Summary

In 2005, GAO placed the issue of information sharing for homeland security on its high-risk list of federal functions needing broad-based transformation and since then has monitored the government's progress in resolving barriers to sharing. This testimony discusses three key information sharing efforts: (1) the actions that have been taken to guide the design and implementation of the Information Sharing Environment (ISE) and to report on its progress, (2) the characteristics of state and local fusion centers and the extent to which federal efforts are helping to address some of the challenges centers reported, and (3) the progress made in developing streamlined policies and procedures for designating, marking, safeguarding, and disseminating sensitive but unclassified information. This testimony is based on GAO's products issued from March 2006 through July 2008 and selected updates conducted in July 2008.

In a report being released today, GAO concludes that the ISE, under the leadership of a designated Program Manager, has had a measure of success, but lacks a road map for guiding the ISE, ensuring accountability, and assessing progress. The Program Manager's Office issued an implementation plan in November 2006 to guide the design of the ISE, has carried out a number of steps in that plan, and has leveraged existing efforts and resources agencies independently pursued for improving information sharing. However, this plan lacks important elements essential to effectively implement the ISE. Gaps exist in (1) defining the ISE's scope, such as determining all the terrorism-related information that should be part of the ISE; (2) clearly communicating and distinguishing the role of the Program Manager and other stakeholders; and (3) determining the results to be achieved by the ISE (that is, how information sharing is improved) along with associated milestones, performance measures, and the individual projects. Two annual reports on progress have been issued. Each identifies annual goals and individual ISE efforts, but neither reports on the extent to which the ISE has improved information sharing. GAO reported in October 2007 that fusion centers, established by states and localities to collaborate with federal agencies to improve information sharing, vary widely but face similar challenges--especially related to funding and sustaining operations--that the federal government is helping to address but are not yet resolved. While the centers varied in their level of maturity, capability, and characteristics, most fusion centers focused on processing information on crimes and hazards, as well as terrorism-related information. Fusion center officials reported facing challenges such as obtaining specific, clear guidance and training; obtaining and retaining qualified personnel; and securing funding for center operations over the long term. The Department of Homeland Security and the Federal Bureau of Investigation were helping to address these challenges by, for example, providing technical assistance and training, personnel, and grant funding. Also, legislation has been proposed to clarify how funding may be used to hire and retain intelligence analysts. Although the myriad of sensitive but unclassified designations has been a long-standing problem, progress has been made in establishing processes for designating, marking, safeguarding, and disseminating this information. In March 2006, GAO reported that each federal agency determined sometimes inconsistent designations to apply to its sensitive but unclassified information and this could lead to challenges in information sharing, such as confusion on how to protect the information. Thus, GAO recommended that the Directors of National Intelligence and the Office of Management and Budget issue a policy that consolidates sensitive but unclassified designations. In a May 2008 memorandum, the President adopted "controlled unclassified information" (CUI) to be the single categorical designation for sensitive but unclassified information throughout the executive branch and provided a framework for designating, marking, safeguarding, and disseminating CUI.