Problem sharing

Problem sharing<@VM>Info-sharing efforts at DHS

Excerpts from the Markle report

The network should reflect the fact that many key participants are not in the federal government, but rather in state and local government and the private sector. ...


To date ... the government is still a long way from the creation of the dynamic, distributed network for sharing an analysis that we envision. The sharing of terrorist-related information between relevant agencies at different levels of government has been only marginally improved in the last year, and remains haphazard and still overly dependent on the ad hoc 'sneaker net' of personal relations among known colleagues. It is not the result of a carefully considered network architecture that optimizes the abilities of all of the players. '


The Department ... seems to be focused on building a new information-technology infrastructure to support and unify its 22 components. This is an important step, but one that should be grounded in a plan for the whole system.



Source: 'Creating a Trusted Information Network for Homeland Security,' December 2003

Border Patrol agents who capture undocumented immigrants on Texas' border with Mexico do not have access to FBI data that would tell them if any entrants are wanted criminals.

Norma Jean Gargasz/Getty Images

'Part of this can be solved only by day-to-day management and knocking heads together.'

' Rep. Mac Thornberry (R-Tx.)

Henrik G. de Gyor

Charles Church, left, CIO of the IAIP, says information sharing has increased. Richard Russell, DHS director of information sharing and collaboration, says he wants to be 'sure we give everybody the capability to acquire and share information.'

J. Adam Fenster

Data integration gradually expands, but technical and policy barriers remain

Under a moonless sky on a desolate stretch of Texas' border with Mexico, Border Patrol agents with spotlights pinpoint scurrying illegal entrants and gather them into a waiting vehicle. After the agents bring the border crossers to the station for processing, most agree to return voluntarily to Mexico.

It's a familiar event, but it demonstrates a gap in information sharing technology for homeland security that has bedeviled the federal government for years.

When Border Patrol agents screen illegal migrants, they use Ident, a two-fingerprint identification database, brought to the Homeland Security Department by the Immigration and Naturalization Service.

But Ident data is not combined with the FBI's Integrated Automated Fingerprint Identification System, a 10-fingerprint database of known criminals.

Because Ident and IAFIS aren't coordinated, dangerous criminals like Victor Manual Batres, a Mexican citizen with a lengthy criminal career including assault, murder and rape, have slipped through the fingers of Border Patrol agents who sent them back across the border unaware that they were wanted for crimes in this country. After being caught at the border twice in 2002, Batres made it into the United States on his third try, then raped two nuns in Klamath Falls, Ore., killing one of them.

The FBI and INS have been working for more than five years to integrate Ident and IAFIS, but the project has fallen years behind schedule [GCN, March 22, page 10]. And the scope of the project is only getting bigger. IAFIS now contains more than 45 million fingerprint records'including about 8 million of people who likely were born abroad.

Homeland Security secretary Tom Ridge told Congress this spring that his department would achieve the integration long before the four-year time frame predicted by the Justice Department's Inspector General.
[IMGCAP(2)]
But in the meantime, the gap remains. 'To a large degree, U.S. Visit [U.S. Visitor and Immigrant Status Indicator Technology, DHS' nascent virtual border system] has fallen back on Ident technology,' said Frank Boyle, a retired Justice Department official who was program manager for the Ident-IAFIS integration project. 'A lot of people think U.S. Visit is doing an FBI check, but it is not. They extract some data from the FBI.'

One of the problems in coordinating the databases is that the 10-print IAFIS system relies on rolled fingerprints, while the two-print Ident system takes flat fingerprints.

Not only is the data different, but the database management systems diverge: IAFIS relies on a Cobol system while Ident uses newer Oracle software.

DHS and the FBI have entered thousands of names of wanted individuals provided by the FBI into Ident in an effort to bridge the gap. Some Border Patrol offices do have access to both databases via side-by-side systems. But complete sharing of data between Ident and IAFIS'which operate at different classification levels, making full integration legally impossible'remains one of several serious information sharing gaps for DHS.

Unifying architecture needed

Rep. Jim Turner (D-Texas), ranking minority member of the House Homeland Security Select Committee, said the government needs a unifying architecture for information sharing, and that the administration hasn't made that commitment.

'No matter what agency you are in, and no matter what level of government you are in, all the way down to a local police officer, you should be able to put some information in a system in such a way that it is available in real time to all of the other users governmentwide,' Turner said. 'We don't have that capability yet.'

Turner said agencies have built information sharing systems for their own use, such as the FBI's Trilogy and Virtual Case File systems for law enforcement and intelligence information.

'But none of those systems, to my mind, envision integration of all agencies that collect, and need to have disseminated to them, intelligence information,' he said. 'I don't believe we'll ever have a system that will provide the kind of security the American people deserve unless the IT architecture is planned at a governmentwide level.'

Administration officials have said agencies must shatter cultural barriers to information sharing even as they build new networks to exchange intelligence.

Homeland Security Department CIO Steve Cooper pinpointed a central dilemma of the information sharing puzzle: 'One of the questions you immediately ought to ask is, what information do you want to share, and with whom do you want to share it?

'We don't have a full answer to that, and we won't have it'I am not sure we will ever have the full detailed perfect answer to that,' Cooper said during an interview at DHS.

'Why? Because we will continue to have new requirements for information sharing from new communities of interest, or new communities of practice, or who knows what will pop up.' He said DHS has seen the emergence of new information sharing partners among international governments, federal agencies, state and local agencies, tribal governments and private-sector groups.

'Since we can't get a perfect answer in place, we are using our information architecture' to identify sources and users of information, Cooper said.

Sharing initiative

Cooper and other CIOs at Homeland Security have aligned their own projects with the department's overall information sharing effort, which is being managed by officials in the Information Assurance and Infrastructure Protection Directorate.

The IAIP's program is set to unfold this summer, as the third anniversary of the Sept. 11 attacks approaches.
[IMGCAP(3)]
Richard Russell, director of information sharing and collaboration for the department, said during an interview at DHS that he plans this month to assemble an Integrated Project Management Leadership Team of 15 to 20 representatives from DHS agencies to coordinate information sharing in four ways:
  • Across DHS directorates

  • Within DHS agencies

  • Across federal departments

  • With other governments such as state, local and tribal authorities.

Russell's project is proceeding with a budget of about $5 million, and he will direct a staff of about 30 federal employees and contractors. 'One of the major focuses is making sure we give everybody the capability to acquire and share information,' he said. His team also will look for information sharing systems that can be deployed to additional users and overlapping systems that can be terminated.

In doing so, the IAIP team will change the department's architecture as needed, he said.

The team will take its place among several similar operations within the federal government or in affiliated groups. Most of these organizations draw on bigger budgets and frequently on deeper pools of institutional memory as well as more mature technology. The information sharing projects of the Pentagon, the intelligence community and the FBI have been gaining momentum steadily since late 2001.

Though homeland security managers cite success stories in coordinating intelligence and action, many gaps remain in the cultural, technological and policy aspects of sharing information:
  • DHS' Joint Regional Information Sharing System, a component of the Homeland Security Information Network, still isn't linked to a larger law enforcement data exchange system providing access to the FBI's Law Enforcement Online, the intelligence community's Open Source Information System and the Regional Information Sharing System Network.
    • DHS only in mid-April issued a $350 million contract to Northrop Grumman Corp. to start building the classified Homeland Security Data Network, which will give the department its own classified network capability and allow it to disconnect its Secret IP Router Network terminals provided by the Pentagon.
    • The department has not yet issued the solicitation for the unclassified version of the HSDN, which will provide connectivity at the sensitive but unclassified level to first responders and other homeland security officials.
    • DHS only recently started building a metadata Center of Excellence to coordinate the markup-language tagging repository essential to the seamless exchange of terrorist data across systems. The department's chief technology officer, Lee Holcomb, is overseeing the center.
    • While DHS recently issued a blueprint for wireless communications interoperability standards, officials acknowledge that achieving seamless communications among first responders will take years.

    Many of the problems came to the fore in a report issued late last year by the Markle Foundation, a New York nonprofit group that called for DHS to build a trusted information network for homeland security.

    DHS' Russell said the Markle Foundation study was the inspiration for many steps the department is taking now to weave together its information sharing capabilities.

    In the view of several lawmakers, DHS has much work ahead in achieving acceptable levels of information sharing.

    Rep. Mac Thornberry (R-Texas), chairman of the House Homeland Security Select Committee's Subcommittee on Cybersecurity, Science, Research and Development, said the state of information sharing is 'better than on Sept. 10, [2001], but not as good as it ought to be. I believe most people would say we still have a lot of problems.'

    Like Russell, Thornberry noted that cultural difficulties still stand in the way of achieving seamless information sharing.

    As for the technological challenges, 'you don't necessarily have to have one single network, but you have to have one way to access the different databases,' Thornberry said. 'To have systems that operate independently from one another puts us in a difficult situation.'

    Congress' frustration with the department's slow pace of merging information appears likely to prompt legislation to buttress the authority of deputy secretary James Loy. Lawmakers are considering a bill that would reinforce his office with authority now wielded by DHS' Management Directorate.

    But as Thornberry said, 'Part of this can be solved only by day-to-day management and knocking heads together. I don't know of a bill we could pass to make it happen.'

    The Situational Awareness Room at the Defense Department's Northern Command headquarters, Peterson Air Force Base, Colo.

    Sgt. Larry Holmes/USAF

    The FBI's Foreign Terrorist Tracking Task Force, which binds together the bureau's 56 Joint Terrorist Task Forces nationwide and a global network of FBI legal attaches in embassies. The bureau is activating its own IT backbone and case management system under the Trilogy modernization project and the Virtual Case File system.

    The Terrorist Screening Center, an interagency group funded by the FBI but managed by DHS employee Donna A. Bucella, which is responsible for merging the government's watch lists.

    As the system operates now, police dispatchers can call the center to inquire how patrol officers should handle persons they encounter: Arrest them, gather information from them, or simply note their presence and release them. The TSC doesn't expect to deploy an integrated online terrorist watch database until the end of the year.

    The Terrorist Threat Integration Center, operated by the intelligence community with interagency participation primarily to monitor international terrorist threats and prepare briefings for the president.

    The information sharing system of the Terrorist Threat Integration Center, known as TTIC Online, reaches 2,600 users at the top-secret level throughout the government with dozens of intelligence products. TTIC plans to field a secret system to expand its reach to more homeland security officials.

    Northern Command headquarters, the Pentagon's nerve center for domestic military operations aimed at curbing and responding to terrorist threats, which has its own IT resources similar to those of TTIC.

    The Homeland Security Operations Center, DHS' 24-hour watch center that operates with an interagency staff and takes responsibility for preparing for and responding to natural threats as well as terrorist incidents.

    Information Sharing and Analysis Centers, 14 across the nation, are DHS' means of coordinating infrastructure protection measures. Some ISACs, such as the three information and telecommunications centers, came into being following a 1998 presidential directive. Others, such as the Agriculture, Public Health, and Postal and Shipping ISACs, remain in the planning stages.

    The mature ISACs operate databases that pinpoint infrastructure vulnerabilities. But according to the General Accounting Office, the ISACs face challenges such as the lack of full participation by private-sector institutions, low funding, an immature legal structure, corporate concerns about privacy and the sensitivity of commercial information.
  • Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above