GAO-03-985R, Post-Hearing Question From the May 8, 2003, Hearing on Barriers to Information Sharing at the Department of Homeland Security


This is the accessible text file for GAO report number GAO-03-985R 
entitled 'Post-hearing Question From the May 8, 2003, Hearing on 
Barriers to Information Sharing at the Department of Homeland Security' 
which was released on July 07, 2003.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

July 7, 2003:

The Honorable Tom Davis:

Chairman, Committee on Government Reform:

House of Representatives:

Subject: Post-hearing Question From the May 8, 2003, Hearing on 
Barriers to Information Sharing at the Department of Homeland 
Security:

Dear Mr. Chairman:

As requested, this letter provides our response for the record to the 
question posed by Representative Michael Turner to GAO, in your letter 
of June 13, 2003.

The GAO recently released a report on the sharing of terrorist watch 
lists between federal, state, and local agencies (GAO-03-322).[Footnote 
1] The report discussed the importance of an enterprise architecture 
that served all agencies' needs. The report went on to discuss the role 
of database architectures as an integral component of the overall 
enterprise architecture. Specifically, the report pointed out the 
problems encountered unless data is consolidated as opposed to relying 
on decentralized databases. The report recommends that the agencies 
move to consolidate these watch lists.

While your report is specific to terrorist watch lists, I am interested 
in whether you believe that the Department of Homeland Security should 
also be consolidating other "stovepiped" databases in order to enable 
the correlation of relationships in that data that can point to 
developing threats. Can you comment on this?

Standardizing and consolidating stovepiped databases can offer 
significant benefits. In particular, it can help reduce or eliminate 
duplicative data capture and storage and enable faster data access and 
better data consistency, which can reduce costs as well as improve data 
reliability and sharing. Analyzing these benefits in relation to 
associated costs and risks, such as security and privacy, provides a 
basis for informed decisions about not only consolidation but also the 
appropriate level of consolidation. Effective development of enterprise 
architectures provides for performing such analysis.

In the case of federal watch lists, we identified indicators (such as 
the number and variability of the lists and the commonality of their 
purposes) of opportunities to consolidate and standardize. 
Consequently, we recommended that the Department of Homeland Security 
determine the extent of watch list consolidation needed to accomplish 
its mission and that such consolidation be done as part of the 
department's efforts to develop an enterprise architecture.

We believe this approach--analyzing information and data needs and 
solutions within the context of an enterprise architecture--is also 
necessary to determine the extent to which all existing systems of the 
department's 22 component agencies should be standardized and 
consolidated. In fact, during the subject hearing, the department's 
chief information officer testified that it plans to develop and use an 
enterprise architecture to guide its systems consolidation and 
integration. He stated that the department plans to issue the 
enterprise architecture by the fall of 2003.

If you have any questions concerning this information, please contact 
me at (202) 512-3439 or hiter@gao.gov, or Gary Mountjoy, Assistant 
Director, at (202) 512-6367 or mountjoyg@gao.gov.

Sincerely yours,

Randolph C. Hite:

Director, Information Technology Architecture and Systems Issues:

Signed by Randolph C. Hite:

(310264):

FOOTNOTES

[1] U.S. General Accounting Office, Information Technology: Terrorist 
Watch Lists Should Be Consolidated to Promote Better Integration and 
Sharing, GAO-03-322 (Washington, D.C.: April 15, 2003).