GAO-04-375, Information Technology: Major Federal Networks That Support Homeland Security Functions


This is the accessible text file for GAO report number GAO-04-375 
entitled 'Information Technology: Major Federal Networks That Support 
Homeland Security Functions' which was released on September 17, 2004.

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

Report to Congressional Requesters:

September 2004:

INFORMATION TECHNOLOGY:

Major Federal Networks That Support Homeland Security Functions:

GAO-04-375:

GAO Highlights:

Highlights of GAO-04-375, a report to the Chairman, Senate Committee 
on Govern- mental Affairs; the Chairman, House Committee on Government 
Reform, and the Chairman of its Subcommittee on Technology, 
Information Policy, Inter-governmental Relations and the Census: 

Why GAO Did This Study:

A key information systems challenge in homeland security is ensuring 
that essential information is shared in a timely and secure manner 
among disparate parties in federal, state, and local governments, and 
in the private sectors. This requires communications networks that 
provide information-sharing capabilities between the various levels of 
government—federal, state, and local.

GAO’s objective was to identify and describe, through agency reporting,
major networks and examples of applications that the agencies 
considered important in supporting their homeland security functions. 
(For purposes of this review, GAO defined networks as “the data 
communication links that enable computer systems to communicate with 
each other.”) GAO corroborated agency-provided information about 
networks used by multiple agencies. While agencies verified the 
accuracy of the data about their networks, GAO cannot ensure that 
agencies provided data on all applicable networks.

In commenting on a draft of this report, seven of the nine agencies 
generally concurred with the facts contained in this report. Technical 
comments were incorporated as appropriate. Two agencies declined to 
comment.

What GAO Found:

Nine agencies identified 34 major networks that support homeland 
security functions—32 that are operational and 2 that are being 
developed (see table). Of these 34, 21 are single-agency networks 
designed for internal agency communications. Six of the 34 are used to 
share information with state and local governments; 4 share information 
with the private sector.

Numbers of Major Federal Homeland Security Networks: 

[See PDF for image] 
 
Source: GAO analysis of agency data.

[A] Excludes classified networks that are not publicly acknowledged.
[B] Secret (5), Top Secret (2).
[C] Secret.

[End of table]

The Department of Homeland Security is in the process of developing the 
new Homeland Secure Data Network. It is intended to become a 
significant vehicle for the sharing of homeland security information 
with state and local governments and classified information among 
civilian agencies.

Agencies also provided examples of more than 100 major applications 
that support homeland security mission areas. The following table 
describes 3 of 18 applications that GAO selected to illustrate the 
range of applications used to support the various homeland security 
mission areas.

Three Network Applications That Provide Homeland Security Functions: 

[See PDF for image] 
 
Source: GAO analysis of agency data.

[A] Used by other agencies as well.

[End of table]

www.gao.gov/cgi-bin/getrpt?GAO-04-375.

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact David A. Powner at (202) 
512-9286 or pownerd@gao.gov.

[End of section]

Contents:

Letter:

Agency Comments and Our Evaluation:

Appendixes:

Appendix I: Briefing Provided to Staff of Congressional Requesters:

Appendix II: Comments from the Department of Agriculture:

Appendix III: Comments from the Department of the Treasury:

Appendix IV: Comments from the Department of Homeland Security:

Appendix V: Comments from the Department of Health and Human Services:

Abbreviations:

APHIS: Animal and Plant Health Inspection Service:

CDC: Centers for Disease Control and Prevention:

DHS: Department of Homeland Security:

DOD: Department of Defense:

DOE: Department of Energy:

DOJ: Department of Justice:

EPA: Environmental Protection Agency:

FBI: Federal Bureau of Investigations:

FDA: Food and Drug Administration:

FEMA: Federal Emergency Management Agency:

FSIS: Food Safety Inspection Service:

HHS: Department of Health and Human Services:

HSDN: Homeland Secure Data Network:

HUMINT: human intelligence:

IC: intelligence community:

JUTNet: Justice United Telecommunications Network:

JWICS: Joint Worldwide Intelligence Communications System:

LAN: local area network:

NIPRNet: Non-Classified Internet Protocol Router Network:

OIG: Office of Inspector General:

SBU: sensitive but unclassified:

SIPRNet: Secret Internet Protocol Router Network:

USDA: Department of Agriculture:

VPN: virtual private network:

WAN: wide area network:

Letter September 17, 2004:

The Honorable Susan M. Collins: 
Chairman, Committee on Governmental Affairs: 
United States Senate:

The Honorable Tom Davis:
Chairman, Committee on Government Reform: 
House of Representatives:

The Honorable Adam H. Putnam:
Chairman, Subcommittee on Technology, Information Policy, 
Intergovernmental Relations and the Census: 
House of Representatives:

As you know, one of the information systems challenges in the homeland 
security area is ensuring that critical information is shared in a 
timely and secure manner with a variety of parties in federal, state, 
and local governments, as well as in the private sector. It is 
important that federal networks meet the vital communications needs of 
effective homeland security, and do so in an efficient manner that 
includes information sharing between the various levels of government. 
You asked us to identify the major networks and examples of 
applications that are operational or being developed by federal 
agencies to share information in support of homeland security 
functions.[Footnote 1]

We conducted work at the federal agencies that have major roles in 
supporting these homeland security functions and asked agency officials 
to identify and describe the networks and major applications considered 
most important in supporting the homeland security functions for which 
they are responsible. We obtained and analyzed information from 9 
agencies on 34 different networks and over 100 applications. We 
conducted our work from January through July 2004, in accordance with 
generally accepted government auditing standards.

On July 30, we provided your offices with briefing information on the 
results of this review. The purpose of this letter is to provide the 
published briefing materials to you. (See app. I.)

In summary, we identified 34 major networks that support homeland 
security functions--32 operational and 2 in development. Twenty-one of 
the 34 are single-agency networks, indicating that they are used only 
for internal agency communications. Further, 6 of the 34 networks share 
information with state and local governments; 4 share information with 
the private sector. One of the 2 networks under development--the 
Department of Homeland Security's (DHS) Homeland Secure Data Network--
is intended to become a significant vehicle for future sharing of 
homeland security information with state and local governments and 
classified information among civilian agencies. The other network in 
development, the Department of Justice's JUTNet (Justice United 
Telecommunications Network), is to replace the department's existing 
network and transport information among departmental components. 
Agencies also identified the Internet as a major network for supporting 
homeland security functions. Cost data were not available for all 
networks, but of the networks for which data were available, estimates 
totaled about $1 billion per year for fiscal years 2003 and 2004.

In addition, agencies provided descriptions of over 100 applications as 
examples of those that use existing networks, including the Internet, 
to share information in support of homeland security. For example, 
DHS's United States Visitor and Immigrant Status Indicator Technology 
(US-VISIT) collects, maintains, and shares information on foreign 
nationals with the Departments of Commerce, Justice, State, and 
Transportation using its ICENet (Immigration and Customs Enforcement 
Network). And, the Department of Defense's Modernized Intelligence Data 
Base supports anti-terrorist activities through near-real-time, 
synchronized dissemination of military intelligence using its JWICS 
(Joint Worldwide Intelligence Communications System) network.

Agency Comments and Our Evaluation:

We received written comments on a draft of this report from the 
Director, Departmental GAO/OIG Liaison at the Department of Homeland 
Security, the Chief Counsel to the Inspector General at the Department 
of Health and Human Services (HHS), the Deputy Assistant Secretary and 
Chief Information Officer at the Department of the Treasury, and the 
Chief Information Officer at the Department of Agriculture (USDA). 
These four agencies generally concurred with the facts contained in our 
report. DHS officials provided technical comments generally consisting 
of changes to descriptive information, which we incorporated as 
appropriate. HHS officials provided information on another network it 
felt should have been included, which we incorporated as appropriate. 
It also provided additional examples of applications related to 
homeland security, which we did not include because we had already 
reported significant examples of applications. The Departments of 
Defense and Justice, and the Environmental Protection Agency, provided 
oral comments stating that they concurred with the facts in the report. 
The Departments of State and Energy declined to comment. Written 
comments for DHS, HHS, Treasury, and USDA are reproduced in appendices 
II through V.

Regarding our statement that the initial DHS enterprise architecture 
does not include many of the networks we identified, DHS stated that 
the initial enterprise architecture supported internal business 
processes and systems and that future versions will address federal and 
other business partners external to DHS. Regarding the Homeland Secure 
Data Network, the department agreed with our finding that it is a 
significant initiative for the sharing of classified homeland security 
information and that it has developed a program plan to allow for 
future expansion of this effort.

Treasury officials raised concerns regarding the sensitivity of 
information related to the networks and applications described in this 
report. We have been cognizant of the sensitivity of this information 
during the course of this engagement and have asked the agencies to 
review the report for information they deem too sensitive for public 
release, which they have done. The information in this report has been 
approved for public release by the agencies responsible for their 
specific networks.

As agreed with your offices, unless you publicly announce its contents 
earlier, we plan no further distribution of this report until 30 days 
from the date on the report. At that time, we will send copies of the 
report to the Chairmen and Ranking Minority Members of other Senate and 
House committees and subcommittees having authorization and oversight 
responsibilities for homeland security. We will also send copies to the 
Secretary of Homeland Security and to the other agencies that 
participated in our review. In addition, the report will be available 
at no charge on the GAO Web site at [Hyperlink, http://www.gao.gov]. 

Should you or your offices have any questions about matters discussed 
in this report, please contact me at (202) 512-9286 or by e-mail at 
[Hyperlink, pownerd@gao.gov]. You may also contact M. Yvonne Sanchez, 
Assistant Director, at (202) 512-6274 or by e-mail at [Hyperlink, 
sanchezm@gao.gov]. Major contributors to this report also included 
James C. Houtz, M. Saad Khan, Nicholas H. Marinos, Teresa F. Tucker, 
and William F. Wadsworth.

Signed by: 

David A. Powner: 
Director, Information Technology Management Issues:

[End of section]

Appendixes:

Appendix I: Briefing Provided to Staff of Congressional Requesters:

[See PDF for image]

[End of slide presentation]

[End of section]

Appendix II: Comments from the Department of Agriculture:

United States Department of Agriculture:

Office of the Chief Information Officer:

1400 Independence Avenue SW: 
Washington, DC 20254:

August 25, 2004:

David A. Powner, Director:
Information Technology Management Issues: 
General Accounting Office:

Dear Mr. Powner: 

The United States Department of Agriculture (USDA) has reviewed draft 
report number GAO-04-375 entitled "INFORMATION TECHNOLOGY: Major 
Federal Networks That Support Homeland Security Functions" and is in 
agreement with the facts as they relate to USDA.

Thank you for the opportunity to review and comment on the draft 
report. If additional information is needed, please contact Marilyn 
Rolland of my staff on (202) 720-6275.

Sincerely, 

Signed by: 

Scott Charbo:
Chief Information Officer: 

[End of section]

Appendix III: Comments from the Department of the Treasury:

DEPARTMENT OF THE TREASURY: 
WASHINGTON, D.C. 20220:

SEP 2 2004:

Mr. David A. Powner: 
Director:
Information Technology Management Issues: 
General Accounting Office:
441 G Street, NW, Room 5T37: 
Washington, DC 20548:

Dear David:

Thank you for the opportunity to review and to comment on your draft 
report entitled "Information Technology" Major Federal Networks That 
Support Homeland Security Functions" (Report #GAO-04-375). I concur 
with the GAO's findings and its assessment.

In reviewing the document, however, I have a concern over acknowledging 
the location and path used for the Department of Homeland Security 
(DHS) specific programs. Publicly documenting, in one document, where 
major DHS applications are operated and how they are connected may 
present a significant physical and electronic risk and cause them to 
become more significant targets.

The major Treasury contributor to DHS support is the Treasury 
Communications System (TCS). TCS's network services are used to 
transport data related to combating terrorist financial. It also 
transports information to support the homeland security activities of 
several law enforcement agencies that transitioned either to DHS or the 
Department of Justice. It is also the medium of transport for the DHS's 
Treasury Enforcement Communications System, and the Treasury's PATROIT 
Act Communications System (Financial Crimes Enforcement Network). The 
Treasury TCS network is a secure enterprise network providing Treasury 
secure Internet, Intranet and e-mail services and continues to provide 
these services to both Treasury and other federal agencies. We are 
proud of the diverse, redundant, secure, and survivable TCS that we 
have improved on since 9-11.

Finally, I want to underscore my commitment to supporting the Homeland 
security functions of Treasury and that of DHS.

If you have any questions regarding our comments, please contact me at 
202-622-1200 or via email at ira.hobbs@ do.treas.gov.

Sincerely,

Signed for: 

Ira L. Hobbs:
Deputy Assistant Secretary and Chief Information Officer: 

[End of section]

Appendix IV: Comments from the Department of Homeland Security:

U.S. Department of Homeland Security: 
Washington, DC 20528:

September 8, 2004:

Mr. David A. Powner:
Director, Information Technology Management Issues: 
General Accounting Office:
Washington, DC 20548:

Dear Mr. Powner:

Re: Draft Report GAO-04-375, Information Technology, Major Federal 
Networks that Support Homeland Security Functions (GAO Job Code 
310459):

Thank you for the opportunity to review the findings referenced in the 
draft report. In the review of federal networks, GAO highlighted that 
the initial Department of Homeland Security (DHS) Enterprise 
Architecture (EA) does not include many of the networks external to DHS 
that support information sharing between federal agencies and other 
entities. When the Department was formed in March of 2003, we began our 
initial efforts around EA. Version 1.0 of the DHS EA was developed in 
approximately four months from essentially a "clean sheet of paper." 
The focus of the initial DHS EA was to primarily support transformation 
of internal DHS business processes and systems. Subsequent versions of 
our EA will increasingly address federal and other partners external to 
DHS essential to support the homeland security mission. Version 2.0 of 
our EA is scheduled for release this fall.

Additionally, the report noted that the DHS Homeland Secure Data 
Network (HSDN) could serve as a significant initiative for sharing of 
classified homeland security information among civilian agencies. The 
Department is in agreement with your findings; and to that end has 
developed the HSDN program plan to allow for the expansion of the 
network to any federal agency with a need to share classified homeland 
security information. DHS has begun preliminary discussions with a 
significant number of federal agencies on the possibility of meeting 
their technical requirements for classified network services. 
Administration policy on this topic, allocation of resources, and 
schedules to meet agreed to requirements are still in the formative 
stage.

The Department anticipates increased clarity and firm plans for other 
federal agency participation in HSDN to be completed over the next six 
months. Per our discussion, this assumes incorporation of our technical 
comments which were provided to you under separate cover.

We thank you again for the opportunity to provide comments on the 
findings in this report.

Sincerely,

Signed by: 

Anna F. Dixon:
Director: 
Departmental GAO/OIG Liaison: 
Office of the Chief Financial Officer: 

[End of section]

Appendix V: Comments from the Department of Health and Human Services:

DEPARTMENT OF HEALTH & HUMAN SERVICES:

Office of Inspector General:

Washington, D.C. 20201:

SEP 2 2004:

David A. Powner:
Director, Information Technology Management Issues:
United States Government Accountability Office: 
Washington, D.C. 20548:

Dear Mr. Powner:

Enclosed are the Department's comments on your draft report entitled, 
"Information Technology: Major Federal Networks That Support Homeland 
Security Functions" (GAO-04-375). The comments represent the tentative 
position of the Department and are subject to reevaluation when the 
final version of this report is received.

The Department provided several technical comments directly to your 
staff.

The Department appreciates the opportunity to comment on this draft 
report before its publication. 

Sincerely,

Signed by: 

Lewis Morris:

Chief Counsel to the Inspector General:

Enclosure:

The Office of Inspector General (OIG) is transmitting the Department's 
response to this draft report in our capacity as the Department's 
designated focal point and coordinator for Government Accountability 
Office reports: OIG has not conducted an independent assessment of 
these comments and therefore expresses no opinion on them.

COMMENTS OF THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) ON THE 
GOVERNMENT ACCOUNTABILITY OFFICE'S (GAO) DRAFT REPORT "INFORMATION 
TECHNOLOGY: MAJOR FEDERAL NETWORKS THAT SUPPORT HOMELAND SECURITY 
FUNCTIONS" (GAO-04-375):

HHS appreciates the opportunity to review the GAO draft report.

HHS's Food and Drug Administration (FDA) has several networks that 
support homeland security functions which were not included in the 
report. FDA maintains four assets in its Critical Infrastructure 
Protection (CIP) inventory: (1) Regulatory Management System (RMS); (2) 
FDA Operational and Administrative System Import Support (OASIS); (3) 
CFSAN Adverse Event Reporting System (CAERS); and (4) CDER Adverse 
Event Reporting System (AERS). These assets were identified in a 
collaborative process with FDA, HHS, and the Department of Homeland 
Security (DHS). In fact, DHS viewed these assets as the top four for 
all of HHS.

Each of these assets runs over the FDA network, much like that of the 
Centers for Disease Control and Prevention (CDC). In fact, a 
description of the "FDA Wide Area Network" would be essentially 
identical to CDC's (page 49 of the report), except for mention of FDA's 
specific homeland security functions in support of import approval, 
health warning information alerts, biologics marketing approval, and 
post-market drug and biologics health warning regulatory 
communications.

GAO Comment:

Agencies identified over 100 examples of major applications that 
support the homeland security missions areas; we selected 18 examples 
to illustrate the range of applications that are used across Federal 
agencies.

HHS Response:

The report did not specifically list the "examples of more than 100 
major applications" (page 10, bullet 5); therefore, it is not clear 
that the systems identified below were included in the GAO assessment/
inventory.

* Field Accomplishments and Compliance Tracking System (FACTS) - 
Automated FDA system for tracking FDA operations such as domestic field 
and compliance activities, foreign inspections, and domestic and import 
sample analyses.

* Food Firm Registration Module (FFRM) - FDA system which requires 
domestic and foreign facilities that manufacture/process, pack, or hold 
food for human or animal consumption to register their facility under 
Section 305 of the Public Health Security and Bioterrorism Preparedness 
and Response Act of 2002.

Registration is one of several tools which will enable FDA to act 
quickly in responding to a threatened or actual terrorist attack on the 
U.S. food supply by giving FDA information about these facilities. In 
the event of an outbreak of foodborne illness, such information will 
help FDA and other authorities determine the source and cause of the 
event, and in the future may enable FDA to quickly notify the 
facilities that might be affected by the outbreak.

* Prior Notice System Interface (PNSI) and the Automated Broker 
Interface of the Automated Commercial System (ABI/ACS) - Import 
shipment information submitted to FDA that allows information 
pertaining to FDA-regulated shipments of food for humans and animals be 
reviewed in advance of the food being imported into the U.S. (unless 
the food is excluded from Prior Notice requirements of Section 307 of 
the Bioterrorism Act of 2002).

* The Electronic Laboratory Exchange Network (eLEXNET) - A seamless, 
integrated, secure system that allows multiple government agencies 
engaged in food safety activities to compare, communicate, and 
coordinate laboratory analysis findings. This network provides the 
necessary infrastructure for an early-warning system that identifies 
potentially hazardous foods and enables health officials to assess 
risks and analyze trends. This network is funded by FDA and supported 
by the U.S. Department of Agriculture and the Department of Defense.

* Food Emergency Response Network (FERN) - Cooperative expansion of 
eLEXNET system to encompass a nationwide network of Federal and State 
laboratories capable of analyzing foods for agents of concern.

* FDA Emergency Operations Network (EON) - EON, with the Incident 
Management System (IMS) as its cornerstone, provides a central hub for 
exchanging and relaying emergency-related information among FDA offices 
and external stakeholders. EON IMS brings together individual 
commercial off-the-shelf software (COTS) solutions supporting incident 
tracking, contact management, collaboration and knowledge tool 
management, Geographic Information System (GIS), and email into an 
integrated web-based application to facilitate the management and 
organization of the large volume of incident information. The system 
is cited specifically in FDA's annual performance plan in support of 
the agency's counter-terrorism goals and is developed in accordance 
with HSPD-5, "Management of Domestic Incidents" and establishment of a 
National IMS. 

[End of section]

(310473):

FOOTNOTES

[1] We defined "homeland security" and its related functions according 
to the Department of Homeland Security's National Strategy for Homeland 
Security (July 2002). It defines homeland security as "a concerted 
national effort to prevent terrorist attacks within the United States, 
reduce America's vulnerability to terrorism, and minimize the damage 
and recover from attacks that occur."

GAO's Mission:

The Government Accountability Office, the investigative arm of 
Congress, exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony:

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics.

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading.

Order by Mail or Phone:

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:

U.S. Government Accountability Office

441 G Street NW, Room LM

Washington, D.C. 20548:

To order by Phone:

 

Voice: (202) 512-6000:

TDD: (202) 512-2537:

Fax: (202) 512-6061:

To Report Fraud, Waste, and Abuse in Federal Programs:

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm

E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470:

Public Affairs:

Jeff Nelligan, managing director,

NelliganJ@gao.gov

(202) 512-4800

U.S. Government Accountability Office,

441 G Street NW, Room 7149

Washington, D.C. 20548: