastructure or, looking outside the box and 
using perhaps an entry into Mexico as being an entry--an entry 
into Mexico being an exit from the U.S. And not always do you 
have--
    Mr. Cuellar. I am sorry, say that again.
    Mr. Mocny. An entry into Mexico or Canada would be an exit 
from the U.S. And working with the various governments to use 
their infrastructure I mean, you leave the U.S. and then 100 
yards later you are in Mexico or Canada.
    And can we not work with agreements with the countries to 
say rather than us building ourselves just 100 yards north or 
south why don't we utilize the infrastructure just south or 
just north?
    And so those are the kind of questions we are asking 
ourselves. How can we do a recording of exits in a maybe 
incremental approach?
    And that is how we approach things at US-VISIT, is to do 
things in, you know, kind of a slow, piecemeal fashion slow is 
not the right word, but doing it in the appropriate time frame.
    But you are absolutely right. The infrastructure is not 
something why we wanted to impose a biometric exit on 
travelers, because it would be untenable.
    Mr. Stana. Yes. The only thing I would add to that is, you 
know, what Bob Mocny says is exactly right. I mean, it is a 
challenge mostly at land ports.
    And you pointed out as you get into some of these--cities 
San Ysidro or Laredo, El Paso the infrastructure that is 
existing--it has been there for decades.
    It was not built with security in mind. It was built for 
passport control in mind. And now we have kind of piggybacked 
another responsibility there.
    It is not only US-VISIT that is complicating this issue. 
When the Western Hemisphere Travel Initiative kicks in, in the 
next year or two, a similar issue is going to come up--and in 
some respects, an issue that is going to affect many more 
people.
    Only about 1 percent or 2 percent of the people who cross 
through land ports are subject to US-VISIT checks. Many, many 
more are going to be subject to Western Hemisphere checks. And 
that is why technology could play a role.
    There are trusted traveler programs now that you probably 
are familiar with, NEXIS and SENTRI. And they seem to work 
quite well.
    Finding a way to extend those kinds of programs to include 
some kind of biometric identification--you know, with a smart 
card of sorts--may be helpful that you keep traffic moving.
    With respect to using Canada and Mexico using their entry 
as our exit, I would want to make sure that the people in those 
booths in other countries are fully vetted for security reasons 
before I would go down that road too far.
    Mr. Cuellar. Mr. Chairman, my time is up. Could I just ask 
him to provide one information--
    Chairman Thompson. Go ahead.
    Mr. Cuellar. For all three of you all, could you give the 
committee--and I personally want to see this--the list have you 
all done a study on the space constrained areas that we have at 
the port of entries?
    Because I know you mentioned this in your report. I don't 
know if you all have that, but I would like to get that as soon 
as possible. I don't know how fast that would be, but that is a 
big component that we have been missing, the space constrains, 
because they were built years ago.
    And like you said, they were done for another purpose. Now 
we are talking about security, which is totally different.
    Chairman Thompson. Absolutely. Absolutely.
    Mr. Stana. Yes. The latest estimate from the department was 
about $3 billion, and that estimate was made in 2003, to 
correct many of those things.
    So it is not just a handful. It is many of them. Even on 
the northern border and sparsely populated areas, there would 
have to be reconfigurations.
    The other thing to note is that that estimate doesn't 
include all of the infrastructure that would have to change. 
Interstate highways may have to be rerouted. I mean, it is not 
just at the immediate port facility where changes would have to 
be made.
    Mr. Cuellar. Well, I appreciate that information. Thank 
you, Mr. Chairman.
    Chairman Thompson. Thank you very much. We now recognize 
Mr. Dent of Pennsylvania for 5 minutes.
    Mr. Dent. Thank you, Mr. Chairman. Good morning, gentlemen. 
According to DHS' Office of Immigration Statistics, in 2004 180 
million foreign nationals entered the United States as a non-
immigrant status. In 2005, about 175 million people entered.
    Do you know how many of these individuals overstayed their 
visas or authorized stay in the United States?
    Mr. Mocny. I can only quote the estimate that Mr. Stana 
quotes as well, which is about 30 percent to 40 percent of the 
people who come here under the Visa Waiver Program are 
estimated to overstay their visas. But I don't have a hard 
number.
    Mr. Dent. So it is about 30 percent, then.
    Mr. Mocny. That is about right. Mr. Dent.
    Okay. And in 2005, about 2.2 million foreign nationals 
entered the United States under the Visa Waiver Program. How 
many of those folks overstayed? Is it the same percentage for 
the--
    Mr. Mocny. We use the same percentage.
    Mr. Dent. Same percentage. Okay. And then another issue, 
too, that I am concerned about is that, you know, 13 of 17 
terrorists--9/11--had overstayed their temporary visas. And I 
guess the main question is how can the United States government 
not be able to answer this fundamental question about border 
security 5.5 years after 9/11. We have all these people 
overstaying. You say it is 30 percent.
    You know, the 9/11 terrorists came in, and they were on--
they came in here with visas and several overstayed. What are 
the alternatives for gathering exit information, even if it is 
just biographical data, you know, for now that could be 
implemented in the short term?
    So what do we do to make this better?
    Mr. Mocny. Congressman, I appreciate the question, because 
this--it goes to the heart of what US-VISIT has been able to 
do.
    Because we have been able to focus ourselves in not one 
particular mission area, not in just CBP, not just in ICE, not 
just in CIS, we are able to kind of look across the board, 
because at the end of the day, what we are talking about is 
DHS-wide and it is, frankly, U.S. government-wide.
    The exit piece is--and the failure of people to exit needs 
to be analyzed, and we have a unit within US-VISIT, the Data 
Integrity Group, which every single day looks at those overstay 
records, makes some general assumptions about whether or not 
they have left.
    They look at various databases. And at the end of the day, 
they turn over a tranche of records to ICE, Immigration and 
Customs Enforcement, who are able then to develop portfolios 
and go and find those individuals.
    Now, in 290 cases to date--and that is not a lot, but it is 
some where on just the data that the US-VISIT team was able to 
cull, they were able to actually go out and make arrests and 
deport those individuals who have overstayed their visa.
    It might be surprising to some on this committee that we 
have not had that ability to do that in the past. We just 
haven't had the ability to look at the various data bits and 
say this person is, in fact, an overstay. And it might be an 
unconfirmed overstay or a confirmed overstay.
    And so by expanding the capabilities of the US-VISIT 
program department-wide, we are able to look across the board 
at all the data to be able to make that very decision and work 
toward an environment--and our third goal for the program is to 
ensure the integrity of the immigration system.
    And frankly, we need a unit that can focus on those various 
cross-cutting issues.
    Mr. Stana. Mr. Dent, if I might add to that, I think that 
that question you raised has to be parsed. Are we talking 
immigration control or are we talking terror control?
    If we are talking immigration control, then the exit part 
of entry-exit is extremely important, because that gives you 
the idea of who has overstayed. If you are talking terror 
control, entry becomes paramount, because once someone is in 
the country, it doesn't matter when they leave.
    There are some things that US-VISIT can do and, frankly, 
there are some things that perhaps it can't, because it is 
collecting biometric information and it matches it against 
known terrorists on watch lists.
    Somehow or other, this biometric identity unit that is 
being enhanced here has to have the proper links to the 
intelligence community to make sure that not only is 
information on the watch list evaluated but any other leads 
that may be there can be brought to bear on this issue.
    There may be other ways to get to this other than the 
strict entry system, and those ought to be explored. And 
frankly, that is a component that ought to be linked in here 
when we are talking about where organizationally US-VISIT 
should fit in the structure of DHS.
    Where is it linked to the intelligence unit or to the 
national intelligence-gathering apparatus? Where is it linked 
to the science and technology groups? That is an important 
linkage.
    Mr. Zitz. Mr. Dent, if I could add to that, that very 
point--because NPPD is linked to the intelligence community 
through the intelligence apparatus in DHS we have a joint 
activity you are familiar with called High Track, which joint 
intelligence, joint critical infrastructure.
    That is a key linkage. And while I agree entry is paramount 
when you are talking about the terrorism aspect, the fact of 
overstaying a visa can be a correlation with other intelligence 
data that could give us an indicator.
    So again, what is paramount here is being able to marry up 
all the various data streams.
    Mr. Dent. I see my time is up.
    Thank you, Mr. Chairman. I yield back. Thank you.
    Chairman Thompson. Thank you very much.
    We now recognize the gentleman from North Carolina, Mr. 
Etheridge.
    Mr. Etheridge. Thank you, Mr. Chairman. And I apologize for 
being in and out, but we are doing budget work down the hall. 
Mr. Chairman, thank you.
    And again, Mr. Mocny, I believe Mr. Thompson asked this 
question, but let me return to it for a little more specific 
information, if I may. By redefining US-VISIT as an identity 
management system, it seems as though we are slowly moving away 
from Congress' call for an entry/exit system.
    My question is this, and I would appreciate you addressing 
them. Have the threats to the country changed so that there is 
less concern about aliens overstaying their visas?
    And two, what assurances can you give us that you will not 
abandon the exit mission of the system?
    And thirdly, how much money have you dedicated in 2007 for 
exit feature? And is there anything in the 2008 allocation for 
exit?
    Mr. Mocny. Thank you, Congressman.
    No, we haven't abandoned exit at all. And let me briefly 
tell you about the other side of the move into NPPD. We are 
talking about kind of from an operational standpoint how US-
VISIT and the data it gathers can assist across the department 
and outside the department.
    The other reason why that I am a strong advocate of being 
moved into the NPPD is we are going to have an advocate now in 
the undersecretary for the NPPD.
    In the next panel, you are going to hear from Asa 
Hutchinson, who was our undersecretary under the Border and 
Transportation Security Directorate.
    And we had this very debate back in 2003, where to put US-
VISIT, and to say, ``Well, should we be in CBP because it is 
ports of entry?'' ``No, it should be in ICE because it is about 
overstays.''
    Well, maybe it should be somewhere above the mission space 
of those two entities right there. And so that is why the 
decision at that point was to put us into the BTS, the Border 
and Transportation Security Directorate.
    Our customer base has now grown. We now service the Coast 
Guard. We now service the Transportation Security 
Administration, Citizenship and Immigration Services, and now 
state and local police officers and the intelligence community.
    And by virtue of having our customer base grow and us 
providing identity services to more and more operational 
entities, we believe it is appropriate to be put into the NPPD.
    I will say this, that as our commitment to exit we have $7 
million appropriated and assigned in 2007, but we have $39.5 
million in our 2006 spend plan which--or appropriations which 
is yet to be extended on the exit piece.
    So we believe we have sufficient funding with the 2006 
remaining and the 2007 to begin the process of air and sea 
exit, working with the airlines and the cruise industry, to 
have an effective solution working with them as our partners, 
while we work on the longer term issue of the land border 
issue.
    And I believe in subsequent years we would be coming back 
to the Congress to finish the exit piece.
    But I think, just to finish, the reason why we are going to 
NPPD is because we are committed to getting the other pieces 
done. We haven't completed exit.
    And frankly, we need an advocate in an undersecretary who 
has direct access to the secretary and the deputy secretary, so 
that we can make sure that our commitments are made good.
    Mr. Etheridge. Do I understand your statement, then, that 
the threat of folks overstaying their visas is still a concern?
    Mr. Mocny. Absolutely.
    Mr. Etheridge. Okay. Let me very quickly go to one other 
question. It is my understanding that we have been testing 
radio frequencies--RFID technology at our land borders.
    GAO reports that these systems performed below their target 
rates and did not even meet congressional mandates for a 
biometric exit system.
    Are we still investing in that technology? And what lessons 
did you learn from the initial pilots that may be applicable to 
the future?
    Mr. Mocny. Again, thank you. One of the things that we do 
at US-VISIT is work very closely with the business community.
    Just a year ago, the new 10-fingerprint devices didn't 
exist that we are going to be deploying this year and next, and 
again, that is a close association working with industry to do 
so.
    We are also working on this bio-token, as you call the 
biometric RFID. We have seen prototypes of several different 
companies, frankly, that would allow for the capture of a 
biometric and then that biometric being recorded remotely and 
passively through some kind of RFID signal.
    But the technology is not there yet. It is probably 3 years 
to 5 years in the offing for any kind of robust and safe use of 
a biometric RFID. And in fact, we tested--
    Mr. Etheridge. How far out did you say?
    Mr. Mocny. I would say my guess would be anywhere from 3 
years to 5 years.
    Mr. Etheridge. Thank you.
    Mr. Mocny. But the idea of having biometrics as part of the 
exit portion--which, again, is a mandate from the Congress--is 
something that we are striving for.
    And that is the complexity. We can have biometric exit at 
the air and seaports of entry. But to ask someone to drive out 
of the country and simultaneously put their finger on a device 
while they are steering out of the country at 45 miles an 
hour--frankly, it would be irresponsible on my part to mandate 
that of anybody, let alone an elderly driver--whoever.
    So we have to look at the ergonomics of it. We have to look 
at the efficacy of it. And that is why we are going to continue 
to pay attention to it, although--take some steps, perhaps, and 
do things biographically, as I said, working with Canada and 
work with Mexico, to get that done.
    But we haven't abandoned the air or the sea exit. We are 
not abandoning land border exit. We are just going to wait for 
the technology to kind of catch up to us so that we can 
implement this.
    Mr. Etheridge. Thank you.
    I yield back.
    Mr. Stana. Can I add one thing to that, Mr. Etheridge? I 
think Mr. Mocny is correct in that the technology that was 
tested just wasn't up to doing the job. It neither read 
correctly nor was it biometric.
    If something comes available in 3 years, 5 years, 10 years, 
that would be helpful. But let's not lose sight of the fact 
that technology is just a tool, like any other tool.
    I think another reason why US-VISIT needs to work very 
closely with CBP on exit procedures and exit strategies is that 
sometimes, in some cases, in some circumstances, people aren't 
asked to stop very long at an entry booth at all.
    If there is a long line, you could have a line flush. If 
there is, you know, some other drug operation going on, they 
might inspect people somewhat differently.
    And if all of these inspection processes aren't put in 
harmony with what US-VISIT expects, you might have a perfect 
system that isn't implemented well.
    And there are cases--and I am sure the department can come 
up and brief you on them--at every port of entry where the 
systems were just not followed by the port inspectors.
    Mr. Zitz. Mr. Congressman, if I could also add, that same 
threat you refer to is also a good reason to do this 
realignment and to place US-VISIT with the offices that are 
responsible for correlating data from the intelligence 
community to critical infrastructure and understanding the risk 
against these specific sites.
    Overstays and the correlation of overstays to specific 
threat data could be the key piece of information we need to 
protect against a strike against part of our critical 
infrastructure.
    Chairman Thompson. Thank you very much.
    We now recognize the gentleman from Florida, Mr. Bilirakis.
    Mr. Bilirakis. Thank you, Mr. Chairman.
    Mr. Mocny, has the US-VISIT office established performance 
measures to compare actual performance of US- VISIT to expected 
results?
    Mr. Mocny. We are in the process of developing those. They 
are not as refined as we want them to be, but we are a new 
program.
    And so we do have performance measures--and the 
effectiveness of the biometric, how many hits we get against 
the biometric, what we do with an individual--so I would say 
yes, that we do, and they are evolving.
    Mr. Bilirakis. Okay. What promise do alternative 
technologies hold in providing biometric verification of 
persons exiting the country without major changes or additional 
physical infrastructure changes?
    Mr. Mocny. Well, if I understand the question correctly, 
there is not a whole lot of infrastructure changes absent the 
ones we talked about at the land border.
    We believe with the air and sea portions we can actually 
utilize existing infrastructure, because there is a known 
process by which people exit the country. They go to a check-in 
counter. They go through TSA. They enter via a gate.
    The infrastructure changes that are going to be of most 
critical need are going to be at the land border.
    Mr. Bilirakis. Okay. Thank you.
    Mr. Stana, should Congress establish a firm deadline for 
the implementation of a fully functioning biometric exit 
system? Why or why not should we establish a deadline in 
Congress?
    Mr. Stana. Well, let me give you some pros and cons of a 
deadline. The pros would be is it would prompt action from the 
department, more considerable action, toward moving toward the 
exit capability that we all want.
    The con of it is in some cases the technology isn't there, 
isn't mature enough, to make it, you know, a reality. And so if 
you would impose a deadline, say, in 2 years or 3 years for 
having an exit capability, it may not be possible.
    On the other hand, imposing a deadline in air and sea, I 
think, would be possible. And in fact, it may help the US- 
VISIT office get more resources from the department to make it 
happen.
    Mr. Bilirakis. Okay. Thank you very much.
    Thanks, Mr. Chairman.
    Chairman Thompson. Thank you very much.
    Just to clear up a comment from a question Mr. Bilirakis 
added in terms of performance measures, part of your answer, 
Mr. Mocny, is you said US-VISIT was a new program.
    You know, it is 10 years out. I understand we haven't 
completed it. But I would love for you to provide the committee 
some of those performance measures that you referenced to Mr. 
Bilirakis that have been met and the ones that have to be met.
    Mr. Mocny. I would be happy to do so, Mr. Chairman. 
Absolutely.
    Chairman Thompson. Thank you.
    We would like to recognize for 5 minutes the gentleman from 
Pennsylvania, Mr. Carney.
    Mr. Carney. Thank you, Mr. Chairman.
    Mr. Stana, in a December 2006 report you indicated 
instances where the US-VISIT program office was never made 
aware of operational problems--malfunctioning equipment, things 
like that--at ports of entry.
    Some of these problems you said not only affect the 
system's overall performance but may pose security risks. How 
will moving US-VISIT away from its operational context resolve 
these communications problems that you noted?
    Mr. Stana. That is a very good question. In fact, that is 
one of the key questions that comes to the table when one has 
to consider where to site US-VISIT on the DHS organizational 
structure.
    The problem with the coordination in that report was--when 
we got to it, is the people operating the system didn't know if 
it was a US-VISIT system or whether it was a CBP system. They 
weren't told who to go to to coordinate any problems.
    And moving it to NPPD would not necessarily hurt that if 
proper linkages were established. But it doesn't make it easier 
to resolve those kind of communication and coordination issues.
    This gets to a concern that I have with the information 
that I have seen on some of the key purposes of US-VISIT as 
mentioned in the National Protection and Programs Directorate 
briefing charts.
    They are located in that group with other non- immigration 
components, and there are four goals listed here or objectives 
listed here, not one of which seems to deal directly with entry 
or exit. It deals tangentially with that.
    Now, that is not to say that it is not a worthy goal to do 
biometric identification or biometric identity management.
    It is just to say that perhaps these kind of documents 
ought to more clearly show the linkage of the program to the 
entry-exit side, the entry-exit mission, and construct the 
linkages that are going to make those coordination issues not 
happen or be resolved quickly.
    Mr. Mocny. Could I offer a response to that as well?
    Mr. Carney. Yes, absolutely.
    Mr. Mocny. Thank you. One of the issues that we are seeing 
post-9/11--information sharing causes its own challenges in 
itself.
    It is easier to have stovepipes, because you can treat that 
system--as Mr. Stana says, that was definitely a CBP issue 
versus, ``We now have five systems connected, one of which is 
the Department of State's consolidated consular database.''
    And so at any given point, it is where in this fishnet do 
you have the issues. By moving us into a departmental 
directorate, you do have a departmental look-see across the 
board, and so whereas I think you have a known entity, but when 
you have a particular operational mission, they are going to 
take care of their own systems.
    But when that system is now connected to three or four or 
five other systems within the department, and even outside the 
department, you do have to have a little bit higher elevated 
look across the board to see where exactly is the problem.
    So that is this coordinated kind of feature that US- VISIT 
and NPPD would offer.
    Mr. Zitz. May I also add, sir, that the NPPD's offices 
include I.T.-heavy activities. If you think about the 
cybersecurity activities, what we are doing with National 
Communications System, and the myriad databases that make up 
our Infrastructure Protection Office, we are very, very heavy 
right now on information technology.
    Also, placement as a headquarters-level activity has us in 
very close proximity and daily interaction with the chief 
information officer of the Department of Homeland Security.
    So by virtue of that continual interaction and sitting on 
myriad boards and panels with him, it enables us and will 
enable us to advocate even more vigorously.
    When there are problems, we will address them more quickly. 
And we will also be able to, I think, better defend and justify 
future activities of US-VISIT.
    Mr. Stana. If I could just add a ``yeah, but,'' it probably 
does help coordinate up, and it helps coordinate with the 
vendor community.
    Coordinating with the folks at the port of entry is going 
to continue to be challenge if these linkages, these 
coordination mechanisms, aren't in place and well known by the 
people who have to use them.
    Mr. Zitz. If I may respond, sir, the activities of our 
National Cybersecurity Division, of our National Communications 
System, and of our Infrastructure Protection Offices are all 
continuously interacting with the federal enterprise, with 
states, locals, tribal and the private sector.
    And so it is not just a headquarters, not just a look up. 
It is a look down as well. Thank you.
    Mr. Carney. I appreciate that retort. But I, like most of 
us on this committee, are very frustrated by the fact that, you 
know, we are 1.5 years late on reports that we should be given 
that are a glimpse into this whole process.
    And you know, I guess the question is who is accountable 
for that report and how do we get it.
    Mr. Mocny. I am accountable for getting the report to the 
department, and then it is our--going through the process, 
going through OMB, and that is the process that we have, and 
there is a clearance process for it.
    I am not going to make any excuses for it being 1.5 years 
late. Absolutely. I want you to look at this. Frankly, you 
know, maybe this hearing wouldn't have to be held if we had 
that here.
    And it is going to be up here very shortly. And it is 
nearing its end state. It is going to be to the department. And 
I hope then everybody has a clear look at what we are 
testifying here today.
    The breadth of the program is importantly about entry and 
exit, but it is also beyond that, and it talks about an entire 
immigration and border management enterprise which includes not 
only other entities within DHS but also entities without DHS, 
including State Department, the Justice Department, and state 
and local law enforcement.
    Mr. Carney. Thank you very much.
    Chairman Thompson. I have a question I want to kind of take 
off from.
    Mr. Zitz made the comment that intelligence and information 
was already being shared with some of the other stakeholders.
    Mr. Stana, what did your review of the department reflect 
in that perspective?
    Mr. Stana. The information is available for individuals 
entering the country and--they come to the US-VISIT station. 
The information is available on the computer screens that it 
shows the results of checks against watch lists.
    There is a different issue not related to US-VISIT with 
intelligence information more generally about who is expected 
to come to ports of entry, and is that information being shared 
with inspectors. But that is not particularly related to US-
VISIT.
    Chairman Thompson. Well, if it is not, just tell us what it 
is related to.
    Mr. Stana. I could tell you that in a separate session.
    Chairman Thompson. Okay. Well, we will set it up.
    Ms. Clarke, at the request of Mr. Shays, we want to go to 
you first, and then we will go to him.
    The gentlelady from New York?
    Ms. Clarke. Thank you very much, Mr. Chairman.
    And thank you, too, Mr. Shays.
    Gentlemen, good morning.
    I am sitting here and I am, you know, really appreciating 
the complexities of what we are dealing with here. At the same 
time, I think it kind of goes to the core of, you know, 
management and which is pretty obvious, and sort of setting 
priorities.
    Mr. Mocny, I want to get a sense from you of what you would 
characterize as your priority for the full engagement of US-
VISIT. Is it an integration with the other entities, CBP and 
others, that needs to take place in order to be effective?
    What would you say is the priority right now to get this in 
place and working?
    Mr. Mocny. Thank you, Congresswoman.
    The priority of the program is to make sure that we are 
integrating across the department. When you look at the very 
distinct mission, I go back to the discussion that we had when 
we decided to put is in the BTS before.
    There is a distinct mission that CBP plays, absolutely. 
They have port of entry and in between the port of entry 
jurisdiction. Outside of that, they are a partner. They are 
participatory. They cooperate as best they can.
    But their job is not to deal with the interior of the U.S. 
and people who may be overstaying their visas. Their job is not 
look at protection of critical infrastructure and people who 
may be trying to get into those areas.
    And frankly, their priority isn't to deal with those people 
who would get a visa or not.
    Similarly, ICE does, in fact, have a mission which is about 
the interior. They don't have a focus on the actual port of 
entry, although there is an association with that.
    And I mean, to use your term, the complexity of it is such 
that the Department of Homeland Security 22 federal agencies 
all with a similar type of mission, and yet where are the 
various touch points?
    And with programs like US-VISIT, we look across the 
department at those various touch points to make sure that they 
are as coordinated as possible and that everybody gets the 
information.
    And I can tell you from personal experience and days before 
DHS was stood up, and at INS, and we needed to get some 
information from the Customs, Department of Treasury, and it 
was tough. It really was.
    And to say well, why not--well, because our priority is the 
Department of Treasury's priority, it is not the Department of 
Justice's priority.
    Well, now that we have this great idea of bringing all 
those people who make sense with one another under one umbrella 
in the department, you then have a kind of subtext with that 
whole piece, and we at US-VISIT do look across the board.
    If you were to come to our offices, you would see at any 
given point people from ICE, people from CBP, people from the 
Department of State, from Justice, from Commerce, from 
Transportation.
    There is a complexity in dealing with people that come into 
and leave the United States and some who don't stay--the 
Department of Labor when they deal with labor certificates.
    And so when you get this plan that you have been asking 
for, you will see that we have outlined these complexities, and 
we begin to hopefully start a dialogue that talks about how do 
we across the board look at immigration and border management 
writ large.
    Our role is simply to be an honest broker among the various 
operational units within DHS and without DHS--state and local, 
justice--and be able to effectively do that.
    I can say, I believe, that the association that we have 
with the Federal Bureau of Investigation in developing an 
interoperable system would not have been possible were we not 
in our own non-parochial space within the department that 
allows us to look outside the box and work on these issues 
while CBP does their distinct mission, ICE does their distinct 
mission, and CIS grants benefit to the best of their ability.
    So that is my kind of priority for making sure that we 
don't lose that across-the-board departmental look.
    Mr. Zitz. Congresswoman, may I add to that?
    Prioritizing integration first is not at odds and is not in 
conflict with the critical importance of sustaining entry and 
to build out exit.
    And indeed, the two programs of entry and exit are about 
gaining information and then sharing that information with 
those various stakeholders and operational elements not only 
across DHS but across all echelons of government.
    So it is complementary. It is not contradictory.
    Mr. Stana. If I might just add to the discussion here, one 
of the issues here is that the statutes--and there are four or 
five of them in play here--have given two different roles to 
the US-VISIT program, two different missions.
    One is identity management, and the other one is entry- 
exit. And that presents a dilemma. The two are aligned in some 
ways and they are not in other ways.
    So how do you deal with this? And there are some options to 
deal with this. One is what we are discussing today, where do 
you locate this one entity that is supposed to deal with both.
    Do you put them in the NPPD? Do you put them in CBP? Do you 
put them in a different--you know, how do you create the 
linkages to make the programs deploy and effectively work?
    Another option is to split the missions and locate the 
missions where the related activity resides. That is another 
option.
    Another option is to reconvene a DMIA task force of all the 
stakeholders to discuss this issue and figure out what works 
best for all stakeholders. But there may not be one option here 
or an either/or.
    It may be a matter of thinking this through a little bit 
more and deciding how best to get the missions accomplished--if 
not one unit, then maybe two or three; if not one location or 
two locations, maybe discussing this among stakeholders.
    Mr. Zitz. Ma'am, if I may add just briefly, the leadership 
of the department did think about this, did carefully consider 
this, and did look at a variety of organizational constructs.
    There are myriad constructs that could be undertaken. Our 
view is that placement within NPPD as part of a directorate 
that reports at the headquarters level to the secretary and the 
deputy secretary and has daily interaction with those leaders 
is the best approach for ensuring that we, one, sustain the 
good work that is already going, and two, that we push forward 
as quickly as we can on the needed improvements. Thank you.
    Ms. Clarke. Mr. Chair, I am over my time. Thank you.
    Chairman Thompson. Thank you. Mr. Zitz, why would you think 
it would be better to report to an undersecretary rather than a 
deputy secretary?
    Mr. Zitz. Sir, as I believe Deputy Secretary Jackson spoke 
2 weeks back when he talked to the staffs, the intent here is 
to enable and strengthen the US-VISIT's ability to interact at 
the most senior levels.
    Now, that may seem to be an anathema to having a direct 
report on an organizational chart to a deputy secretary, but 
Deputy Secretary Jackson has got a huge job that he has to 
undertake on a daily basis. He has a few undersecretaries that 
are direct reports to him and meet with him every morning and, 
frankly, throughout the day.
    Chairman Thompson. I am clear on that, but if I look at the 
chart, and I see someone reporting to a deputy secretary, and 
then I look below the chart to see someone reporting to an 
undersecretary, just on its face it appears that you have 
lowered the status with that change.
    And I understand the workload, but to the eyes of someone 
looking at the flow chart, the before and after, it is a hard 
sell. But I just want to let you know that some of us see the 
difference really fast.
    We now yield 5 minutes to the gentleman from Connecticut.
    Mr. Shays. As they say when you only have two people, a 
generous 5 minutes, sir?
    Thank you all for coming.
    I got involved in the issue of terrorism when I took over 
the Committee on National Security under the Government Reform 
Committee, and we put our focus on terrorism. And we were 
promoting the creation of a Department of Homeland Security or 
something under the president, but there was a big debate.
    And as you remember, the Hart-Rudman Commission had the 
most at the time extreme position that we should establish the 
Department of Homeland Security. And people would say to me, 
``What are we, Great Britain?'' And then we had September 11th, 
and people began to say, ``Well, we better have a strong 
Department of Homeland Security.''
    Criticism against it was that it would be a behemoth, 
185,000 people, all these different places. Did any of you work 
for government before we created the Department of Homeland 
Security? All three.
    So I want you to give me your assessment of how we are 
doing. First, do you think that Congress did the right thing 
creating the department? Secondly, do you think you are ahead 
of schedule or behind schedule in trying to see integration?
    And I could ask you to just speak in general terms outside 
your own area. So who wants to go first?
    Mr. Zitz. Sir, I will go first. I have spent 27 years as an 
intelligence officer with Army intelligence, CIA, DOD, and now 
within DHS in my current position. I believe--
    Mr. Shays. And given that, let me just ask you to also 
speak on the whole issue of creating a director of 
intelligence. So speak to both of those issues.
    Mr. Zitz. Sir, I believe that the department was absolutely 
necessary. I believe that creating the Department of Homeland 
Security and, frankly, even the microcosm of the issue that we 
are discussing today, integrating US-VISIT into this NPPD, is 
the best way to ensure that there is continuous flow of 
information, continuous sharing, breakdown stovepipes, and 
frankly--
    Mr. Shays. Okay. Are we ahead of schedule or behind 
schedule?
    Mr. Zitz. Sir, I think that we are on schedule considering 
the fact that this is an extremely complicated issue, bringing 
together these myriad parts that make up the Department of 
Homeland Security.
    Mr. Shays. Okay. I just really want to just get your 
assessment, because I do know it is complex and all of that, 
and I appreciate it.
    But let me just ask you one other point. When you look at 
the other parts of the department, do you think it is working 
in those areas as well?
    Mr. Zitz. I think that information sharing across the 
department is vastly superior to what it was even 2 years ago. 
And that is having lived through the best of intelligence and 
the worst of intelligence sharing over my career.
    Mr. Shays. If I ask you to comment on the Coast Guard 
coming from Transportation to Department of Homeland Security--
positive as well?
    Mr. Zitz. I think that is a positive, sir.
    Mr. Shays. Okay. Thank you.
    Mr. Mocny. I would only echo that. I have been almost 20 
years with the government. A good portion of it was with the 
Immigration and Naturalization Service, which no longer exists.
    And I can tell you from the time I was at the INS to my 
time now at DHS--a remarkable difference and I would say a 180-
degree turn from--the ability now to share data, the openness 
with others within the Department of Justice, as I mentioned 
earlier, the FBI--critical.
    Where before we just were at odds with one another, we now 
have teams that work--in fact, we have an employee, FBI agent, 
who works at the facilities in Clarksburg, West Virginia 
seconded to our offices to make sure that we continue the 
collaboration.
    So I would say overall, high marks across the board.
    Mr. Shays. Thank you.
    Mr. Stana?
    Mr. Stana. Yes. I guess I am the oldest guy in the nursing 
home here. I have been with the government for almost 31 years.
    Mr. Shays. Okay.
    Mr. Stana. And I think that there has been some positive 
developments out of the Homeland Security Department. You know, 
the coordination and cooperation across seemingly unrelated 
lines that we see now that we didn't see before is a plus.
    I have done an awful lot of work on the immigration and 
border security areas and the former Customs and INS, and I see 
it much better now than before.
    I might point out, though, INS in the 1990s reorganized 
three times, and by the end of the 1990s I am not sure they 
were any better off through the reorganizations, which is in 
connection with the theme of the hearing today.
    Now, having said that, are they on schedule? Probably, but 
it takes 5 years to 7 years for organizations to gel, and so it 
is not perfect but it is certainly moving right along.
    Mr. Shays. Let me ask you, in regards to the Western 
Hemisphere Travel Initiative, we clearly wanted to make sure, 
given we needed to do a better job of protecting our borders--
what is happening in Canada, what is happening in Mexico, what 
is happening in the Caribbean and so on.
    And so we are requiring if you travel by plane to have a 
passport, if you travel by car some identification and a birth 
certificate, and so on a--huge surprise to a lot of my 
constituents.
    You know, they are panicked because, you know, they are 
leaving in a week or two and they realize they need a passport, 
and their child doesn't have--and so on.
    Do you think there is merit in doing some pilot programs so 
that you wouldn't need a passport--for instance, could we say 
Canada if you have this tamper-proof driver's license or 
something, that would suffice?
    Is there merit because--we are having, you know, 
suggestions from parliamentarians in Canada that we should do 
this, for instance. Could you speak to that? And who should 
speak to it, if not all of you?
    Mr. Mocny. I will take the first part of it. The challenge 
with us is the identity and citizenship issue. Most driver's 
licenses don't denote citizenship or they have identity but not 
the citizenship side.
    So our--
    Mr. Shays. So but if Canada were to even put a mark if 
someone is a citizen on their driver's license--
    Mr. Mocny. Well, we did look at alternative documents 
through the security and prosperity partnership with Canada.
    We looked at a whole series of what it would take to meet 
the requirements that the Congress gave to us in the 
Intelligence Reform Act.
    And so where we can have those two met, identity and 
citizenship, we are open to those discussions. We have already 
indicated that the NEXIS card would be an applicable card to be 
able to use.
    And we are now talking about developing a pass card with 
the State Department. It is not really a passport. So we are 
open to other means of documents.
    Mr. Shays. Just to follow up, do you have the capability to 
do pilot programs without Congress authorizing you to?
    Mr. Mocny. I don't know. I don't know if we have the 
authority to do so.
    Mr. Shays. It would be interesting, much, if we could 
determine that, because it would be nice to see some I think it 
would be nice to see some alternatives so that we could see the 
system work well.
    We have great neighbors in the north and south, and it 
would be nice to make the flow work well.
    Chairman Thompson. I agree with you.
    We would like to thank the witnesses from the first panel 
for their testimony and their excellent responses to the 
questions.
    At this point, we will take a short break for our second 
panel of witnesses.
    [Recess.]
    Ms. Clarke. [Presiding.] Good morning. On behalf of 
Chairman Thompson, I welcome the second panel of witnesses.
    Our first witness, Ms. Michele Flournoy, is founder and 
president of the Center for a New American Security, CNAS. 
Prior to co-founding CNAS, she was a senior advisor at the 
Center for Strategic and International Studies, where she 
worked on a broad range of defense policy and international 
security issues.
    Our second witness is Dr. James J. Carafano. He is a 
leading defense analyst at the Heritage Foundation and has 
written and spoken widely on the need of policy development in 
the homeland security area. He also serves as a visiting 
professor at the National Defense University and Georgetown 
University.
    Our third witness, Mr. Asa Hutchinson, was the first 
undersecretary of homeland security in January 2003, shortly 
after the department was created. Mr. Hutchinson also served as 
a member of Congress from Arkansas from 1997 to 2001.
    We would like to start with our first witness, Ms. 
Flournoy.

  STATEMENT OF MICHELE A. FLOURNOY, PRESIDENT AND CO-FOUNDER, 
               CENTER FOR A NEW AMERICAN SECURITY

    Ms. Flournoy. Madam Chairman, it is a great honor to be 
before this committee today to talk about what I think is a 
very important subject, and that is whether something like a 
Quadrennial Defense Review that kind of process could be useful 
to the Department of Homeland Security in its own goal-setting 
and strategic planning.
    I think both the Department of Defense and DHS have 
missions that are of such vital importance to the nation and 
they are also dealing with a great deal of complexity in 
implementing those missions.
    So it is critical for both to have unifying visions, a 
strategy for achieving their objectives, a clear set of 
priorities for guiding risk and resource allocation.
    So my starting premise is that a quadrennial review could 
actually be very useful to the Department of Homeland Security.
    As you know, every 4 years Congress requires the Department 
of Defense to conduct a QDR that is really a comprehensive 
examination of our national defense policies and programs.
    The real purpose of the QDR, the defense review, is to 
articulate a defense strategy and a clear and long-term defense 
program for the United States.
    I think the QDRs are, as the name suggests, required every 
4 years. But I think one of the things I would like to 
highlight for you is the question of timing.
    The draft legislation I saw proposed starting a QDR in 
2007, near the end of a second term administration.
    I believe the real value of a QDR is to a first-term 
administration, to come in, to get their arms around the 
challenges facing a department, to set priorities and clear 
strategic direction, and sort of infuse a new vision into the 
workings of a department going forward.
    I think second-term reviews tend to much less useful. They 
require enormous staff time and effort. And yet in a second-
term review, by definition, an administration is essentially 
grading its own homework, and those sorts of reviews don't tend 
to produce the same level of change and innovation.
    So just as one point, I would recommend, based on the QDR 
experience, that you consider a quadrennial homeland security 
review at the outset of a new administration coming in, because 
that is when it is really most useful.
    I would like to just summarize my written testimony 
highlighting some key elements of success drawn from my 
experience involved in three QDRs and observing the most recent 
one as well, of what tends to distinguish successful reviews 
from non-successful ones.
    The first element is limited strategic focus and scope. 
These quadrennial reviews should not be a soup-to-nuts review 
of everything a department does. That should be left to the 
regular program review and budget review cycle.
    What you really want these reviews to do is be focused on 
strategic direction, setting broad priorities that can then be 
implemented over the subsequent 4 years, which raises an issue, 
as you write legislation, of how specific do you want to be in 
what you require the review to cover versus how much 
flexibility you want to allow a secretary of homeland security 
to define the agenda.
    And I would submit to you that the critical focus of each 
review is likely to change between now, 4 years from now, 8 
years from now, 12 years from now.
    So I would encourage you to be more general rather than 
give a secretary a long laundry list of specific things that he 
or she must cover.
    The second key element of success is leadership involvement 
and ownership of the process, making sure that the secretary 
and deputy secretary really view this as their key vehicle for 
setting priorities for the department and they reflect that 
with their own engagement of time and effort and setting clear 
guidance up front, making decisions throughout, and so forth.
    The third key element is empowering an official within the 
department to really be the point person on the review, to be 
the honest broker, ensuring that disagreements between 
different parts of the department on key issues are elevated to 
appropriate levels for decision making, and also the key 
integrator, making sure all the different moving parts come 
together in a cohesive whole.
    The last key elements are making surveillance that both 
internal and external stakeholders are fully involved in the 
process, and here I would suggest the rule that if someone has 
implementation responsibility at the end of the review, they 
need to have a seat at the table during the review.
    And of course, that means consultation with you all and 
with other external stakeholders, including state, local 
government, and so forth.
    So bottom line is I think if these elements of success are 
taken into account, a QDR-type exercise could be very useful 
for the Department of Homeland Security, particularly at the 
outset of new administrations.
    Thank you.
    [The statement of Ms. Flournoy follows:]

               Prepared Statement of Michele A. Flournoy

    Mr. Chairman, members of the Committee, thank you for inviting me 
to testify this afternoon before this distinguished Committee. I have 
been asked, based on my experience with four Quadrennial Defense 
Reviews or QDRs, to address the issue of whether and how a QDR-like 
process would be useful to the Department of Homeland Security as part 
of a larger strategic planning process.
    Although the Department of Defense and the Department of Homeland 
Security are different in many ways, they do share some common 
challenges--challenges that underscore the need for and importance of 
priority setting and strategic planning. Both departments are:
         charged with missions that are vital to the health and 
        welfare of the nation--protecting the American people and our 
        way of life is a mission in which we cannot fail;
         facing persistent and resourceful enemies;
         large, complex bureaucracies comprised of a number of 
        diverse and (in some cases, previously independent) 
        organizations with their own cultures, traditions, and ways of 
        doing business;
         responsible for spending billions of taxpayer dollars 
        as efficiently and effectively as possible;
         perennially in the position of having more programs to 
        pay for than budget; and
         trying to balance near-term demands against long-term 
        investments.
    These challenges make it that much more important for each 
department to have a unifying vision, a strategy for achieving its 
objectives, and a clear set of priorities to guide resource allocation 
and risk management. It is difficult, if not impossible, to create 
these absent an effective strategic planning process. And a quadrennial 
review conducted at the outset of a new administration can be a 
critical first step in that process.

The QDR as a Model for a QHSR
    As you know, every four years the Department of Defense is required 
by law to conduct a Quadrennial Defense Review--a ``comprehensive 
examination of the national defense strategy, force structure, force 
modernization plans, infrastructure, budget plan, and other elements of 
the defense program and policies of the Unites States.''
    The purpose of the QDR is to articulate a defense strategy and 
define a long-term defense program for the United States. Although each 
review has been conducted somewhat differently, all have sought to: 
assess security challenges and opportunities for the United States; set 
priorities and strategic direction for the Pentagon in an effort to 
enable tough choices about where to place emphasis and where to accept 
or manage a degree of risk; articulate a clear and compelling defense 
strategy for the nation, connecting ends, ways, and means; and provide 
a basis for determining what kinds of capabilities are needed and ``how 
much is enough.'' Ideally, the QDR, which is conducted at the outset of 
an administration's term, generates the strategic guidance for resource 
allocation--that is, programming and budgeting--over multi-year period.
    Every administration is required to conduct a QDR at the beginning 
of a new term. I believe that QDR's are most useful at the outset of a 
new administration, as a means of helping the new leadership to get 
their arms around the challenges and opportunities they face, set 
priorities, and provide strategic direction to the department. In the 
DoD context, QDRs's have become a critical vehicle for infusing a new 
team's priorities into a highly complex defense program and budget--a 
way to begin to steer the proverbial aircraft carrier in a new 
direction.
    Absent paradigm-shifting events (like the September 11th attacks), 
QDR's are generally far less useful in an administration's second term, 
as by then strategic priorities and direction should have been well 
established. While they can yield useful refinements to an 
administration's approach, they are less likely to yield significant 
changes or innovations. Given the significant amount of leadership, 
staff time and energy these reviews require, a second term review may 
not be highest best use of a Department's limited strategic planning 
resources. I would, therefore, recommend that you consider changing the 
proposed legislation to require a QHSR only in first term 
administrations and begin in 2009 (not in 2007).
    Another factor that should influence the timing of a QHSR is its 
relationship to the development of the National Homeland Security 
Strategy. Just as the National Defense Strategy keys off the National 
Security Strategy, so should DHS' strategy key off the National 
Homeland Security Strategy, as the legislation suggests. In practice, 
however, this can be challenging, as both the national and departmental 
reviews are usually launched at the outset of an administration and 
overlap in time. More often than not in DoD's case, the NSS and the QDR 
are not sequential but are developed in tandem and inform one another. 
The same may ultimately be true for the National Homeland Security 
Strategy and the DHS strategy.

Elements of Success
    Having participated in the 1993 Bottom-Up Review, led the strategy 
development process and report writing for the 1997 QDR, assisted the 
Chairman of the Joint Chiefs of Staff in preparation for the 2001 
review, and been a keen observer of the 2006 QDR, I'd like to offer 
some observations about what determines the success (or failure) of 
such reviews in practice.
    Strategic focus and limited scope. The best reviews are not soup-
to-nuts assessments of everything a department does or buys. That 
should be left to the annual program review process, assuming one 
exists. Rather, quadrennial reviews should be focused on a handful of 
issues or areas that the leadership deems most important. This raises 
an important question for you as you craft this legislation: How 
specific do you want to be in delineating the substantive areas the 
review should cover? Should you err on the side of being exhaustive or 
should you allow the Secretary of Homeland Security some flexibility to 
determine which areas merit the most attention at a given point in 
time? I would encourage you to favor the latter approach, as what is 
critical will likely change over time--today's focus areas may not be 
right ones 4 or 8 or 12 years hence.
    Leadership involvement in and ownership of the process. In order to 
have ``legs''--that is, to have a real chance of being implemented in 
programs and budgets--the review process must be ``owned'' by the 
Secretary and his or her team. That is, the Secretary and/or the Deputy 
Secretary must be deeply engaged in providing front-end guidance to the 
process and making key judgments and decisions along the way. He or she 
must also make clear that the quadrennial review is the process for 
setting the department's priorities and making critical resource 
allocation decisions. Such ownership at the top is critical to creating 
momentum, making tough trade-offs and ensuring that the review's 
recommendations are actually implemented.
    A senior official empowered to be an honest broker and integrator. 
Successful reviews cannot be conducted by committee. The Secretary must 
appoint a single official to be the day to day lead for the review. In 
the DoD context, this is often the Deputy Secretary of Defense, with 
assistance from the Undersecretaries and the Joint Staff. This person 
should act as an honest broker, ensuring that key decisions are framed 
for the Secretary and that dissenting views are fairly represented in 
the process, as well as an integrator, ensuring that the various part 
of the review are brought together in a cohesive whole (e.g., 
programmatic decisions reflect strategy priorities).
    Ensuring the process is strategy-driven and resource-constrained. 
The strategy that emerges from the review should drive all programmatic 
and budgetary decisions. But these must be made in the context of real-
world resource constraints. A review that does not take resources into 
account will fail to help decision makers to make tough choices about 
where to place emphasis and where to accept or manage a degree of risk. 
In order to be useful and relevant, the review process must consider 
fiscal guidance as a critical input, though it should also be prepared 
to highlight areas where resource constraints increase the level of 
risk associated with achieving a given objective or mission and may 
need to be revisited.
    Engaging internal stakeholders. Any office responsible for 
implementing the review's recommendations should have a seat at the 
table at some point in the process. Key stakeholders can be engaged 
individually or in working groups to solicit their input and ultimately 
win their buy in to the review and its results. Such consultations are 
generally iterative over time and are critical to gaining traction for 
implementation.
    Consultations with outside stakeholders before, during and after 
the review. The department's leadership should consult regularly with 
key committees and members of Congress, key partners in federal, state 
and local government, experts in the field, and members of the media as 
the review process unfolds. Although parts of the department's review 
may need to be classified, the process should strive for as much 
transparency as possible. This is crucial to preparing the ground for 
the review to be well received.

Conclusion
    The QDR can be an important and valuable element in the Department 
of Defense's strategic planning process. Establishing a similar QHSR, 
taking into account the elements of success I have described above, 
would be extremely useful in helping DHS to set strategic priorities 
and develop a strategy-driven program and budget. But a QHSR is only a 
first step in what needs to be a more fulsome and ongoing strategic 
planning process in the Department of Homeland Security.

    Ms. Clarke. Thank you very much, Ms. Flournoy.
    Let me just state that, without objection, the witnesses' 
full statements will be inserted into the record.
    I now recognize Mr. Carafano to summarize his statement for 
5 minutes.

  STATEMENT OF JAMES JAY CARAFANO, Ph.D., SENIOR FELLOW, THE 
                      HERITAGE FOUNDATION

    Mr. Carafano. Thank you, Madam Chairman. And I have 
provided a statement for the record, and I will be brief.
    Just a few quick points. The two reasons why you really, 
really want to do this--I mean, one of the lessons learned in 
the Quadrennial Defense Review is it is not a panacea. It is 
not going to provide all the answers. It doesn't take politics 
out of the process in any way, shape or form.
    But what it does do is two incredibly important things. One 
is it creates a systemic dialogue between the Congress and the 
department.
    And it also creates a trend analysis, if you do this every 
4 years, so you get a--over the long term, you develop this 
relationship, and that is incredibly important.
    And the second thing, and equally important, is by 
requiring the department to do this and by creating a long- 
term requirement for this, it forces them within the department 
to build the capabilities to do that.
    I know Michelle can speak from being involved in the first 
QDR that the Defense Department had very, very primitive 
metrics of performance, very, very primitive analytical tools, 
very, very primitive staffs.
    And they are much, much more sophisticated now because they 
know they have to do this every 4 years. So this is, I think, 
an absolutely bedrock fundamental requirement for dealing with 
a long-term strategic issue.
    So I think it is an incredibly important part of the 
legislation. I think it is an incredibly important issue.
    The four key issues that I think Michelle and I--I agree 
with Michelle on many of these points. The four key things that 
have to be addressed in the legislation--one is timing. I 
absolutely agree that a review at the end of an administration 
has very marginal value. I proposed in my testimony having the 
department doing something much more modest, perhaps a 
preliminary report on observations and what potentially should 
be in a QDR that they can hand up to the administration.
    But I think that QDRs should come very early on in an 
administration's term, probably no later than when they submit 
their budget the following February from the first term.
    The second issue is other agency involvement. I think this 
is very critical and actually one of the flaws in the QDR.
    I think the quadrennial security review should have a 
specific requirement there for the department to reach out to 
other relevant departments and not only bring in their input 
but formally be required to assess the relationships with those 
departments and their ability to act cooperatively together in 
homeland security missions.
    The third is the scope. And again, I totally agree with 
Michelle. A long laundry list doesn't get you there. That was 
done in the first QDR, and when the administration did the 
review it simply ignored the long laundry list.
    What I proposed--actually, I think it is much, much more 
important--is the last thing that we want is do a QDR and 
somebody walks in and they drop this QDR on your desk. What you 
really want is to force a dialogue between the department and 
the Congress.
    And so what I propose instead would be, early on--I think 
there is some general guidance in the legislation.
    But early on, I think the department should have to come in 
to the Congress and say this is what we think should be in the 
QDR, and then create a dialogue, and then perhaps even some in-
progress reviews, so it is an ongoing dialogue over the year 
and not just a debate over the report that comes at the end, 
and where everybody has to kind of hold their breath to see 
what is in there.
    And then the fourth and I think a critical point that is 
not in the draft legislation I saw is really the need for a 
second opinion.
    I think that the National Defense Panel which followed the 
first Quadrennial Defense Review, the Hart-Rudman Commission, 
which wasn't specifically tied to a QDR but also came out as 
kind of--gave, you know, kind of a second look. And I think 
that is very, very important.
    Now, there is a lot of different ways that could be done. 
It could be done by the Congress. It could be done by an 
independent commission.
    But I do think there a value in a second look, maybe not 
potentially to every QHSR, but certainly when we do the first 
QHSR there ought to be a second look.
    And that second look ought to look not just at the QHSR but 
also the Quadrennial Defense Review, and look at those in 
tandem and draw broader assessments.
    And then the last point is I also have lots of views on US-
VISIT and where it should be and what the priorities should be 
on that, and I would be happy to share those with the committee 
if you are interested.
    Thank you.
    [The statement of Mr. Carafano follows:]

              Prepared Statement of Dr. James Jay Carafano

   THINKING FOR THE LONG WAR: STRATEGIC PLANNING AND REVIEW FOR THE 
                    DEPARTMENT OF HOMELAND SECURITY

    Mr. Chairman and other distinguished Members, I am honored to 
testify before you today.\1\ America must consider more deeply the 
requirements for fighting and winning the long war.\2\ In my opening 
statement, I want to make the case that Congress needs comprehensive 
assessments of the nation's homeland security programs and an 
independent review that evaluates how national defense and homeland 
security programs fit within the context of the overall interagency 
national security effort.
---------------------------------------------------------------------------
    \1\ The Heritage Foundation is a public policy, research, and 
educational organization operating under Section 501(C)(3). It is 
privately supported and receives no funds from any government at any 
level, nor does it perform any government or other contract work.
    The Heritage Foundation is the most broadly supported think tank in 
the United States. During 2006, it had more than 283,000 individual, 
foundation, and corporate supporters representing every state in the 
U.S. Its 2006 incomecame from the following sources:
    Individuals 65%
    Foundations 19%
    Corporations 3%
    Investment Income 14%
    Publication Sales and Other 0%
    The top five corporate givers provided The Heritage Foundation with 
1.3% of its 2006 income. The HeritageFoundation's books are audited 
annually by the national accounting firm of Deloitte & Touche. A list 
of major donors is available from The Heritage Foundation upon request.
    Members of The Heritage Foundation staff testify as individuals 
discussing their own independent research. The views expressed are 
their own and do not reflect an institutional position for The Heritage 
Foundation or its board of trustees.
    \2\ For a discussion of the elements of good long war strategy, see 
James Jay Carafano and Paul Rosenzweig, Winning the Long War: Lessons 
from the Cold War for Defeating Terrorism and Preserving Freedom 
(Washington, D.C.:The Heritage Foundation, 2005).
---------------------------------------------------------------------------
    In my testimony, I would like to (1) review the lessons that can be 
drawn from other government post--Cold War efforts to conduct strategic 
assessments; (2) make recommendations for the next steps in conducting 
national security assessments; and (3) offer specific proposals for the 
homeland security component of these reviews.

Lessons from the Pentagon
    Established in 1996, the Quadrennial Defense Review (QDR) requires 
the Pentagon every four years to provide to Congress a comprehensive 
assessment of defense strategy and force structure; program and 
policies; and modernization, infrastructure, and budget plans--
outlining future requirements for the following eight years.\3\ The QDR 
has become a touchstone in the debates about restructuring the military 
and identifying the capabilities that will be needed for the new 
national security environment of the 21st century. This effort offers 
lessons for considering how to establish a similar strategic review 
process for homeland security.
---------------------------------------------------------------------------
    \3\ The Quadrennial Defense Review was first mandated in 1996 by 
the Defense Authorization Act (Military Force Structure Review Act of 
1996). Title 10, Section 118 of the United States Code specifies: ``The 
Secretary of Defense shall every four years, during a year following a 
year evenly divisible by four, conduct a comprehensive examination (to 
be known as a `quadrennial defense review') of the national defense 
strategy, force structure, force modernization plans, infrastructure, 
budget plan, and other elements of the defense program and policies of 
the United States with a view toward determining and expressing the 
defense strategy of the United States and establishing a defense 
program for the next 20 years. Each such quadrennial defense review 
shall be conducted in consultation with the Chairman of the Joint 
Chiefs of Staff.''
---------------------------------------------------------------------------
    Lesson #1: Understand what strategic assessments are and are not. 
The QDR process is not a substitute for political decision-making. QDR 
reports have been highly politicized documents used to justify force 
structure choices, defend future investments, and promote changes in 
policy. Indeed, strategy reviews have always been used to foster 
political agendas. NSC-68, Project Solarium, and the Gaither Commission 
Report, for example, were all early Cold War attempts not just to 
assess force structure and strategic requirements, but also to serve 
political agendas for shifting priorities or advocating action.\4\
---------------------------------------------------------------------------
    \4\ See, for example, Ernest R. May, ed., American Cold War 
Strategy: Interpreting NSC 68 (New York: St. Martins Press, 1993).
---------------------------------------------------------------------------
    The tradition of defense assessments after the Cold War changed 
little. The first QDR was, in fact, the fifth major defense review 
conducted following the fall of the Berlin Wall. In fundamental 
respects, the QDR process differed little from other post--World War II 
efforts to justify war military requirements. The QDR does not take 
politics out of strategy and resource decision-making--either inside or 
outside the Pentagon. Implementing the QDR, for example, resulted in 
divisive political infighting among the services.\5\ After all the 
analysis is done, hard choices still have to made and debated.
---------------------------------------------------------------------------
    \5\ See, for example, comments on the 1997 review in John Y. 
Schrader et al., Quadrennial Defense Review: Lessons on Managing Change 
in the Defense Department (Santa Monica, Cal.: Rand, 2003), p. 6, at 
www.rand.org/pubs/documented_briefings/2005/DB379.pdf.
---------------------------------------------------------------------------
    What the QDR accomplished, unlike previous Cold War strategic 
assessments, was to add some transparency to the process and offer a 
routine platform for dialogue between Congress and the Administration. 
Creating an iterative process is the greatest virtue of the QDR. 
Periodic reviews offer two advantages:
         They encourage the armed forces to think deeply about 
        how to match strategy, requirements, and resources; justify 
        their judgments; and institutionalize the capability to make 
        these assessments.\6\
---------------------------------------------------------------------------
    \6\ One of the key findings of the first QDR in 1997 was that the 
Pentagon lacked the analytical capabilities for examining all the 
strategic issues that were required to be reported on to the Congress. 
John Y. Schrader, Leslie Lewis, and Roger Allen Brown, Quadrennial 
Defense Review (QDR): A Retrospective Look at Joint Staff Participation 
(Santa Monica, Cal.: Rand, 1999), p. 49, at www.rand.org/pubs/
documented_briefings/DB236/DB236.sec5.pdf. For subsequent reviews, the 
Defense Department, the Joint Staff, and the services developed more 
sophisticated analytical assessments and staffed permanent offices to 
prepare for and conduct strategic assessments.
---------------------------------------------------------------------------
         They provide an audit trail for Congressional and 
        other government leaders to assess long-term defense trends.
    Most important, the QDR provides a means for government to conduct 
and Congress to consider strategic assessments in a disciplined and 
systematic manner.
    Lesson #2: Timing is everything. There is no optimum time for a 
strategic assessment. The QDR is scheduled to be conducted in the 
initial year of a presidential term. The first QDR was required five 
months after the Administration took office. The 2003 National Defense 
Authorization Act shifted the due date to the year following the year 
in which the review is conducted, but not later than the date on which 
the President submits the budget for the next fiscal year to Congress. 
This timing compels a new Administration to lay out a strategic 
framework for how it plans to address future requirements. Congress can 
also compare the QDR to the Administration's budget submission to 
assess whether the Pentagon's programmatic decisions match the rhetoric 
in the strategic assessment provided in the QDR report.
    While having an Administration conduct a strategic assessment early 
on offers the advantage of laying out a blueprint for future defense 
needs, front-loading the QDR creates difficulties. The incoming 
Administration is often forced to begin its review before key political 
appointees have been nominated and confirmed by the Senate. For the 
2001 review, for example, the Defense Department had no top management 
officials in place until May 2001, and this significantly delayed the 
issuance of leadership guidance for the review process.\7\ There is 
also a tendency to rationalize strategic requirements to match short-
term budget priorities and push the most difficult choices into the out 
years, creating an unrealistic bow wave of projected spending and 
requirements. Another concern expressed with both the 1997 and 2001 
reports was that reporting requirements were too tight to allow for 
sufficient time for in-depth analysis.
---------------------------------------------------------------------------
    \7\ U.S. General Accounting Office, Quadrennial Defense Review: 
Future Reviews Can Benefit from Changes in Timing and Scope, GAO 03-13, 
November 2002, p. 20, at www.gao.gov/new.items/d0313.pdf.
---------------------------------------------------------------------------
    On the other hand, deferring the QDR assessment to later in a 
presidential term when an Administration is more seasoned has 
shortfalls as well. It leaves less time to institutionalize decisions 
implied by the QDR by embedding them in the President's budget 
submissions and Defense Department programs and policies. In addition, 
if the QDR occurs closer to the end of a presidential term, it is more 
likely to become embroiled in presidential election politics. Finally, 
if the QDR comes very late in a presidential term and is passed off to 
a new Administration for implementation, in all likelihood, it will be 
largely ignored.
    The notion of requiring more frequent periodic reports seems most 
problematic of all. Long-term strategic needs rarely change 
dramatically enough to justify recurring assessments in a single 
presidential term. In addition, Congress should be sensitive to the 
resources demanded to produce strategic assessments. The more reports, 
the more frequently they occur, and the more time available to produce 
them, the more government resources will have to be diverted to these 
bureaucratic tasks. Excessive effort is both counterproductive and 
wasteful.
    The best option is to require that strategic assessments be 
conducted in the first year of a presidential term in order to set the 
direction for how an Administration plans to match meeting strategic 
challenges with the resources required to address those challenges. 
Assessments should be submitted well before the mid-term of an 
Administration.
    Lesson #3: Put requirements in context. From the outset, the 
question of what to include in the QDR engendered significant debate. 
For the first QDR, Congress mandated 12 specific requirements. Simply 
listing topics to be covered, however, did not result in a report that 
was comprehensive or ensure that the analysis of alternatives to meet 
future requirements was sufficiently exhaustive. For example, one issue 
required to be covered in the 1997 review, an assessment of the Reserve 
Components, was simply deferred for follow-on study. Indeed, the most 
significant criticism of the 1997 report was that, despite the 
extensive reporting requirements mandated by Congress, the Pentagon 
dodged almost completely the central task of the QDR: to explain how 
future needs would be squared with anticipated declines in defense 
spending.\8\
---------------------------------------------------------------------------
    \8\ Jim Courter and Alvin Bernstein, ``The QDR Process: An 
Alternative View,'' Joint Force Quarterly, Summer 1997, p. 21.
---------------------------------------------------------------------------
    In addition, from the outset, one recognized limitation of the QDR 
process was that the reviews focused narrowly on defense needs. For 
example, the Defense Department gave scant recognition to the demands 
of homeland security before 9/11. The inclusion of a section on 
homeland defense in the 2001 QDR came in response to the terrorist 
attacks on New York and Washington. In addition, no report has ever 
adequately addressed the challenges involved in conducting interagency 
operations.\9\
---------------------------------------------------------------------------
    \9\ James Jay Carafano, ``Not So Much About Homeland Security--
What's Missing from the Pentagon Vision for Its Future Role in 
Safeguarding U.S. Soil,'' remarks presented at the National Defense 
University, December 16, 2006, at www.ndu.edu/inss/symposia/joint2006/
carafano.pdf.
---------------------------------------------------------------------------
    To address the inability of the QDR to assess broader issues, in 
conjunction with the first report, Congress established a National 
Defense Panel, an independent, bipartisan group of nationally 
recognized defense experts, to review the QDR and offer an independent 
appraisal longer-term of national security demands. The NDP made the 
case for military transformation, restructuring the military from a 
Cold War force to one more suited for the diverse dangers of the post-
Soviet security environment.\10\ The NDP was a one-time requirement. In 
1998 Congress authorized another review--the National Security Study 
Group, later known as the Hart--Rudman Commission.
---------------------------------------------------------------------------
    \10\ John Tedstrom and John G. McGinn, Planning America's Security: 
Lessons from the National Defense Panel (Santa Monica, Cal.: Rand, 
1999), pp. 2--3.
---------------------------------------------------------------------------
    Both reviews highlighted the limitations of the QDR, which focused 
almost exclusively on Pentagon priorities and did not adequately 
address integration with other national security instruments or concern 
for non-traditional threats. The Hart--Rudman Commission, for example, 
in a report released eight months before the 9/11 attacks emphasized 
the growing danger of transnational terrorism and proposed the 
establishment of a National Homeland Security Agency.\11\ Both the NDP 
and the Hart--Rudman Commission added new dimensions to the debate over 
future national security needs.
---------------------------------------------------------------------------
    \11\ United States Commission on National Security/21st Century, 
Road for National Security Imperative for Change, February 15, 2001, p. 
viii, at www.au.af.mil/au/awc/awcgate/nssg/phaseIIIfr.pdf.
---------------------------------------------------------------------------
    The QDR is not adequate for a post-9/11 assessment of all of the 
nation's critical national security instruments. A separate systematic 
review of homeland security would be a welcome addition but by itself 
would be inadequate. An independent ``second opinion'' of both that 
also provides an umbrella overarching analysis of long-term security 
needs is required to give Congress a full and complete strategic 
assessment of future security capabilities.

The Next Steps for National Security
    Congress should address the shortfalls in the strategic assessments 
it requires. Congress needs a comprehensive review of homeland security 
programs and an independent analysis of how defense and homeland 
security efforts fit within the overall national security effort. In 
addition to defense and homeland security, attention should be given to 
U.S. public diplomacy and foreign assistance programs, the defense 
industrial base, the intelligence community, and the use of space for 
national security purposes. Specifically, Congress should:
         Establish a requirement for periodic reviews of 
        homeland security. Congress should require the Department of 
        Homeland Security to conduct quadrennial reviews of future DHS 
        capability requirements.
         Create a one-time National Security Review Panel. In 
        parallel with the first Quadrennial Security Review (QSR), 
        Congress should establish a nonpartisan National Security 
        Review Panel (NSRP). The NSRP should be charged with providing 
        an independent assessment of the QSR as well as providing an 
        overall assessment of national security programs and 
        strategies. The NSRP should place particular emphasis on 
        evaluating the compatibility of the QSR and QDR and the state 
        of other essential security instruments such as public 
        diplomacy, the defense industrial base, and the use of space 
        for national security purposes. Congress should determine the 
        most efficient and expedient method to conduct the NSRP's 
        review. This review could be conducted by Congress, or Congress 
        could authorize an independent commission to conduct the 
        review.

Homeland Security Assessments
    Nowhere is the need for a detailed assessment on the scale of the 
QDR more important than in the area of homeland security. ``DHS 2.0: 
Rethinking the Department of Homeland Security,'' a comprehensive 
report by The Heritage Foundation and the Center for Strategic and 
International Studies, clearly established the need for Congress to 
reevaluate DHS roles, missions, and resources and how these efforts fit 
into the context of other federal domestic security efforts.\12\ Much 
has been done through the department's Second State Review and by 
Congress over the past year, but there is more still to be 
accomplished. Specific recommendations for the QSR include:
---------------------------------------------------------------------------
    \12\ James Jay Carafano and David Heyman, ``DHS 2.0: Rethinking the 
Department of Homeland Security,'' Heritage Foundation Special Report 
No. 2, December 13, 2004, at www.heritage.org/Research/HomelandDefense/
sr02.cfm.
---------------------------------------------------------------------------
         Require the first full QSR well before the mid-point 
        of the next Administration. At this point, there is little 
        utility in this Administration's conducting a ``full-blown'' 
        review. Starting this process will demand significant resources 
        that could detract from other missions. In the end, there would 
        be scant time to implement its findings. Rather, Congress 
        should require the Administration to report back in six months 
        with a more modest preliminary assessment that should include 
        recommendations for how the QSR should be conducted and what 
        steps it has taken to establish the staff, analytic 
        capabilities, and processes necessary for a substantive QSR and 
        NSRP review.
         Establish a dialogue between Congress and DHS. 
        Congress should not be overly specific in QSR requirements. 
        Rather than establishing a long laundry list of reporting 
        tasks, it would be more fruitful for Congress to issue a broad 
        generic mission statement including a review of management, 
        roles and missions, authorities, and resources. Congress should 
        then require the DHS early in the QSR process (no later than 
        May of the first year of the Administration) to report back to 
        Congress on what it intends to cover in the review. This report 
        would serve to initiate a dialogue between the Administration 
        and Congress. In addition, it would be useful for the 
        Administration to provide an in-progress review of its efforts 
        in the September--October period.
         Require an interagency effort. In conducting the QSR, 
        the DHS should be required to solicit the input of other key 
        relevant agencies and access its ability to act with them in 
        the performance of homeland security missions, as well as 
        support other essential national security tasks.

Conclusion
    I want to commend the committee for addressing this important 
issue. In the long term, sound strategic thinking is perhaps the most 
important tool that America can bring to bear for fighting and winning 
the long war. Timely and comprehensive strategic assessments are an 
important part of this process. I look forward to your questions.

    Ms. Clarke. Thank you.
    I now recognize Mr. Hutchinson to summarize his statement 
for 5 minutes.

STATEMENT OF ASA HUTCHINSON, FOUNDING PARTNER, HUTCHINSON GROUP

    Mr. Hutchinson. Thank you, Madam Chairman, members of the 
committee, Mr. Shays. It is good to appear before you today. 
And I have submitted my written testimony.
    And I want to make a couple of points that go back to the 
previous panel, which is in reference to US-VISIT and what 
placement of US-VISIT will help it to meet the objectives of 
Congress in the future.
    And by way of background, of course, while I was at the 
Department of Homeland Security, I was undersecretary for 
border and transportation security. And it was in that position 
that US-VISIT was assigned to my directorate, border and 
transportation security.
    And I think that was a key placement in order to achieve 
the initial objectives that Congress set and to meet the 
deadlines.
    The department was created in March of 2003. We had a 
deadline by the end of that year to install the first phase of 
US-VISIT. We met that goal.
    Part of the reason is that you had an undersecretary that 
was there, that would help with the decisions, the relationship 
with Congress, the advocacy for US-VISIT, monitor its success 
and its capability on, really, a day-by- day basis. And so that 
was, I think, a key function of my service as undersecretary.
    When I left, Secretary Chertoff naturally took his own 
review and reorganization and actually abolished the 
undersecretary for border and transportation security position. 
And the result, you could argue, is that it elevated US-VISIT 
because it reported directly to the secretary.
    But I believe that what happened was that the secretary had 
so many different direct reports, and he had Katrina to deal 
with--he had all kinds of urgencies to deal with out there that 
the secretary could not devote the day-to-day attention to this 
type of program effort.
    And so I think that it suffered as a result of that. And so 
Secretary Chertoff, in his post-Katrina review, assigned US-
VISIT, in his most recent reorganization, to the National 
Protection and Program Directorate.
    And I applaud this decision. It once again places US- VISIT 
where it has an advocate, where it has a decision maker, it has 
continued oversight of the program as it continues to meet the 
requirements of Congress.
    And so sometimes it is counterintuitive, but I think it is 
a very good move. I applaud it and support it.
    There have always been questions whether US-VISIT should be 
placed within one of the operational agencies such as Customs 
and Border Protection. And I think there is a number of reasons 
why that should not be done.
    First of all, placing the program office within the 
directorate, in contrast to an agency, minimizes the stovepipe 
tendencies of the government agencies.
    The US-VISIT program is not just a border security effort, 
but it is an identification system that works with ICE in terms 
of the enforcement side, works for the Coast Guard, cross-cuts 
many of the agencies within homeland security.
    Secondly, it is necessary for US-VISIT to have a good 
relationship with the Department of State, with the Department 
of Justice. This can be accomplished best not at the agency 
level but at the directorate level, and so it works best there.
    We had an oversight board for US-VISIT program that was 
comprised of representatives from the Department of Commerce, 
from the Department of Justice, from the Department of State, 
that helped give guidance and recommend policy for US-VISIT.
    This kind of oversight and partnership with the different 
departments of government can best be accomplished at the 
undersecretary level, and I chaired that oversight board.
    Finally, the involvement of department leadership with US-
VISIT based upon decision making and active oversight makes it 
easier for Congress to do its job, to get information on the 
program, to support its goals and to find justifications for 
its funding.
    I was regularly called to testify to the Congress on US- 
VISIT, and that high level of support gave a higher level of 
confidence in the direction of the office.
    It is my pleasure to be here today, and I am grateful for 
the work of this committee in supporting the department and the 
goals of homeland security.
    [The statement of Mr. Hutchinson follows:]

                  Prepared Statement of Asa Hutchinson

                             March 20, 2008

    Chairman Bennie Thompson, Ranking Member Peter King and Members of 
the Committee, thank you for the invitation to appear before this 
Committee to discuss the history, management and future of the US-VISIT 
program at the Department of Homeland Security.
    While I had the privilege of serving as the first and only Under 
Secretary for Border and Transportation Security within the Department, 
I am now in the private sector serving as CEO of Hutchinson Group, a 
homeland security consulting firm in Little Rock, Arkansas, and as a 
senior litigation counselor at the Venable Law Firm in Washington, DC.
    During the creation of the Department of Homeland Security, it was 
my responsibility to oversee the creation of the US-VISIT program, to 
meet the Congressional mandates on entry-exit, and to work with this 
Committee on a regular basis. The leadership of this Committee has been 
essential in supporting the security goals of US-VISIT and providing 
necessary oversight in the spending of billions of dollars on this 
program.
    In my testimony this morning, I will provide some historical 
perspective, emphasize the goals achieved thus far, address the need 
for high level oversight within the Department and finally talk about 
how the breadth of the US-VISIT mission impacts many different 
departments within the government.
    Prior to the attack on 9/11, Congress recognized the need to create 
an entry-exit system to record and account for visitors to the United 
States. Of the 12 million illegal aliens presently in the United 
States, it is estimated that 40% are visa overstays. It is easy to 
conclude that accounting for visitors through an entry-exit system is 
critical to border security, the flow of lawful commerce and the 
integrity of our immigration system. The mandate was given to the 
former INS and was stalled because of the enormity of the challenge 
and, perhaps, because of the inertia of INS as well. After the 9-11 
attack, Congress accelerated the program, moved up the deadlines and 
increased the requirements. At that point the new Department of 
Homeland Security was created and assumed the responsibility of 
implementing an entry-exit system. By December 31, 2003, the new 
Department had created a US-VISIT program office, developed and had 
approved its $340 million spend plan, and met the first deadline within 
the budget provided by Congress. US-VISIT has continued to expand the 
entry system to the land borders and now even to visa waiver travelers. 
There is always more to do and gaps to close but even the 9-11 
Commission Report recognized the singular success of US-VISIT and 
applauded the security enhancements.
    I left the Department as its first Under Secretary in March of 2005 
and soon became the last Under Secretary for Border and Transportation 
Security when the Department was reorganized. The BTS Under Secretary 
position was abolished, and the US-VISIT program reported directly to 
the Deputy Secretary and Secretary of the Department. This change would 
appear to elevate the US-VISIT program, but in reality it left the 
program without a strong advocate and active decision- maker. Secretary 
Chertoff understandably made additional changes after the Hurricane 
Katrina failures, and in the most recent reorganization, placed the US-
VISIT program within the newly created National Protection and Programs 
Directorate. I applaud this move because it will increase the day-to-
day oversight and advocacy for the program, it will improve the 
responsiveness to Congress and enhance the program's relationship with 
other departments of government that are served by the biometric 
identification system for international visitors.
    There have always been some questions raised as to whether US-VISIT 
should be placed within one of the operational agencies such as Customs 
and Border Protection rather than at the headquarters level. I have 
always disagreed with this idea and, there are a number of reasons the 
US-VISIT program office should be a separate reporting unit outside of 
CBP or any separate agency.
        1. Placing the program office within the NPP directorate 
        minimizes the stove-pipe tendencies of government agencies. 
        Within the department it is essential that the biometric 
        identification system work with the enforcement arm of 
        Immigration and Customs Enforcement, the policy office of the 
        Department, the Coast Guard and a host of other offices within 
        the department. The working relationships are easier to 
        maintain when US-VISIT reports to an Under Secretary who can 
        serve as an arbiter, decision-maker and advocate for the 
        system.
        2. It is also necessary for US-VISIT to have a close working 
        relationship with the Department of Justice and the Department 
        of State. The original charter for US-VISIT included 
        representatives from multiple departments on its oversight 
        board for . This board met to develop and recommend policy for 
        the program and to resolve differences. As Under Secretary, I 
        chaired that oversight board, and the high level participation 
        of other departments would not occur if the program was placed 
        at the agency level.
        3. Finally, the involvement of department leadership with US-
        VISIT based upon decision making and active oversight makes it 
        easier for Congress to get information on the program, support 
        its goals and justify its funding. I was regularly called to 
        testify to Congress on US-VISIT, and the high level of support 
        gave a higher level of confidence in the direction of the 
        office.
    It is my pleasure to be here today, and I am happy to respond to 
any questions.

    Ms. Clarke. I thank all the witnesses for their testimony.
    And I will now recognize myself for 5 minutes of 
questioning, and my initial questions go to Ms. Flournoy and 
Dr. Carafano.
    The Quadrennial Defense Review--we call it the QDR is said 
to have helped focus policy development in the Department of 
Defense. But some have complained that the three QDRs in 1997, 
2001 and 2006 have not been directly relevant to the policy 
development.
    If we require a quadrennial homeland security review, how 
can we assure that the exercise will help create an orderly 
process for policy development?
    Ms. Flournoy. Madam Chairman, I would submit that the QDRs 
have been very central to the development of strategy in each 
case and the development of policy.
    In my view, where the disconnect has often occurred was in 
translating that strategy into actual programmatic and 
budgetary decisions. And I think that tends to break down in 
the subsequent implementation processes the normal sort of 
programming and budgeting processes.
    Again, I think one of the ways--there are a couple of ways 
to remedy that. One is to have senior-level involvement and 
ownership of this. If this is just a staff exercise, it is 
probably not worth doing.
    It really has to have the buy-in and commitment of the 
leadership that this is their exercise for setting priorities 
and then they want to see those priorities actually executed in 
the program.
    The second is to ensure as, you know, Jim said, a 
quadrennial review is only one part of a strategic planning and 
budgeting process.
    You have got to ensure that the other pieces of that 
process are in place so that there is a good process in the 
Department of Homeland Security for program review, budget 
review, et cetera, not only based on fiscal requirements but 
also based on policy priorities.
    Is the policy actually getting implemented in the budget 
and the program? That is where I would place the emphasis.
    Mr. Carafano. Well, I think Michelle is exactly right. 
Reviews are never going to solve those problems. Actually, you 
know, we have a post-cold war tradition in the United States of 
doing strategic reviews. It wasn't invented with the QDR.
    There were the Gaither Commission, the Project Solarium, 
NSC-68. There is a long tradition of these things.
    What makes the QDR different and useful is two things. One, 
it adds a degree of transparency to the process, so that you 
know what is going on. Although parts of it may be secret, the 
end product is published and released. The document is 
released. People talk about it.
    So it adds a degree of transparency to the process, and it 
pulls everything together in one place, which quite simply is 
impossible to get anyplace else.
    It is even more difficult when you think about homeland 
security than it is for defense, because, I mean, defense has a 
pretty large portfolio, but it is still in a relatively narrow 
sector.
    But here in homeland security, you have things that affect 
economic, and critical infrastructure, and immigration, and 
there is--there is no way to really kind of grip your hands 
about all that in one kind of single comprehensive assessment.
    And so if you don't have that, you wind up being very 
unstrategic and kind of looking at things in piecemeal and in a 
stovepipe way.
    So I think the answer to the question is there is no way 
you can structure the process to solve all the complaints about 
the QDR.
    But if your expectation is the QDR is going to be a single 
management document which is going to solve all your problems, 
the answer is it isn't. What it is is an important, focused, 
transparent, recurring, systemic dialogue opportunity between 
the Congress and the administration.
    And that is a useful piece of the larger management puzzle.
    Ms. Clarke. Would you say, then, that it is necessary to 
accompany a process like this with a realistic operating plan?
    Mr. Carafano. Oh, absolutely. And the other piece which I 
didn't mention in my testimony, which is I think it has to be 
somehow synchronized with an intelligence assessment.
    I didn't put threat in the QHSR because I just don't think 
that that is really an appropriate place for it.
    And what is interesting about homeland security is there is 
no good integrated threat assessment, because national 
intelligence estimates tend to be foreign-focused. And we don't 
do something equivalent to a domestic intelligence assessment.
    So what I actually would like to see is not threat be a 
component of the QHSR, but I would like to see a synchronous 
process where there was an intelligence estimate that combined 
the NIE that was normally done by the intelligence community 
with a domestic intelligence estimate which is a joint product 
of justice and homeland security, and that that estimate be 
done in conjunction with or preparatory to the QHSR, because I 
would like to be able to sit down--whether that is a classified 
document or not, I would like to be able to sit down with that 
threat assessment, you know, as a staffer or as a member of 
Congress, and be able to look at that next to the QHSR to 
really see if our vision of the future threat is really 
synchronized with our vision of our future investment.
    Ms. Clarke. Thank you.
    I would like to acknowledge the gentleman from Connecticut, 
Mr. Shays, at this time.
    Mr. Shays. Thank you very much.
    Do we have votes, Madam Chairman? Is that coming up? Okay, 
good.
    I would like to thank all of you for being here, and one of 
the things that I found early on in my chairmanship is that 
when you get folks from, say, The Heritage Foundation, or this 
new center or bring in someone who has been focused on this 
formerly for the government as you have, Asa, I learn a heck of 
a lot more than I do, frankly, from anyone else. So I am 
thrilled to have you here.
    And I want to ask you, first off, as people who focus on 
national security issues as they relate to terrorism, how would 
you define what our national strategy is to deal with 
terrorism? And I am not quizzing you. I am just trying to see 
we all knew what it was against the Cold War, and we accepted 
it on a bipartisan basis. We have had very little debate about 
this, and so I am just curious how you would describe what our 
strategy needs to be.
    Who wants to start?
    Mr. Carafano. I will go first, since I wrote a book on 
this. The argument I make is you think about long wars 
differently. And if it is a protracted conflict against--
whether it is a terrorist organization or against another 
state, you think about long wars differently, because in a long 
war you are as concerned about protecting the competitive power 
of the state over the long term as you are with getting the 
enemy, because it is like running marathon, but you don't know 
where the end is, and victory is you are still running when the 
other guy stops.
    And so we talked about really four things--
    Mr. Shays. That is a fascinating concept, you still keep 
running when the other guy stops.
    Mr. Carafano. I mean, there are four things you have to do 
equally well.
    I mean, you know, security--and that has both the offensive 
and defensive component. The offensive component is getting the 
leadership, breaking up the networks, interdicting the sources 
of funding and recruiting. The defensive element is typically 
when we think about the Department of Homeland Security, the 
things you do to protect yourself, and respond, or mitigate--
    Mr. Shays. What is two?
    Mr. Carafano. --from an attack, so that is security.
    Mr. Shays. Yes. What is two?
    Mr. Carafano. That is the first element, actually. Security 
has offense and defense.
    Mr. Shays. Right.
    Mr. Carafano. The second element is economic growth, not 
just to pay for the security, but to pay for all the other 
things in the society. So you have to have economic 
competitiveness and growth.
    The third piece of that is the protection of civil 
liberties and privacies, because what enables a state to 
compete best over the long term is the will of the governed.
    And the glue that really holds that together, that really 
cements that, is the civil liberties and privacies of the 
society, the healthy civil society.
    And the fourth component is winning the war of ideas, 
because all--
    Mr. Shays. It is what? I am sorry.
    Mr. Carafano. Winning the war of ideas, because all wars 
are an ideological struggle, particularly long conflicts.
    And so the argument that I have made is the key to 
successful protracted competition strategy is you have to do 
all four of those things equally well security, economic 
growth--
    Mr. Shays. Have you written a book on this?
    Mr. Carafano. Yes, sir. It is called ``Winning the Long 
War.'' And you can't trade one off for the other. And that is 
the notion, is you can't do things to say, ``Okay, I am going 
to add to your security, but to do that I am going to undercut 
your economic competitiveness.''
    Mr. Shays. I am really happy I have asked this question.
    How would you respond to this issue?
    Ms. Flournoy. I would add to what Jim has said. I think a 
lot of what he says is correct.
    In addition to, you know, the offensive piece, defeating 
the terrorists, the defensive piece of homeland security, I 
think the biggest missing portion of our strategy is a real 
strategy that tries to marginalize the terrorists from their 
bases of support.
    When you look at historically when terrorist organizations 
have basically gone out of the business of terrorism, like the 
IRA, it has been when governments have figured out how to 
affect the social, economic, political conditions that were 
creating fertile soil for the terrorists, either in the form of 
recruits, or money, or public support and sympathy.
    And maybe this is getting at the winning hearts and minds, 
but it is more than that. It is really thinking through how do 
we use our economic policies, our diplomatic policies, our 
foreign assistance, and our informational tools to really 
alienate the terrorists from the broader population that they 
are trying to win over.
    Mr. Shays. Let me ask, you said--
    Ms. Flournoy. And that is really missing in a lot of what 
we are doing today.
    Mr. Shays. Okay. You said terrorists, but the 9/11 
Commission said it is not terrorists, because it is like an 
ethereal being. It is Islamist terrorists. That is what they 
basically said.
    Ms. Flournoy. Well, I would say that this--I would 
characterize this as really a battle within Islam, so we are 
trying to separate--marginalize the extremists--
    Mr. Shays. The radicals.
    Ms. Flournoy. --the violent extremists--
    Mr. Shays. Let me get to Asa.
    Ms. Flournoy. --from the larger Muslim population.
    Mr. Shays. Thank you. That is very helpful.
    Asa?
    Mr. Hutchinson. Well, of course, I remember my first 
incident with terrorists in the 1980s was the extreme right- 
wing variety of it that also took down the Murrah Building in 
Oklahoma City.
    Mr. Shays. Right.
    Mr. Hutchinson. So I think in homeland security you have to 
be concerned--obviously, the most current threat is the Islamic 
jihadists, but you also have other traditional means of 
terrorism that you have to focus on.
    And I think in terms of the department, Congress set out 
the first strategy for homeland defense through the Homeland 
Security Act, which really set down some very wise criteria of 
security balanced with commerce, security balanced with civil 
liberties, as the hallmark of it.
    Obviously, that has been supplemented with national 
homeland security directives coming from the president, with a 
strategy of homeland security, but it starts with that Homeland 
Security Act, which is a very good statement that we should not 
forget about.
    Mr. Shays. Okay. Thank you.
    I will just conclude by saying all of you have helped me, 
because I basically believe it is it used to be contain, react, 
then mutually assured destruction. That obviously goes out the 
window.
    And to me, it is detect, prevent, preempt, and maybe act 
unilaterally. In other words, what we want to do is prevent 
something from happening. And we have to be able to do that. We 
have to be able to detect it.
    But frankly, Jim, your comments helped me put that in some 
perspective, in particular. Love to see your book, and I will 
buy it. I am not asking for it. Okay.
    Thank you, Madam Chairperson.
    Ms. Clarke. The chair will now recognize the other members 
for questions.
    The chair recognizes for 5 minutes the gentlewoman from 
Washington, D.C., Ms. Norton.
    Ms. Norton. Thank you, Madam Chair.
    I apologize that I wasn't here, because I I am interested 
in, at least broadly conceived, of the whole notion of planning 
for the next attack, as it were. I suppose that was the thrust 
of the 9/11 Commission report.
    One of you spoke about long wars. I kind of think of what 
we have been doing as last war planning. Maybe we do that in 
defense as well, although my sense is that the Defense 
Department, perhaps because they have been in the business 
since the creation of the republic, does think about emerging 
threats in a wholly different way than people who have never 
been in this business before, and that is us.
    Homeland security is a new concept for the domestic side. I 
say last war planning, because we devoted extraordinary 
attention to the last war, the 9/11 plane attacks, and so we 
shored that up.
    I contrast that to the way we all spoke of the coming wars 
in America, the whole notion for example, that nobody even 
speaks of anymore because it can't happen, of being able to 
fight two wars at once on two fronts, so that we were told, no 
matter what we were in, we could do that.
    Nobody thinks that that could happen. That is why we are at 
some risk militarily, in my view.
    On the other hand, the notion of emerging threats and 
homeland security seems to me to be less baffling. And yet we 
have not grappled--for example, we are just passing a rail 
security bill.
    You know, you could have planned for that the day after 9/
11, because it was clear that we were dealing with what can 
only be regarded as professional terrorists.
    We have had hearings here about carrying in a weapon of 
mass destruction in a briefcase. I don't see what the 
difficulty is in--indeed, I think it is--without knowing who 
will do it, it seems to me to be less challenging than what the 
military has to do, because the military knows that we are the 
big guy.
    They therefore can recognize that people probably aren't 
going to come and bomb us. They then have to figure out where 
the hot spots are.
    One of the reasons you see some doubts here, perhaps, about 
the whole notion of quadrennial reviews is that we--I suppose 
we have to first recognize that there would be something to 
review, and that once we reviewed it and said this is going to 
be the threat, this is what we are going to do about it.
    And nobody is going to put huge resources into a threat 
that hasn't materialized yet, but the fact is that when a--
after a threat materializes, we certainly put huge resources--
we overkill it.
    I want to know about--I want to know anything you can tell 
me about planning in the homeland security area where there is 
no history of planning, there is no given resource notions.
    We are still trying to deal with things that aren't even--
covered how you would go about this so that it would give us 
something realistically to review, as opposed to a paper review 
that anybody can now tell you without much work from 
professionals.
    Mr. Carafano. The first thing I would like to say is I am 
totally in favor of D.C. voting rights, as a city resident.
    [Laughter.]
    So I am with you there.
    Well, the one comment--I think the first thing is I think 
it is an enormous--strategically speaking, it is an enormous 
mistake to focus on a specific terrorist tactic as a way of 
building a strategy to fend against it.
    So I would suggest that the wrong answer is to say, ``Well, 
is it going to be a rail attack? Is it going to be an airplane 
attack?'' Because, you know, when I first got in this business, 
I did an assessment of how many ways, with a modest amount of 
income and resources, could a terrorist attack the United 
States, and I quit when my report was 300 pages long, because 
you can think of a lot more ways to attack than you can think 
to defend against it.
    And the point is that 99 percent of a terrorist attack 
looks exactly the same. And where it differs is in that last 1 
percent or 2 percent--what is the delivery mechanism? Is it a 
car bomb? Is it a plane?
    But the back 97 percent of planning, the training, the 
organization, the indoctrination, the ideology all that looks 
pretty much the same, and it is that last little bit, the 
choice, where it really differs.
    And what we do, I think, is sometimes we tend to focus on 
the last 2 percent, the delivery vehicle, and that is the wrong 
answer.
    What you need to focus on is the front 97 percent. So I 
would say you do--there is an awful lot of important thinking 
that needs to be done in terms of emerging threat, not in the 
sense of is it a car bomb or is it a rail bomb, but in the 
sense of the organization, the tactics, the methods of 
recruiting.
    And so I think there is a lot of work that can be done 
there. Where a QHSR would add value to the process is it will 
help force the department to do that in a regular and 
systematic way.
    You know, as I said in my opening statement, if you go back 
and you look at the I mean, the Defense Department, of course, 
hasn't been around since the beginning of the republic. You 
know, it is a product after World War II.
    But remarkably enough, if you look at the capacity of the 
Defense Department to do things like metrics, and linkages, and 
progressions, and strategic plans on these kind of programmatic 
issues that are addressed in the QDR--when they did that first 
QDR, they were pretty primitive and immature.
    They didn't have a lot of analytic capability. They didn't 
have a lot of staff to do that. Now, it is much more mature now 
because they have had to develop that capability over time. And 
when you deliver a QDR today, there is a lot of thinking and 
maturity that goes behind to do that.
    And I think having this process will help the Department of 
Homeland Security grow a similar capability.
    Ms. Norton. Madam Chair, could I just ask, you know, the 
others to respond at least to the question?
    Thank you.
    Ms. Flournoy. Congresswoman, I would say that, you know, 
the real value of a review is not so much to try to predict 
threats, but to, in the face of a lot of uncertainty, plan 
given that uncertainty.
    So to force the department out of its posture of day-to- 
day dealing with today's crisis, the in-box demands and so 
forth, to kind of take a longer perspective over the horizon--
what are the full range of things that we might have to deal 
with?--to make some very tough choices about prioritization and 
really about risk allocation--where am I going to absolutely 
not accept risk, and where am I going to have to manage that 
risk because I can't afford to buy it down to zero?
    And then to use those priorities and that challenge 
assessment to really develop a series of planning scenarios 
that you can constantly test yourself against in different 
combinations and use to identify capability shortfalls that 
then need to be, you know, remedied in the program.
    And I would underscore what Jim had to say, that one of the 
most important things is for the DHS to, over time, invest in 
and develop real planning expertise and capacity, which does 
take some time and some resources.
    Mr. Hutchinson. I think, first of all, the strategy, 
fighting terrorism within the United States, has to be 
intelligence-driven. We are getting better at that. We need to 
continue to improve it. It is an effective utilization of 
resources.
    Secondly, we should have targeted inspection based upon 
that intelligence. I think that is an effective use of 
resources.
    Thirdly, it should be based upon partnerships, partnerships 
between government and the private sector, partnerships between 
the different agencies, partnerships internationally, Mexico 
and Canada being important partners, the E.U., and it should be 
based upon technology as well, technology-driven.
    So that is, to me, the summary of what the department is 
trying to do in terms of strategy.
    In reference to the Quadrennial Defense Review, we ought to 
change the name of it, help us out a little bit--the QDR--I 
think one of the benefits from such a review is that it maybe 
limits the review, focuses the review.
    The Department of Homeland Security is not short of 
reviews, and studies, and analysis, and oversight. In fact, we 
have almost been worn out by it.
    But I think the benefit of an organized systematic review 
is when a new idea pops up, let's say, let's refer that to the 
QDR, and we can look at it systematically and thoughtfully. So 
I think there is some benefit to that.
    Ms. Norton. Thank you, Madam Chair.
    Ms. Clarke. I would like to recognize for 5 minutes the 
gentlewoman from Texas, Ms. Jackson Lee.
    Ms. Jackson Lee. I thank the chair very much for her 
interest and leadership on this issue, and she looks 
distinguished as the chairwoman.
    I quarrel with a lot of the burdens that fall upon us after 
9/11 and truly believe that if, tragically, a terrorist attack 
was to occur here in the United States, this committee, this 
singular committee, would feel the enormous brunt and 
sensitivity and sense of horror, because we are entrusted with 
the responsibilities of securing the homeland.
    And so I think as we sit here and talk about the planning 
process that, frankly, one of the issues that we should be 
discussing is developing a culture of urgency at the Homeland 
Security Department, a sense that it is not good for it to be 
tomorrow, but it should be fixed today or yesterday.
    And frankly, I wonder whether or not we have been able to 
reach that pinnacle or that point where I think we are needing 
to go.
    So my questions will be couched in the terms of how much 
time we have to discuss policy and to think about proposals. 
This department was formulated--at least we discussed it as a 
select committee in this Congress right after 9/11.
    We have had a 9/11 Commission. And I always wonder about 
this whole idea of my defined concept of ever ready, ever 
coordinated and ever able to act, that we should be forever 
coordinated, forever able to act and forever prepared and 
ready. And I don't see that.
    So I am going to start, Mr. Hutchinson--and welcome back to 
the Congress--with you and recite for you the GAO study that 
indicated, after spending almost 4 years and more than $1 
billion, DHS has not implemented a biometric exit capability or 
a suitable alternative.
    And so my question is you saw the US-VISIT stand up at the 
very beginning. Are you surprised that 4 years after the 
program was established we still do not have an exit system?
    And how do you account for the delay? And what role does 
consistent leadership play in delivering results on a program 
of this scale?
    And let me ask Ms. Flournoy you--have recommended or 
suggested a number of DOD processes that might be utilized. How 
do you see homeland security and DOD coordinating? Is it even 
possible? Are we ready to stand up, period, with a sense of 
urgency in the way this department is structured in terms of 
homeland security?
    Mr. Carafano, I want to take the planning concept to the 
practical concept. We have ICE agents who are raiding various 
employers. You know, I don't know if that is make work or busy 
work.
    Do we have a coordinated--you know, we are in the middle of 
discussing how we reform--how we do comprehensive immigration 
reform, and we have ICE raids. I don't know if they are doing 
that because it is public relations.
    We have the detainee centers needing great improvement. We 
look like we are not coordinated. We are not a smooth- running 
machine. I want a pithy response to where do we get to the 
heart of making sure that we are functioning, coordinating, 
securing the homeland.
    I yield to Mr. Hutchinson.
    Mr. Hutchinson. Excellent question, Congresswoman, and I 
enjoyed the relationship we had both at homeland security--
    Ms. Jackson Lee. Absolutely.
    Mr. Hutchinson. --and in Congress. And your sense of 
urgency is right on target. I believe the department has the 
right strategy, but you can certainly debate whether they are 
implementing the strategy at the right speed.
    And US-VISIT is a good example of it. You ask about whether 
I am surprised that they have not implemented an exit 
capability. I think US-VISIT has been one of the great 
successes of the Department of Homeland Security. I believe the 
exit capability is very important. Obviously, you have to have 
pilots. You have to move in that direction, but you cannot 
retreat from it.
    I think my testimony really goes to that question and the 
challenge that they face. I believe that US-VISIT got lost a 
little bit when it was a direct report to the secretary of 
homeland security, whenever he had Katrina to deal with and a 
whole host of other emergencies.
    You need the day-to-day oversight and decision-making 
capability. That is why the placement within an undersecretary 
directorate will be helpful to US-VISIT, to give US-VISIT an 
advocate, a decision maker, a better relationship with 
Congress.
    And so I think that will help move exit forward, and I 
certainly support that and applaud that effort. It is very 
important to our country.
    Ms. Jackson Lee. I thank you.
    Ms. Flournoy?
    Ms. Flournoy. I think you have hit on an absolutely 
critical issue, this question of integration or coordination 
between DOD and DHS, and it needs to happen in several ways.
    First, interdepartmental. I think there is a lot of room 
for cooperation on planning between the two departments in 
terms of sharing scenarios, expertise, judgments, et cetera, 
and actually even having DOD planners who have expertise that 
you have detailed over to DHS to help develop more planning 
expertise there.
    Developing common or shared concepts of operations for how 
they are going to deal with shared challenges and so forth--so 
certainly, at the planning level.
    Also, at the execution level, whether it is via NORTHCOM 
and bringing them into coordination with counterparts in DHS--
but there is also a larger interagency piece that sometimes 
happens, sometimes doesn't happen, that really needs to be 
brought together by the homeland security committee staff of 
the White House and, perhaps, some parts of the NCTC, where you 
really need to have a much greater degree of coordination than 
is sometimes happening.
    And then finally, incentive structures. I mean, one of the 
things that I have proposed in another study was the idea of 
actually linking promotions within certain parts of key 
elements of departments to interagency experience, so that you 
incentivize people gaining interagency education, training, 
experience and knowing how to better integrate the actions of 
their department with those of others.
    Ms. Jackson Lee. Thank you.
    I yield to the gentleman to finish the question, Madam 
Chairwoman.
    Mr. Carafano. I think it is a great question. And the 
simple answer is it is a leadership issue. I saw this in 25 
years in the Army, and when things get done and when things 
don't get done.
    And leadership is a combination of the leader both setting 
priorities and then making sure that people have the reasonable 
resources to execute. And I think actually this US-VISIT is a 
perfect example.
    One of my concerns, for example, would be by US-VISIT, I 
think, should be a national priority and should be a high 
priority for the Department of Homeland Security.
    If you put it in Customs and Border Protection, they have 
got a lot of very important missions right now. They have got 
to implement SBInet. They have got to basically reengineer the 
border patrol.
    And they have got a detention and removal process which is 
decades to come to really be modern and be sufficient. And then 
you have the issue of coordinating with ICE.
    My concern is if you took this vital program and you put it 
on CBP, I mean, in a sense you would be setting them up to fail 
because you are giving them too many missions to really 
moderate and execute.
    So I would prefer that this US-VISIT be closer to the 
flagpole. You know, I.T. programs are a classic example.
    If you look at why I.T. programs fail in the federal 
government, they always fail for the same four reasons: The 
requirements aren't adequately defined, the deadlines aren't 
realistic, the resource projections aren't realistic, and you 
don't have on-hands leadership.
    So those are the four things you have got to fix if you 
want this to work. And so I think the closer to the flagpole at 
the top it is, the better it is. And I think all the other 
three things will follow that.
    And I think there is a priority issue here, and I think 
there is a really easy way to cut the Gordian knot on this U.S. 
exit thing. It is very simple.
    We have 11 major U.S. international airports that account 
for 70 percent of the international air traffic. If we do that 
first, that is an enormous boon to the exit process. That 
covers an awful lot of people that are very that we are really 
concerned about.
    And then you have got some really on-hands expertise on how 
to do exit that you can then move out to other sectors. And I 
think that is a reasonable thing. I think it is a reasonable--
in a reasonable time frame.
    And so I think if Congress wants to set a deadline, that is 
a reasonable deadline. I think in 2 years, having U.S. exit at 
the 11 major international airports that serve 70 percent of 
traffic is a great goal.
    And then you can do some really interesting things. For 
example, if you want to--if you are concerned about visa waiver 
countries and are they overstaying or not, you can say, ``Okay, 
if you are from a visa waiver country, you have to use on of 
those 11 airports.''
    Then we will have a concrete, absolute measure on whether 
people are actually complying with the rules or not. And if we 
have countries that are of concern, we can make them use those 
airports as well.
    So I think that is an achievable goal that we could do 
right now. But I do think it is really a serious leadership 
issue, and leadership is setting priorities and then making 
sure people have the resources to meet those needs.
    Ms. Jackson Lee. Well, Madam Chairwoman, thank you very 
much for the witnesses. I am trying to take shorthand here. I 
think there have been some enormously provocative statements.
    I just want to have on the record, Madam Chairwoman, for 
this particular committee that I think having the principals 
come in and respond to Mr. Capiano's I am not seeing the ``F'', 
I am sorry--Carafano's words--we have a Capuano here in the 
Congress, so please forgive me.
    But in any event, to really challenge the Department of 
Homeland Security about putting US-VISIT closer to the 
flagpole, closer to priority, closer to urgency, and have them 
respond on how soon they could get that reordered.
    And my last point is I agree that Customs and Border 
Protection is overworked--not overworked. Let me not say they 
are overworked. They do a fine job. But they have a lot of 
work--and ICE.
    And my question about the raids was just that. Not that I 
would want to ask where are you raiding next, but are you doing 
work that is making sense.
    Is there a need for an organizational restructure, or 
should your urgency be directed somewhere else, or can we help 
you, you know, be part of really getting some work done that 
deals with securing America?
    So I think this is an important hearing, and maybe we can 
have some others on how we can make sure that the department is 
organized and focused urgently on the needs of this nation.
    I yield back. I thank the gentlelady.
    Ms. Clarke. That is duly noted, and I know our chair, Mr. 
Thompson is very focused on that, Ms. Jackson Lee. He was very 
concerned about we heard here this morning and where we are in 
this process.
    For the panel, I have an additional question before we wrap 
up for today. The new president elected in 2008 will have the 
task of developing new homeland security policy together with 
Congress.
    Presently, there are quite a number of laws, strategic 
documents, presidential directives and other policy documents 
pertaining to homeland security.
    How can we assure clarity and coherence in our national 
homeland security policy as we consider the possibility of a 
quadrennial homeland security review?
    Mr. Hutchinson. Madam Chairman, may I take leave? I have an 
appearance I have to get across town to.
    But let me just, before I turn it over to my colleagues, 
say that I think the QHSR is certainly a helpful start, and I 
think the suggestion of the next administration is probably 
timely.
    I always like to quote the RAND Corporation study that 
indicated even in the private sector, where it is a little bit 
easier, even the private sector it takes 5 years for a merger 
to be effective. And here, the 5-year anniversary of the 
Department of Homeland Security will be next March. So I think 
that is just a good reminder that in the government environment 
it is even tougher.
    But I think the focus of a QHSR would be helpful and a good 
tool to use. Thank you for the opportunity to be here today 
with you.
    Ms. Clarke. And on behalf of our chairman and the members 
of the committee, we want to thank you for your service and for 
your testimony here today. Thank you.
    Ms. Flournoy. Madam Chairwoman, I think you raise a very 
important point. Over time, a number of planning requirements, 
reporting requirements and other requirements have been put on 
DHS.
    I think as we approach the 5-year anniversary, it is 
actually a good opportunity for maybe members of this committee 
to sit down with both key department officials and perhaps DHS 
watchers like, certainly, Jim and maybe some DOD watchers like 
me, and to kind of put it all on the table and say, ``Does this 
really make sense when you pull it all together?''
    It may be that there is some rationalization and 
streamlining that could help to clarify that, you know, you 
start with an overarching review, then you have a clear policy 
guidance document, then that goes into a programming process 
with some assessment, and then a budgeting process.
    I mean, it may make sense to look at everything that has 
been put on DHS in the spirit of trying to enhance strategic 
planning and take a fresh look to say, ``Now that we have a 
little experience, now that we can put all of this together, 
does this really make sense, all of it together, or are there 
ways that we can rationalize and streamline the process to 
strengthen planning but also, you know, to increase the chances 
of getting the desired result that we are all after?''
    Mr. Carafano. Yes, I will just refer back to my testimony 
that I do think it would be worthwhile as this administration 
walks out the door to do a report that really would be a 
precursor to a QHSR.
    And I think the key is we don't need a report which 
basically asks the department to grade itself. What we really 
need is the department to say, ``You know, if you were staying 
for four more years, you know, where would you go in the future 
and why?'' And I think it would be a great rehearsal for the 
Congress if we could do this like we would do a QSR, to do it 
as a dialogue to say, ``We want you to do this report. Come in 
and tell us what you think should be in the report. Then let's 
talk about what should be in the report. Then come back in a 
couple of months and tell us how the work is going. And then 
let's talk about it when the report is done.''
    Ms. Clarke. Well, I want to thank the witnesses for their 
valuable testimony and the members for their questions.
    The members of the committee may have additional questions 
for the witnesses, and we will ask you to respond expeditiously 
in writing to those questions.
    Hearing no further business, the committee stands 
adjourned. [Whereupon, at 12:19 p.m., the committee was 
adjourned.]


                               Appendix A

                              ----------                              


                             For the Record

  Prepared Statement of the Honorable Tom Davis, a Representative in 
                  Congress From the State of Virginia

    Chairman Thompson and Ranking Member King thank you for holding 
today's hearing on the United States Visitor and Immigration Status 
Indicator Technology Program (US-VISIT). I have long emphasized that 
protecting the United States does not rest solely with the physical 
infrastructure at our borders. A properly functioning border means 
information is collected at each point of contact and the correct 
information is available at each point of decision--whether that point 
is a consular window overseas or a car window at the border in 
California. We must have a seamless approach--ensuring security at all 
ports of entry. This is why US-VISIT is essential to the mission of 
homeland security.
    In addition to the security aspects of US-VISIT, the program is 
particularly important to Virginia's 11th District. Approximately one 
out of every six of my constituents was born outside of the United 
States. Accordingly, there is a high volume of international travel to 
and from the National Capital Region. Residents need US-VISIT to work 
to protect the region. However, residents also need the assurance US-
VISIT will not clog ports of entry and impede and lengthen airport 
security procedures at high volume times. I believe the Department of 
Homeland Security (DHS) has struck an appropriate balance between these 
two goals, but we still have additional ground to cover with the 
program.
    The President's budget proposal requested $462 million for US-VISIT 
in 2008. This money should be used by DHS to establish a workable exit 
phase of the program, which is critical to detecting significant visa 
overstays. The money should also facilitate the implementation of a 10 
fingerprint biometric. This new technology will be invaluable in 
identifying previously unidentifiable partial fingerprints.
    Since the creation of DHS and the subsequent announcement the 
Department would be responsible for US-VISIT, I made it a priority for 
the Committee on Government Reform to oversee the program's progress--
from conception to implementation. I am pleased to see the Committee on 
Homeland Security takes oversight of the program as seriously as I do. 
I am, however, concerned by the Majority's proposal to move US-VISIT 
under Customs and Border Protection (CBP). Pursuant to Section 872 of 
the Homeland Security Act of 2002 (PL 107-296), the Secretary may 
establish, consolidate, alter, or discontinue organizational units 
within DHS. As such, Secretary Chertoff has elected to create a new 
directorate named National Protection and Programs, under which US-
VISIT will fall starting March 31, 2007. Recently, Robert Mocny, Acting 
Director of the US-VISIT program, told my staff the move to the new 
Directorate is a positive one for the program. It provides the 
flexibility for US-VISIT to meet its goals across the Department.
    Unfortunately, the Committee on Homeland Security's Majority has 
decided to micro-manage and undermine those within DHS who work on the 
US-VISIT program. The Majority's view that US-VISIT should fall under 
CBP is myopic, at best. US-VISIT is not simply a ``border initiative.'' 
The program does not interface solely with CBP, but also with 
Immigration and Customs Enforcement, Citizenship and Immigration 
Services, and the Coast Guard. Additionally, US-VISIT partners with the 
Department of Justice, State Department, and the intelligence 
community. Placing US-VISIT under CBP inhibits a program that stretches 
broadly through DHS.
    I urge my Democratic colleagues to rethink their position on the 
placement of US-VISIT. It is my hope they will take seriously the 
testimony of those who work day in and day out on US-VISIT and consider 
the Secretary's authority and desire to do what is best for the 
implementation of the nation's security programs.


                               Appendix B

                              ----------                              


                   Additional Questions and Responses

                 Questions from Hon. Bennie G. Thompson

                     Responses from Robert A. Mocny

    Question 1.: What is the statutory authority for US-VISIT's 
``identity management'' mission?
    Response: There is no single statute that authorizes identity 
management. Instead, there is a variety of statutes which set the legal 
framework for it. To perform the tasks mandated in statute, the U.S. 
Government must have confidence in an individual alien's identity as a 
precursor to providing that alien with visas, admission, or other 
immigration benefits, or undertaking law enforcement actions.
    The following summarizes the applicable legislative mandates:
    The Illegal Immigration Reform and Immigrant Responsibility Act of 
1996 (IIRIRA), Public Law 104-208, requires the development of an 
automated entry and exit control system to collect records of departure 
and to match them with records of arrival.
    The Immigration and Naturalization Service Data Management 
Improvement Act of 2000 (DMIA), Public Law 106-215, amends IIRIRA to 
require that the entry and exit data system integrate all ``authorized 
or required'' alien arrival and departure data; use available data to 
match an alien's arrival and departure; assist the Attorney General 
(now the Secretary of Homeland Security) and the Secretary of State to 
identify lawfully admitted non-immigrants who have overstayed their 
period of admission; use available data to produce a report of arriving 
and departing aliens by nationality, classification as an immigrant or 
non-immigrant, and dates of arrival in, and departure from, the United 
States; and be implemented at all air and sea ports of entry by 
December 31, 2003; at all air and sea ports and the 50 land border 
ports serving the highest numbers of aliens by December 31, 2004; and 
at all ports of entry by December 31, 2005.
    The Visa Waiver Permanent Program Act of 2000 (VWPPA), Public Law 
106-396, requires that the entry and exit data system contain records 
of arrival and departure of every alien admitted under the Visa Waiver 
Program (VWP) who arrives and departs by air or sea; contain sufficient 
data to permit the Attorney General (now the Secretary of Homeland 
Security), for each fiscal year, to calculate the percentage of each 
VWP country(s nationals who are admitted under the VWP and for whom no 
departure record exists; use available data to produce a detailed 
annual report to Congress by December 31 of each year containing, among 
other specific information, the number of successful arrival/departure 
matches for departing aliens by nationality and by classification as 
immigrant or non-immigrant, and the number of aliens who arrived 
pursuant to a non-immigrant visa or the VWP and for whom no departure 
data are available at the end of the authorized period of stay; and 
record arrivals and departures of every VWP alien transiting through 
air and sea ports by October 1, 2001.
    The Uniting and Strengthening America by Providing Appropriate 
Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act, 
Public Law 107-56, requires that the entry and exit data system be 
implemented with all deliberate speed and as expeditiously as 
practicable; focus particularly on using biometrics and tamper-
resistant documents; and be able to interface with law enforcement 
databases for use by Federal law enforcement to identify and detain 
individuals who are threats to national security.
    The Enhanced Border Security and Visa Entry Reform Act of 2002 
(EBSVERA), Public Law 107-173, requires that the entry and exit data 
system use technology and biometric standards to be developed by the 
National Institute of Standards and Technology (NIST), in consultation 
with other agencies, for alien identification and other purposes; be 
accessible at ports of entry and overseas consular posts; consist of 
equipment and software to allow biometric comparison and authentication 
of all U.S. visas, other travel and entry documents issued to aliens, 
and the machine-readable, biometric passports required to be issued to 
nationals of VWP countries at all ports of entry by October 26, 2004 
(later extended to October 26, 2005); have database(s) containing alien 
arrival and departure data from machine-readable visas, passports, and 
other travel and entry documents; use technologies that facilitate 
lawful and efficient cross-border movement of commerce and persons 
without compromising the safety and security of the United States; and 
be integrated into the new and broader Immigration and Naturalization 
Data System that fully integrates all Immigration and Naturalization 
Service (INS) databases and data systems that process or contain alien 
information.
    The Intelligence Reform and Terrorism Prevention Act of 2004 
(IRTPA), Public Law 108-458, Section 7208, specifically addresses 
biometric entry and exit and calls for the Secretary of Homeland 
Security to accelerate the full implementation of the US-VISIT program.
    The statutes above either state or clearly presuppose that:
         the comprehensive biometric entry and exit screening 
        system will be continuously updated and improved as technology 
        improves;
         the system will be integrated and interoperable with 
        data systems that process or contain information on aliens and 
        that are maintained by Immigration and Customs Enforcement 
        (ICE), Customs and Border Protection (CBP), U.S. Citizenship 
        and Immigration Services (USCIS), the Executive Office for 
        Immigration Review (EOIR) at the Department of Justice (DOJ), 
        and the Bureau of Consular Affairs at the Department of State;
         the biometric entry-exit system will use a technology 
        standard to be applied in a cross-agency, cross-platform, fully 
        interoperable electronic system as a means to share the law 
        enforcement and intelligence information necessary to confirm 
        the identity of persons applying for a visa; and
         the entry-exit data collected will be available for 
        authorized law enforecement purposes.

    Question 2.: How will the ``identity management'' functions of US-
VISIT be leveraged to assist in the identification of visa overstays?
    Response: Presently, US-VISIT provides analysis of both biographic 
(name, date of birth) information and biometric (fingerprint) 
information to identify aliens that may have overstayed their period of 
admission. Information on confirmed overstays is forwarded to 
Immigration and Customs Enforcement (ICE) for possible law enforcement 
action. This information is also shared with Customs and Border 
Protection (CBP) and the State Department so that, if the individual is 
subsequently encountered during the visa renewal/application process or 
entry process, those agencies may then take appropriate action. US-
VISIT data and analysis enable enforcement components to arrest aliens 
who have violated the terms of their visas by overstaying the 
authorized period of admission. To date, US-VISIT identifications have 
resulted in the arrest of more than 300 overstay violators by 
Immigration and Customs Enforcement; in addition, nearly 50 individuals 
have been refused entry into the United States since October 2006 
because of US-VISIT's identification of overstay violators.

    Question 3.: How will the ``identity management'' functions of US-
VISIT be integrated into the Department's other border security 
efforts, such as the Secure Border Initiative and the Western 
Hemisphere Travel Initiative?
    Response: The Department of Homeland Security (DHS) is continually 
reviewing ways to leverage existing programs and maximize 
interoperability among its immigration and border management efforts. 
DHS agrees that its major investment initiatives, such as US-VISIT, the 
Western Hemisphere Travel Initiative (WHTI), and the Secure Border 
Initiative (SBI), must be strategically aligned. DHS has established a 
strong oversight effort to ensure that the alignment is implemented 
through the lifecycle of these programs.
    Essential components of this oversight include the requirement that 
all these projects, as major investments, be approved at key stages by 
the DHS Investment Review Board (IRB). This includes a review by the 
DHS Enterprise Architecture Board and the involvement of the Screening 
Coordination Office (SCO).
    To ensure the success of these programs, there is ongoing 
communication and cross-planning among the offices responsible for 
designing and implementing these initiatives. For example, staff 
members from US-VISIT have participated extensively in the WHTI 
planning efforts and have taken part in the development of the 
strategic plan for the SBI. CBP staff who are now working on SBI and 
WHTI also participated in the development and implementation of US-
VISIT. This intra-agency cooperation provides opportunities for lessons 
learned to be shared and facilitates retention and reuse of historical 
knowledge and experience.
    Question 4.: How does the immigration component of US-VISIT's 
mission comport with the other entities that will be forming the 
National Protection and Programs Directorate (NPPD)?
    Response: Threats posed by individuals wishing to do the Nation 
harm generally fall into two categories: physical and virtual. Reducing 
risk requires an integrated approach that encompasses these physical 
and virtual threats, as well as the human elements that pose the 
threats. Currently, there are multiple components within the Department 
of Homeland Security (DHS) working independently to reduce our 
comprehensive risk. Three of these are:
         The Office of Infrastructure Protection (IP), which 
        addresses physical risks;
         The Office of Cyber Security and Communications 
        (CS&T), which addresses cyber risks;
         US-VISIT, which addresses human risks.
    All three of these offices use the same approach to reduce risk by 
utilizing data gathering, data analysis, and dissemination of 
information to operators. DHS believes that it can increase the 
synergies between, and improve the output of, the aforementioned 
offices not only by recognizing their commonalities, but also by 
integrating their work more closely under the National Protection and 
Programs Directorate (NPPD).
    In addition to the biographic data that can be used (e.g., name, 
location), to enhance the security of our Nation(s critical 
infrastructure (e.g., using fingerprint checks to verify identity and 
control access ton sensitive facilities), the National Protection and 
Programs Directorate continues to explore appropriate usage of 
biometric information and analysis.

    Question 5.: Given the lack of a biometric exit capability for US-
VISIT, why has the Department decided to move US-VISIT to NPPD and 
place new emphasis on the ``identity management'' functions of the 
system?
    Response: The Department of Homeland Security (DHS) is still 
committed to deploying biometric exit. US-VISIT's move into the 
National Protection and Programs Directorate (NPPD) does not alter that 
commitment. US-VISIT's identity management functions are a natural 
evolution of the requirements of enrolling an alien's identity during a 
first encounter (either at consulate offices or ports of entry) and 
ensuring that the identity and related information can be accessed by 
decision-makers in the border security and immigration management 
enterprise in a timely manner. The move also recognizes the program's 
management of the Automated Biometric Identification System (IDENT) and 
its focus on, experience with, and investment in biometric 
identification, which can be leveraged in many official environments.

    Question 6.: What are the major challenges or obstacles facing the 
Department as it considers deploying exit capabilities at land, air, 
and sea ports of entry?
    Response: The primary challenge to deploying exit capabilities is 
that our land, air, and sea ports were not designed or built for 
security processing during exit. Thus, there are significant space and 
facility challenges for deploying any type of exit screening at any 
port. Additional major challenges include:
         Department of Homeland Security (DHS) leadership must 
        collaborate with the airline/travel leadership to discuss the 
        possible integration of biometric exit at passenger check-in 
        and how, if possible, this process can mesh with the U.S. 
        Customs and Border Protection's Advance Passenger Information 
        System (APIS) Quick Quary and the Transportation Security 
        Administration's Secure Flight program;
         US-VISIT is in discussions with airlines about the 
        elements for a pilot for a planned biometric exit covering air.
    Question 7.: To what extent has the Department involved the airline 
or travel industry in facilitating a feasible exit solution at 
airports?
    Response: See answer above
    Question 8.: What exit capabilities does the Department anticipate 
piloting and implementing in FY 2007 and FY 2008?
    Response: During the remaining months of FY 2007 and through the 
first quarter of FY 2008, US-VISIT plans to collaborate with 
stakeholders to plan, develop, and demonstrate a possible solution that 
integrates biometric exit into the passenger check-in process for air.

    Question 9.: What is the schedule for deploying 10-fingerprint 
collection at land, air, and sea ports of entry?
    Response: The current plan is to deploy 10-Print collection 
capability to all land, air, and sea locations, which currently collect 
two fingerprints, by December 31, 2008.


    Question 10.: How has the Department evaluated major changes in 
policy for US-VISIT, such as interoperating IDENT and IAFIS, piloting 
RFID technology, and moving the Program Office to the NPPD, without the 
comprehensive strategic plan mandated by 7208 of the Intelligence 
Reform and Terrorist Prevention Act of 2004 in place?
    Response: The Department of Homeland Security (DHS) has completed a 
strategic plan for US-VISIT and submitted it to Appropriators on March 
20, 2007, as part of the US-VISIT Fiscal Year 2007 expenditure plan. A 
separate document that provides additional information specified in 
section 7208(c) of the Intelligence Reform and Terrorist Prevention Act 
of 2004 (IRTPA) is now in Departmental clearance and should be 
delivered to Congress in the near future.

    Question 11.: Mr. Thompson inquired into the status of US-VISIT(s 
long-term strategic plan. Mr. Mocny said the Committee could expect a 
final report within 30--40 days.
    Response: The Department of Homeland Security (DHS) has completed a 
strategic plan for US-VISIT and submitted it to Appropriators on March 
20, 2007, as part of the US-VISIT Fiscal Year 2007 expenditure plan. A 
separate document that provides additional information specified in 
section 7208(c) of the Intelligence Reform and Terrorist Prevention Act 
is now in Departmental clearance and should be delivered to Congress in 
the near future.

    Question 12.: Mr. Thompson (as referenced by Mr. Bilirakis) 
requested examples of performance measures for US-VISIT. Mr. Mocny 
agreed to provide.
    Response: The relevant performance measures are arrayed in the 
table below, aligned with US-VISIT goals and the two Department of 
Homeland Security (DHS) Strategic Goals that the program supports- 
Prevention and Service.

------------------------------------------------------------------------

------------------------------------------------------------------------
            DHS Strategic Goal/Objective   Strategic Goal 2: Prevention

                                            Objective 2.1 Secure
                                            borders against terrorists,
                                            means of terrorism, illegal
                                            drugs, other illegal
                                            activity

                          US-VISIT Goals    Enhance the security
                                            of United States citizens
                                            and visitors
                                            Ensure the integrity
                                            of our immigration system
                Performance Measurements    Ratio of adverse
                                            actions to total biometric
                                            watch list hits at ports of
                                            entry
                                            Number of biometric
                                            watch list hits for
                                            travelers processed at ports
                                            of entry
                                            Number of biometric
                                            watch list hits for visa
                                            applicants processed at
                                            consular offices
                                            Cumulative and
                                            Annual Perventage Baseline
                                            cost and Schedule Overrun on
                                            US-VISIT Increment
                                            Development and Deployment
                                            (Formerly: Adherence to
                                            program cost and schedule
                                            objectives)
                                            Percentage of Exit
                                            Records Matched to Entry
                                            records (New)
                                            Number of
                                            Individuals Biometrically
                                            Verified Based on 10-Print
                                            Enrollment (Under
                                            development for Unique
                                            Identity)
                                            Percentage of
                                            Biometric Identity
                                            verification Based on 10-
                                            Print Enrollment (Under
                                            development for Unique
                                            Identity)
                                            Number of Travelers
                                            with Adverse Information
                                            Identified During the
                                            Biometric Verification
                                            Process (Under development
                                            for Unique Identity)
                                            Number of Travelers
                                            with Adverse Informaiton
                                            Identified During the
                                            Biometric Verication Process
                                            (Under development for
                                            Unique Identity)
------------------------------------------------------------------------

                                          Strategic Goal 6: Service
            DHS Strategic Goal/Objective   Objective 6.4 Facilitate the
                                            efficient movement of cargo
                                            and people

                          US-VISIT Goals    Facilitate
                                            legitimate travel and trade
                                            Protect the privacy
                                            of our visitors
                Performance Measurements    Number of privacy
                                            redress requests received
                                            Average processing
                                            times of redress requests
                                            Adherence to DHS IT
                                            Security requirements
                                            Average Biometric
                                            Watch List query and
                                            identity verification
                                            information delivery times
                                            at consular offices
                                            Average Biometric
                                            Watch List query and
                                            identity verification
                                            information delivery times
                                            to ports of entry
                                            Data Integrity Group
                                            Average Cost to Vet and
                                            Review Records in
                                            Determining a Recommended
                                            Lead (Under development)
------------------------------------------------------------------------

    Question 13.: Mr. Cuellar requested a list of space constraints and 
related logistical issues at land ports of entry. Mr. Mocny agreed to 
provide.
    Response: Starting in 2002 with the legacy Immigration and 
Naturalization Service (INS) ``Entry/Exit'' program, US-VISIT has been 
collecting and analyzing the data on Land Ports of Entry (LPOE) to meet 
Congressional mandates. This effort includes the studies and data 
points outlined in the attached table. Each of these data points has 
provided additional information and understanding of what it would take 
to provide an Entry/Exit system at our LPOE. The basic space 
constraints and logistical issues continually point to the following 
issues:
        1. LPOE were not designed for exit. The LPOE have the 
        infrastructure in place to stop and inspect each vehicle and 
        person wishing to enter the United States; however, such 
        infrastructure is absent for exit at land ports, with the 
        exception of a few test locations.
        2. Many LPOE are land-locked within urban settings that do not 
        allow for expansion without significant cost, and potential 
        social and environmental impacts. An exit solution would place 
        these same challenges upon the Canadian and Mexican communities 
        surrounding our ports of entry.
        3. The building configuration and circulation (internally/
        externally) have not been designed to accommodate an 
        inspection/check-point at exit. Major modification of these 
        facilities would be required to allow for the additional 
        manpower, visibility of exit lanes, processing space, work 
        stations, parking, and other related support activities 
        associated with exit.
        4. Any solution that slows down the current processing time on 
        entry and/or exit has the potential to cause significant 
        impacts to the local environment. Additional wait time for exit 
        will causes long lines at the ports, possible congestion in 
        communities, and pollution. The additional required parking 
        and/or queuing lanes will push the boundaries of the port 
        beyond current limits and could potentially trigger NEPA 
        studies. Changes to historic ports require consultation and 
        approval from State Historical Preservation Offices.
        5. Many LPOE are old, with antiquated infrastructure and 
        limited capacity to take on increased demands for internal 
        power and support systems. These ports can also be very 
        isolated, with the nearest city 30--40 miles away or more. 
        Developing new infrastructure is costly and must be coordinated 
        with limited construction seasons.

                 Questions from Hon. Bennie G. Thompson

                      Responses from Richard Stana

    Question 1.: What benefits may be derived from placing US-VISIT 
within a mission-focused agency, such as Customs and Border Protection?
    Response: US-VISIT is intended to enhance the security of our 
citizens and visitors and to ensure the integrity of the U.S. 
immigration system while facilitating legitimate trade and travel and 
protecting individuals( privacy. To achieve these goals, US-VISIT is to 
record selected travelers( entry and exit to and from the United States 
at over 300 ports of entry (POEs) around the country, verify their 
identity, and determine their compliance with the terms of their 
admission and stay. Within these goals, US-VISIT has identified seven 
capabilities that it considers critical for meeting the missions of its 
customers: identify a person; assess risk and eligibility; record 
entry, exit, and status; take law enforcement actions; communicate with 
external entities; manage knowledge, information, and intelligence; and 
manage the immigration and border management enterprise.
    Currently, US-VISIT is placed within the National Protection and 
Programs Directorate (NPPD), along with other components that have a 
cross-agency coordination and communication role. This placement could 
facilitate US-VISIT(s ability to perform its identity management and 
communication/coordination capabilities across the department. On the 
other hand, placing US-VISIT in a mission-focused agency like U.S. 
Customs and Border Protection (CBP) could better position US-VISIT to 
focus on completing the design and implementation of a statutorily 
mandated, comprehensive, biometric entry/exit system. Because CBP, US-
VISIT, and U.S. Immigration and Customs Enforcement (ICE) have 
substantial immigration enforcement roles, this would also enhance 
accountability and the development and application of common 
performance measures. This is not to say that maintaining focus on 
completing the entry/exit system could not be done from NPPD. Rather, 
establishing program management linkages and organizational crosswalks 
for the entry/exit capability within CBP could be easier than 
establishing them from a non-mission-oriented agency. However, it is 
also fair to say that establishing program management linkages and 
organizational crosswalks from CBP to other DHS components for the 
identity management capabilities could also be challenging, although 
such linkages and crosswalks have been built between ICE(s Law 
Enforcement Support Center and CBP and the FBI, among other federal, 
state, and local law enforcement agencies.

    Question 2.: Do you have any concerns about the Department's new 
emphasis on US-VISIT's ``identity management'' functions?
    Response: According to US-VISIT, the movement toward an identity 
management capability includes recording an identity for an individual; 
connecting that identity to available and appropriate information about 
an individual's criminal history, immigration history and status; and 
verifying the individual's identity at each subsequent interaction. 
These capabilities are important and have merit. It is too early to 
tell what impact US-VISIT's focus on identity management will have on 
developing and implementing a biometric exit capability. A concern 
would emerge if the focus on identity management drew substantial 
attention and resources away from that endeavor. Moreover, having a 
biometric exit capability is important to fully developing an effective 
identity management function, because recording when an individual left 
the country is a key piece of information needed to determine an 
individual's status and whereabouts.

    Question 3.: What type of challenges does the US-VISIT program face 
operating in a context that is not defined by the comprehensive 
strategic plan required under section 7208 of the Intelligence Reform 
and Terrorist Prevention Act of 2004?
    Response: In March 2007, US-VISIT issued its ``Comprehensive 
Strategic Plan for US-VISIT'' which includes a ``review of US-VISIT's 
status and US-VISIT's strategic plan.'' The plan discusses section 7208 
of the Intelligence Reform and Terrorism Prevention Act of 2004, which 
calls for a report to the Congress on how DHS was to fully implement a 
biometric entry/exit program. US-VISIT's plan describes the previously 
discussed seven capabilities that it considers critical for meeting the 
missions of its customers (i.e. identify a person; assess risk and 
eligibility; and record entry, exit, and status), the general 
strategies for delivering these capabilities, some of the benefits to 
be derived, and expected outcomes for each of the seven capabilities. 
However, the plan does not describe expected costs or timeframes for 
implementing the seven capabilities, nor does it show how US-VISIT 
intends to measure results. Furthermore, the plan is not clear on DHS's 
plans for implementing the statutory requirement for a biometric exit 
capability and it remains unclear how US-VISIT will work in combination 
with other border security initiatives, such as the Western Hemisphere 
Travel Initiative and the Secure Border Initiative. Absent this 
information, neither DHS nor Congress is in a good position to 
prioritize and allocate program resources, and DHS faces substantial 
risk that US-VISIT will not align or operate with other border security 
initiatives and thus not cost-effectively meet mission needs.

    Question 4.: What type of management controls and coordination 
efforts should the National Protection and Programs Directorate 
implement to ensure proper oversight of the US-VISIT program and 
linkage with stakeholders?

    Response: The management controls to ensure proper oversight of the 
US-VISIT program and linkages with stakeholders would be needed 
regardless of where US-VISIT is placed. Some needed controls are 
already in place, but others were identified in the various reports we 
have issued over the last 4 years.\1\ Given that US-VISIT has been 
placed in NPPD, it is important that NPPD managers and US-VISIT 
officials reach a mutual understanding about organizational roles and 
responsibilities, performance expectations, and accountability 
mechanisms for US-VISIT. In addition, US-VISIT officials would need to 
work with key stakeholders to establish and maintain a positive control 
environment that provides a framework for planning, directing, and 
controlling operations to achieve NPPD and US-VISIT objectives; 
employing ways to identify, analyze, and articulate the risks 
associated with achieving those objectives; having control activities 
(policies, procedures, techniques, and mechanisms) that are designed to 
ensure that management directives are carried out; having relevant, 
reliable, and timely communications to ensure that information flows 
down, across, and up the organization, as well as across the spectrum 
of US-VISIT's customers and external stakeholders that support the US-
VISIT program; and monitoring to ensure the quality of US-VISIT's 
performance over time.
---------------------------------------------------------------------------
    \1\ GAO, Information Technology: Homeland Security Needs to Improve 
Entry Exit System Expenditure Planning, GAO-03-563 (Washington, D.C.: 
June 9, 2003); GAO, Homeland Security: Risks Facing Key Border and 
Transportation Security Program Need to Be Addressed, GAO-03-1083 
(Washington, D.C.: Sept. 19, 2003); GAO, Homeland Security: First Phase 
of Visitor and Immigration Status Program Operating, but Improvements 
Needed, GAO-04-586 (Washington, D.C.: May 11, 2004); GAO, Homeland 
Security: Some Progress Made, but Many Challenges Remain on U.S. 
Visitor and Immigrant Status Indicator Technology Program, GAO-05-202 
(Washington, D.C.: Feb. 23, 2005); GAO, Homeland Security: Contract 
Management and Oversight for Visitor and Immigration Status Program 
Need to Be Strengthened, GAO-06-404 (Washington, D.C.: June 9, 2006); 
GAO, Border Security: US-VISIT Program Faces Strategic, Operational, 
and Technological Challenges at Land Ports of Entry, GAO-07-248 
(Washington, D.C., December 6, 2006); GAO, Homeland Security: Planned 
Expenditures for U.S. Visitor and Immigrant Status Program Need to Be 
Adequately Defined and Justified, GAO-07-278; (Washington, D.C.: Feb. 
14, 2007); GAO, Border Security: US-VISIT Program Faces Strategic, 
Operational, and Technological Challenges at land Ports of Entry, GAO-
07-378T (Washington, D.C.; January 31, 2007), and GAO, Homeland 
Security: US-VISIT Has Not Fully Met Expectations and Longstanding 
Program Management Challenges Need to Be Addressed GAO-07-499T 
(Washington, D.C.; February 16, 2007).
---------------------------------------------------------------------------
    Regarding US-VISIT's performance, it is particularly important that 
NPPD and US-VISIT define and measure progress against program 
commitments and hold themselves accountable for program results. In our 
past work, we have reported that US-VISIT has yet to fully establish 
performance and accountability mechanisms to ensure that problems and 
shortfalls can be addressed in a timely fashion and so that responsible 
parties can be held accountable.

    Question 5.: What are the advantages and disadvantages of imposing 
statutory deadlines on the Department for implementing biometric exit 
capabilities at land, air, and sea ports of entry?

    Response: Imposing statutory deadlines would underscore the 
importance that Congress places on implementing workable biometric exit 
capabilities at the various ports of entry and may prompt the 
Department to devote additional attention and resources toward that 
end. In deciding whether to impose a statutory deadline for 
implementing a biometric exit capability at the ports, one would have 
to consider existing technology and resource constraints. For example, 
US-VISIT(s pilot testing showed that deploying an exit capability at 
air and sea ports of entry was feasible, so a statutory deadline could 
prompt action that would result in a workable system at those ports in 
the near future. On the other hand, the pilot tests at the land ports 
of entry showed that the technology currently available would not 
effectively support a biometric exit capability without substantial 
investments in port infrastructure. Imposing a statutory deadline would 
not likely speed the development of new technology, and could result in 
the Department investing in infrastructure to mirror the current entry 
process when less intrusive options may be forthcoming. A concrete 
plan, with expected costs and milestones, for identifying and testing 
various options in the land port environment might better facilitate 
the eventual deployment of a workable and less costly biometric exit 
capability.

    Question 6.: Given the detailed reviews your office has performed 
on US-VISIT and other Department initiatives, is it fair to 
characterize US-VISIT as one of the ``great successes of the 
Department,'' as some have done? If not, what more needs to be 
accomplished?

    Response: Since 2003, we have issued several reports and testified 
several times on the US-VISIT program, and these have identified 
fundamental challenges that DHS continues to face in meeting program 
expectations (i.e. delivering program capabilities and benefits on time 
and within cost).\2\ We continue to believe that the program carries an 
appreciable level of risk and must be managed effectively if it is to 
be successful. DHS has made considerable progress implementing entry 
capability at most ports of entry and has begun to work to move from 2 
to 10 fingerprint biometric capabilities and expand information sharing 
among stakeholders. However, a biometric exit capability is not 
currently available and developing and deploying this capability, 
particularly at land POEs, remains a sizable challenge. In addition, 
DHS continues to face longstanding management challenges and future 
uncertainties. For example, DHS has launched other major security 
programs, such as the Secure Border Initiative (SBI) and the Western 
Hemisphere Travel Initiative without defining the relationship between 
US-VISIT and these programs. Furthermore, DHS has not implemented key 
acquisition and management controls needed to ensure that DHS(s 
investment in US-VISIT is economically justified and adequately 
managed.
---------------------------------------------------------------------------
    \2\ GAO-03-563; GAO-03-1083; GAO-04-586, GAO-05-202, GAO-06-404; 
GAO-07-248; GAO-07-278; GAO-07-378T and GAO-07-499T.
---------------------------------------------------------------------------

                 Questions from Hon. Bennie G. Thompson

                Responses from Hon. Richard Robert Zitz

    Question 1.: What border security capabilities and expertise does 
the newly established National Protection and Programs Directorate 
(NPPD) contain?
    Response: Of the NPPD components, the US-VISIT Program provides the 
most direct expertise on the screening of individuals at our physical 
borders and throughout the immigration management enterprise. These 
information services support other DHS components that have a 
responsibility towards border security.

    Question 2.: What is the mission of NPPD and how it is consistent 
with the border screening functions and core goals of US-VISIT?
    Response: NPPD supports several of the Department's key goals, such 
as protecting our nation from dangerous people, protect our nation from 
dangerous goods, protect critical infrastructure, and building a 
culture of preparedness.
    The NPPD promotes the sharing and integration of information by 
different components, both of which are central to the Department's 
long-term strategy for developing a unified immigration and border 
management enterprise. US-VISIT's services supports three of the NPPD's 
critical missions:
         Fostering stronger and better integrated national 
        approaches among key strategic homeland security activities;
         Protecting the Nation's critical infrastructure, both 
        physical and virtual; and
         Enhancing the security of our citizens and visitors by 
        facilitating legitimate travel with appropriate safeguards.

    Question 3.: With respect to the inclusion of US-VISIT within NPPD, 
what steps is NPPD taking to ensure an expeditious transition?
    Response: Prior to April 1st, the NPPD, US-VISIT, and the Resource 
Management Transformation Office (RMTO) coordinated to ensure that the 
US-VISIT Director reported to the Under Secretary for the NPPD on March 
31, 2007. However, informal NPPD support had been provided to US-VISIT 
as a precursor to the formal transition. This helped US-VISIT resolve 
several long-standing issues. As of March 31st, Director Robert Mocny 
reports directly to the Under Secretary and attends a weekly Key 
Component meeting with the latter and other NPPD Directors and 
Assistant Secretaries. In addition, Director Mocny meets separately 
with the Under Secretary to discuss critical issues for US-VISIT.
    The next phase of the US-VISIT transition into the NPPD will 
utilize working groups to develop information sharing and coordination 
agreements. In order to ensure that this takes place in a coordinated 
manner, the NPPD and US-VISIT leadership--are developing an overall 
intent and approach to this process before these working group 
sessions--begin. The Under Secretary is committed to developing a 
written approach and intent agreement for the transition, and 
appointing an NPPD transition lead to work with the US-VISIT transition 
lead.

    Question 4.: How will US-VISIT be linked to internal and external 
stakeholders, and will all stakeholders have equal access to data 
contained in the system?
    Response: US-VISIT's move into the NPPD will not negatively impact 
the program's ability to share information with stakeholders. All 
current information technology connections and information sharing 
agreements which US-VISIT has with other U.S. Government agencies will 
still be in operation after the move into the NPPD.

    Question 5.: What type of management controls and communication 
efforts will NPPD implement to meet the needs of Customs and Border 
Protection inspectors and ensure proper oversight of US-VISIT's 
operational context?
    Response: Coordination between U.S. Customs and Border Protection 
(CBP) and US-VISIT has existed since the latter's creation in 2003, and 
the Department anticipates the current level of management controls and 
communication to continue. For example, CBP is a member of the 
Integrated Project Team, which helps govern US-VISIT. Additionally, CBP 
has on-site staff assigned to US-VISIT to assist with day-to-day 
activities.

    Question 6.: How are the cross-cutting features of US-VISIT 
different from the Department's other broad systems, such as CBP's 
Automated Targeting System and ICE's Law Enforcement Support Center, 
which provide law enforcement support to internal and external 
stakeholders but are housed within mission-specific agencies?
    Response: The Automated Targeting System (ATS) is housed within CBP 
because it primarily addresses screening issues at the ports of entry 
where CBP operates. The Law Enforcement Support Center (LESC) is housed 
within ICE because it primary addresses interior enforcement issues. 
US-VISIT, on the other hand, supports multiple agencies with different 
missions including CPB, ICE, USCIS, TSA, and USCG, as well as the 
Departments of State and Justice, in a variety of environments (e.g., 
at ports of entry, consulates abroad).

    Question 7.: Are there any challenges that the US-VISIT system 
might face operating under ``Acting'' management and leadership within 
the NPPD? If so, what types?
    Response: Prior to April 1st, the NPPD, US-VISIT, and the Resource 
Management Transformation Office (RMTO) coordinated to ensure that the 
US-VISIT Director reported to the NPPD Under Secretary for the NPPD on 
March 31, 2007. Beginning March 31st, Mr. Robert Mocny, the Acting 
Director, reported directly to the Under Secretary. On April 2, 2007, 
Mr. Mocny was named the permanent Director of US-VISIT. He attends a 
weekly Key Component meeting with the Under Secretary and other NPPD 
Directors and Assistant Secretaries. In addition, Director Mocny meets 
separately with the Under Secretary to discuss critical issues for US-
VISIT. Currently, DHS leadership is working diligently to name the 
other permanent members of the US-VISIT leadership team.
    The next phase of the US-VISIT transition into the NPPD will 
utilize working groups to develop information sharing and coordination 
agreements. To ensure that this takes place in a coordinated manner, 
the NPPD and US-VISIT leadership are developing an agreement on the 
overall intent and approach for this process before these working group 
sessions begin. The Under Secretary is committed to developing a 
written approach and intent agreement for the transition, and 
appointing an NPPD transition lead to work with the US-VISIT transition 
lead.