Summary

The Homeland Security Act of 2002, which created the Department of Homeland Security (DHS), brought together 22 diverse organizations to help prevent terrorist attacks in the United States, reduce the vulnerability of the United States to terrorist attacks, and minimize damage and assist in recovery from attacks that do occur. To accomplish this mission, the act established specific homeland security responsibilities for the department, which included sharing information among its own entities and with other federal agencies, state and local governments, the private sector, and others. GAO was asked to discuss the significance of information sharing in fulfilling DHS's responsibilities, emphasizing GAO's related prior analyses and recommendations for improving the federal government's information sharing efforts.

DHS's responsibilities include coordinating and sharing information related to threats of domestic terrorism within the department and with and between other federal agencies, state and local governments, the private sector, and other entities. To accomplish its missions, DHS must, for example, access, receive, and analyze law enforcement information, intelligence information, and other threat, incident, and vulnerability information from federal and nonfederal sources and analyze such information to identify and assess the nature and scope of terrorist threats. DHS must also share information both internally and externally with agencies and law enforcement on such things as goods and passengers inbound to the United States and individuals who are known or suspected terrorists and criminals. GAO has made numerous recommendations related to information sharing particularly as they relate to fulfilling DHS's critical infrastructure protection responsibilities. Although improvements have been made, more efforts are needed to address the following challenges, among others, that GAO has identified: (1) developing a comprehensive and coordinated national plan to facilitate information sharing on critical infrastructure protection; (2) developing productive information sharing relationships between the federal government and state and local governments and the private sector; and (3) providing appropriate incentives for nonfederal entities to increase information sharing with the federal government and enhance other critical infrastructure protection efforts. Through our prior work, we have identified critical success factors and other key management issues that DHS should consider as it establishes systems and processes to facilitate information sharing among and between government entities and the private sector. These success factors include establishing trust relationships with a wide variety of federal and nonfederal entities that may be in a position to provide potentially useful information and advice on vulnerabilities and incidents. Further, as part of its information technology management, DHS should continue to develop and implement an enterprise architecture to integrate the many existing systems and processes required to support its mission and to guide the department's investments in new systems to effectively support homeland security in the coming years. Other key management issues include ensuring that sensitive information is secured, developing secure communications networks, integrating staff from different organizations, and ensuring that the department has properly skilled staff.