[House Hearing, 110 Congress] [From the U.S. Government Publishing Office] ORGANIZATIONAL AND POLICY PROPOSALS FOR THE FISCAL YEAR 2008 DEPARTMENT OF HOMELAND SECURITY AUTHORIZATION: ======================================================================= FULL HEARING of the COMMITTEE ON HOMELAND SECURITY HOUSE OF REPRESENTATIVES ONE HUNDRED TENTH CONGRESS FIRST SESSION __________ MARCH 20, 2007 __________ Serial No. 110-18 __________ Printed for the use of the Committee on Homeland Security [GRAPHIC] [TIFF OMITTED] CONGRESS.#13 Available via the World Wide Web: http://www.gpoaccess.gov/congress/ index.html __________ U.S. GOVERNMENT PRINTING OFFICE 35-277 WASHINGTON : 2009 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gov Phone: toll free (866) 512-1800 Fax: (202) 512-2250 Mail: Stop IDCC, Washington, DC 20402-0001 COMMITTEE ON HOMELAND SECURITY BENNIE G. THOMPSON, Mississippi, Chairman LORETTA SANCHEZ, California, PETER T. KING, New York EDWARD J. MARKEY, Massachusetts LAMAR SMITH, Texas NORMAN D. DICKS, Washington CHRISTOPHER SHAYS, Connecticut JANE HARMAN, California MARK E. SOUDER, Indiana PETER A. DeFAZIO, Oregon TOM DAVIS, Virginia NITA M. LOWEY, New York DANIEL E. LUNGREN, California ELEANOR HOLMES NORTON, District of MIKE ROGERS, Alabama Columbia BOBBY JINDAL, Louisiana ZOE LOFGREN, California DAVID G. REICHERT, Washington SHEILA JACKSON LEE, Texas MICHAEL T. McCAUL, Texas DONNA M. CHRISTENSEN, U.S. Virgin CHARLES W. DENT, Pennsylvania Islands GINNY BROWN-WAITE, Florida BOB ETHERIDGE, North Carolina MARSHA BLACKBURN, Tennessee JAMES R. LANGEVIN, Rhode Island GUS M. BILIRAKIS, Florida HENRY CUELLAR, Texas DAVID DAVIS, Tennessee CHRISTOPHER P. CARNEY, Pennsylvania YVETTE D. CLARKE, New York AL GREEN, Texas ED PERLMUTTER, Colorado VACANCY Jessica Herrera-Flanigan, Staff Director & General Counsel Todd Gee, Chief Counsel Michael Twinchek, Chief Clerk Robert O'Connor, Minority Staff Director (ii) C O N T E N T S ---------- Page STATEMENTS The Honorable Bennie G. Thompson, a Representative in Congress From the State of Mississippi, and Chairman, Committee on Homeland Security.............................................. 1 The Honorable Peter T. King, a Representative in Congress From the State of New York, and Ranking Member, Committee on Homeland Security.............................................. 2 The Honorable Gus M. Bilirakis, a Representative in Congress From the State of Florida........................................... 21 The Honorable Christopher P. Carney, a Representative in Congress From the State of Pennsylvania................................. 22 The Honorable Yvette D. Clarke, a Representative in Congress From the State of new York.......................................... 24 The Honorable Henry Cuellar, a Representative in Congress From the State of Texas............................................. 13 The Honorable David Davis, a Representative in Congress From the State of Tennessee............................................. 13 The Honorable Charles W. Dent, a Representative in Congress From the State of Pennsylvania...................................... 16 The Honorable Bob Etheridge, a Representative in Congress From the State of North Carolian.................................... 18 The Honorable Sheila Jackson Lee, a Representative in Congress From the State of Texas........................................ 48 The Honorable Eleanor Holmes Norton, a Delegate in Congress From the District of Columbia....................................... 46 The Honorable Christopher Shays, a Representative in congress From the State of Connecticut.................................. 26 Witnesses Panel I Mr. Robert A. Mocny, Acting Director, US-VISIT, Department of Homeland Security: Oral Statement................................................. 3 Joint Statement................................................ 5 Accompanied by, Mr. Richard Robert Zitz, Deputy Under Secretary for Preparedness, Department of Homeland Security................................ Oral Statement................................................... 9 Mr. Richard Stana, Director, Homeland Security and Justice Issues, Government Accountability Office....................... 7 Panel II James Jay Carafano, Ph.D., Senior Fellow, The Heritage Foundation: Oral Statement................................................. 33 Prepared Statements............................................ 35 Ms. Michele A. Flournoy, President and Co-Founder, Center for a New American Security: Oral Statement................................................. 29 Prepared Statement............................................. 31 Mr. Asa Hutchinson, Founder Partner, Hutchinson Group: Oral Statement................................................. 39 Prepared Statement............................................. 40 Appendixes Appendix A: For the Record: The Honorable Tom Davis, a Representative in Congress, From the State of Virginia, Prepared Statement........................ 55 Appendix B: Questions and Responses: Mr. Robert A. Mocny Responses.................................. 57 Mr. Richard Stana Responses.................................... 62 Mr. Richard Robert Zitz Responses.............................. 65 POSITIONING US-VISIT FOR SUCCESS AND ESTABLISHING A QUADRENNIAL HOMELAND SECURITY REVIEW PROCESS ---------- Tuesday, March 20, 2007 U.S. House of Representatives, Committee on Homeland Security, Washington, DC. The committee met, pursuant to call, at 10:06 a.m., in Room 311, Cannon House Office Building, Hon. Bennie Thompson [chairman of the committee] presiding. Present: Representatives Thompson, Harman, Norton, Jackson Lee, Etheridge, Cuellar, Carney, Clarke, King, Shays, Dent, Bilirakis, and Davis of Tennessee. Chairman Thompson. [Presiding.] The Committee on Homeland Security will come to order. The committee is meeting today to receive testimony on Organizational and Policy Proposals for the Fiscal Year 2008 Department of Homeland Security Authorization: Positioning US- VISIT for Success and Establishing a Quadrennial Homeland Security Review Process. I called this hearing today to look at two issues that are extremely important the security of this country, US-VISIT and the strategic planning for the Department of Homeland Security. We welcome our witnesses and look forward to the productive discussion. For over 10 years, Congress has called for the development and implementation of an entry-exit system to ensure that we know who is entering and leaving the country. I have watched with great interest the department's efforts to implement US- VISIT. While I applaud the department for its efforts, there is still a long way to go. The exit piece of the system seems no closer to being implemented than when it was first authorized over 10 years ago. We have a vested interest in seeing US-VISIT succeed. That is why we have a lot of questions about the recent decision to move US-VISIT to the National Protection and Programs Directorate. The skeptic in me wants to say that instead of fixing what is wrong with the program, the department is redefining it and moving it around. We have seen this before. It falls to Mr. Mocny and Mr. Zitz to convince us that this move will bring about the results that Congress is seeking. I am inclined to believe that the right place for US-VISIT may be at Customs and Border Protection, the agency that actually does screening at the border. After all, SBInet and the Western Hemisphere Travel Initiative are both located within CBP. I am concerned that this move will create new stovepipes between CBP and US-VISIT. Our security cannot wait for the problems to make their way up the chain of command. Additionally, we will be looking today at how to ensure a clear and coherent strategy behind US-VISIT as well as the department's other vital problems. One of the ways to do this is to provide a way for the department to better organize its strategic planning. Congress has mandated that Department of Defense undertake quadrennial reviews. We are here today to see if a similar process will work for the department. A clear vision for the department and a strong US-VISIT program are key issues that will likely be considered in the authorization bill that the committee expects to take up next week. So we have some important matters before us, and I look forward to the witnesses' testimony. The chair now recognizes the ranking member of the full committee, the gentleman from New York, Mr. King, for an opening statement. Mr. King. Thank you, Mr. Chairman. I appreciate the time. And I also want you to know how I fully support the purpose of this hearing. I think it is essential that we move US-VISIT forward. Where we may have a difference and we will wait until the hearing is completed as to whether or not US-VISIT should be in CBP, my own instinct and somewhat educated guess is that we allow the Department of Homeland Security to go through with the reorganization that both has been within the department and which has been imposed on it, rather than having another change. On the other hand, obviously US-VISIT has not achieved what it was supposed to. We still do not have the exit portion of the program functioning. But I am right now reluctant to support it being in CBP. Having said that, I look forward to the hearing. I look forward to reading the testimony and seeing how this process goes forward. As far as the quadrennial review, I do believe that that is something that should be done. It is modeled on what is happening at the Pentagon or what has gone on at the Pentagon, and I believe this is something that we should have. So with that, I will yield back the balance of my time and look forward to the hearing as we go forward. Thank you. Chairman Thompson. Thank you very much. Other members of the committee are reminded that, under the committee rules, opening statements may be submitted for the record. Our first panel of witnesses will include Mr. Robert Mocny, who is the acting director of the US-VISIT program. Our second witness is Mr. Richard Stana, director of homeland security and justice issues at the Government Accountability Office. And our third witness is Mr. Robert Zitz, deputy undersecretary for preparedness at the Department of Homeland Security. Without objection, the witnesses' full statements will be inserted in the record. I now ask each witness to summarize his or her statement for the record, beginning with Mr. Mocny, for his statement. Mr. Mocny? STATEMENT OF ROBERT A. MOCNY, ACTING DIRECTOR, US-VISIT, DEPARTMENT OF HOMELAND SECURITY Mr. Mocny. Thank you. Chairman Thompson, Ranking Member King, distinguished members of the committee, thank you for inviting me to explain the rationale for placing US-VISIT under the proposed National Protection and Programs Directorate. Let me first say, Mr. Chairman, I have heard, and quite frankly, I appreciate and share your concern for US-VISIT. Both personally and as the program's strongest advocate, I am eager for this change and confident in the future leadership. I am honored to be joined by Deputy Undersecretary Zitz, who is already a staunch supporter of the program. As Mr. Zitz will address, establishment of the NPPD is the department's response to Congress' demand for a collaborative approach to homeland security that eliminates the short-sighted effects of silos. At the same time, the directorate will cultivate the expertise, the skills and the risk reduction potential of each program across the department and effectively utilize that across federal, state and local levels to ensure that we can identify, mitigate and, where possible, eliminate risks to our security. By positioning US-VISIT under NPPD, US-VISIT will fully realize its congressional mandate and at the same time be better equipped to meet our goals to enhance the security of our citizens and visitors, protect the privacy and facilitate legitimate travel and trade all while ensuring the integrity of our immigration and border management system. Mr. Chairman, I do not intend to argue that US-VISIT does not provide critical support for the screening of foreign travelers. It does. Nor do I intend to argue that the program is not focused on deploying biometric exit screening capabilities. We are committed to doing this. Nor will I deny US-VISIT's significant irreplaceable role in our immigration and border management system. We clearly play a crucial role in that system and take pride in that role. Rest assured, though, I am here to argue that we would be remiss to confine the program to such a narrow focus. US-VISIT's biometric-based solutions for identity management directly support agencies government-wide, not only U.S. Customs and Border Protection, but also Citizenship and Immigration Services, Immigration and Customs Enforcement, the Coast Guard, other DHS components including TSA, and also the Departments of Justice and State and the intelligence community. The biometric information that US-VISIT collects, stores and manages is just one part of the service that we provide to these entities. The other part is the analysis and vehicle for delivery of this information. It is this other part that makes us different from, though very critical to, the work that our immigration and border management programs do. Mr. Chairman, your passionate commitment as well as this entire committee to ensuring that our first lines of defense, those decision-makers at the state and local level, have the necessary tools when and where they need them to protect our country that passion and commitment is simultaneously driving US-VISIT's realignment with NPPD so that we can expand this information-sharing across even more lines of defense, such as critical infrastructure and cybersecurity. Today, I wanted to share some real-life examples of what US-VISIT has currently enabled agencies across federal, state and local levels to do. A person traveling under the Visa Waiver Program arrived at a U.S. airport. Although the name did not hit against any biographic watch list, the person's biometric matched those of US-VISIT. CBP officers confirmed the person's true identity and history of heroin smuggling and passport forgery. US-VISIT's services helped CBP deny this known criminal entry. Recently, sheriff officials submitted an assault suspect's fingerprints during a routine booking procedure. Because of a new process testing the interoperability of US-VISIT's and the FBI's fingerprint databases, the fingerprints were checked against criminal and immigration information. In the past, biometrics confirmed the person's criminal and immigration violation history. This new process notified law enforcement and immigration officials of this information, and now DHS will be able to remove this person after local prosecution. Recently, the Coast Guard arrested 22 migrants attempting to enter the United States through the Mona Pass between Puerto Rico and the Dominican Republic. Because of the biometric matching to US-VISIT data, part of the pilot program to use biometrics to establish and verify true identities of persons at sea, three of these persons are now being prosecuted. And finally, even more recently, a smuggling and kidnaping suspect was identified in our systems after our fingerprint examiners removed latent prints from a crime scene that was provided to us by ICE. These cases are only a few of the many successes that US- VISIT is facilitating. The very cross-cutting nature of this program demands structure and leadership that will foster intergovernmental collaboration to provide the nation with imperative risk reduction capabilities. The NPPD provides such a platform. Mr. Chairman, it is a comfort to know that there are advocates like you for this program. As an advocate myself, I believe this move will enable US-VISIT to expand its value to a breadth of agencies. Our nation's security requires this of us. And thank you. [The statement of Mr. Mocny and Mr. Zitz follows:] Prepared Joint Statement of Robert Zitz and Robert A. Mocny March 20, 2007 Chairman Thompson, Ranking Member King, Members of the Committee-- Good Morning. Thank you for the opportunity to appear before you to discuss the National Protection and Programs Directorate (NPPD) and the movement of US-VISIT into this new Directorate. Secretary Chertoff and the Department continue to make progress in many areas. Our mission is straightforward and guided by four goals: Goal 1. Protect our Nation from Dangerous People Goal 2. Protect our Nation from Dangerous Goods Goal Goal 3. Protect Critical Infrastructure Goal 4. Build a Nimble, Effective Emergency Response System and a Culture of Preparedness In an interconnected and interdependent global economy, managing risk requires adaptability to a wide range of individual scenarios. These scenarios create a very complex risk environment when it comes to protecting America. The risk environment is dynamic and our approach to managing this risk environment must be equally dynamic. Our approach is focused on the most significant risks; we apply resources in the most practical way possible to prevent, protect against, and respond to manmade and natural hazards. That means making tough-minded assessments and recognizing that it is simply not possible to eliminate every threat to every individual in every place at every moment. Discipline is required to assess threats, review vulnerabilities, and weigh consequences; we then have to balance and prioritize our resources against those risks so that we can ensure that our Nation is protected. Decades of experience in dealing with natural disasters have provided sufficient data to understand their risk. By contrast, there have been far fewer terrorist events within the United States, making our comprehension of risk less encompassing. We must continue to guard against infiltration of this country by international terrorists who have the capability and intent to cause damage to our people and our economy. The most recent illustration of this kind of a scenario is the plot in London that was uncovered last summer. Had it been successful, it would have cost the lives of hundreds of people and could have dealt a significant blow to the functioning of our entire system of international trade and travel. We have to recognize that there are individuals who sympathize with terrorist organizations or embrace their ideology and who are prepared to use violence as a means to promote a radical, violent agenda. To minimize this potential emerging threat, we have to work across Federal, State, and local jurisdictions to prevent domestic terrorism. Risk is interdependent and interconnected and must be managed accordingly. For example, a port closure will not only have an impact on a given port area, but also on manufacturing facilities thousands of miles away that depend on the timely delivery of materials. One of the best examples of this interdependency is petroleum refinery capacity along the Gulf Coast following Hurricane Katrina. The day before Hurricane Katrina, facilities in Houston, Texas, produced 25 percent of the Nation's petroleum. The day after Hurricane Katrina, with the facilities closed along the Gulf Coast, these same facilities were producing 47 percent of the Nation's petroleum. This example demonstrates how significant supply chain interdependencies are in managing a full range of risk. So we understand that managing risk requires us to look at a broad continuum across a wide geographical area. The National Protection and Programs Directorate is being created so that the United States is better prepared to meet these challenges. NPPD Mission and Overview The main responsibility of the NPPD is to advance the Department's risk-reduction mission. To achieve this goal, the NPPD protects infrastructure through the identification of threats and vulnerabilities. It develops risk-mitigation strategies and defines and synchronizes Departmental doctrine for protection initiatives that involve significant coordination and integration of efforts among our Federal counterparts and partners in the State, local, tribal, and private sector communities. The Department's ability to identify and assess risks to the Nation depends to a significant degree on its capacity to detect and evaluate threats to the United States. Threats posed by individuals wishing to do the Nation harm generally fall into two categories: physical and virtual. Reducing risk requires an integrated approach that encompasses these physical and virtual threats, as well as the human elements that pose those threats. Currently, there are multiple components within DHS working independently to reduce our comprehensive risk. Three of these are:The Office of Infrastructure Protection (IP), which addresses physical risks; The Office of Cyber Security and Communications (CS&C), which addresses cyber risks; and US-VISIT, which addresses human risks. All three of these offices use the same approach to reduce risk by utilizing data gathering, data analysis, and dissemination of information to operators. DHS believes that it can increase the synergies between, and improve the output of, the aforementioned offices by not only recognizing their commonalities, but also integrating their work more closely. All these programs are flexible, critical resources that can be leveraged by any agency within DHS. This structure promotes information sharing and integration, both of which are key to the Department's long-term strategy for developing a unified immigration and border management enterprise. Expanding access to US-VISIT's identity management services supports three of the NPPD's critical missions: Fostering stronger and better integrated national approaches among key strategic homeland security activities; Protecting the Nation's critical infrastructure, both physical and virtual; and Enhancing the security of our citizens and visitors by facilitating legitimate travel with appropriate safeguards. The US-VISIT Program The US-VISIT program was created in response to a congressional mandate for an entry/exit system. In the beginning, it expended considerable effort to support the Customs and Border Protection (CBP) officers responsible for screening travelers applying for admission into the United States, as well as the Department of State consular officers who issue visas. However, US-VISIT has expanded its role and now provides significant support to U.S. Citizenship and Immigration Service (USCIS), Immigration and Customs Enforcement (ICE), the U.S. Coast Guard (USCG), and other DHS components; the Department of Justice; and the intelligence community. The US-VISIT program is leading one of the Department`s key initiatives--the transition from 2-print to 10-print capture and interoperability, an initiative that will include not only the Department of Justice, but State and local law enforcement entities as well. US-VISIT is supporting DHS' goals of promoting international information sharing and screening by working with other countries that are currently developing, or interested in developing, their own biometrics-based systems. Close ties with the Department of State and its BioVisa Program are also extending the boundaries of the United States beyond the country's physical borders, to the point where the biometrics of all visa applicants are collected and used for risk and threat assessment purposes long before those individuals enter our country. These myriad efforts do not divorce US-VISIT from its initial purpose; rather, they allow the program to fulfill its potential as an identity management services program. US-VISIT provides the capability for agencies with immigration and border management responsibilities to establish an individual's identity through the capture of biometric information and its association with biographic information. US-VISIT enables the enrollment and subsequent verification of an individual's identity at any point within the immigration and border management process. Through identity management, decision-makers will be able to access information (appropriate to their business needs) that is associated with any one individual, including results of watch list and criminal background checks. By increasing the number of individuals known to the United States (and to our allies), we are allowing our governments to focus precious time and resources on unknown individuals and those who may wish to do us harm. Thus, the inclusion of US-VISIT with other risk-reduction activities will increase the program's ability to serve as a risk- reduction service provider across the Department as a whole. Closing When Congress passed legislation to create the Department of Homeland Security, it sent a clear message that bureaucratic turf battles and programmatic ``stove piping'' needed to stop. The solution to the protection of the homeland was a single entity empowered with a broad, cooperative outlook to address the challenges that face our Nation. With its mission to support all DHS components and Executive Branch agencies, the NPPD is exactly the kind of post-9/11 cooperative thinking that Congress called for when it authorized the creation of DHS. Let me assure the Committee that all of the benefits to border security which US-VISIT has brought to CBP and other agencies responsible for protecting our Nation will continue to be delivered by the new reporting structure. US-VISIT and its biometric identity management capabilities will continue to be available to all DHS components. I would like to thank the Committee for its time today, and I welcome your perspective on the themes I have articulated. Chairman Thompson. Thank you for your testimony. I now recognize Mr. Stana to summarize his statement for 5 minutes. STATEMENT OF RICHARD STANA, DIRECTOR, HOMELAND SECURITY AND JUSTICE ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE Mr. Stana. Thank you, Chairman Thompson and members of the full committee. I am pleased to be here today to discuss the status and direction of the US-VISIT program. As you know, the program is designed to collect, maintain and share data on selected foreign nationals entering and leaving the country at air, sea and land ports of entry. Data is captured to learn and verity visitors' identities, screen information against watch lists, and record arrival and departure. My prepared statement summarizes our work over the last several years on the status of the program, but for now I would like to summarize three key points. First, although US-VISIT has conducted exit demonstration projects at a small number of ports, a biometric exit capability is currently not available. At land ports, implementing a biometrically based exit recording system that mirrors entry would require more than $3 billion in new infrastructure and could produce major traffic congestion because travelers would have to stop their vehicle upon exit for processing. The RFID technology tested at five land ports was subject to numerous performance and reliability problems in fact, it had a success rate of only 14 percent in one test and provided no assurance that the person recorded as leaving the country is the same one who entered. At air and sea ports, the exit environment could support a biometric exit capability, although the exit alternative tested was estimated to have a 24 percent compliance rate. It is important to note that DHS has not yet provided to Congress a statutorily mandated report which was due by June 2005 on plans to fully implement the entry-exit program. Second, DHS deserves credit for installing the entry portion of US-VISIT at nearly all of the air, sea and land ports, and this was done with minimal new construction or changes to existing facilities. But officials at 12 of the 21 land ports we visited told us about US-VISIT-related computer slowdowns and freezes that adversely affected processing times and could have compromised security. These problems were not routinely reported to headquarters in part because of the lack of coordination between US-VISIT and CBP. The introduction of 10-fingerprint technology and e- passports could help with the traveler identification process, but they could also increase inspection times and crowding and affect port operations at aging and space- constrained facilities. Lastly, US-VISIT continues to face longstanding management challenges. Importantly, after spending 4 years and over $1 billion on the program, US-VISIT has not yet issued a strategic plan that articulates how it will strategically fit with other border security initiatives and mandates such as the Secure Border Initiative and the Western Hemisphere Travel Initiative, nor has it put in place selected management processes and controls to better ensure effective program implementation and to reduce program risks. In the limited time I have remaining, I would like to raise three issues that members of this committee may wish to consider in connection with the theme of today's hearing. First, a clear mission statement and a strategic plan provide the foundation for the expectations and results that any organization seeks to achieve. With respect to US-VISIT, the mission is both knowing who is entering and leaving the country and managing identity information. While the primary focus had been on deploying an entry- exit system, more recently increased emphasis is being placed on managing identity information under Unique Identity. Without a strategic plan, we do not know how US-VISIT will balance resources and levels of effort between the two missions, and DHS stakeholders are less certain what to expect in their areas of interest. And if the primary focus shifts to Unique Identity, who will take responsibility for implementing an exit capability? Second, any organization's alignment needs to support its mission and strategic goals. Where a component is placed on an organization chart usually follows from an alignment of its activities, core processes and resources with those of key stakeholders. If US-VISIT's primary mission is to be Unique Identity, then alignment with NPPD could be appropriate. If the primary mission is implementing entry-exit, then alignment with key stakeholders, like CBP, SBI, Trusted Traveler programs and so on, would seem appropriate. Either way, the alignment decision should flow from the mission and the plan, not the other way around. And appropriate crosswalks need to be established to ensure effective coordination with the other aligned components. And third, what does Congress think the US-VISIT program should accomplish and by when? By statute, the program is to both implement an entry-exit system and manage identity information. But what is Congress' priority? At this point, is it more important to roll out a unique identity program? Is it to shore up the entry program at the ports? Or is it to implement an exit capability? Knowing this could help inform DHS where the US-VISIT program should be located. It is also important to note that there currently is no statutory deadline for deploying an exit capability. Right now, exit demonstration projects are planned or under way at 12 of 115 airports, two of 14 seaports, and none of the 170 land ports. DHS has not yet set a date for full implementation, nor has it articulated what the biometric exit capability will ultimately look like. This concludes my oral statement, and I would be pleased to respond to any questions that members of the committee may have. [The statement of Mr. Stana follows:] \1\ --------------------------------------------------------------------------- \1\ GAO, Homeland Security: US-VISIT Program Faces Operational, Technological, and Management Challenges, GAO-07-632T (Washington, D.C.: Sept. 19, 2003). --------------------------------------------------------------------------- Chairman Thompson. Thank you very much for your testimony. I now recognize Mr. Zitz for any comments he may have, recognizing that you submitted a joint statement with Mr. Mocny. STATEMENT OF RICHARD ZITZ, DEPUTY UNDER SECRETARY FOR PREAPREDNESS, DEPARTMENT OF Mr. Zitz. Chairman Thompson, Ranking Member King, distinguished members of this committee, thank you for inviting me today to appear before you and discuss the realignment of US-VISIT into the department's newly established National Protection and Programs Directorate, or NPPD. I would like to begin this morning by noting I am pleased to be joined by Bob Mocny, acting director of US-VISIT. The many successes already demonstrated by US-VISIT are due in large part to Bob's leadership and the talent and dedication of the entire US-VISIT team. Also by Rich Stana, director of homeland security and justice issues of GAO. We appreciate the ongoing dialogue with GAO. The secretary has provided clear direction in the steps the department needs to take to enhance our protection of America. His goals are clear: One, protect the nation from dangerous people. Two, protect the nation from dangerous things. Three, counter the threat of weapons of mass destruction. Four, protect the nation's critical infrastructure. Five, build a culture of preparedness and strengthen our ability to respond. It is with the congressional changes in response to Katrina and with the secretary's goals in mind that NPPD was formed. NPPD integrates the risk reduction activities of the Office of Infrastructure Protection, the Office of Cybersecurity and Communications and US-VISIT. I can assure you that the department's decision to include the US-VISIT program as part of NPPD was neither arbitrary nor capricious. Rather, this decision is based on sound management principles. The main responsibility of NPPD is to advance the department's risk reduction mission. Risk reduction is about getting the right information into the right hands in time to act. The department's ability to identify and assess risk to the nation depends to a significant degree on its capacity to detect and evaluate threats to the United States. Threats are posed by individuals wishing to do the nation harm, and they naturally fall into two categories, physical and virtual. Reducing risk requires an integrated approach that encompasses human, physical and virtual aspects. US-VISIT, infrastructure protection and cybersecurity and communications all use the same approach for risk reduction through data gathering, data analysis and electronic dissemination of information to operators. Further, all three offices engage in routine and extensive coordination across every level of government and with the private sector. In addition, by specifically positioning the US-VISIT program within NPPD, DHS is aligning the office with other components that serve as a departmental-level resource for our top decision makers. US-VISIT has evolved. When US-VISIT was created in response to a congressional mandate for an entry-exit system, it expended considerable effort to support the customs and border protection officers who are responsible for screening travelers who apply for admission into the United States. However, US-VISIT also provides significant support to U.S. Citizenship and Immigration Service, Immigration and Customs Enforcement, the U.S. Coast Guard, the Departments of State and Justice, the intelligence community, and other DHS components. The US-VISIT program will continue to fulfill its critically important entry-exit identity management services. Its inclusion in NPPD will not diminish this responsibility. Rather, its inclusion in NPPD recognizes the far- reaching impact of its innovative people, processes and technologies to help break down stovepipes, enhance information sharing, and further reduce risks to the nation. The US-VISIT program in its innovative biometrics-based technology solutions offers a range of opportunities for information-sharing and risk-reduction activities beyond their core mission. We won't take our eye off the ball. US-VISIT has clear deliverables that must be realized. But it would be an opportunity lost to not take advantage of its additional potential. Thank you for your time this morning, and I look forward to answering any questions you may have. Chairman Thompson. Thank you very much for your testimony, each of you. I now thank the witnesses for their testimony, and I yield myself 5 minutes. Mr. Mocny, US-VISIT in its inception was supposed to be an entry-exit program. Do you have enough history to know why we have shifted the emphasis of the original intent of the program? Mr. Mocny. I believe I do, Mr. Chairman. I was formerly with the Immigration Service, and I was the director of the entry-exit program prior to the DHS being stood up. And then we moved into DHS and we became the US-VISIT program through a series of name changes. So frankly, I have been there from the very beginning. And you are absolutely right. This was about the establishment of several sections of law passed back as far as 1996 when Congress first became interested in the illegal immigration population. There were laws passed in 2000 that called for the Visa Waiver Program having an automated entry-exit system. And then 9/11 occurred, and of course, we know the laws that are passed since then. And repeatedly, the Congress has said that we needed to have a better way of managing our foreign nationals coming into, staying in and leaving from the United States. So where we were first stood up and if I can kind of analogize it to a police case where you have to get the perimeter secured first, that was certainly what it was its initial job to do, get the ports of entry fixed, get the Department of State biometric visa issuing process stood up, so you stem the tide and have the perimeter secure. We have always had, from the very beginning, a five- process approach to this. There is pre-entry, which, of course, is the State Department and anything we might gather from the airlines via the Visa Waiver Program and Advance Passenger Information Service. There is entry, which is clearly a CBP role, which is when that person arrives at a port of entry. Then there is status management, what happens to that individual once they get here. And then there is exit. Of course, we are talking about that. And finally, analysis. So between pre-entry, entry, status management, exit and analysis the US-VISIT strategic plan and thinking has always been around those five core business processes. We are focused today, or have been, on the entry process as appropriate. We need to focus on the exit part, which we will be able to do. But I can tell you that, as the deputy undersecretary states, we have evolved, and we have evolved as planned from just entry to now a larger piece. Chairman So are you telling the committee today that we have both the entry and exit components established and in place? Mr. Mocny. Absolutely not, no. We have the entry established, clearly, at the 119 airports and the seaports and the 154 land-water ports of entry, that which was mandated by Congress to be completed by 2003, 2004, 2005, every December 31st. The exit portion is something that we have to work on. There was no date as Mr. Stana indicated, no date given for that particular piece of it, but we clearly are working on exit. We have got some pilot programs that we are running. And that is something we want to address this year at the air locations. Chairman Thompson. Okay. Well, I guess, then, there is obviously two different schools of thought from the testimony. You just referenced a strategic plan. Can you provide the committee with a copy of your strategic plan for the US- VISIT program? Mr. Mocny. That is the goal that we are trying to get that through the process here. It is certainly going to be part of our appropriations. And we owe you a 7208 report as part of the Intelligence Reform Act to get that to you. And all I can say is we are working through the process, through DHS, through OMB, but the plan is to get you that plan so that you can see the broader aspect of the program. Chairman Thompson. When was that plan due? Mr. Mocny. It was due in 2005, sir. Chairman Thompson. So you are 1.5 years behind. Mr. Mocny. Yes, sir. Chairman Thompson. When can we expect it? Mr. Mocny. I was asked to predict this in another committee before. I can't give you definitive. I can say soon. I would say within weeks. And I hope to say between 30 days and 40 days. That was the date that I gave last time, and I would hope-- Chairman Thompson. Well, you can understand where we are. You tell us that we have a program, we have this, but we don't have a plan by which we are operating. And that causes a little concern on the part of the committee, because if you don't have a plan, then you are saying, ``Trust us and we will do it.'' I guess the other thing, too is there any idea when the department is going to move you away from being acting to being the permanent person? Mr. Mocny. I have no indication of that. I think there has been a desire on some, but I haven't had-- Chairman Thompson. How long have you been acting? Mr. Mocny. For about 10 months, 8 months, 10 months now. Chairman Thompson. Yes. You know, one of our criticisms of the department historically has been the turnover, the acting people in very important positions. And the committee has expressed on several occasions, from a leadership as well as management perspective, you need permanent people in place to get the job done. I guess my last comment is to Mr. Stana. Ten years, over $1 billion, no strategic plan could you from GAO's perspective give me your analysis of the program for the committee? Mr. Stana. Well, in broad terms, we know that entry is pretty much in place. There are a few managerial issues that have to be attended to, one of which is making sure proper evaluations and performance measures are in place and so on. And of course, Mr. Mocny mentioned the 7208 report needed to be there. Exit is nowhere near completion. There have been some pilots at both air--including air, sea and land, none of which has been particularly effective. They continue to pilot. There is no deadline for completion. And although I am sure that the program office would like to have it in better shape than that, the fact is exit is likely a ways away. There are other management issues, not the least of which is the one you mentioned. And that is understanding where the US-VISIT office is to fit strategically and operationally within homeland security. Without a strategic plan, not only do you not know exactly what to expect of the program, and who is accountable for what, and what the linkages are to other related programs, but neither do other stakeholders in the department. It is not that the unit absolutely has to be located in one place or another. But understanding exactly what the program is, what it has become, what its strengths, limitations are, and how the crosswalks from that program are going to be linked to other components is something that is just not known yet. I might point out that something in my mind that adds to the confusion--when I see paperwork that describes what US- VISIT is in the NPPD, I see reference to managing identity information. I see very few references to entry-exit. And so that concerns me. Although in the budget documents there is a pledge of sorts to complete the entry-exit part of it, it just seems that that has taken a secondary role. And I am not sure that that is where or how they really want to portray that, or if that really is the fact. But that does add to confusion. Chairman Thompson. Thank you very much. My time has expired. I now recognize the gentleman from Tennessee, Mr. Davis. Mr. Davis of Tennessee. Thank you, Mr. Chairman. Just to follow up on the exit, that seems to be where the problem is at. When do you foresee a solution to the exit? Mr. Stana. Well, we have known for years that exit is the tough part. The Department of Justice inspector general did a report back in the late 1990s about the predecessor, the I-94 form that you are supposed to turn in, and what some of the problems were getting a reliable count on people leaving using that form. DMIA task teams have done two reports on the exit process, and both have pointed to problems with getting an effective technology to help out so that you don't slow the lines, particularly at land ports. And our own report last December pointed it out. Now, when is this going to happen? When is it going to be completed? I don't know. And I haven't seen a date from the department that would give me an indication of when that is going to happen. I also haven't seen yet from the department any information showing exactly what the exit capability is going to look like. In fact, it is still being piloted at the air and seaports, and there are no pilots currently under way at land ports, so that is a completely open question. Mr. Davis of Tennessee. Do you have a number of how many people are here what I would consider to be illegally if they are beyond their visa expiration date? Do you know how many people that would be in America? Mr. Stana. I have seen estimates from 12 million to 20 million illegal aliens in the country, and estimates are that about 40 percent of those are here as visa overstays. So if you do the math, that is roughly five million people here as visa overstays. Mr. Davis of Tennessee. Thank you. That is all I have. Chairman Thompson. Thank you very much. We now recognize the gentleman from Texas, Mr. Cuellar. Mr. Cuellar. Thank you, Mr. Chairman. Let me talk about US- VISIT on land ports. Being from a land port and lived all my life, I can tell you that there are certain structural issues that we have to deal with, which is mainly the facilities. I understand technology is important, and I think we have spent a lot of money on the technology part of it. But you have still got to look at personnel to address it. In my district--and I think I have got about 10 ports of entry, two international airports, one international rail, probably more crossings than any other congressman in the nation we get about 12 million north-and southbound pedestrians a year, roughly. We talk about technology. We have to talk about the right staffing. But the other thing, which is an expensive part of it, is the infrastructure. If I can just have you imagine having a bridge that got built there in the late 1950s, the narrow streets that we have there at the port of entries, and then thinking about trying to get all those people in, and then if we have to do the exit out and I am in agreement with the overall goals. But if you don't have personnel and, of course, the technologies where we spend most of our time on--but if you don't have the right infrastructure, because of the crammed, constrained facilities, you are going to have difficult times. My area has complained, as you know--you have seen some of those folks have complained when the US-VISIT was coming in, and it was coming from the business people, because people were concerned about the impact that it would have on trade and business. And one of the concerns that I always look at is I believe in homeland security, but if it impedes your local economy people in Washington, you know, have to make sure that they are aware of the local impact on the economy. So what I am looking at is what plans do we have for the infrastructure investments that we need to have, because you can talk about all the beautiful technology, and you can talk about trying to get more staffing, but if you don't have the infrastructure, because of the constrained spaces and I have been to a lot of those bridges there. And I have done that for years and years. I mean, port entries the POEs. I mean, we are going to be behind the eight- ball on this simply because of this. So I have a responsibility to my constituents, including the business community, because of the impact it would have. What are your thoughts and this is to all three of you all. What are your thoughts on the infrastructure? Because there hasn't been an investment on infrastructure. There has been little piecemeal--you know, put a little thing here, put a little thing here. But if we are going to address this issue, we have to look at infrastructure for the port facilities. Mr. Mocny. Well, Congressman, that is exactly one of the reasons why we are looking at the land border differently than the air and sea. We are committed to getting an air and sea solution beginning this year. We are going to be working with the airlines so that you do have a viable biometric exit. And I would like the committee to understand we do have biographic exit today, so everybody who leaves from an airport, from a seaport, has that information biographically recorded, sent to us by the airlines and by the cruise industry, that goes to DHS, and we record the entries and the exits on the biographic side. But you are right, the biometric side is a challenge. We looked at that very issue we had five pilot tests that Mr. Stana refers to where we looked at using radio frequency technology to capture that data, because there is no infrastructure. I mean, the air and sea present their own infrastructure issues in and of themselves, because we don't have, as many nations have, departure control at the air, at the sea, or at the land border ports of entry. But the land is most critical, and of course that is where 80 percent of the people come and leave from the U.S. So that is why we have taken what we believe to be a more intelligent approach by saying air and sea exit we can do and we can handle, and we have got that moving ahead as we speak right now. The land border we are going to have to make sure that we have the correct infrastructure or, looking outside the box and using perhaps an entry into Mexico as being an entry--an entry into Mexico being an exit from the U.S. And not always do you have-- Mr. Cuellar. I am sorry, say that again. Mr. Mocny. An entry into Mexico or Canada would be an exit from the U.S. And working with the various governments to use their infrastructure I mean, you leave the U.S. and then 100 yards later you are in Mexico or Canada. And can we not work with agreements with the countries to say rather than us building ourselves just 100 yards north or south why don't we utilize the infrastructure just south or just north? And so those are the kind of questions we are asking ourselves. How can we do a recording of exits in a maybe incremental approach? And that is how we approach things at US-VISIT, is to do things in, you know, kind of a slow, piecemeal fashion slow is not the right word, but doing it in the appropriate time frame. But you are absolutely right. The infrastructure is not something why we wanted to impose a biometric exit on travelers, because it would be untenable. Mr. Stana. Yes. The only thing I would add to that is, you know, what Bob Mocny says is exactly right. I mean, it is a challenge mostly at land ports. And you pointed out as you get into some of these--cities San Ysidro or Laredo, El Paso the infrastructure that is existing--it has been there for decades. It was not built with security in mind. It was built for passport control in mind. And now we have kind of piggybacked another responsibility there. It is not only US-VISIT that is complicating this issue. When the Western Hemisphere Travel Initiative kicks in, in the next year or two, a similar issue is going to come up--and in some respects, an issue that is going to affect many more people. Only about 1 percent or 2 percent of the people who cross through land ports are subject to US-VISIT checks. Many, many more are going to be subject to Western Hemisphere checks. And that is why technology could play a role. There are trusted traveler programs now that you probably are familiar with, NEXIS and SENTRI. And they seem to work quite well. Finding a way to extend those kinds of programs to include some kind of biometric identification--you know, with a smart card of sorts--may be helpful that you keep traffic moving. With respect to using Canada and Mexico using their entry as our exit, I would want to make sure that the people in those booths in other countries are fully vetted for security reasons before I would go down that road too far. Mr. Cuellar. Mr. Chairman, my time is up. Could I just ask him to provide one information-- Chairman Thompson. Go ahead. Mr. Cuellar. For all three of you all, could you give the committee--and I personally want to see this--the list have you all done a study on the space constrained areas that we have at the port of entries? Because I know you mentioned this in your report. I don't know if you all have that, but I would like to get that as soon as possible. I don't know how fast that would be, but that is a big component that we have been missing, the space constrains, because they were built years ago. And like you said, they were done for another purpose. Now we are talking about security, which is totally different. Chairman Thompson. Absolutely. Absolutely. Mr. Stana. Yes. The latest estimate from the department was about $3 billion, and that estimate was made in 2003, to correct many of those things. So it is not just a handful. It is many of them. Even on the northern border and sparsely populated areas, there would have to be reconfigurations. The other thing to note is that that estimate doesn't include all of the infrastructure that would have to change. Interstate highways may have to be rerouted. I mean, it is not just at the immediate port facility where changes would have to be made. Mr. Cuellar. Well, I appreciate that information. Thank you, Mr. Chairman. Chairman Thompson. Thank you very much. We now recognize Mr. Dent of Pennsylvania for 5 minutes. Mr. Dent. Thank you, Mr. Chairman. Good morning, gentlemen. According to DHS' Office of Immigration Statistics, in 2004 180 million foreign nationals entered the United States as a non- immigrant status. In 2005, about 175 million people entered. Do you know how many of these individuals overstayed their visas or authorized stay in the United States? Mr. Mocny. I can only quote the estimate that Mr. Stana quotes as well, which is about 30 percent to 40 percent of the people who come here under the Visa Waiver Program are estimated to overstay their visas. But I don't have a hard number. Mr. Dent. So it is about 30 percent, then. Mr. Mocny. That is about right. Mr. Dent. Okay. And in 2005, about 2.2 million foreign nationals entered the United States under the Visa Waiver Program. How many of those folks overstayed? Is it the same percentage for the-- Mr. Mocny. We use the same percentage. Mr. Dent. Same percentage. Okay. And then another issue, too, that I am concerned about is that, you know, 13 of 17 terrorists--9/11--had overstayed their temporary visas. And I guess the main question is how can the United States government not be able to answer this fundamental question about border security 5.5 years after 9/11. We have all these people overstaying. You say it is 30 percent. You know, the 9/11 terrorists came in, and they were on-- they came in here with visas and several overstayed. What are the alternatives for gathering exit information, even if it is just biographical data, you know, for now that could be implemented in the short term? So what do we do to make this better? Mr. Mocny. Congressman, I appreciate the question, because this--it goes to the heart of what US-VISIT has been able to do. Because we have been able to focus ourselves in not one particular mission area, not in just CBP, not just in ICE, not just in CIS, we are able to kind of look across the board, because at the end of the day, what we are talking about is DHS-wide and it is, frankly, U.S. government-wide. The exit piece is--and the failure of people to exit needs to be analyzed, and we have a unit within US-VISIT, the Data Integrity Group, which every single day looks at those overstay records, makes some general assumptions about whether or not they have left. They look at various databases. And at the end of the day, they turn over a tranche of records to ICE, Immigration and Customs Enforcement, who are able then to develop portfolios and go and find those individuals. Now, in 290 cases to date--and that is not a lot, but it is some where on just the data that the US-VISIT team was able to cull, they were able to actually go out and make arrests and deport those individuals who have overstayed their visa. It might be surprising to some on this committee that we have not had that ability to do that in the past. We just haven't had the ability to look at the various data bits and say this person is, in fact, an overstay. And it might be an unconfirmed overstay or a confirmed overstay. And so by expanding the capabilities of the US-VISIT program department-wide, we are able to look across the board at all the data to be able to make that very decision and work toward an environment--and our third goal for the program is to ensure the integrity of the immigration system. And frankly, we need a unit that can focus on those various cross-cutting issues. Mr. Stana. Mr. Dent, if I might add to that, I think that that question you raised has to be parsed. Are we talking immigration control or are we talking terror control? If we are talking immigration control, then the exit part of entry-exit is extremely important, because that gives you the idea of who has overstayed. If you are talking terror control, entry becomes paramount, because once someone is in the country, it doesn't matter when they leave. There are some things that US-VISIT can do and, frankly, there are some things that perhaps it can't, because it is collecting biometric information and it matches it against known terrorists on watch lists. Somehow or other, this biometric identity unit that is being enhanced here has to have the proper links to the intelligence community to make sure that not only is information on the watch list evaluated but any other leads that may be there can be brought to bear on this issue. There may be other ways to get to this other than the strict entry system, and those ought to be explored. And frankly, that is a component that ought to be linked in here when we are talking about where organizationally US-VISIT should fit in the structure of DHS. Where is it linked to the intelligence unit or to the national intelligence-gathering apparatus? Where is it linked to the science and technology groups? That is an important linkage. Mr. Zitz. Mr. Dent, if I could add to that, that very point--because NPPD is linked to the intelligence community through the intelligence apparatus in DHS we have a joint activity you are familiar with called High Track, which joint intelligence, joint critical infrastructure. That is a key linkage. And while I agree entry is paramount when you are talking about the terrorism aspect, the fact of overstaying a visa can be a correlation with other intelligence data that could give us an indicator. So again, what is paramount here is being able to marry up all the various data streams. Mr. Dent. I see my time is up. Thank you, Mr. Chairman. I yield back. Thank you. Chairman Thompson. Thank you very much. We now recognize the gentleman from North Carolina, Mr. Etheridge. Mr. Etheridge. Thank you, Mr. Chairman. And I apologize for being in and out, but we are doing budget work down the hall. Mr. Chairman, thank you. And again, Mr. Mocny, I believe Mr. Thompson asked this question, but let me return to it for a little more specific information, if I may. By redefining US-VISIT as an identity management system, it seems as though we are slowly moving away from Congress' call for an entry/exit system. My question is this, and I would appreciate you addressing them. Have the threats to the country changed so that there is less concern about aliens overstaying their visas? And two, what assurances can you give us that you will not abandon the exit mission of the system? And thirdly, how much money have you dedicated in 2007 for exit feature? And is there anything in the 2008 allocation for exit? Mr. Mocny. Thank you, Congressman. No, we haven't abandoned exit at all. And let me briefly tell you about the other side of the move into NPPD. We are talking about kind of from an operational standpoint how US- VISIT and the data it gathers can assist across the department and outside the department. The other reason why that I am a strong advocate of being moved into the NPPD is we are going to have an advocate now in the undersecretary for the NPPD. In the next panel, you are going to hear from Asa Hutchinson, who was our undersecretary under the Border and Transportation Security Directorate. And we had this very debate back in 2003, where to put US- VISIT, and to say, ``Well, should we be in CBP because it is ports of entry?'' ``No, it should be in ICE because it is about overstays.'' Well, maybe it should be somewhere above the mission space of those two entities right there. And so that is why the decision at that point was to put us into the BTS, the Border and Transportation Security Directorate. Our customer base has now grown. We now service the Coast Guard. We now service the Transportation Security Administration, Citizenship and Immigration Services, and now state and local police officers and the intelligence community. And by virtue of having our customer base grow and us providing identity services to more and more operational entities, we believe it is appropriate to be put into the NPPD. I will say this, that as our commitment to exit we have $7 million appropriated and assigned in 2007, but we have $39.5 million in our 2006 spend plan which--or appropriations which is yet to be extended on the exit piece. So we believe we have sufficient funding with the 2006 remaining and the 2007 to begin the process of air and sea exit, working with the airlines and the cruise industry, to have an effective solution working with them as our partners, while we work on the longer term issue of the land border issue. And I believe in subsequent years we would be coming back to the Congress to finish the exit piece. But I think, just to finish, the reason why we are going to NPPD is because we are committed to getting the other pieces done. We haven't completed exit. And frankly, we need an advocate in an undersecretary who has direct access to the secretary and the deputy secretary, so that we can make sure that our commitments are made good. Mr. Etheridge. Do I understand your statement, then, that the threat of folks overstaying their visas is still a concern? Mr. Mocny. Absolutely. Mr. Etheridge. Okay. Let me very quickly go to one other question. It is my understanding that we have been testing radio frequencies--RFID technology at our land borders. GAO reports that these systems performed below their target rates and did not even meet congressional mandates for a biometric exit system. Are we still investing in that technology? And what lessons did you learn from the initial pilots that may be applicable to the future? Mr. Mocny. Again, thank you. One of the things that we do at US-VISIT is work very closely with the business community. Just a year ago, the new 10-fingerprint devices didn't exist that we are going to be deploying this year and next, and again, that is a close association working with industry to do so. We are also working on this bio-token, as you call the biometric RFID. We have seen prototypes of several different companies, frankly, that would allow for the capture of a biometric and then that biometric being recorded remotely and passively through some kind of RFID signal. But the technology is not there yet. It is probably 3 years to 5 years in the offing for any kind of robust and safe use of a biometric RFID. And in fact, we tested-- Mr. Etheridge. How far out did you say? Mr. Mocny. I would say my guess would be anywhere from 3 years to 5 years. Mr. Etheridge. Thank you. Mr. Mocny. But the idea of having biometrics as part of the exit portion--which, again, is a mandate from the Congress--is something that we are striving for. And that is the complexity. We can have biometric exit at the air and seaports of entry. But to ask someone to drive out of the country and simultaneously put their finger on a device while they are steering out of the country at 45 miles an hour--frankly, it would be irresponsible on my part to mandate that of anybody, let alone an elderly driver--whoever. So we have to look at the ergonomics of it. We have to look at the efficacy of it. And that is why we are going to continue to pay attention to it, although--take some steps, perhaps, and do things biographically, as I said, working with Canada and work with Mexico, to get that done. But we haven't abandoned the air or the sea exit. We are not abandoning land border exit. We are just going to wait for the technology to kind of catch up to us so that we can implement this. Mr. Etheridge. Thank you. I yield back. Mr. Stana. Can I add one thing to that, Mr. Etheridge? I think Mr. Mocny is correct in that the technology that was tested just wasn't up to doing the job. It neither read correctly nor was it biometric. If something comes available in 3 years, 5 years, 10 years, that would be helpful. But let's not lose sight of the fact that technology is just a tool, like any other tool. I think another reason why US-VISIT needs to work very closely with CBP on exit procedures and exit strategies is that sometimes, in some cases, in some circumstances, people aren't asked to stop very long at an entry booth at all. If there is a long line, you could have a line flush. If there is, you know, some other drug operation going on, they might inspect people somewhat differently. And if all of these inspection processes aren't put in harmony with what US-VISIT expects, you might have a perfect system that isn't implemented well. And there are cases--and I am sure the department can come up and brief you on them--at every port of entry where the systems were just not followed by the port inspectors. Mr. Zitz. Mr. Congressman, if I could also add, that same threat you refer to is also a good reason to do this realignment and to place US-VISIT with the offices that are responsible for correlating data from the intelligence community to critical infrastructure and understanding the risk against these specific sites. Overstays and the correlation of overstays to specific threat data could be the key piece of information we need to protect against a strike against part of our critical infrastructure. Chairman Thompson. Thank you very much. We now recognize the gentleman from Florida, Mr. Bilirakis. Mr. Bilirakis. Thank you, Mr. Chairman. Mr. Mocny, has the US-VISIT office established performance measures to compare actual performance of US- VISIT to expected results? Mr. Mocny. We are in the process of developing those. They are not as refined as we want them to be, but we are a new program. And so we do have performance measures--and the effectiveness of the biometric, how many hits we get against the biometric, what we do with an individual--so I would say yes, that we do, and they are evolving. Mr. Bilirakis. Okay. What promise do alternative technologies hold in providing biometric verification of persons exiting the country without major changes or additional physical infrastructure changes? Mr. Mocny. Well, if I understand the question correctly, there is not a whole lot of infrastructure changes absent the ones we talked about at the land border. We believe with the air and sea portions we can actually utilize existing infrastructure, because there is a known process by which people exit the country. They go to a check-in counter. They go through TSA. They enter via a gate. The infrastructure changes that are going to be of most critical need are going to be at the land border. Mr. Bilirakis. Okay. Thank you. Mr. Stana, should Congress establish a firm deadline for the implementation of a fully functioning biometric exit system? Why or why not should we establish a deadline in Congress? Mr. Stana. Well, let me give you some pros and cons of a deadline. The pros would be is it would prompt action from the department, more considerable action, toward moving toward the exit capability that we all want. The con of it is in some cases the technology isn't there, isn't mature enough, to make it, you know, a reality. And so if you would impose a deadline, say, in 2 years or 3 years for having an exit capability, it may not be possible. On the other hand, imposing a deadline in air and sea, I think, would be possible. And in fact, it may help the US- VISIT office get more resources from the department to make it happen. Mr. Bilirakis. Okay. Thank you very much. Thanks, Mr. Chairman. Chairman Thompson. Thank you very much. Just to clear up a comment from a question Mr. Bilirakis added in terms of performance measures, part of your answer, Mr. Mocny, is you said US-VISIT was a new program. You know, it is 10 years out. I understand we haven't completed it. But I would love for you to provide the committee some of those performance measures that you referenced to Mr. Bilirakis that have been met and the ones that have to be met. Mr. Mocny. I would be happy to do so, Mr. Chairman. Absolutely. Chairman Thompson. Thank you. We would like to recognize for 5 minutes the gentleman from Pennsylvania, Mr. Carney. Mr. Carney. Thank you, Mr. Chairman. Mr. Stana, in a December 2006 report you indicated instances where the US-VISIT program office was never made aware of operational problems--malfunctioning equipment, things like that--at ports of entry. Some of these problems you said not only affect the system's overall performance but may pose security risks. How will moving US-VISIT away from its operational context resolve these communications problems that you noted? Mr. Stana. That is a very good question. In fact, that is one of the key questions that comes to the table when one has to consider where to site US-VISIT on the DHS organizational structure. The problem with the coordination in that report was--when we got to it, is the people operating the system didn't know if it was a US-VISIT system or whether it was a CBP system. They weren't told who to go to to coordinate any problems. And moving it to NPPD would not necessarily hurt that if proper linkages were established. But it doesn't make it easier to resolve those kind of communication and coordination issues. This gets to a concern that I have with the information that I have seen on some of the key purposes of US-VISIT as mentioned in the National Protection and Programs Directorate briefing charts. They are located in that group with other non- immigration components, and there are four goals listed here or objectives listed here, not one of which seems to deal directly with entry or exit. It deals tangentially with that. Now, that is not to say that it is not a worthy goal to do biometric identification or biometric identity management. It is just to say that perhaps these kind of documents ought to more clearly show the linkage of the program to the entry-exit side, the entry-exit mission, and construct the linkages that are going to make those coordination issues not happen or be resolved quickly. Mr. Mocny. Could I offer a response to that as well? Mr. Carney. Yes, absolutely. Mr. Mocny. Thank you. One of the issues that we are seeing post-9/11--information sharing causes its own challenges in itself. It is easier to have stovepipes, because you can treat that system--as Mr. Stana says, that was definitely a CBP issue versus, ``We now have five systems connected, one of which is the Department of State's consolidated consular database.'' And so at any given point, it is where in this fishnet do you have the issues. By moving us into a departmental directorate, you do have a departmental look-see across the board, and so whereas I think you have a known entity, but when you have a particular operational mission, they are going to take care of their own systems. But when that system is now connected to three or four or five other systems within the department, and even outside the department, you do have to have a little bit higher elevated look across the board to see where exactly is the problem. So that is this coordinated kind of feature that US- VISIT and NPPD would offer. Mr. Zitz. May I also add, sir, that the NPPD's offices include I.T.-heavy activities. If you think about the cybersecurity activities, what we are doing with National Communications System, and the myriad databases that make up our Infrastructure Protection Office, we are very, very heavy right now on information technology. Also, placement as a headquarters-level activity has us in very close proximity and daily interaction with the chief information officer of the Department of Homeland Security. So by virtue of that continual interaction and sitting on myriad boards and panels with him, it enables us and will enable us to advocate even more vigorously. When there are problems, we will address them more quickly. And we will also be able to, I think, better defend and justify future activities of US-VISIT. Mr. Stana. If I could just add a ``yeah, but,'' it probably does help coordinate up, and it helps coordinate with the vendor community. Coordinating with the folks at the port of entry is going to continue to be challenge if these linkages, these coordination mechanisms, aren't in place and well known by the people who have to use them. Mr. Zitz. If I may respond, sir, the activities of our National Cybersecurity Division, of our National Communications System, and of our Infrastructure Protection Offices are all continuously interacting with the federal enterprise, with states, locals, tribal and the private sector. And so it is not just a headquarters, not just a look up. It is a look down as well. Thank you. Mr. Carney. I appreciate that retort. But I, like most of us on this committee, are very frustrated by the fact that, you know, we are 1.5 years late on reports that we should be given that are a glimpse into this whole process. And you know, I guess the question is who is accountable for that report and how do we get it. Mr. Mocny. I am accountable for getting the report to the department, and then it is our--going through the process, going through OMB, and that is the process that we have, and there is a clearance process for it. I am not going to make any excuses for it being 1.5 years late. Absolutely. I want you to look at this. Frankly, you know, maybe this hearing wouldn't have to be held if we had that here. And it is going to be up here very shortly. And it is nearing its end state. It is going to be to the department. And I hope then everybody has a clear look at what we are testifying here today. The breadth of the program is importantly about entry and exit, but it is also beyond that, and it talks about an entire immigration and border management enterprise which includes not only other entities within DHS but also entities without DHS, including State Department, the Justice Department, and state and local law enforcement. Mr. Carney. Thank you very much. Chairman Thompson. I have a question I want to kind of take off from. Mr. Zitz made the comment that intelligence and information was already being shared with some of the other stakeholders. Mr. Stana, what did your review of the department reflect in that perspective? Mr. Stana. The information is available for individuals entering the country and--they come to the US-VISIT station. The information is available on the computer screens that it shows the results of checks against watch lists. There is a different issue not related to US-VISIT with intelligence information more generally about who is expected to come to ports of entry, and is that information being shared with inspectors. But that is not particularly related to US- VISIT. Chairman Thompson. Well, if it is not, just tell us what it is related to. Mr. Stana. I could tell you that in a separate session. Chairman Thompson. Okay. Well, we will set it up. Ms. Clarke, at the request of Mr. Shays, we want to go to you first, and then we will go to him. The gentlelady from New York? Ms. Clarke. Thank you very much, Mr. Chairman. And thank you, too, Mr. Shays. Gentlemen, good morning. I am sitting here and I am, you know, really appreciating the complexities of what we are dealing with here. At the same time, I think it kind of goes to the core of, you know, management and which is pretty obvious, and sort of setting priorities. Mr. Mocny, I want to get a sense from you of what you would characterize as your priority for the full engagement of US- VISIT. Is it an integration with the other entities, CBP and others, that needs to take place in order to be effective? What would you say is the priority right now to get this in place and working? Mr. Mocny. Thank you, Congresswoman. The priority of the program is to make sure that we are integrating across the department. When you look at the very distinct mission, I go back to the discussion that we had when we decided to put is in the BTS before. There is a distinct mission that CBP plays, absolutely. They have port of entry and in between the port of entry jurisdiction. Outside of that, they are a partner. They are participatory. They cooperate as best they can. But their job is not to deal with the interior of the U.S. and people who may be overstaying their visas. Their job is not look at protection of critical infrastructure and people who may be trying to get into those areas. And frankly, their priority isn't to deal with those people who would get a visa or not. Similarly, ICE does, in fact, have a mission which is about the interior. They don't have a focus on the actual port of entry, although there is an association with that. And I mean, to use your term, the complexity of it is such that the Department of Homeland Security 22 federal agencies all with a similar type of mission, and yet where are the various touch points? And with programs like US-VISIT, we look across the department at those various touch points to make sure that they are as coordinated as possible and that everybody gets the information. And I can tell you from personal experience and days before DHS was stood up, and at INS, and we needed to get some information from the Customs, Department of Treasury, and it was tough. It really was. And to say well, why not--well, because our priority is the Department of Treasury's priority, it is not the Department of Justice's priority. Well, now that we have this great idea of bringing all those people who make sense with one another under one umbrella in the department, you then have a kind of subtext with that whole piece, and we at US-VISIT do look across the board. If you were to come to our offices, you would see at any given point people from ICE, people from CBP, people from the Department of State, from Justice, from Commerce, from Transportation. There is a complexity in dealing with people that come into and leave the United States and some who don't stay--the Department of Labor when they deal with labor certificates. And so when you get this plan that you have been asking for, you will see that we have outlined these complexities, and we begin to hopefully start a dialogue that talks about how do we across the board look at immigration and border management writ large. Our role is simply to be an honest broker among the various operational units within DHS and without DHS--state and local, justice--and be able to effectively do that. I can say, I believe, that the association that we have with the Federal Bureau of Investigation in developing an interoperable system would not have been possible were we not in our own non-parochial space within the department that allows us to look outside the box and work on these issues while CBP does their distinct mission, ICE does their distinct mission, and CIS grants benefit to the best of their ability. So that is my kind of priority for making sure that we don't lose that across-the-board departmental look. Mr. Zitz. Congresswoman, may I add to that? Prioritizing integration first is not at odds and is not in conflict with the critical importance of sustaining entry and to build out exit. And indeed, the two programs of entry and exit are about gaining information and then sharing that information with those various stakeholders and operational elements not only across DHS but across all echelons of government. So it is complementary. It is not contradictory. Mr. Stana. If I might just add to the discussion here, one of the issues here is that the statutes--and there are four or five of them in play here--have given two different roles to the US-VISIT program, two different missions. One is identity management, and the other one is entry- exit. And that presents a dilemma. The two are aligned in some ways and they are not in other ways. So how do you deal with this? And there are some options to deal with this. One is what we are discussing today, where do you locate this one entity that is supposed to deal with both. Do you put them in the NPPD? Do you put them in CBP? Do you put them in a different--you know, how do you create the linkages to make the programs deploy and effectively work? Another option is to split the missions and locate the missions where the related activity resides. That is another option. Another option is to reconvene a DMIA task force of all the stakeholders to discuss this issue and figure out what works best for all stakeholders. But there may not be one option here or an either/or. It may be a matter of thinking this through a little bit more and deciding how best to get the missions accomplished--if not one unit, then maybe two or three; if not one location or two locations, maybe discussing this among stakeholders. Mr. Zitz. Ma'am, if I may add just briefly, the leadership of the department did think about this, did carefully consider this, and did look at a variety of organizational constructs. There are myriad constructs that could be undertaken. Our view is that placement within NPPD as part of a directorate that reports at the headquarters level to the secretary and the deputy secretary and has daily interaction with those leaders is the best approach for ensuring that we, one, sustain the good work that is already going, and two, that we push forward as quickly as we can on the needed improvements. Thank you. Ms. Clarke. Mr. Chair, I am over my time. Thank you. Chairman Thompson. Thank you. Mr. Zitz, why would you think it would be better to report to an undersecretary rather than a deputy secretary? Mr. Zitz. Sir, as I believe Deputy Secretary Jackson spoke 2 weeks back when he talked to the staffs, the intent here is to enable and strengthen the US-VISIT's ability to interact at the most senior levels. Now, that may seem to be an anathema to having a direct report on an organizational chart to a deputy secretary, but Deputy Secretary Jackson has got a huge job that he has to undertake on a daily basis. He has a few undersecretaries that are direct reports to him and meet with him every morning and, frankly, throughout the day. Chairman Thompson. I am clear on that, but if I look at the chart, and I see someone reporting to a deputy secretary, and then I look below the chart to see someone reporting to an undersecretary, just on its face it appears that you have lowered the status with that change. And I understand the workload, but to the eyes of someone looking at the flow chart, the before and after, it is a hard sell. But I just want to let you know that some of us see the difference really fast. We now yield 5 minutes to the gentleman from Connecticut. Mr. Shays. As they say when you only have two people, a generous 5 minutes, sir? Thank you all for coming. I got involved in the issue of terrorism when I took over the Committee on National Security under the Government Reform Committee, and we put our focus on terrorism. And we were promoting the creation of a Department of Homeland Security or something under the president, but there was a big debate. And as you remember, the Hart-Rudman Commission had the most at the time extreme position that we should establish the Department of Homeland Security. And people would say to me, ``What are we, Great Britain?'' And then we had September 11th, and people began to say, ``Well, we better have a strong Department of Homeland Security.'' Criticism against it was that it would be a behemoth, 185,000 people, all these different places. Did any of you work for government before we created the Department of Homeland Security? All three. So I want you to give me your assessment of how we are doing. First, do you think that Congress did the right thing creating the department? Secondly, do you think you are ahead of schedule or behind schedule in trying to see integration? And I could ask you to just speak in general terms outside your own area. So who wants to go first? Mr. Zitz. Sir, I will go first. I have spent 27 years as an intelligence officer with Army intelligence, CIA, DOD, and now within DHS in my current position. I believe-- Mr. Shays. And given that, let me just ask you to also speak on the whole issue of creating a director of intelligence. So speak to both of those issues. Mr. Zitz. Sir, I believe that the department was absolutely necessary. I believe that creating the Department of Homeland Security and, frankly, even the microcosm of the issue that we are discussing today, integrating US-VISIT into this NPPD, is the best way to ensure that there is continuous flow of information, continuous sharing, breakdown stovepipes, and frankly-- Mr. Shays. Okay. Are we ahead of schedule or behind schedule? Mr. Zitz. Sir, I think that we are on schedule considering the fact that this is an extremely complicated issue, bringing together these myriad parts that make up the Department of Homeland Security. Mr. Shays. Okay. I just really want to just get your assessment, because I do know it is complex and all of that, and I appreciate it. But let me just ask you one other point. When you look at the other parts of the department, do you think it is working in those areas as well? Mr. Zitz. I think that information sharing across the department is vastly superior to what it was even 2 years ago. And that is having lived through the best of intelligence and the worst of intelligence sharing over my career. Mr. Shays. If I ask you to comment on the Coast Guard coming from Transportation to Department of Homeland Security-- positive as well? Mr. Zitz. I think that is a positive, sir. Mr. Shays. Okay. Thank you. Mr. Mocny. I would only echo that. I have been almost 20 years with the government. A good portion of it was with the Immigration and Naturalization Service, which no longer exists. And I can tell you from the time I was at the INS to my time now at DHS--a remarkable difference and I would say a 180- degree turn from--the ability now to share data, the openness with others within the Department of Justice, as I mentioned earlier, the FBI--critical. Where before we just were at odds with one another, we now have teams that work--in fact, we have an employee, FBI agent, who works at the facilities in Clarksburg, West Virginia seconded to our offices to make sure that we continue the collaboration. So I would say overall, high marks across the board. Mr. Shays. Thank you. Mr. Stana? Mr. Stana. Yes. I guess I am the oldest guy in the nursing home here. I have been with the government for almost 31 years. Mr. Shays. Okay. Mr. Stana. And I think that there has been some positive developments out of the Homeland Security Department. You know, the coordination and cooperation across seemingly unrelated lines that we see now that we didn't see before is a plus. I have done an awful lot of work on the immigration and border security areas and the former Customs and INS, and I see it much better now than before. I might point out, though, INS in the 1990s reorganized three times, and by the end of the 1990s I am not sure they were any better off through the reorganizations, which is in connection with the theme of the hearing today. Now, having said that, are they on schedule? Probably, but it takes 5 years to 7 years for organizations to gel, and so it is not perfect but it is certainly moving right along. Mr. Shays. Let me ask you, in regards to the Western Hemisphere Travel Initiative, we clearly wanted to make sure, given we needed to do a better job of protecting our borders-- what is happening in Canada, what is happening in Mexico, what is happening in the Caribbean and so on. And so we are requiring if you travel by plane to have a passport, if you travel by car some identification and a birth certificate, and so on a--huge surprise to a lot of my constituents. You know, they are panicked because, you know, they are leaving in a week or two and they realize they need a passport, and their child doesn't have--and so on. Do you think there is merit in doing some pilot programs so that you wouldn't need a passport--for instance, could we say Canada if you have this tamper-proof driver's license or something, that would suffice? Is there merit because--we are having, you know, suggestions from parliamentarians in Canada that we should do this, for instance. Could you speak to that? And who should speak to it, if not all of you? Mr. Mocny. I will take the first part of it. The challenge with us is the identity and citizenship issue. Most driver's licenses don't denote citizenship or they have identity but not the citizenship side. So our-- Mr. Shays. So but if Canada were to even put a mark if someone is a citizen on their driver's license-- Mr. Mocny. Well, we did look at alternative documents through the security and prosperity partnership with Canada. We looked at a whole series of what it would take to meet the requirements that the Congress gave to us in the Intelligence Reform Act. And so where we can have those two met, identity and citizenship, we are open to those discussions. We have already indicated that the NEXIS card would be an applicable card to be able to use. And we are now talking about developing a pass card with the State Department. It is not really a passport. So we are open to other means of documents. Mr. Shays. Just to follow up, do you have the capability to do pilot programs without Congress authorizing you to? Mr. Mocny. I don't know. I don't know if we have the authority to do so. Mr. Shays. It would be interesting, much, if we could determine that, because it would be nice to see some I think it would be nice to see some alternatives so that we could see the system work well. We have great neighbors in the north and south, and it would be nice to make the flow work well. Chairman Thompson. I agree with you. We would like to thank the witnesses from the first panel for their testimony and their excellent responses to the questions. At this point, we will take a short break for our second panel of witnesses. [Recess.] Ms. Clarke. [Presiding.] Good morning. On behalf of Chairman Thompson, I welcome the second panel of witnesses. Our first witness, Ms. Michele Flournoy, is founder and president of the Center for a New American Security, CNAS. Prior to co-founding CNAS, she was a senior advisor at the Center for Strategic and International Studies, where she worked on a broad range of defense policy and international security issues. Our second witness is Dr. James J. Carafano. He is a leading defense analyst at the Heritage Foundation and has written and spoken widely on the need of policy development in the homeland security area. He also serves as a visiting professor at the National Defense University and Georgetown University. Our third witness, Mr. Asa Hutchinson, was the first undersecretary of homeland security in January 2003, shortly after the department was created. Mr. Hutchinson also served as a member of Congress from Arkansas from 1997 to 2001. We would like to start with our first witness, Ms. Flournoy. STATEMENT OF MICHELE A. FLOURNOY, PRESIDENT AND CO-FOUNDER, CENTER FOR A NEW AMERICAN SECURITY Ms. Flournoy. Madam Chairman, it is a great honor to be before this committee today to talk about what I think is a very important subject, and that is whether something like a Quadrennial Defense Review that kind of process could be useful to the Department of Homeland Security in its own goal-setting and strategic planning. I think both the Department of Defense and DHS have missions that are of such vital importance to the nation and they are also dealing with a great deal of complexity in implementing those missions. So it is critical for both to have unifying visions, a strategy for achieving their objectives, a clear set of priorities for guiding risk and resource allocation. So my starting premise is that a quadrennial review could actually be very useful to the Department of Homeland Security. As you know, every 4 years Congress requires the Department of Defense to conduct a QDR that is really a comprehensive examination of our national defense policies and programs. The real purpose of the QDR, the defense review, is to articulate a defense strategy and a clear and long-term defense program for the United States. I think the QDRs are, as the name suggests, required every 4 years. But I think one of the things I would like to highlight for you is the question of timing. The draft legislation I saw proposed starting a QDR in 2007, near the end of a second term administration. I believe the real value of a QDR is to a first-term administration, to come in, to get their arms around the challenges facing a department, to set priorities and clear strategic direction, and sort of infuse a new vision into the workings of a department going forward. I think second-term reviews tend to much less useful. They require enormous staff time and effort. And yet in a second- term review, by definition, an administration is essentially grading its own homework, and those sorts of reviews don't tend to produce the same level of change and innovation. So just as one point, I would recommend, based on the QDR experience, that you consider a quadrennial homeland security review at the outset of a new administration coming in, because that is when it is really most useful. I would like to just summarize my written testimony highlighting some key elements of success drawn from my experience involved in three QDRs and observing the most recent one as well, of what tends to distinguish successful reviews from non-successful ones. The first element is limited strategic focus and scope. These quadrennial reviews should not be a soup-to-nuts review of everything a department does. That should be left to the regular program review and budget review cycle. What you really want these reviews to do is be focused on strategic direction, setting broad priorities that can then be implemented over the subsequent 4 years, which raises an issue, as you write legislation, of how specific do you want to be in what you require the review to cover versus how much flexibility you want to allow a secretary of homeland security to define the agenda. And I would submit to you that the critical focus of each review is likely to change between now, 4 years from now, 8 years from now, 12 years from now. So I would encourage you to be more general rather than give a secretary a long laundry list of specific things that he or she must cover. The second key element of success is leadership involvement and ownership of the process, making sure that the secretary and deputy secretary really view this as their key vehicle for setting priorities for the department and they reflect that with their own engagement of time and effort and setting clear guidance up front, making decisions throughout, and so forth. The third key element is empowering an official within the department to really be the point person on the review, to be the honest broker, ensuring that disagreements between different parts of the department on key issues are elevated to appropriate levels for decision making, and also the key integrator, making sure all the different moving parts come together in a cohesive whole. The last key elements are making surveillance that both internal and external stakeholders are fully involved in the process, and here I would suggest the rule that if someone has implementation responsibility at the end of the review, they need to have a seat at the table during the review. And of course, that means consultation with you all and with other external stakeholders, including state, local government, and so forth. So bottom line is I think if these elements of success are taken into account, a QDR-type exercise could be very useful for the Department of Homeland Security, particularly at the outset of new administrations. Thank you. [The statement of Ms. Flournoy follows:] Prepared Statement of Michele A. Flournoy Mr. Chairman, members of the Committee, thank you for inviting me to testify this afternoon before this distinguished Committee. I have been asked, based on my experience with four Quadrennial Defense Reviews or QDRs, to address the issue of whether and how a QDR-like process would be useful to the Department of Homeland Security as part of a larger strategic planning process. Although the Department of Defense and the Department of Homeland Security are different in many ways, they do share some common challenges--challenges that underscore the need for and importance of priority setting and strategic planning. Both departments are: charged with missions that are vital to the health and welfare of the nation--protecting the American people and our way of life is a mission in which we cannot fail; facing persistent and resourceful enemies; large, complex bureaucracies comprised of a number of diverse and (in some cases, previously independent) organizations with their own cultures, traditions, and ways of doing business; responsible for spending billions of taxpayer dollars as efficiently and effectively as possible; perennially in the position of having more programs to pay for than budget; and trying to balance near-term demands against long-term investments. These challenges make it that much more important for each department to have a unifying vision, a strategy for achieving its objectives, and a clear set of priorities to guide resource allocation and risk management. It is difficult, if not impossible, to create these absent an effective strategic planning process. And a quadrennial review conducted at the outset of a new administration can be a critical first step in that process. The QDR as a Model for a QHSR As you know, every four years the Department of Defense is required by law to conduct a Quadrennial Defense Review--a ``comprehensive examination of the national defense strategy, force structure, force modernization plans, infrastructure, budget plan, and other elements of the defense program and policies of the Unites States.'' The purpose of the QDR is to articulate a defense strategy and define a long-term defense program for the United States. Although each review has been conducted somewhat differently, all have sought to: assess security challenges and opportunities for the United States; set priorities and strategic direction for the Pentagon in an effort to enable tough choices about where to place emphasis and where to accept or manage a degree of risk; articulate a clear and compelling defense strategy for the nation, connecting ends, ways, and means; and provide a basis for determining what kinds of capabilities are needed and ``how much is enough.'' Ideally, the QDR, which is conducted at the outset of an administration's term, generates the strategic guidance for resource allocation--that is, programming and budgeting--over multi-year period. Every administration is required to conduct a QDR at the beginning of a new term. I believe that QDR's are most useful at the outset of a new administration, as a means of helping the new leadership to get their arms around the challenges and opportunities they face, set priorities, and provide strategic direction to the department. In the DoD context, QDRs's have become a critical vehicle for infusing a new team's priorities into a highly complex defense program and budget--a way to begin to steer the proverbial aircraft carrier in a new direction. Absent paradigm-shifting events (like the September 11th attacks), QDR's are generally far less useful in an administration's second term, as by then strategic priorities and direction should have been well established. While they can yield useful refinements to an administration's approach, they are less likely to yield significant changes or innovations. Given the significant amount of leadership, staff time and energy these reviews require, a second term review may not be highest best use of a Department's limited strategic planning resources. I would, therefore, recommend that you consider changing the proposed legislation to require a QHSR only in first term administrations and begin in 2009 (not in 2007). Another factor that should influence the timing of a QHSR is its relationship to the development of the National Homeland Security Strategy. Just as the National Defense Strategy keys off the National Security Strategy, so should DHS' strategy key off the National Homeland Security Strategy, as the legislation suggests. In practice, however, this can be challenging, as both the national and departmental reviews are usually launched at the outset of an administration and overlap in time. More often than not in DoD's case, the NSS and the QDR are not sequential but are developed in tandem and inform one another. The same may ultimately be true for the National Homeland Security Strategy and the DHS strategy. Elements of Success Having participated in the 1993 Bottom-Up Review, led the strategy development process and report writing for the 1997 QDR, assisted the Chairman of the Joint Chiefs of Staff in preparation for the 2001 review, and been a keen observer of the 2006 QDR, I'd like to offer some observations about what determines the success (or failure) of such reviews in practice. Strategic focus and limited scope. The best reviews are not soup- to-nuts assessments of everything a department does or buys. That should be left to the annual program review process, assuming one exists. Rather, quadrennial reviews should be focused on a handful of issues or areas that the leadership deems most important. This raises an important question for you as you craft this legislation: How specific do you want to be in delineating the substantive areas the review should cover? Should you err on the side of being exhaustive or should you allow the Secretary of Homeland Security some flexibility to determine which areas merit the most attention at a given point in time? I would encourage you to favor the latter approach, as what is critical will likely change over time--today's focus areas may not be right ones 4 or 8 or 12 years hence. Leadership involvement in and ownership of the process. In order to have ``legs''--that is, to have a real chance of being implemented in programs and budgets--the review process must be ``owned'' by the Secretary and his or her team. That is, the Secretary and/or the Deputy Secretary must be deeply engaged in providing front-end guidance to the process and making key judgments and decisions along the way. He or she must also make clear that the quadrennial review is the process for setting the department's priorities and making critical resource allocation decisions. Such ownership at the top is critical to creating momentum, making tough trade-offs and ensuring that the review's recommendations are actually implemented. A senior official empowered to be an honest broker and integrator. Successful reviews cannot be conducted by committee. The Secretary must appoint a single official to be the day to day lead for the review. In the DoD context, this is often the Deputy Secretary of Defense, with assistance from the Undersecretaries and the Joint Staff. This person should act as an honest broker, ensuring that key decisions are framed for the Secretary and that dissenting views are fairly represented in the process, as well as an integrator, ensuring that the various part of the review are brought together in a cohesive whole (e.g., programmatic decisions reflect strategy priorities). Ensuring the process is strategy-driven and resource-constrained. The strategy that emerges from the review should drive all programmatic and budgetary decisions. But these must be made in the context of real- world resource constraints. A review that does not take resources into account will fail to help decision makers to make tough choices about where to place emphasis and where to accept or manage a degree of risk. In order to be useful and relevant, the review process must consider fiscal guidance as a critical input, though it should also be prepared to highlight areas where resource constraints increase the level of risk associated with achieving a given objective or mission and may need to be revisited. Engaging internal stakeholders. Any office responsible for implementing the review's recommendations should have a seat at the table at some point in the process. Key stakeholders can be engaged individually or in working groups to solicit their input and ultimately win their buy in to the review and its results. Such consultations are generally iterative over time and are critical to gaining traction for implementation. Consultations with outside stakeholders before, during and after the review. The department's leadership should consult regularly with key committees and members of Congress, key partners in federal, state and local government, experts in the field, and members of the media as the review process unfolds. Although parts of the department's review may need to be classified, the process should strive for as much transparency as possible. This is crucial to preparing the ground for the review to be well received. Conclusion The QDR can be an important and valuable element in the Department of Defense's strategic planning process. Establishing a similar QHSR, taking into account the elements of success I have described above, would be extremely useful in helping DHS to set strategic priorities and develop a strategy-driven program and budget. But a QHSR is only a first step in what needs to be a more fulsome and ongoing strategic planning process in the Department of Homeland Security. Ms. Clarke. Thank you very much, Ms. Flournoy. Let me just state that, without objection, the witnesses' full statements will be inserted into the record. I now recognize Mr. Carafano to summarize his statement for 5 minutes. STATEMENT OF JAMES JAY CARAFANO, Ph.D., SENIOR FELLOW, THE HERITAGE FOUNDATION Mr. Carafano. Thank you, Madam Chairman. And I have provided a statement for the record, and I will be brief. Just a few quick points. The two reasons why you really, really want to do this--I mean, one of the lessons learned in the Quadrennial Defense Review is it is not a panacea. It is not going to provide all the answers. It doesn't take politics out of the process in any way, shape or form. But what it does do is two incredibly important things. One is it creates a systemic dialogue between the Congress and the department. And it also creates a trend analysis, if you do this every 4 years, so you get a--over the long term, you develop this relationship, and that is incredibly important. And the second thing, and equally important, is by requiring the department to do this and by creating a long- term requirement for this, it forces them within the department to build the capabilities to do that. I know Michelle can speak from being involved in the first QDR that the Defense Department had very, very primitive metrics of performance, very, very primitive analytical tools, very, very primitive staffs. And they are much, much more sophisticated now because they know they have to do this every 4 years. So this is, I think, an absolutely bedrock fundamental requirement for dealing with a long-term strategic issue. So I think it is an incredibly important part of the legislation. I think it is an incredibly important issue. The four key issues that I think Michelle and I--I agree with Michelle on many of these points. The four key things that have to be addressed in the legislation--one is timing. I absolutely agree that a review at the end of an administration has very marginal value. I proposed in my testimony having the department doing something much more modest, perhaps a preliminary report on observations and what potentially should be in a QDR that they can hand up to the administration. But I think that QDRs should come very early on in an administration's term, probably no later than when they submit their budget the following February from the first term. The second issue is other agency involvement. I think this is very critical and actually one of the flaws in the QDR. I think the quadrennial security review should have a specific requirement there for the department to reach out to other relevant departments and not only bring in their input but formally be required to assess the relationships with those departments and their ability to act cooperatively together in homeland security missions. The third is the scope. And again, I totally agree with Michelle. A long laundry list doesn't get you there. That was done in the first QDR, and when the administration did the review it simply ignored the long laundry list. What I proposed--actually, I think it is much, much more important--is the last thing that we want is do a QDR and somebody walks in and they drop this QDR on your desk. What you really want is to force a dialogue between the department and the Congress. And so what I propose instead would be, early on--I think there is some general guidance in the legislation. But early on, I think the department should have to come in to the Congress and say this is what we think should be in the QDR, and then create a dialogue, and then perhaps even some in- progress reviews, so it is an ongoing dialogue over the year and not just a debate over the report that comes at the end, and where everybody has to kind of hold their breath to see what is in there. And then the fourth and I think a critical point that is not in the draft legislation I saw is really the need for a second opinion. I think that the National Defense Panel which followed the first Quadrennial Defense Review, the Hart-Rudman Commission, which wasn't specifically tied to a QDR but also came out as kind of--gave, you know, kind of a second look. And I think that is very, very important. Now, there is a lot of different ways that could be done. It could be done by the Congress. It could be done by an independent commission. But I do think there a value in a second look, maybe not potentially to every QHSR, but certainly when we do the first QHSR there ought to be a second look. And that second look ought to look not just at the QHSR but also the Quadrennial Defense Review, and look at those in tandem and draw broader assessments. And then the last point is I also have lots of views on US- VISIT and where it should be and what the priorities should be on that, and I would be happy to share those with the committee if you are interested. Thank you. [The statement of Mr. Carafano follows:] Prepared Statement of Dr. James Jay Carafano THINKING FOR THE LONG WAR: STRATEGIC PLANNING AND REVIEW FOR THE DEPARTMENT OF HOMELAND SECURITY Mr. Chairman and other distinguished Members, I am honored to testify before you today.\1\ America must consider more deeply the requirements for fighting and winning the long war.\2\ In my opening statement, I want to make the case that Congress needs comprehensive assessments of the nation's homeland security programs and an independent review that evaluates how national defense and homeland security programs fit within the context of the overall interagency national security effort. --------------------------------------------------------------------------- \1\ The Heritage Foundation is a public policy, research, and educational organization operating under Section 501(C)(3). It is privately supported and receives no funds from any government at any level, nor does it perform any government or other contract work. The Heritage Foundation is the most broadly supported think tank in the United States. During 2006, it had more than 283,000 individual, foundation, and corporate supporters representing every state in the U.S. Its 2006 incomecame from the following sources: Individuals 65% Foundations 19% Corporations 3% Investment Income 14% Publication Sales and Other 0% The top five corporate givers provided The Heritage Foundation with 1.3% of its 2006 income. The HeritageFoundation's books are audited annually by the national accounting firm of Deloitte & Touche. A list of major donors is available from The Heritage Foundation upon request. Members of The Heritage Foundation staff testify as individuals discussing their own independent research. The views expressed are their own and do not reflect an institutional position for The Heritage Foundation or its board of trustees. \2\ For a discussion of the elements of good long war strategy, see James Jay Carafano and Paul Rosenzweig, Winning the Long War: Lessons from the Cold War for Defeating Terrorism and Preserving Freedom (Washington, D.C.:The Heritage Foundation, 2005). --------------------------------------------------------------------------- In my testimony, I would like to (1) review the lessons that can be drawn from other government post--Cold War efforts to conduct strategic assessments; (2) make recommendations for the next steps in conducting national security assessments; and (3) offer specific proposals for the homeland security component of these reviews. Lessons from the Pentagon Established in 1996, the Quadrennial Defense Review (QDR) requires the Pentagon every four years to provide to Congress a comprehensive assessment of defense strategy and force structure; program and policies; and modernization, infrastructure, and budget plans-- outlining future requirements for the following eight years.\3\ The QDR has become a touchstone in the debates about restructuring the military and identifying the capabilities that will be needed for the new national security environment of the 21st century. This effort offers lessons for considering how to establish a similar strategic review process for homeland security. --------------------------------------------------------------------------- \3\ The Quadrennial Defense Review was first mandated in 1996 by the Defense Authorization Act (Military Force Structure Review Act of 1996). Title 10, Section 118 of the United States Code specifies: ``The Secretary of Defense shall every four years, during a year following a year evenly divisible by four, conduct a comprehensive examination (to be known as a `quadrennial defense review') of the national defense strategy, force structure, force modernization plans, infrastructure, budget plan, and other elements of the defense program and policies of the United States with a view toward determining and expressing the defense strategy of the United States and establishing a defense program for the next 20 years. Each such quadrennial defense review shall be conducted in consultation with the Chairman of the Joint Chiefs of Staff.'' --------------------------------------------------------------------------- Lesson #1: Understand what strategic assessments are and are not. The QDR process is not a substitute for political decision-making. QDR reports have been highly politicized documents used to justify force structure choices, defend future investments, and promote changes in policy. Indeed, strategy reviews have always been used to foster political agendas. NSC-68, Project Solarium, and the Gaither Commission Report, for example, were all early Cold War attempts not just to assess force structure and strategic requirements, but also to serve political agendas for shifting priorities or advocating action.\4\ --------------------------------------------------------------------------- \4\ See, for example, Ernest R. May, ed., American Cold War Strategy: Interpreting NSC 68 (New York: St. Martins Press, 1993). --------------------------------------------------------------------------- The tradition of defense assessments after the Cold War changed little. The first QDR was, in fact, the fifth major defense review conducted following the fall of the Berlin Wall. In fundamental respects, the QDR process differed little from other post--World War II efforts to justify war military requirements. The QDR does not take politics out of strategy and resource decision-making--either inside or outside the Pentagon. Implementing the QDR, for example, resulted in divisive political infighting among the services.\5\ After all the analysis is done, hard choices still have to made and debated. --------------------------------------------------------------------------- \5\ See, for example, comments on the 1997 review in John Y. Schrader et al., Quadrennial Defense Review: Lessons on Managing Change in the Defense Department (Santa Monica, Cal.: Rand, 2003), p. 6, at www.rand.org/pubs/documented_briefings/2005/DB379.pdf. --------------------------------------------------------------------------- What the QDR accomplished, unlike previous Cold War strategic assessments, was to add some transparency to the process and offer a routine platform for dialogue between Congress and the Administration. Creating an iterative process is the greatest virtue of the QDR. Periodic reviews offer two advantages: They encourage the armed forces to think deeply about how to match strategy, requirements, and resources; justify their judgments; and institutionalize the capability to make these assessments.\6\ --------------------------------------------------------------------------- \6\ One of the key findings of the first QDR in 1997 was that the Pentagon lacked the analytical capabilities for examining all the strategic issues that were required to be reported on to the Congress. John Y. Schrader, Leslie Lewis, and Roger Allen Brown, Quadrennial Defense Review (QDR): A Retrospective Look at Joint Staff Participation (Santa Monica, Cal.: Rand, 1999), p. 49, at www.rand.org/pubs/ documented_briefings/DB236/DB236.sec5.pdf. For subsequent reviews, the Defense Department, the Joint Staff, and the services developed more sophisticated analytical assessments and staffed permanent offices to prepare for and conduct strategic assessments. --------------------------------------------------------------------------- They provide an audit trail for Congressional and other government leaders to assess long-term defense trends. Most important, the QDR provides a means for government to conduct and Congress to consider strategic assessments in a disciplined and systematic manner. Lesson #2: Timing is everything. There is no optimum time for a strategic assessment. The QDR is scheduled to be conducted in the initial year of a presidential term. The first QDR was required five months after the Administration took office. The 2003 National Defense Authorization Act shifted the due date to the year following the year in which the review is conducted, but not later than the date on which the President submits the budget for the next fiscal year to Congress. This timing compels a new Administration to lay out a strategic framework for how it plans to address future requirements. Congress can also compare the QDR to the Administration's budget submission to assess whether the Pentagon's programmatic decisions match the rhetoric in the strategic assessment provided in the QDR report. While having an Administration conduct a strategic assessment early on offers the advantage of laying out a blueprint for future defense needs, front-loading the QDR creates difficulties. The incoming Administration is often forced to begin its review before key political appointees have been nominated and confirmed by the Senate. For the 2001 review, for example, the Defense Department had no top management officials in place until May 2001, and this significantly delayed the issuance of leadership guidance for the review process.\7\ There is also a tendency to rationalize strategic requirements to match short- term budget priorities and push the most difficult choices into the out years, creating an unrealistic bow wave of projected spending and requirements. Another concern expressed with both the 1997 and 2001 reports was that reporting requirements were too tight to allow for sufficient time for in-depth analysis. --------------------------------------------------------------------------- \7\ U.S. General Accounting Office, Quadrennial Defense Review: Future Reviews Can Benefit from Changes in Timing and Scope, GAO 03-13, November 2002, p. 20, at www.gao.gov/new.items/d0313.pdf. --------------------------------------------------------------------------- On the other hand, deferring the QDR assessment to later in a presidential term when an Administration is more seasoned has shortfalls as well. It leaves less time to institutionalize decisions implied by the QDR by embedding them in the President's budget submissions and Defense Department programs and policies. In addition, if the QDR occurs closer to the end of a presidential term, it is more likely to become embroiled in presidential election politics. Finally, if the QDR comes very late in a presidential term and is passed off to a new Administration for implementation, in all likelihood, it will be largely ignored. The notion of requiring more frequent periodic reports seems most problematic of all. Long-term strategic needs rarely change dramatically enough to justify recurring assessments in a single presidential term. In addition, Congress should be sensitive to the resources demanded to produce strategic assessments. The more reports, the more frequently they occur, and the more time available to produce them, the more government resources will have to be diverted to these bureaucratic tasks. Excessive effort is both counterproductive and wasteful. The best option is to require that strategic assessments be conducted in the first year of a presidential term in order to set the direction for how an Administration plans to match meeting strategic challenges with the resources required to address those challenges. Assessments should be submitted well before the mid-term of an Administration. Lesson #3: Put requirements in context. From the outset, the question of what to include in the QDR engendered significant debate. For the first QDR, Congress mandated 12 specific requirements. Simply listing topics to be covered, however, did not result in a report that was comprehensive or ensure that the analysis of alternatives to meet future requirements was sufficiently exhaustive. For example, one issue required to be covered in the 1997 review, an assessment of the Reserve Components, was simply deferred for follow-on study. Indeed, the most significant criticism of the 1997 report was that, despite the extensive reporting requirements mandated by Congress, the Pentagon dodged almost completely the central task of the QDR: to explain how future needs would be squared with anticipated declines in defense spending.\8\ --------------------------------------------------------------------------- \8\ Jim Courter and Alvin Bernstein, ``The QDR Process: An Alternative View,'' Joint Force Quarterly, Summer 1997, p. 21. --------------------------------------------------------------------------- In addition, from the outset, one recognized limitation of the QDR process was that the reviews focused narrowly on defense needs. For example, the Defense Department gave scant recognition to the demands of homeland security before 9/11. The inclusion of a section on homeland defense in the 2001 QDR came in response to the terrorist attacks on New York and Washington. In addition, no report has ever adequately addressed the challenges involved in conducting interagency operations.\9\ --------------------------------------------------------------------------- \9\ James Jay Carafano, ``Not So Much About Homeland Security-- What's Missing from the Pentagon Vision for Its Future Role in Safeguarding U.S. Soil,'' remarks presented at the National Defense University, December 16, 2006, at www.ndu.edu/inss/symposia/joint2006/ carafano.pdf. --------------------------------------------------------------------------- To address the inability of the QDR to assess broader issues, in conjunction with the first report, Congress established a National Defense Panel, an independent, bipartisan group of nationally recognized defense experts, to review the QDR and offer an independent appraisal longer-term of national security demands. The NDP made the case for military transformation, restructuring the military from a Cold War force to one more suited for the diverse dangers of the post- Soviet security environment.\10\ The NDP was a one-time requirement. In 1998 Congress authorized another review--the National Security Study Group, later known as the Hart--Rudman Commission. --------------------------------------------------------------------------- \10\ John Tedstrom and John G. McGinn, Planning America's Security: Lessons from the National Defense Panel (Santa Monica, Cal.: Rand, 1999), pp. 2--3. --------------------------------------------------------------------------- Both reviews highlighted the limitations of the QDR, which focused almost exclusively on Pentagon priorities and did not adequately address integration with other national security instruments or concern for non-traditional threats. The Hart--Rudman Commission, for example, in a report released eight months before the 9/11 attacks emphasized the growing danger of transnational terrorism and proposed the establishment of a National Homeland Security Agency.\11\ Both the NDP and the Hart--Rudman Commission added new dimensions to the debate over future national security needs. --------------------------------------------------------------------------- \11\ United States Commission on National Security/21st Century, Road for National Security Imperative for Change, February 15, 2001, p. viii, at www.au.af.mil/au/awc/awcgate/nssg/phaseIIIfr.pdf. --------------------------------------------------------------------------- The QDR is not adequate for a post-9/11 assessment of all of the nation's critical national security instruments. A separate systematic review of homeland security would be a welcome addition but by itself would be inadequate. An independent ``second opinion'' of both that also provides an umbrella overarching analysis of long-term security needs is required to give Congress a full and complete strategic assessment of future security capabilities. The Next Steps for National Security Congress should address the shortfalls in the strategic assessments it requires. Congress needs a comprehensive review of homeland security programs and an independent analysis of how defense and homeland security efforts fit within the overall national security effort. In addition to defense and homeland security, attention should be given to U.S. public diplomacy and foreign assistance programs, the defense industrial base, the intelligence community, and the use of space for national security purposes. Specifically, Congress should: Establish a requirement for periodic reviews of homeland security. Congress should require the Department of Homeland Security to conduct quadrennial reviews of future DHS capability requirements. Create a one-time National Security Review Panel. In parallel with the first Quadrennial Security Review (QSR), Congress should establish a nonpartisan National Security Review Panel (NSRP). The NSRP should be charged with providing an independent assessment of the QSR as well as providing an overall assessment of national security programs and strategies. The NSRP should place particular emphasis on evaluating the compatibility of the QSR and QDR and the state of other essential security instruments such as public diplomacy, the defense industrial base, and the use of space for national security purposes. Congress should determine the most efficient and expedient method to conduct the NSRP's review. This review could be conducted by Congress, or Congress could authorize an independent commission to conduct the review. Homeland Security Assessments Nowhere is the need for a detailed assessment on the scale of the QDR more important than in the area of homeland security. ``DHS 2.0: Rethinking the Department of Homeland Security,'' a comprehensive report by The Heritage Foundation and the Center for Strategic and International Studies, clearly established the need for Congress to reevaluate DHS roles, missions, and resources and how these efforts fit into the context of other federal domestic security efforts.\12\ Much has been done through the department's Second State Review and by Congress over the past year, but there is more still to be accomplished. Specific recommendations for the QSR include: --------------------------------------------------------------------------- \12\ James Jay Carafano and David Heyman, ``DHS 2.0: Rethinking the Department of Homeland Security,'' Heritage Foundation Special Report No. 2, December 13, 2004, at www.heritage.org/Research/HomelandDefense/ sr02.cfm. --------------------------------------------------------------------------- Require the first full QSR well before the mid-point of the next Administration. At this point, there is little utility in this Administration's conducting a ``full-blown'' review. Starting this process will demand significant resources that could detract from other missions. In the end, there would be scant time to implement its findings. Rather, Congress should require the Administration to report back in six months with a more modest preliminary assessment that should include recommendations for how the QSR should be conducted and what steps it has taken to establish the staff, analytic capabilities, and processes necessary for a substantive QSR and NSRP review. Establish a dialogue between Congress and DHS. Congress should not be overly specific in QSR requirements. Rather than establishing a long laundry list of reporting tasks, it would be more fruitful for Congress to issue a broad generic mission statement including a review of management, roles and missions, authorities, and resources. Congress should then require the DHS early in the QSR process (no later than May of the first year of the Administration) to report back to Congress on what it intends to cover in the review. This report would serve to initiate a dialogue between the Administration and Congress. In addition, it would be useful for the Administration to provide an in-progress review of its efforts in the September--October period. Require an interagency effort. In conducting the QSR, the DHS should be required to solicit the input of other key relevant agencies and access its ability to act with them in the performance of homeland security missions, as well as support other essential national security tasks. Conclusion I want to commend the committee for addressing this important issue. In the long term, sound strategic thinking is perhaps the most important tool that America can bring to bear for fighting and winning the long war. Timely and comprehensive strategic assessments are an important part of this process. I look forward to your questions. Ms. Clarke. Thank you. I now recognize Mr. Hutchinson to summarize his statement for 5 minutes. STATEMENT OF ASA HUTCHINSON, FOUNDING PARTNER, HUTCHINSON GROUP Mr. Hutchinson. Thank you, Madam Chairman, members of the committee, Mr. Shays. It is good to appear before you today. And I have submitted my written testimony. And I want to make a couple of points that go back to the previous panel, which is in reference to US-VISIT and what placement of US-VISIT will help it to meet the objectives of Congress in the future. And by way of background, of course, while I was at the Department of Homeland Security, I was undersecretary for border and transportation security. And it was in that position that US-VISIT was assigned to my directorate, border and transportation security. And I think that was a key placement in order to achieve the initial objectives that Congress set and to meet the deadlines. The department was created in March of 2003. We had a deadline by the end of that year to install the first phase of US-VISIT. We met that goal. Part of the reason is that you had an undersecretary that was there, that would help with the decisions, the relationship with Congress, the advocacy for US-VISIT, monitor its success and its capability on, really, a day-by- day basis. And so that was, I think, a key function of my service as undersecretary. When I left, Secretary Chertoff naturally took his own review and reorganization and actually abolished the undersecretary for border and transportation security position. And the result, you could argue, is that it elevated US-VISIT because it reported directly to the secretary. But I believe that what happened was that the secretary had so many different direct reports, and he had Katrina to deal with--he had all kinds of urgencies to deal with out there that the secretary could not devote the day-to-day attention to this type of program effort. And so I think that it suffered as a result of that. And so Secretary Chertoff, in his post-Katrina review, assigned US- VISIT, in his most recent reorganization, to the National Protection and Program Directorate. And I applaud this decision. It once again places US- VISIT where it has an advocate, where it has a decision maker, it has continued oversight of the program as it continues to meet the requirements of Congress. And so sometimes it is counterintuitive, but I think it is a very good move. I applaud it and support it. There have always been questions whether US-VISIT should be placed within one of the operational agencies such as Customs and Border Protection. And I think there is a number of reasons why that should not be done. First of all, placing the program office within the directorate, in contrast to an agency, minimizes the stovepipe tendencies of the government agencies. The US-VISIT program is not just a border security effort, but it is an identification system that works with ICE in terms of the enforcement side, works for the Coast Guard, cross-cuts many of the agencies within homeland security. Secondly, it is necessary for US-VISIT to have a good relationship with the Department of State, with the Department of Justice. This can be accomplished best not at the agency level but at the directorate level, and so it works best there. We had an oversight board for US-VISIT program that was comprised of representatives from the Department of Commerce, from the Department of Justice, from the Department of State, that helped give guidance and recommend policy for US-VISIT. This kind of oversight and partnership with the different departments of government can best be accomplished at the undersecretary level, and I chaired that oversight board. Finally, the involvement of department leadership with US- VISIT based upon decision making and active oversight makes it easier for Congress to do its job, to get information on the program, to support its goals and to find justifications for its funding. I was regularly called to testify to the Congress on US- VISIT, and that high level of support gave a higher level of confidence in the direction of the office. It is my pleasure to be here today, and I am grateful for the work of this committee in supporting the department and the goals of homeland security. [The statement of Mr. Hutchinson follows:] Prepared Statement of Asa Hutchinson March 20, 2008 Chairman Bennie Thompson, Ranking Member Peter King and Members of the Committee, thank you for the invitation to appear before this Committee to discuss the history, management and future of the US-VISIT program at the Department of Homeland Security. While I had the privilege of serving as the first and only Under Secretary for Border and Transportation Security within the Department, I am now in the private sector serving as CEO of Hutchinson Group, a homeland security consulting firm in Little Rock, Arkansas, and as a senior litigation counselor at the Venable Law Firm in Washington, DC. During the creation of the Department of Homeland Security, it was my responsibility to oversee the creation of the US-VISIT program, to meet the Congressional mandates on entry-exit, and to work with this Committee on a regular basis. The leadership of this Committee has been essential in supporting the security goals of US-VISIT and providing necessary oversight in the spending of billions of dollars on this program. In my testimony this morning, I will provide some historical perspective, emphasize the goals achieved thus far, address the need for high level oversight within the Department and finally talk about how the breadth of the US-VISIT mission impacts many different departments within the government. Prior to the attack on 9/11, Congress recognized the need to create an entry-exit system to record and account for visitors to the United States. Of the 12 million illegal aliens presently in the United States, it is estimated that 40% are visa overstays. It is easy to conclude that accounting for visitors through an entry-exit system is critical to border security, the flow of lawful commerce and the integrity of our immigration system. The mandate was given to the former INS and was stalled because of the enormity of the challenge and, perhaps, because of the inertia of INS as well. After the 9-11 attack, Congress accelerated the program, moved up the deadlines and increased the requirements. At that point the new Department of Homeland Security was created and assumed the responsibility of implementing an entry-exit system. By December 31, 2003, the new Department had created a US-VISIT program office, developed and had approved its $340 million spend plan, and met the first deadline within the budget provided by Congress. US-VISIT has continued to expand the entry system to the land borders and now even to visa waiver travelers. There is always more to do and gaps to close but even the 9-11 Commission Report recognized the singular success of US-VISIT and applauded the security enhancements. I left the Department as its first Under Secretary in March of 2005 and soon became the last Under Secretary for Border and Transportation Security when the Department was reorganized. The BTS Under Secretary position was abolished, and the US-VISIT program reported directly to the Deputy Secretary and Secretary of the Department. This change would appear to elevate the US-VISIT program, but in reality it left the program without a strong advocate and active decision- maker. Secretary Chertoff understandably made additional changes after the Hurricane Katrina failures, and in the most recent reorganization, placed the US- VISIT program within the newly created National Protection and Programs Directorate. I applaud this move because it will increase the day-to- day oversight and advocacy for the program, it will improve the responsiveness to Congress and enhance the program's relationship with other departments of government that are served by the biometric identification system for international visitors. There have always been some questions raised as to whether US-VISIT should be placed within one of the operational agencies such as Customs and Border Protection rather than at the headquarters level. I have always disagreed with this idea and, there are a number of reasons the US-VISIT program office should be a separate reporting unit outside of CBP or any separate agency. 1. Placing the program office within the NPP directorate minimizes the stove-pipe tendencies of government agencies. Within the department it is essential that the biometric identification system work with the enforcement arm of Immigration and Customs Enforcement, the policy office of the Department, the Coast Guard and a host of other offices within the department. The working relationships are easier to maintain when US-VISIT reports to an Under Secretary who can serve as an arbiter, decision-maker and advocate for the system. 2. It is also necessary for US-VISIT to have a close working relationship with the Department of Justice and the Department of State. The original charter for US-VISIT included representatives from multiple departments on its oversight board for . This board met to develop and recommend policy for the program and to resolve differences. As Under Secretary, I chaired that oversight board, and the high level participation of other departments would not occur if the program was placed at the agency level. 3. Finally, the involvement of department leadership with US- VISIT based upon decision making and active oversight makes it easier for Congress to get information on the program, support its goals and justify its funding. I was regularly called to testify to Congress on US-VISIT, and the high level of support gave a higher level of confidence in the direction of the office. It is my pleasure to be here today, and I am happy to respond to any questions. Ms. Clarke. I thank all the witnesses for their testimony. And I will now recognize myself for 5 minutes of questioning, and my initial questions go to Ms. Flournoy and Dr. Carafano. The Quadrennial Defense Review--we call it the QDR is said to have helped focus policy development in the Department of Defense. But some have complained that the three QDRs in 1997, 2001 and 2006 have not been directly relevant to the policy development. If we require a quadrennial homeland security review, how can we assure that the exercise will help create an orderly process for policy development? Ms. Flournoy. Madam Chairman, I would submit that the QDRs have been very central to the development of strategy in each case and the development of policy. In my view, where the disconnect has often occurred was in translating that strategy into actual programmatic and budgetary decisions. And I think that tends to break down in the subsequent implementation processes the normal sort of programming and budgeting processes. Again, I think one of the ways--there are a couple of ways to remedy that. One is to have senior-level involvement and ownership of this. If this is just a staff exercise, it is probably not worth doing. It really has to have the buy-in and commitment of the leadership that this is their exercise for setting priorities and then they want to see those priorities actually executed in the program. The second is to ensure as, you know, Jim said, a quadrennial review is only one part of a strategic planning and budgeting process. You have got to ensure that the other pieces of that process are in place so that there is a good process in the Department of Homeland Security for program review, budget review, et cetera, not only based on fiscal requirements but also based on policy priorities. Is the policy actually getting implemented in the budget and the program? That is where I would place the emphasis. Mr. Carafano. Well, I think Michelle is exactly right. Reviews are never going to solve those problems. Actually, you know, we have a post-cold war tradition in the United States of doing strategic reviews. It wasn't invented with the QDR. There were the Gaither Commission, the Project Solarium, NSC-68. There is a long tradition of these things. What makes the QDR different and useful is two things. One, it adds a degree of transparency to the process, so that you know what is going on. Although parts of it may be secret, the end product is published and released. The document is released. People talk about it. So it adds a degree of transparency to the process, and it pulls everything together in one place, which quite simply is impossible to get anyplace else. It is even more difficult when you think about homeland security than it is for defense, because, I mean, defense has a pretty large portfolio, but it is still in a relatively narrow sector. But here in homeland security, you have things that affect economic, and critical infrastructure, and immigration, and there is--there is no way to really kind of grip your hands about all that in one kind of single comprehensive assessment. And so if you don't have that, you wind up being very unstrategic and kind of looking at things in piecemeal and in a stovepipe way. So I think the answer to the question is there is no way you can structure the process to solve all the complaints about the QDR. But if your expectation is the QDR is going to be a single management document which is going to solve all your problems, the answer is it isn't. What it is is an important, focused, transparent, recurring, systemic dialogue opportunity between the Congress and the administration. And that is a useful piece of the larger management puzzle. Ms. Clarke. Would you say, then, that it is necessary to accompany a process like this with a realistic operating plan? Mr. Carafano. Oh, absolutely. And the other piece which I didn't mention in my testimony, which is I think it has to be somehow synchronized with an intelligence assessment. I didn't put threat in the QHSR because I just don't think that that is really an appropriate place for it. And what is interesting about homeland security is there is no good integrated threat assessment, because national intelligence estimates tend to be foreign-focused. And we don't do something equivalent to a domestic intelligence assessment. So what I actually would like to see is not threat be a component of the QHSR, but I would like to see a synchronous process where there was an intelligence estimate that combined the NIE that was normally done by the intelligence community with a domestic intelligence estimate which is a joint product of justice and homeland security, and that that estimate be done in conjunction with or preparatory to the QHSR, because I would like to be able to sit down--whether that is a classified document or not, I would like to be able to sit down with that threat assessment, you know, as a staffer or as a member of Congress, and be able to look at that next to the QHSR to really see if our vision of the future threat is really synchronized with our vision of our future investment. Ms. Clarke. Thank you. I would like to acknowledge the gentleman from Connecticut, Mr. Shays, at this time. Mr. Shays. Thank you very much. Do we have votes, Madam Chairman? Is that coming up? Okay, good. I would like to thank all of you for being here, and one of the things that I found early on in my chairmanship is that when you get folks from, say, The Heritage Foundation, or this new center or bring in someone who has been focused on this formerly for the government as you have, Asa, I learn a heck of a lot more than I do, frankly, from anyone else. So I am thrilled to have you here. And I want to ask you, first off, as people who focus on national security issues as they relate to terrorism, how would you define what our national strategy is to deal with terrorism? And I am not quizzing you. I am just trying to see we all knew what it was against the Cold War, and we accepted it on a bipartisan basis. We have had very little debate about this, and so I am just curious how you would describe what our strategy needs to be. Who wants to start? Mr. Carafano. I will go first, since I wrote a book on this. The argument I make is you think about long wars differently. And if it is a protracted conflict against-- whether it is a terrorist organization or against another state, you think about long wars differently, because in a long war you are as concerned about protecting the competitive power of the state over the long term as you are with getting the enemy, because it is like running marathon, but you don't know where the end is, and victory is you are still running when the other guy stops. And so we talked about really four things-- Mr. Shays. That is a fascinating concept, you still keep running when the other guy stops. Mr. Carafano. I mean, there are four things you have to do equally well. I mean, you know, security--and that has both the offensive and defensive component. The offensive component is getting the leadership, breaking up the networks, interdicting the sources of funding and recruiting. The defensive element is typically when we think about the Department of Homeland Security, the things you do to protect yourself, and respond, or mitigate-- Mr. Shays. What is two? Mr. Carafano. --from an attack, so that is security. Mr. Shays. Yes. What is two? Mr. Carafano. That is the first element, actually. Security has offense and defense. Mr. Shays. Right. Mr. Carafano. The second element is economic growth, not just to pay for the security, but to pay for all the other things in the society. So you have to have economic competitiveness and growth. The third piece of that is the protection of civil liberties and privacies, because what enables a state to compete best over the long term is the will of the governed. And the glue that really holds that together, that really cements that, is the civil liberties and privacies of the society, the healthy civil society. And the fourth component is winning the war of ideas, because all-- Mr. Shays. It is what? I am sorry. Mr. Carafano. Winning the war of ideas, because all wars are an ideological struggle, particularly long conflicts. And so the argument that I have made is the key to successful protracted competition strategy is you have to do all four of those things equally well security, economic growth-- Mr. Shays. Have you written a book on this? Mr. Carafano. Yes, sir. It is called ``Winning the Long War.'' And you can't trade one off for the other. And that is the notion, is you can't do things to say, ``Okay, I am going to add to your security, but to do that I am going to undercut your economic competitiveness.'' Mr. Shays. I am really happy I have asked this question. How would you respond to this issue? Ms. Flournoy. I would add to what Jim has said. I think a lot of what he says is correct. In addition to, you know, the offensive piece, defeating the terrorists, the defensive piece of homeland security, I think the biggest missing portion of our strategy is a real strategy that tries to marginalize the terrorists from their bases of support. When you look at historically when terrorist organizations have basically gone out of the business of terrorism, like the IRA, it has been when governments have figured out how to affect the social, economic, political conditions that were creating fertile soil for the terrorists, either in the form of recruits, or money, or public support and sympathy. And maybe this is getting at the winning hearts and minds, but it is more than that. It is really thinking through how do we use our economic policies, our diplomatic policies, our foreign assistance, and our informational tools to really alienate the terrorists from the broader population that they are trying to win over. Mr. Shays. Let me ask, you said-- Ms. Flournoy. And that is really missing in a lot of what we are doing today. Mr. Shays. Okay. You said terrorists, but the 9/11 Commission said it is not terrorists, because it is like an ethereal being. It is Islamist terrorists. That is what they basically said. Ms. Flournoy. Well, I would say that this--I would characterize this as really a battle within Islam, so we are trying to separate--marginalize the extremists-- Mr. Shays. The radicals. Ms. Flournoy. --the violent extremists-- Mr. Shays. Let me get to Asa. Ms. Flournoy. --from the larger Muslim population. Mr. Shays. Thank you. That is very helpful. Asa? Mr. Hutchinson. Well, of course, I remember my first incident with terrorists in the 1980s was the extreme right- wing variety of it that also took down the Murrah Building in Oklahoma City. Mr. Shays. Right. Mr. Hutchinson. So I think in homeland security you have to be concerned--obviously, the most current threat is the Islamic jihadists, but you also have other traditional means of terrorism that you have to focus on. And I think in terms of the department, Congress set out the first strategy for homeland defense through the Homeland Security Act, which really set down some very wise criteria of security balanced with commerce, security balanced with civil liberties, as the hallmark of it. Obviously, that has been supplemented with national homeland security directives coming from the president, with a strategy of homeland security, but it starts with that Homeland Security Act, which is a very good statement that we should not forget about. Mr. Shays. Okay. Thank you. I will just conclude by saying all of you have helped me, because I basically believe it is it used to be contain, react, then mutually assured destruction. That obviously goes out the window. And to me, it is detect, prevent, preempt, and maybe act unilaterally. In other words, what we want to do is prevent something from happening. And we have to be able to do that. We have to be able to detect it. But frankly, Jim, your comments helped me put that in some perspective, in particular. Love to see your book, and I will buy it. I am not asking for it. Okay. Thank you, Madam Chairperson. Ms. Clarke. The chair will now recognize the other members for questions. The chair recognizes for 5 minutes the gentlewoman from Washington, D.C., Ms. Norton. Ms. Norton. Thank you, Madam Chair. I apologize that I wasn't here, because I I am interested in, at least broadly conceived, of the whole notion of planning for the next attack, as it were. I suppose that was the thrust of the 9/11 Commission report. One of you spoke about long wars. I kind of think of what we have been doing as last war planning. Maybe we do that in defense as well, although my sense is that the Defense Department, perhaps because they have been in the business since the creation of the republic, does think about emerging threats in a wholly different way than people who have never been in this business before, and that is us. Homeland security is a new concept for the domestic side. I say last war planning, because we devoted extraordinary attention to the last war, the 9/11 plane attacks, and so we shored that up. I contrast that to the way we all spoke of the coming wars in America, the whole notion for example, that nobody even speaks of anymore because it can't happen, of being able to fight two wars at once on two fronts, so that we were told, no matter what we were in, we could do that. Nobody thinks that that could happen. That is why we are at some risk militarily, in my view. On the other hand, the notion of emerging threats and homeland security seems to me to be less baffling. And yet we have not grappled--for example, we are just passing a rail security bill. You know, you could have planned for that the day after 9/ 11, because it was clear that we were dealing with what can only be regarded as professional terrorists. We have had hearings here about carrying in a weapon of mass destruction in a briefcase. I don't see what the difficulty is in--indeed, I think it is--without knowing who will do it, it seems to me to be less challenging than what the military has to do, because the military knows that we are the big guy. They therefore can recognize that people probably aren't going to come and bomb us. They then have to figure out where the hot spots are. One of the reasons you see some doubts here, perhaps, about the whole notion of quadrennial reviews is that we--I suppose we have to first recognize that there would be something to review, and that once we reviewed it and said this is going to be the threat, this is what we are going to do about it. And nobody is going to put huge resources into a threat that hasn't materialized yet, but the fact is that when a-- after a threat materializes, we certainly put huge resources-- we overkill it. I want to know about--I want to know anything you can tell me about planning in the homeland security area where there is no history of planning, there is no given resource notions. We are still trying to deal with things that aren't even-- covered how you would go about this so that it would give us something realistically to review, as opposed to a paper review that anybody can now tell you without much work from professionals. Mr. Carafano. The first thing I would like to say is I am totally in favor of D.C. voting rights, as a city resident. [Laughter.] So I am with you there. Well, the one comment--I think the first thing is I think it is an enormous--strategically speaking, it is an enormous mistake to focus on a specific terrorist tactic as a way of building a strategy to fend against it. So I would suggest that the wrong answer is to say, ``Well, is it going to be a rail attack? Is it going to be an airplane attack?'' Because, you know, when I first got in this business, I did an assessment of how many ways, with a modest amount of income and resources, could a terrorist attack the United States, and I quit when my report was 300 pages long, because you can think of a lot more ways to attack than you can think to defend against it. And the point is that 99 percent of a terrorist attack looks exactly the same. And where it differs is in that last 1 percent or 2 percent--what is the delivery mechanism? Is it a car bomb? Is it a plane? But the back 97 percent of planning, the training, the organization, the indoctrination, the ideology all that looks pretty much the same, and it is that last little bit, the choice, where it really differs. And what we do, I think, is sometimes we tend to focus on the last 2 percent, the delivery vehicle, and that is the wrong answer. What you need to focus on is the front 97 percent. So I would say you do--there is an awful lot of important thinking that needs to be done in terms of emerging threat, not in the sense of is it a car bomb or is it a rail bomb, but in the sense of the organization, the tactics, the methods of recruiting. And so I think there is a lot of work that can be done there. Where a QHSR would add value to the process is it will help force the department to do that in a regular and systematic way. You know, as I said in my opening statement, if you go back and you look at the I mean, the Defense Department, of course, hasn't been around since the beginning of the republic. You know, it is a product after World War II. But remarkably enough, if you look at the capacity of the Defense Department to do things like metrics, and linkages, and progressions, and strategic plans on these kind of programmatic issues that are addressed in the QDR--when they did that first QDR, they were pretty primitive and immature. They didn't have a lot of analytic capability. They didn't have a lot of staff to do that. Now, it is much more mature now because they have had to develop that capability over time. And when you deliver a QDR today, there is a lot of thinking and maturity that goes behind to do that. And I think having this process will help the Department of Homeland Security grow a similar capability. Ms. Norton. Madam Chair, could I just ask, you know, the others to respond at least to the question? Thank you. Ms. Flournoy. Congresswoman, I would say that, you know, the real value of a review is not so much to try to predict threats, but to, in the face of a lot of uncertainty, plan given that uncertainty. So to force the department out of its posture of day-to- day dealing with today's crisis, the in-box demands and so forth, to kind of take a longer perspective over the horizon-- what are the full range of things that we might have to deal with?--to make some very tough choices about prioritization and really about risk allocation--where am I going to absolutely not accept risk, and where am I going to have to manage that risk because I can't afford to buy it down to zero? And then to use those priorities and that challenge assessment to really develop a series of planning scenarios that you can constantly test yourself against in different combinations and use to identify capability shortfalls that then need to be, you know, remedied in the program. And I would underscore what Jim had to say, that one of the most important things is for the DHS to, over time, invest in and develop real planning expertise and capacity, which does take some time and some resources. Mr. Hutchinson. I think, first of all, the strategy, fighting terrorism within the United States, has to be intelligence-driven. We are getting better at that. We need to continue to improve it. It is an effective utilization of resources. Secondly, we should have targeted inspection based upon that intelligence. I think that is an effective use of resources. Thirdly, it should be based upon partnerships, partnerships between government and the private sector, partnerships between the different agencies, partnerships internationally, Mexico and Canada being important partners, the E.U., and it should be based upon technology as well, technology-driven. So that is, to me, the summary of what the department is trying to do in terms of strategy. In reference to the Quadrennial Defense Review, we ought to change the name of it, help us out a little bit--the QDR--I think one of the benefits from such a review is that it maybe limits the review, focuses the review. The Department of Homeland Security is not short of reviews, and studies, and analysis, and oversight. In fact, we have almost been worn out by it. But I think the benefit of an organized systematic review is when a new idea pops up, let's say, let's refer that to the QDR, and we can look at it systematically and thoughtfully. So I think there is some benefit to that. Ms. Norton. Thank you, Madam Chair. Ms. Clarke. I would like to recognize for 5 minutes the gentlewoman from Texas, Ms. Jackson Lee. Ms. Jackson Lee. I thank the chair very much for her interest and leadership on this issue, and she looks distinguished as the chairwoman. I quarrel with a lot of the burdens that fall upon us after 9/11 and truly believe that if, tragically, a terrorist attack was to occur here in the United States, this committee, this singular committee, would feel the enormous brunt and sensitivity and sense of horror, because we are entrusted with the responsibilities of securing the homeland. And so I think as we sit here and talk about the planning process that, frankly, one of the issues that we should be discussing is developing a culture of urgency at the Homeland Security Department, a sense that it is not good for it to be tomorrow, but it should be fixed today or yesterday. And frankly, I wonder whether or not we have been able to reach that pinnacle or that point where I think we are needing to go. So my questions will be couched in the terms of how much time we have to discuss policy and to think about proposals. This department was formulated--at least we discussed it as a select committee in this Congress right after 9/11. We have had a 9/11 Commission. And I always wonder about this whole idea of my defined concept of ever ready, ever coordinated and ever able to act, that we should be forever coordinated, forever able to act and forever prepared and ready. And I don't see that. So I am going to start, Mr. Hutchinson--and welcome back to the Congress--with you and recite for you the GAO study that indicated, after spending almost 4 years and more than $1 billion, DHS has not implemented a biometric exit capability or a suitable alternative. And so my question is you saw the US-VISIT stand up at the very beginning. Are you surprised that 4 years after the program was established we still do not have an exit system? And how do you account for the delay? And what role does consistent leadership play in delivering results on a program of this scale? And let me ask Ms. Flournoy you--have recommended or suggested a number of DOD processes that might be utilized. How do you see homeland security and DOD coordinating? Is it even possible? Are we ready to stand up, period, with a sense of urgency in the way this department is structured in terms of homeland security? Mr. Carafano, I want to take the planning concept to the practical concept. We have ICE agents who are raiding various employers. You know, I don't know if that is make work or busy work. Do we have a coordinated--you know, we are in the middle of discussing how we reform--how we do comprehensive immigration reform, and we have ICE raids. I don't know if they are doing that because it is public relations. We have the detainee centers needing great improvement. We look like we are not coordinated. We are not a smooth- running machine. I want a pithy response to where do we get to the heart of making sure that we are functioning, coordinating, securing the homeland. I yield to Mr. Hutchinson. Mr. Hutchinson. Excellent question, Congresswoman, and I enjoyed the relationship we had both at homeland security-- Ms. Jackson Lee. Absolutely. Mr. Hutchinson. --and in Congress. And your sense of urgency is right on target. I believe the department has the right strategy, but you can certainly debate whether they are implementing the strategy at the right speed. And US-VISIT is a good example of it. You ask about whether I am surprised that they have not implemented an exit capability. I think US-VISIT has been one of the great successes of the Department of Homeland Security. I believe the exit capability is very important. Obviously, you have to have pilots. You have to move in that direction, but you cannot retreat from it. I think my testimony really goes to that question and the challenge that they face. I believe that US-VISIT got lost a little bit when it was a direct report to the secretary of homeland security, whenever he had Katrina to deal with and a whole host of other emergencies. You need the day-to-day oversight and decision-making capability. That is why the placement within an undersecretary directorate will be helpful to US-VISIT, to give US-VISIT an advocate, a decision maker, a better relationship with Congress. And so I think that will help move exit forward, and I certainly support that and applaud that effort. It is very important to our country. Ms. Jackson Lee. I thank you. Ms. Flournoy? Ms. Flournoy. I think you have hit on an absolutely critical issue, this question of integration or coordination between DOD and DHS, and it needs to happen in several ways. First, interdepartmental. I think there is a lot of room for cooperation on planning between the two departments in terms of sharing scenarios, expertise, judgments, et cetera, and actually even having DOD planners who have expertise that you have detailed over to DHS to help develop more planning expertise there. Developing common or shared concepts of operations for how they are going to deal with shared challenges and so forth--so certainly, at the planning level. Also, at the execution level, whether it is via NORTHCOM and bringing them into coordination with counterparts in DHS-- but there is also a larger interagency piece that sometimes happens, sometimes doesn't happen, that really needs to be brought together by the homeland security committee staff of the White House and, perhaps, some parts of the NCTC, where you really need to have a much greater degree of coordination than is sometimes happening. And then finally, incentive structures. I mean, one of the things that I have proposed in another study was the idea of actually linking promotions within certain parts of key elements of departments to interagency experience, so that you incentivize people gaining interagency education, training, experience and knowing how to better integrate the actions of their department with those of others. Ms. Jackson Lee. Thank you. I yield to the gentleman to finish the question, Madam Chairwoman. Mr. Carafano. I think it is a great question. And the simple answer is it is a leadership issue. I saw this in 25 years in the Army, and when things get done and when things don't get done. And leadership is a combination of the leader both setting priorities and then making sure that people have the reasonable resources to execute. And I think actually this US-VISIT is a perfect example. One of my concerns, for example, would be by US-VISIT, I think, should be a national priority and should be a high priority for the Department of Homeland Security. If you put it in Customs and Border Protection, they have got a lot of very important missions right now. They have got to implement SBInet. They have got to basically reengineer the border patrol. And they have got a detention and removal process which is decades to come to really be modern and be sufficient. And then you have the issue of coordinating with ICE. My concern is if you took this vital program and you put it on CBP, I mean, in a sense you would be setting them up to fail because you are giving them too many missions to really moderate and execute. So I would prefer that this US-VISIT be closer to the flagpole. You know, I.T. programs are a classic example. If you look at why I.T. programs fail in the federal government, they always fail for the same four reasons: The requirements aren't adequately defined, the deadlines aren't realistic, the resource projections aren't realistic, and you don't have on-hands leadership. So those are the four things you have got to fix if you want this to work. And so I think the closer to the flagpole at the top it is, the better it is. And I think all the other three things will follow that. And I think there is a priority issue here, and I think there is a really easy way to cut the Gordian knot on this U.S. exit thing. It is very simple. We have 11 major U.S. international airports that account for 70 percent of the international air traffic. If we do that first, that is an enormous boon to the exit process. That covers an awful lot of people that are very that we are really concerned about. And then you have got some really on-hands expertise on how to do exit that you can then move out to other sectors. And I think that is a reasonable thing. I think it is a reasonable-- in a reasonable time frame. And so I think if Congress wants to set a deadline, that is a reasonable deadline. I think in 2 years, having U.S. exit at the 11 major international airports that serve 70 percent of traffic is a great goal. And then you can do some really interesting things. For example, if you want to--if you are concerned about visa waiver countries and are they overstaying or not, you can say, ``Okay, if you are from a visa waiver country, you have to use on of those 11 airports.'' Then we will have a concrete, absolute measure on whether people are actually complying with the rules or not. And if we have countries that are of concern, we can make them use those airports as well. So I think that is an achievable goal that we could do right now. But I do think it is really a serious leadership issue, and leadership is setting priorities and then making sure people have the resources to meet those needs. Ms. Jackson Lee. Well, Madam Chairwoman, thank you very much for the witnesses. I am trying to take shorthand here. I think there have been some enormously provocative statements. I just want to have on the record, Madam Chairwoman, for this particular committee that I think having the principals come in and respond to Mr. Capiano's I am not seeing the ``F'', I am sorry--Carafano's words--we have a Capuano here in the Congress, so please forgive me. But in any event, to really challenge the Department of Homeland Security about putting US-VISIT closer to the flagpole, closer to priority, closer to urgency, and have them respond on how soon they could get that reordered. And my last point is I agree that Customs and Border Protection is overworked--not overworked. Let me not say they are overworked. They do a fine job. But they have a lot of work--and ICE. And my question about the raids was just that. Not that I would want to ask where are you raiding next, but are you doing work that is making sense. Is there a need for an organizational restructure, or should your urgency be directed somewhere else, or can we help you, you know, be part of really getting some work done that deals with securing America? So I think this is an important hearing, and maybe we can have some others on how we can make sure that the department is organized and focused urgently on the needs of this nation. I yield back. I thank the gentlelady. Ms. Clarke. That is duly noted, and I know our chair, Mr. Thompson is very focused on that, Ms. Jackson Lee. He was very concerned about we heard here this morning and where we are in this process. For the panel, I have an additional question before we wrap up for today. The new president elected in 2008 will have the task of developing new homeland security policy together with Congress. Presently, there are quite a number of laws, strategic documents, presidential directives and other policy documents pertaining to homeland security. How can we assure clarity and coherence in our national homeland security policy as we consider the possibility of a quadrennial homeland security review? Mr. Hutchinson. Madam Chairman, may I take leave? I have an appearance I have to get across town to. But let me just, before I turn it over to my colleagues, say that I think the QHSR is certainly a helpful start, and I think the suggestion of the next administration is probably timely. I always like to quote the RAND Corporation study that indicated even in the private sector, where it is a little bit easier, even the private sector it takes 5 years for a merger to be effective. And here, the 5-year anniversary of the Department of Homeland Security will be next March. So I think that is just a good reminder that in the government environment it is even tougher. But I think the focus of a QHSR would be helpful and a good tool to use. Thank you for the opportunity to be here today with you. Ms. Clarke. And on behalf of our chairman and the members of the committee, we want to thank you for your service and for your testimony here today. Thank you. Ms. Flournoy. Madam Chairwoman, I think you raise a very important point. Over time, a number of planning requirements, reporting requirements and other requirements have been put on DHS. I think as we approach the 5-year anniversary, it is actually a good opportunity for maybe members of this committee to sit down with both key department officials and perhaps DHS watchers like, certainly, Jim and maybe some DOD watchers like me, and to kind of put it all on the table and say, ``Does this really make sense when you pull it all together?'' It may be that there is some rationalization and streamlining that could help to clarify that, you know, you start with an overarching review, then you have a clear policy guidance document, then that goes into a programming process with some assessment, and then a budgeting process. I mean, it may make sense to look at everything that has been put on DHS in the spirit of trying to enhance strategic planning and take a fresh look to say, ``Now that we have a little experience, now that we can put all of this together, does this really make sense, all of it together, or are there ways that we can rationalize and streamline the process to strengthen planning but also, you know, to increase the chances of getting the desired result that we are all after?'' Mr. Carafano. Yes, I will just refer back to my testimony that I do think it would be worthwhile as this administration walks out the door to do a report that really would be a precursor to a QHSR. And I think the key is we don't need a report which basically asks the department to grade itself. What we really need is the department to say, ``You know, if you were staying for four more years, you know, where would you go in the future and why?'' And I think it would be a great rehearsal for the Congress if we could do this like we would do a QSR, to do it as a dialogue to say, ``We want you to do this report. Come in and tell us what you think should be in the report. Then let's talk about what should be in the report. Then come back in a couple of months and tell us how the work is going. And then let's talk about it when the report is done.'' Ms. Clarke. Well, I want to thank the witnesses for their valuable testimony and the members for their questions. The members of the committee may have additional questions for the witnesses, and we will ask you to respond expeditiously in writing to those questions. Hearing no further business, the committee stands adjourned. [Whereupon, at 12:19 p.m., the committee was adjourned.] Appendix A ---------- For the Record Prepared Statement of the Honorable Tom Davis, a Representative in Congress From the State of Virginia Chairman Thompson and Ranking Member King thank you for holding today's hearing on the United States Visitor and Immigration Status Indicator Technology Program (US-VISIT). I have long emphasized that protecting the United States does not rest solely with the physical infrastructure at our borders. A properly functioning border means information is collected at each point of contact and the correct information is available at each point of decision--whether that point is a consular window overseas or a car window at the border in California. We must have a seamless approach--ensuring security at all ports of entry. This is why US-VISIT is essential to the mission of homeland security. In addition to the security aspects of US-VISIT, the program is particularly important to Virginia's 11th District. Approximately one out of every six of my constituents was born outside of the United States. Accordingly, there is a high volume of international travel to and from the National Capital Region. Residents need US-VISIT to work to protect the region. However, residents also need the assurance US- VISIT will not clog ports of entry and impede and lengthen airport security procedures at high volume times. I believe the Department of Homeland Security (DHS) has struck an appropriate balance between these two goals, but we still have additional ground to cover with the program. The President's budget proposal requested $462 million for US-VISIT in 2008. This money should be used by DHS to establish a workable exit phase of the program, which is critical to detecting significant visa overstays. The money should also facilitate the implementation of a 10 fingerprint biometric. This new technology will be invaluable in identifying previously unidentifiable partial fingerprints. Since the creation of DHS and the subsequent announcement the Department would be responsible for US-VISIT, I made it a priority for the Committee on Government Reform to oversee the program's progress-- from conception to implementation. I am pleased to see the Committee on Homeland Security takes oversight of the program as seriously as I do. I am, however, concerned by the Majority's proposal to move US-VISIT under Customs and Border Protection (CBP). Pursuant to Section 872 of the Homeland Security Act of 2002 (PL 107-296), the Secretary may establish, consolidate, alter, or discontinue organizational units within DHS. As such, Secretary Chertoff has elected to create a new directorate named National Protection and Programs, under which US- VISIT will fall starting March 31, 2007. Recently, Robert Mocny, Acting Director of the US-VISIT program, told my staff the move to the new Directorate is a positive one for the program. It provides the flexibility for US-VISIT to meet its goals across the Department. Unfortunately, the Committee on Homeland Security's Majority has decided to micro-manage and undermine those within DHS who work on the US-VISIT program. The Majority's view that US-VISIT should fall under CBP is myopic, at best. US-VISIT is not simply a ``border initiative.'' The program does not interface solely with CBP, but also with Immigration and Customs Enforcement, Citizenship and Immigration Services, and the Coast Guard. Additionally, US-VISIT partners with the Department of Justice, State Department, and the intelligence community. Placing US-VISIT under CBP inhibits a program that stretches broadly through DHS. I urge my Democratic colleagues to rethink their position on the placement of US-VISIT. It is my hope they will take seriously the testimony of those who work day in and day out on US-VISIT and consider the Secretary's authority and desire to do what is best for the implementation of the nation's security programs. Appendix B ---------- Additional Questions and Responses Questions from Hon. Bennie G. Thompson Responses from Robert A. Mocny Question 1.: What is the statutory authority for US-VISIT's ``identity management'' mission? Response: There is no single statute that authorizes identity management. Instead, there is a variety of statutes which set the legal framework for it. To perform the tasks mandated in statute, the U.S. Government must have confidence in an individual alien's identity as a precursor to providing that alien with visas, admission, or other immigration benefits, or undertaking law enforcement actions. The following summarizes the applicable legislative mandates: The Illegal Immigration Reform and Immigrant Responsibility Act of 1996 (IIRIRA), Public Law 104-208, requires the development of an automated entry and exit control system to collect records of departure and to match them with records of arrival. The Immigration and Naturalization Service Data Management Improvement Act of 2000 (DMIA), Public Law 106-215, amends IIRIRA to require that the entry and exit data system integrate all ``authorized or required'' alien arrival and departure data; use available data to match an alien's arrival and departure; assist the Attorney General (now the Secretary of Homeland Security) and the Secretary of State to identify lawfully admitted non-immigrants who have overstayed their period of admission; use available data to produce a report of arriving and departing aliens by nationality, classification as an immigrant or non-immigrant, and dates of arrival in, and departure from, the United States; and be implemented at all air and sea ports of entry by December 31, 2003; at all air and sea ports and the 50 land border ports serving the highest numbers of aliens by December 31, 2004; and at all ports of entry by December 31, 2005. The Visa Waiver Permanent Program Act of 2000 (VWPPA), Public Law 106-396, requires that the entry and exit data system contain records of arrival and departure of every alien admitted under the Visa Waiver Program (VWP) who arrives and departs by air or sea; contain sufficient data to permit the Attorney General (now the Secretary of Homeland Security), for each fiscal year, to calculate the percentage of each VWP country(s nationals who are admitted under the VWP and for whom no departure record exists; use available data to produce a detailed annual report to Congress by December 31 of each year containing, among other specific information, the number of successful arrival/departure matches for departing aliens by nationality and by classification as immigrant or non-immigrant, and the number of aliens who arrived pursuant to a non-immigrant visa or the VWP and for whom no departure data are available at the end of the authorized period of stay; and record arrivals and departures of every VWP alien transiting through air and sea ports by October 1, 2001. The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act, Public Law 107-56, requires that the entry and exit data system be implemented with all deliberate speed and as expeditiously as practicable; focus particularly on using biometrics and tamper- resistant documents; and be able to interface with law enforcement databases for use by Federal law enforcement to identify and detain individuals who are threats to national security. The Enhanced Border Security and Visa Entry Reform Act of 2002 (EBSVERA), Public Law 107-173, requires that the entry and exit data system use technology and biometric standards to be developed by the National Institute of Standards and Technology (NIST), in consultation with other agencies, for alien identification and other purposes; be accessible at ports of entry and overseas consular posts; consist of equipment and software to allow biometric comparison and authentication of all U.S. visas, other travel and entry documents issued to aliens, and the machine-readable, biometric passports required to be issued to nationals of VWP countries at all ports of entry by October 26, 2004 (later extended to October 26, 2005); have database(s) containing alien arrival and departure data from machine-readable visas, passports, and other travel and entry documents; use technologies that facilitate lawful and efficient cross-border movement of commerce and persons without compromising the safety and security of the United States; and be integrated into the new and broader Immigration and Naturalization Data System that fully integrates all Immigration and Naturalization Service (INS) databases and data systems that process or contain alien information. The Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), Public Law 108-458, Section 7208, specifically addresses biometric entry and exit and calls for the Secretary of Homeland Security to accelerate the full implementation of the US-VISIT program. The statutes above either state or clearly presuppose that: the comprehensive biometric entry and exit screening system will be continuously updated and improved as technology improves; the system will be integrated and interoperable with data systems that process or contain information on aliens and that are maintained by Immigration and Customs Enforcement (ICE), Customs and Border Protection (CBP), U.S. Citizenship and Immigration Services (USCIS), the Executive Office for Immigration Review (EOIR) at the Department of Justice (DOJ), and the Bureau of Consular Affairs at the Department of State; the biometric entry-exit system will use a technology standard to be applied in a cross-agency, cross-platform, fully interoperable electronic system as a means to share the law enforcement and intelligence information necessary to confirm the identity of persons applying for a visa; and the entry-exit data collected will be available for authorized law enforecement purposes. Question 2.: How will the ``identity management'' functions of US- VISIT be leveraged to assist in the identification of visa overstays? Response: Presently, US-VISIT provides analysis of both biographic (name, date of birth) information and biometric (fingerprint) information to identify aliens that may have overstayed their period of admission. Information on confirmed overstays is forwarded to Immigration and Customs Enforcement (ICE) for possible law enforcement action. This information is also shared with Customs and Border Protection (CBP) and the State Department so that, if the individual is subsequently encountered during the visa renewal/application process or entry process, those agencies may then take appropriate action. US- VISIT data and analysis enable enforcement components to arrest aliens who have violated the terms of their visas by overstaying the authorized period of admission. To date, US-VISIT identifications have resulted in the arrest of more than 300 overstay violators by Immigration and Customs Enforcement; in addition, nearly 50 individuals have been refused entry into the United States since October 2006 because of US-VISIT's identification of overstay violators. Question 3.: How will the ``identity management'' functions of US- VISIT be integrated into the Department's other border security efforts, such as the Secure Border Initiative and the Western Hemisphere Travel Initiative? Response: The Department of Homeland Security (DHS) is continually reviewing ways to leverage existing programs and maximize interoperability among its immigration and border management efforts. DHS agrees that its major investment initiatives, such as US-VISIT, the Western Hemisphere Travel Initiative (WHTI), and the Secure Border Initiative (SBI), must be strategically aligned. DHS has established a strong oversight effort to ensure that the alignment is implemented through the lifecycle of these programs. Essential components of this oversight include the requirement that all these projects, as major investments, be approved at key stages by the DHS Investment Review Board (IRB). This includes a review by the DHS Enterprise Architecture Board and the involvement of the Screening Coordination Office (SCO). To ensure the success of these programs, there is ongoing communication and cross-planning among the offices responsible for designing and implementing these initiatives. For example, staff members from US-VISIT have participated extensively in the WHTI planning efforts and have taken part in the development of the strategic plan for the SBI. CBP staff who are now working on SBI and WHTI also participated in the development and implementation of US- VISIT. This intra-agency cooperation provides opportunities for lessons learned to be shared and facilitates retention and reuse of historical knowledge and experience. Question 4.: How does the immigration component of US-VISIT's mission comport with the other entities that will be forming the National Protection and Programs Directorate (NPPD)? Response: Threats posed by individuals wishing to do the Nation harm generally fall into two categories: physical and virtual. Reducing risk requires an integrated approach that encompasses these physical and virtual threats, as well as the human elements that pose the threats. Currently, there are multiple components within the Department of Homeland Security (DHS) working independently to reduce our comprehensive risk. Three of these are: The Office of Infrastructure Protection (IP), which addresses physical risks; The Office of Cyber Security and Communications (CS&T), which addresses cyber risks; US-VISIT, which addresses human risks. All three of these offices use the same approach to reduce risk by utilizing data gathering, data analysis, and dissemination of information to operators. DHS believes that it can increase the synergies between, and improve the output of, the aforementioned offices not only by recognizing their commonalities, but also by integrating their work more closely under the National Protection and Programs Directorate (NPPD). In addition to the biographic data that can be used (e.g., name, location), to enhance the security of our Nation(s critical infrastructure (e.g., using fingerprint checks to verify identity and control access ton sensitive facilities), the National Protection and Programs Directorate continues to explore appropriate usage of biometric information and analysis. Question 5.: Given the lack of a biometric exit capability for US- VISIT, why has the Department decided to move US-VISIT to NPPD and place new emphasis on the ``identity management'' functions of the system? Response: The Department of Homeland Security (DHS) is still committed to deploying biometric exit. US-VISIT's move into the National Protection and Programs Directorate (NPPD) does not alter that commitment. US-VISIT's identity management functions are a natural evolution of the requirements of enrolling an alien's identity during a first encounter (either at consulate offices or ports of entry) and ensuring that the identity and related information can be accessed by decision-makers in the border security and immigration management enterprise in a timely manner. The move also recognizes the program's management of the Automated Biometric Identification System (IDENT) and its focus on, experience with, and investment in biometric identification, which can be leveraged in many official environments. Question 6.: What are the major challenges or obstacles facing the Department as it considers deploying exit capabilities at land, air, and sea ports of entry? Response: The primary challenge to deploying exit capabilities is that our land, air, and sea ports were not designed or built for security processing during exit. Thus, there are significant space and facility challenges for deploying any type of exit screening at any port. Additional major challenges include: Department of Homeland Security (DHS) leadership must collaborate with the airline/travel leadership to discuss the possible integration of biometric exit at passenger check-in and how, if possible, this process can mesh with the U.S. Customs and Border Protection's Advance Passenger Information System (APIS) Quick Quary and the Transportation Security Administration's Secure Flight program; US-VISIT is in discussions with airlines about the elements for a pilot for a planned biometric exit covering air. Question 7.: To what extent has the Department involved the airline or travel industry in facilitating a feasible exit solution at airports? Response: See answer above Question 8.: What exit capabilities does the Department anticipate piloting and implementing in FY 2007 and FY 2008? Response: During the remaining months of FY 2007 and through the first quarter of FY 2008, US-VISIT plans to collaborate with stakeholders to plan, develop, and demonstrate a possible solution that integrates biometric exit into the passenger check-in process for air. Question 9.: What is the schedule for deploying 10-fingerprint collection at land, air, and sea ports of entry? Response: The current plan is to deploy 10-Print collection capability to all land, air, and sea locations, which currently collect two fingerprints, by December 31, 2008. Question 10.: How has the Department evaluated major changes in policy for US-VISIT, such as interoperating IDENT and IAFIS, piloting RFID technology, and moving the Program Office to the NPPD, without the comprehensive strategic plan mandated by 7208 of the Intelligence Reform and Terrorist Prevention Act of 2004 in place? Response: The Department of Homeland Security (DHS) has completed a strategic plan for US-VISIT and submitted it to Appropriators on March 20, 2007, as part of the US-VISIT Fiscal Year 2007 expenditure plan. A separate document that provides additional information specified in section 7208(c) of the Intelligence Reform and Terrorist Prevention Act of 2004 (IRTPA) is now in Departmental clearance and should be delivered to Congress in the near future. Question 11.: Mr. Thompson inquired into the status of US-VISIT(s long-term strategic plan. Mr. Mocny said the Committee could expect a final report within 30--40 days. Response: The Department of Homeland Security (DHS) has completed a strategic plan for US-VISIT and submitted it to Appropriators on March 20, 2007, as part of the US-VISIT Fiscal Year 2007 expenditure plan. A separate document that provides additional information specified in section 7208(c) of the Intelligence Reform and Terrorist Prevention Act is now in Departmental clearance and should be delivered to Congress in the near future. Question 12.: Mr. Thompson (as referenced by Mr. Bilirakis) requested examples of performance measures for US-VISIT. Mr. Mocny agreed to provide. Response: The relevant performance measures are arrayed in the table below, aligned with US-VISIT goals and the two Department of Homeland Security (DHS) Strategic Goals that the program supports- Prevention and Service. ------------------------------------------------------------------------ ------------------------------------------------------------------------ DHS Strategic Goal/Objective Strategic Goal 2: Prevention Objective 2.1 Secure borders against terrorists, means of terrorism, illegal drugs, other illegal activity US-VISIT Goals Enhance the security of United States citizens and visitors Ensure the integrity of our immigration system Performance Measurements Ratio of adverse actions to total biometric watch list hits at ports of entry Number of biometric watch list hits for travelers processed at ports of entry Number of biometric watch list hits for visa applicants processed at consular offices Cumulative and Annual Perventage Baseline cost and Schedule Overrun on US-VISIT Increment Development and Deployment (Formerly: Adherence to program cost and schedule objectives) Percentage of Exit Records Matched to Entry records (New) Number of Individuals Biometrically Verified Based on 10-Print Enrollment (Under development for Unique Identity) Percentage of Biometric Identity verification Based on 10- Print Enrollment (Under development for Unique Identity) Number of Travelers with Adverse Information Identified During the Biometric Verification Process (Under development for Unique Identity) Number of Travelers with Adverse Informaiton Identified During the Biometric Verication Process (Under development for Unique Identity) ------------------------------------------------------------------------ Strategic Goal 6: Service DHS Strategic Goal/Objective Objective 6.4 Facilitate the efficient movement of cargo and people US-VISIT Goals Facilitate legitimate travel and trade Protect the privacy of our visitors Performance Measurements Number of privacy redress requests received Average processing times of redress requests Adherence to DHS IT Security requirements Average Biometric Watch List query and identity verification information delivery times at consular offices Average Biometric Watch List query and identity verification information delivery times to ports of entry Data Integrity Group Average Cost to Vet and Review Records in Determining a Recommended Lead (Under development) ------------------------------------------------------------------------ Question 13.: Mr. Cuellar requested a list of space constraints and related logistical issues at land ports of entry. Mr. Mocny agreed to provide. Response: Starting in 2002 with the legacy Immigration and Naturalization Service (INS) ``Entry/Exit'' program, US-VISIT has been collecting and analyzing the data on Land Ports of Entry (LPOE) to meet Congressional mandates. This effort includes the studies and data points outlined in the attached table. Each of these data points has provided additional information and understanding of what it would take to provide an Entry/Exit system at our LPOE. The basic space constraints and logistical issues continually point to the following issues: 1. LPOE were not designed for exit. The LPOE have the infrastructure in place to stop and inspect each vehicle and person wishing to enter the United States; however, such infrastructure is absent for exit at land ports, with the exception of a few test locations. 2. Many LPOE are land-locked within urban settings that do not allow for expansion without significant cost, and potential social and environmental impacts. An exit solution would place these same challenges upon the Canadian and Mexican communities surrounding our ports of entry. 3. The building configuration and circulation (internally/ externally) have not been designed to accommodate an inspection/check-point at exit. Major modification of these facilities would be required to allow for the additional manpower, visibility of exit lanes, processing space, work stations, parking, and other related support activities associated with exit. 4. Any solution that slows down the current processing time on entry and/or exit has the potential to cause significant impacts to the local environment. Additional wait time for exit will causes long lines at the ports, possible congestion in communities, and pollution. The additional required parking and/or queuing lanes will push the boundaries of the port beyond current limits and could potentially trigger NEPA studies. Changes to historic ports require consultation and approval from State Historical Preservation Offices. 5. Many LPOE are old, with antiquated infrastructure and limited capacity to take on increased demands for internal power and support systems. These ports can also be very isolated, with the nearest city 30--40 miles away or more. Developing new infrastructure is costly and must be coordinated with limited construction seasons. Questions from Hon. Bennie G. Thompson Responses from Richard Stana Question 1.: What benefits may be derived from placing US-VISIT within a mission-focused agency, such as Customs and Border Protection? Response: US-VISIT is intended to enhance the security of our citizens and visitors and to ensure the integrity of the U.S. immigration system while facilitating legitimate trade and travel and protecting individuals( privacy. To achieve these goals, US-VISIT is to record selected travelers( entry and exit to and from the United States at over 300 ports of entry (POEs) around the country, verify their identity, and determine their compliance with the terms of their admission and stay. Within these goals, US-VISIT has identified seven capabilities that it considers critical for meeting the missions of its customers: identify a person; assess risk and eligibility; record entry, exit, and status; take law enforcement actions; communicate with external entities; manage knowledge, information, and intelligence; and manage the immigration and border management enterprise. Currently, US-VISIT is placed within the National Protection and Programs Directorate (NPPD), along with other components that have a cross-agency coordination and communication role. This placement could facilitate US-VISIT(s ability to perform its identity management and communication/coordination capabilities across the department. On the other hand, placing US-VISIT in a mission-focused agency like U.S. Customs and Border Protection (CBP) could better position US-VISIT to focus on completing the design and implementation of a statutorily mandated, comprehensive, biometric entry/exit system. Because CBP, US- VISIT, and U.S. Immigration and Customs Enforcement (ICE) have substantial immigration enforcement roles, this would also enhance accountability and the development and application of common performance measures. This is not to say that maintaining focus on completing the entry/exit system could not be done from NPPD. Rather, establishing program management linkages and organizational crosswalks for the entry/exit capability within CBP could be easier than establishing them from a non-mission-oriented agency. However, it is also fair to say that establishing program management linkages and organizational crosswalks from CBP to other DHS components for the identity management capabilities could also be challenging, although such linkages and crosswalks have been built between ICE(s Law Enforcement Support Center and CBP and the FBI, among other federal, state, and local law enforcement agencies. Question 2.: Do you have any concerns about the Department's new emphasis on US-VISIT's ``identity management'' functions? Response: According to US-VISIT, the movement toward an identity management capability includes recording an identity for an individual; connecting that identity to available and appropriate information about an individual's criminal history, immigration history and status; and verifying the individual's identity at each subsequent interaction. These capabilities are important and have merit. It is too early to tell what impact US-VISIT's focus on identity management will have on developing and implementing a biometric exit capability. A concern would emerge if the focus on identity management drew substantial attention and resources away from that endeavor. Moreover, having a biometric exit capability is important to fully developing an effective identity management function, because recording when an individual left the country is a key piece of information needed to determine an individual's status and whereabouts. Question 3.: What type of challenges does the US-VISIT program face operating in a context that is not defined by the comprehensive strategic plan required under section 7208 of the Intelligence Reform and Terrorist Prevention Act of 2004? Response: In March 2007, US-VISIT issued its ``Comprehensive Strategic Plan for US-VISIT'' which includes a ``review of US-VISIT's status and US-VISIT's strategic plan.'' The plan discusses section 7208 of the Intelligence Reform and Terrorism Prevention Act of 2004, which calls for a report to the Congress on how DHS was to fully implement a biometric entry/exit program. US-VISIT's plan describes the previously discussed seven capabilities that it considers critical for meeting the missions of its customers (i.e. identify a person; assess risk and eligibility; and record entry, exit, and status), the general strategies for delivering these capabilities, some of the benefits to be derived, and expected outcomes for each of the seven capabilities. However, the plan does not describe expected costs or timeframes for implementing the seven capabilities, nor does it show how US-VISIT intends to measure results. Furthermore, the plan is not clear on DHS's plans for implementing the statutory requirement for a biometric exit capability and it remains unclear how US-VISIT will work in combination with other border security initiatives, such as the Western Hemisphere Travel Initiative and the Secure Border Initiative. Absent this information, neither DHS nor Congress is in a good position to prioritize and allocate program resources, and DHS faces substantial risk that US-VISIT will not align or operate with other border security initiatives and thus not cost-effectively meet mission needs. Question 4.: What type of management controls and coordination efforts should the National Protection and Programs Directorate implement to ensure proper oversight of the US-VISIT program and linkage with stakeholders? Response: The management controls to ensure proper oversight of the US-VISIT program and linkages with stakeholders would be needed regardless of where US-VISIT is placed. Some needed controls are already in place, but others were identified in the various reports we have issued over the last 4 years.\1\ Given that US-VISIT has been placed in NPPD, it is important that NPPD managers and US-VISIT officials reach a mutual understanding about organizational roles and responsibilities, performance expectations, and accountability mechanisms for US-VISIT. In addition, US-VISIT officials would need to work with key stakeholders to establish and maintain a positive control environment that provides a framework for planning, directing, and controlling operations to achieve NPPD and US-VISIT objectives; employing ways to identify, analyze, and articulate the risks associated with achieving those objectives; having control activities (policies, procedures, techniques, and mechanisms) that are designed to ensure that management directives are carried out; having relevant, reliable, and timely communications to ensure that information flows down, across, and up the organization, as well as across the spectrum of US-VISIT's customers and external stakeholders that support the US- VISIT program; and monitoring to ensure the quality of US-VISIT's performance over time. --------------------------------------------------------------------------- \1\ GAO, Information Technology: Homeland Security Needs to Improve Entry Exit System Expenditure Planning, GAO-03-563 (Washington, D.C.: June 9, 2003); GAO, Homeland Security: Risks Facing Key Border and Transportation Security Program Need to Be Addressed, GAO-03-1083 (Washington, D.C.: Sept. 19, 2003); GAO, Homeland Security: First Phase of Visitor and Immigration Status Program Operating, but Improvements Needed, GAO-04-586 (Washington, D.C.: May 11, 2004); GAO, Homeland Security: Some Progress Made, but Many Challenges Remain on U.S. Visitor and Immigrant Status Indicator Technology Program, GAO-05-202 (Washington, D.C.: Feb. 23, 2005); GAO, Homeland Security: Contract Management and Oversight for Visitor and Immigration Status Program Need to Be Strengthened, GAO-06-404 (Washington, D.C.: June 9, 2006); GAO, Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at Land Ports of Entry, GAO-07-248 (Washington, D.C., December 6, 2006); GAO, Homeland Security: Planned Expenditures for U.S. Visitor and Immigrant Status Program Need to Be Adequately Defined and Justified, GAO-07-278; (Washington, D.C.: Feb. 14, 2007); GAO, Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at land Ports of Entry, GAO- 07-378T (Washington, D.C.; January 31, 2007), and GAO, Homeland Security: US-VISIT Has Not Fully Met Expectations and Longstanding Program Management Challenges Need to Be Addressed GAO-07-499T (Washington, D.C.; February 16, 2007). --------------------------------------------------------------------------- Regarding US-VISIT's performance, it is particularly important that NPPD and US-VISIT define and measure progress against program commitments and hold themselves accountable for program results. In our past work, we have reported that US-VISIT has yet to fully establish performance and accountability mechanisms to ensure that problems and shortfalls can be addressed in a timely fashion and so that responsible parties can be held accountable. Question 5.: What are the advantages and disadvantages of imposing statutory deadlines on the Department for implementing biometric exit capabilities at land, air, and sea ports of entry? Response: Imposing statutory deadlines would underscore the importance that Congress places on implementing workable biometric exit capabilities at the various ports of entry and may prompt the Department to devote additional attention and resources toward that end. In deciding whether to impose a statutory deadline for implementing a biometric exit capability at the ports, one would have to consider existing technology and resource constraints. For example, US-VISIT(s pilot testing showed that deploying an exit capability at air and sea ports of entry was feasible, so a statutory deadline could prompt action that would result in a workable system at those ports in the near future. On the other hand, the pilot tests at the land ports of entry showed that the technology currently available would not effectively support a biometric exit capability without substantial investments in port infrastructure. Imposing a statutory deadline would not likely speed the development of new technology, and could result in the Department investing in infrastructure to mirror the current entry process when less intrusive options may be forthcoming. A concrete plan, with expected costs and milestones, for identifying and testing various options in the land port environment might better facilitate the eventual deployment of a workable and less costly biometric exit capability. Question 6.: Given the detailed reviews your office has performed on US-VISIT and other Department initiatives, is it fair to characterize US-VISIT as one of the ``great successes of the Department,'' as some have done? If not, what more needs to be accomplished? Response: Since 2003, we have issued several reports and testified several times on the US-VISIT program, and these have identified fundamental challenges that DHS continues to face in meeting program expectations (i.e. delivering program capabilities and benefits on time and within cost).\2\ We continue to believe that the program carries an appreciable level of risk and must be managed effectively if it is to be successful. DHS has made considerable progress implementing entry capability at most ports of entry and has begun to work to move from 2 to 10 fingerprint biometric capabilities and expand information sharing among stakeholders. However, a biometric exit capability is not currently available and developing and deploying this capability, particularly at land POEs, remains a sizable challenge. In addition, DHS continues to face longstanding management challenges and future uncertainties. For example, DHS has launched other major security programs, such as the Secure Border Initiative (SBI) and the Western Hemisphere Travel Initiative without defining the relationship between US-VISIT and these programs. Furthermore, DHS has not implemented key acquisition and management controls needed to ensure that DHS(s investment in US-VISIT is economically justified and adequately managed. --------------------------------------------------------------------------- \2\ GAO-03-563; GAO-03-1083; GAO-04-586, GAO-05-202, GAO-06-404; GAO-07-248; GAO-07-278; GAO-07-378T and GAO-07-499T. --------------------------------------------------------------------------- Questions from Hon. Bennie G. Thompson Responses from Hon. Richard Robert Zitz Question 1.: What border security capabilities and expertise does the newly established National Protection and Programs Directorate (NPPD) contain? Response: Of the NPPD components, the US-VISIT Program provides the most direct expertise on the screening of individuals at our physical borders and throughout the immigration management enterprise. These information services support other DHS components that have a responsibility towards border security. Question 2.: What is the mission of NPPD and how it is consistent with the border screening functions and core goals of US-VISIT? Response: NPPD supports several of the Department's key goals, such as protecting our nation from dangerous people, protect our nation from dangerous goods, protect critical infrastructure, and building a culture of preparedness. The NPPD promotes the sharing and integration of information by different components, both of which are central to the Department's long-term strategy for developing a unified immigration and border management enterprise. US-VISIT's services supports three of the NPPD's critical missions: Fostering stronger and better integrated national approaches among key strategic homeland security activities; Protecting the Nation's critical infrastructure, both physical and virtual; and Enhancing the security of our citizens and visitors by facilitating legitimate travel with appropriate safeguards. Question 3.: With respect to the inclusion of US-VISIT within NPPD, what steps is NPPD taking to ensure an expeditious transition? Response: Prior to April 1st, the NPPD, US-VISIT, and the Resource Management Transformation Office (RMTO) coordinated to ensure that the US-VISIT Director reported to the Under Secretary for the NPPD on March 31, 2007. However, informal NPPD support had been provided to US-VISIT as a precursor to the formal transition. This helped US-VISIT resolve several long-standing issues. As of March 31st, Director Robert Mocny reports directly to the Under Secretary and attends a weekly Key Component meeting with the latter and other NPPD Directors and Assistant Secretaries. In addition, Director Mocny meets separately with the Under Secretary to discuss critical issues for US-VISIT. The next phase of the US-VISIT transition into the NPPD will utilize working groups to develop information sharing and coordination agreements. In order to ensure that this takes place in a coordinated manner, the NPPD and US-VISIT leadership--are developing an overall intent and approach to this process before these working group sessions--begin. The Under Secretary is committed to developing a written approach and intent agreement for the transition, and appointing an NPPD transition lead to work with the US-VISIT transition lead. Question 4.: How will US-VISIT be linked to internal and external stakeholders, and will all stakeholders have equal access to data contained in the system? Response: US-VISIT's move into the NPPD will not negatively impact the program's ability to share information with stakeholders. All current information technology connections and information sharing agreements which US-VISIT has with other U.S. Government agencies will still be in operation after the move into the NPPD. Question 5.: What type of management controls and communication efforts will NPPD implement to meet the needs of Customs and Border Protection inspectors and ensure proper oversight of US-VISIT's operational context? Response: Coordination between U.S. Customs and Border Protection (CBP) and US-VISIT has existed since the latter's creation in 2003, and the Department anticipates the current level of management controls and communication to continue. For example, CBP is a member of the Integrated Project Team, which helps govern US-VISIT. Additionally, CBP has on-site staff assigned to US-VISIT to assist with day-to-day activities. Question 6.: How are the cross-cutting features of US-VISIT different from the Department's other broad systems, such as CBP's Automated Targeting System and ICE's Law Enforcement Support Center, which provide law enforcement support to internal and external stakeholders but are housed within mission-specific agencies? Response: The Automated Targeting System (ATS) is housed within CBP because it primarily addresses screening issues at the ports of entry where CBP operates. The Law Enforcement Support Center (LESC) is housed within ICE because it primary addresses interior enforcement issues. US-VISIT, on the other hand, supports multiple agencies with different missions including CPB, ICE, USCIS, TSA, and USCG, as well as the Departments of State and Justice, in a variety of environments (e.g., at ports of entry, consulates abroad). Question 7.: Are there any challenges that the US-VISIT system might face operating under ``Acting'' management and leadership within the NPPD? If so, what types? Response: Prior to April 1st, the NPPD, US-VISIT, and the Resource Management Transformation Office (RMTO) coordinated to ensure that the US-VISIT Director reported to the NPPD Under Secretary for the NPPD on March 31, 2007. Beginning March 31st, Mr. Robert Mocny, the Acting Director, reported directly to the Under Secretary. On April 2, 2007, Mr. Mocny was named the permanent Director of US-VISIT. He attends a weekly Key Component meeting with the Under Secretary and other NPPD Directors and Assistant Secretaries. In addition, Director Mocny meets separately with the Under Secretary to discuss critical issues for US- VISIT. Currently, DHS leadership is working diligently to name the other permanent members of the US-VISIT leadership team. The next phase of the US-VISIT transition into the NPPD will utilize working groups to develop information sharing and coordination agreements. To ensure that this takes place in a coordinated manner, the NPPD and US-VISIT leadership are developing an agreement on the overall intent and approach for this process before these working group sessions begin. The Under Secretary is committed to developing a written approach and intent agreement for the transition, and appointing an NPPD transition lead to work with the US-VISIT transition lead.