| Home | Information Sharing & Analysis | Prevention & Protection | Preparedness & Response | Research | Commerce & Trade | Travel Security | Immigration |
The threat level in the airline sector is High or Orange. Read more.
Release Date: March 15, 2007
For Immediate Release
Office of the Press Secretary
Contact: (202) 282-8010
Secretary Chertoff: Thank you, Duane, and thank you, John. And I also want to thank and acknowledge Bobby Kilberg who I know is such a powerful force behind this group and also so many of the things that we do here in this region.
I'm impressed at the number of people who are willing to show up for a breakfast. Wow, water, too. What more could I ask for?
I appreciate the warm welcome, and I was looking forward to the opportunity to address the members of the Technology Council, which I understand is the largest technology council in the nation.
We've also borrowed for a period of time Greg Garcia, who I think was part of this group, who is our new Assistant Secretary for Cyber and Telecommunications Security. And he's very much involved in putting together a strategy for this 21st Century approach to protecting our cyber and telecommunications assets, which are some of our most valuable intellectual capital, and also something we have to be very protective of.
George Foresman, who we also borrowed from the State of Virginia, is also a great booster of this Council and encouraged me to come out and speak to you.
I would also like to thank the Information Technology Association for co-sponsoring today's event, and I want to acknowledge the continuing engagement of the Council with so many of our senior executives. More than ever as we enter the 21st Century, we have to take a networked or partnership-oriented approach to what we do in securing the homeland. And therefore, continuing to have an open pipeline between the private sector and government becomes very important in terms of our effort to manage risk in the 21st Century.
You know, when I'm asked the question of what is our prognosis for dealing with the threats to the homeland in the 21st Century, recognizing that the enemy, the ideology of violent extremism, has some powerful tools, including the willingness of its adherents to sacrifice their own lives in order to attack our country.
I'm always occasioned to reflect upon, well, what is our advantage in fighting this war? What do we have our on side that the other side doesn't have? And it seems to me the answer to that question is technology and ingenuity. Our value add is the ability to be creative, harness the free enterprise system, and find solutions to threats that keep us ahead of an ever-adapting and ever-evolving enemy.
And I'd venture to say, therefore, that perhaps with the exception of the Department of Defense, we are probably the most technology-dependent department in the government, and that's the way it ought to be. About 10 percent of our budget every year is spent on information technology, more than $3 billion annually.
Now of course, we have a somewhat unique challenge in the 21st Century. We have to not only address our current and evolving technology needs, whether at our borders, our airports, our seaports, even at our DHS headquarters, but we have to continue the process of integrating 22 existing legacy systems and functions and doing it while we remain operational. We don't get to call a time out while we finish the process of binding everything together.
And I will acknowledge to you this is not a small task. It was begun by my predecessor, Tom Ridge, and of course he stood up the department literally from scratch, assembling the pieces from — largely from preexisting components. But, in my two years in office, I've seen significant progress since the department's creation over four years ago, headed in the direction of creating a unified, integrated, and mature 21st Century department.
And today, what I'd like to talk about is some of that progress, highlight how our department leverages technology to fulfill our mission, and also discuss what our remaining challenges are.
I'd like to divide our mission into five overarching goals: First, protecting our nation from dangerous people. Second, protecting the nation from dangerous cargo or things coming into the country. Third, protecting and hardening our critical infrastructure. Fourth, strengthening our emergency preparedness and response. And finally, making sure that we have a fully-integrated and fully-unified department which is effectively managed and which has at its core a robust chief information officer and a solid but directed research and development program. As business leaders, one of the things you'll appreciate is that I have to do all of these things while preserving the fundamental business and economic competitiveness of this country, which of course is one of the values that we seek to protect. So let me talk about each of these elements of the mission and try to underscore for you how important technology is as an ingredient of success in executing these five tasks.
First, how do we protect this country against dangerous people? Well, we do it first and foremost by protecting our perimeter defenses. And, at every step of the way, the way we do this is through the use of ingenuity and technology.
First, we have to collect biometrics from our foreign visitors, that's fingerprints, and check them against our U.S. visit entry-exit system at ports of entry. And, we need to do this literally in a matter of seconds, because as many of you will understand, the challenge in making a technique operational, whether it be an old-fashioned physical technique or a modern computer-based technique, is to make sure that what works in the individual case can be scaled up over the millions and tens of millions of transactions and individuals that have to be encompassed within a system.
So, we rely upon efficient, fast and seamless technology to make sure that the throughput of the 80 million air visitors who come into this country every year is not stymied or delayed because we can't effectively process their biometrics.
But it's not only fingerprints. We have to run terrorist and criminal watch list checks, often across multiple databases maintained by separate agencies. And again, these checks have to be comprehensive but also efficient.
In fact, part of our focus over the next two years is going to be to ensure that our US-VISIT fingerprint analysis process is interoperable with the FBI fingerprint database so that we can conduct more thorough checks, connect immigration and visa information to law enforcement information, and then share these capabilities with our state and local partners.
We're also moving to broaden the pool of information that we're able to collect and analyze. An important dimension of this is our effort to move from two-fingerprint collection to ten-fingerprint collection for every foreigner who crosses the border into the United States. And, let me explain why this is so important.
Two fingerprints are useful to make sure that we can connect every individual coming into the country from overseas against our database of people that we know to be felons or people who have previously been rejected for entry, or that we've identified somehow as known terrorists. And that's a very important capability, because it means we don't have to rely upon names which can be falsified.
But we can really take this a step further. We're in the process of collecting all over the world latent fingerprints, which for those of you who watch television is the kind of stuff that criminals leave at the crime scene.
But we're collecting it not from criminal crime scenes. We're collecting it from battlefields and safe houses in training camps all over the world, so the terrorists whose names may be unknown to us but who have frequented or trained in those locations can be — we can capture the evidential residue of their presence, and then we can screen incoming travelers against those latent fingerprints.
That is a huge step forward in the ability to detect the unknown terrorist. It's also a magnificent deterrent.
Another element of what we do at the borders is making sure people have secure identification that is reliable in entering the country. And, of course, this was a core recommendation of the 9/11 Commission. That means a machine-readable passport. It means a secure driver's license. It means a pass card, wallet-size card, which can be used to cross the land border with Canada and Mexico, all of which are dimensions of our effort to move this country to a place where the identification that you have is reliable and secure.
And again, a key element of this is technology, because it's the technology that allows us to embed security features, make sure that we can carry the information we need, encrypt it when it has to be encrypted, but also, particularly using vicinity technology, allow us again to screen people using techniques that do not impede the throughput.
Now, obviously, there are going to be costs associated with migrating to secure documents, including driver's licenses, and there are going to be technical challenges. And part of that is recognizing that what works in the laboratory has to work in the more challenging operational environment of real life, with dirt, dust, saltwater and humidity. So we always have to make sure that things work in the real world.
But we do want to move forward on these technology-laden initiatives, and for that reason, we've recently proposed national standards that outline what we feel are sensible steps that the states should be taking in order to protect their driver's licenses from fraud and abuse.
And at the core of this are going to be IT and connectivity issues that allow the states to check various databases that the federal government will not own. These will not become federal databases, but they will allow the state to check databases so they can make sure that there aren't duplicate applications or people misusing identity to have multiple identities in various places in the country.
I know Virginia is a place which has already made a lot of progress with respect to securing identification, and is very much on board to moving forward with this secure driver's license initiative.
Let me also address one point that often comes up. Putting aside that as with any measure that increases security, there is going to be some additional cost and some inconvenience in migrating from an existing legacy system to a new system, we sometimes hear that this is a threat to privacy. And I really think that that's an argument we ought to push back on very hard.
Because it is my contention that properly used, technology, whether it be better security for the card itself or better connectivity, actually protects privacy. We should not allow ourselves to be captivated by the argument that every time we do something with a computer we're invading privacy.
I for one feel much more secure with a secure driver's license that is protected by various IT devices and that does allow someone to verify who is actually pretending to be, or who is actually using my name. In the existing system, you would go to the 7-11 and you buy a driver's license from your local document fraud purveyor.
So, this kind of Luddite attitude that any change in terms of our ability to secure identification or connect data is somehow an assault on our freedom and our liberty I think is exactly wrong. I think we have to be thoughtful about it, and we have to be sensitive about what kinds of gates and protections we put in place. But in the end, the future of privacy as well as the future of security lies in effective and smart use of technology.
Finally, as I look at the border, I have to consider that vast space between the ports of entry where people sneak in without presenting documentation and without having to give us their fingerprints.
And there again we're relying on technology through our SBInet effort, which is a desire to marry some old-fashioned fencing and physical infrastructure with some very new-fashioned ground-based radar sensors, aerial systems and other kinds of communications facilities to give our border patrol the most effective and the most cost-effective means of detecting, intercepting and apprehending people who are coming across the border illegally.
And this is leveraging technology, but in a way that is always driven by what the border patrol, boots-on-the-ground experts require, so that we can give this country the control of the border it has not had probably for 30 or 40 years.
Of course, as I said, it's not only people, it's also things we worry about, and particular weapons of mass destruction and material like radioactive material or even worse, a nuclear bomb. And here again, as we construct and fortify our security perimeter, it is technology which is at the very heart of our strategy.
Some of that is information technology about what is in the cargo, what is known about the shipper, what is known about the person who is receiving the shipment, what is known about the original manufacturer. And the ability to collect, fuse and analyze that data is at the core of making intelligent assessments based on risk about what kinds of containers of cargo we search and examine.
But we also have automated systems, radiation scanning technology, including technology which we are beginning to deploy overseas that will bring every single container that comes into this country, or virtually every single container, by the end of this year as far as the seaports are concerned and by the end of next year for all of our land ports, through a radiation-scanning system that will detect radioactive material inside that container.
And the way to make this work, and particular the way to make it work overseas, is our ability not only to capture the information and the readings in literally hundreds of locations around the world, but our ability to bring it back to a single place here in Northern Virginia, targeting center, where we're capable of analyzing it, reviewing the data, consulting in virtual space with scientists at other locations to characterize what it is we're seeing, and then to be able to relay an effective decision, all within a matter of minutes.
Again, that is a huge step forward in our protection of our country made possible because of our ability to move in cyberspace.
Now what about inside the country itself? Whether it be threats that happen to penetrate our layers of defense at the perimeter, or threats that are born from within the country? Well, without spending a lot of time talking about all of the different things we're doing, let me focus on a couple of areas where again information technology plays a critical role: The Transportation Worker Identification Credential and cyber security.
The Transportation Worker Identification Credential recognizes that we can identify a significant population of people that we have to examine to make sure they don't pose a threat because they have unique access to our valuable facilities, that we can check their backgrounds, and then we can make sure that we give them a card that can be used as a ticket for entry into our sensitive infrastructure. And that means it has to be a reliable ticket but also one that doesn't sacrifice throughput.
TWIC is going to be a tamper-resistant, biometric credential. It will ensure positive confirmation of identity, and therefore, it will allow greater but more efficient access control at our most important and vulnerable facilities. We've already conducted security threat assessments on the eligible workers, and we expect to begin enrollment in this card process at the end of the month with an estimated population of almost three-quarters of a million port workers ultimately receiving cards.
So that's an example of marrying technology to the real world in order to protect physical infrastructure. But we face a different set of challenges in the world of virtual reality. And that's largely because that is a world that is probably one that's the maximum in terms of exposure through its open architecture to threats that can come not only from a physical presence in the country but physical presence anywhere in the world.
There's a particular challenge, because most of the cyber systems in our country are privately owned, and, therefore, there is private control of access to the literally millions of nodes that make up our international network.
So we really have to think out of the box when it comes to cyber security, recognizing that the actual advances in many of the techniques that will prevent attacks and protect and harden against attacks, resides in the intellectual capital in places like Northern Virginia. It's not in the federal government.
The federal government is not going to likely invent the best firewall. But there are things we can do to enable the invention and dissemination of techniques to raise standards, to warn about threats, and to help the private sector respond effectively when those threats occur. And that's why our Office of Cyber Security and Telecommunications, led by Greg Garcia, is focused on ensuring the security and resiliency of our national cyber and communications infrastructure.
Let me talk a little bit about part of our strategy, and I'll also tell you part of our strategy is classified. But, the part I can talk about includes things like helping other federal agencies monitor traffic on their cyber and communications networks, using our Einstein Intrusion Detection System. This technology enables us to help our partners see what's happening in their cyber systems so that they can take steps to protect networks that come under attack.
We're also helping the IT communications in other critical sectors monitor network activity and share intelligence and analysis about vulnerabilities, attacks and effective response. We do this with technical experts in our U.S. Computer Emergency Readiness Team, or CERT team, and a large network of partners in the private sector.
We're all interconnected in the global economy, and, therefore, the way to protect the network is by using a network. Through our National Communications Systems Office and our Science and Technology Directorate, we are helping this process of cyber security through research, testing, modeling and standards development, all of which is designed to fortify the nation's communication infrastructure against all hazards.
Now let me turn to another critical recommendation from the 9/11 Commission that relates to our strategy for emergency response and preparedness, and that has to do with interoperable communications. We are working with the National Institute of Standards and Technology and other federal partners to accelerate the development of Project 25 standards to help produce radio equipment that is interoperable and compatible regardless of manufacture.
We've assessed the communications interoperability of our 75 largest urban areas, and we published a report card last year. And we are requiring all states to submit state interoperable communications plans to the department by the end of 2007 in order to be eligible for DHS grants. And there's going to be about a billion dollars put out there.
This is critical issue for our nation. And one thing I want to underscore is the fact that the National Capital Region is a national leader in interoperability, not only from an IT and a hardware standpoint, but from a governance standpoint, because so much of this is about process and procedure and agreement among people about what the rules of the road are, not just buying a lot of stuff. So the National Capital Region has done a magnificent job.
We are committed to the goal that by the end of 2008, all 75 major urban areas, 50 states and 6 U.S. territories, will have demonstrated a minimum level of emergency response interoperable communications sufficient to fulfill the recommendations of the 9/11 Commission and the important goal of interoperability. And, of course, we need to make sure we are continuing to improve our federal capability to have that same level of interoperability.
On the communications front, we've partnered with the Department of Justice and Treasury on the Integrated Wireless Network program, which is going to provide our agents and officers in the field with 21st Century voice communications abilities that are encrypted and reliable.
Now, we have a lot of information, we collect a lot of things. What do we do with it? Because merely collecting and then having the stuff sit somewhere is really a useless effort and a waste of money. So it's important to be able to analyze and use information if we're going to truly achieve the value of all the investment we're putting into information collection and the technology that supports it.
So we have to find a way to analyze the data, but also protect it from being misused, stolen, and also to protect the privacy of legitimate citizens. And I want to pause to emphasize that privacy is very much at the core of our mission. It is not a secondary consideration.
Many of the steps we are focused on taking to protect the country against physical threats or virtual threats actually also are very, very closely intertwined with steps we take to protect privacy. Because I think, again, I want to emphasize, I think security and privacy are very much the same type of value. I don't think they're inconsistent. In fact, I think they are mutually reinforcing.
And so we’re always looking at a process where protecting security is at the same time enhancing privacy. And we're using the same philosophy in particular as we develop technology to analyze data information such as our ADVISE program, which has been in the news lately. Now ADVISE is a pilot project that is designed to allow analysts to take a pool of information that we have already legally and correctly collected and then analyze it rapidly, efficiently and correctly, to see what are the connections and the links and the significant patterns that we should be focused on in terms of making our decisions.
This is exactly what the American people expect us to do. I mean, let me put it in very plain English. When I was investigating cases and we collected a lot of evidence, all of which was done according to law, in order to use the evidence, you had to spend days and weeks sitting in a room reading it, analyzing it, taking little yellow stickies and putting them up on the wall to see what the connections and the links were, and that's how we built cases.
What we're talking about doing now is building a tool that does the same thing, but instead of doing it over a period of weeks and months, does it over a period of minutes and hours. It's the same technique, it's the same process. It's based on the same legally obtained evidence. The only difference is we're using the efficiency that modern computers give us.
So unless there are people who think that there is a positive value in being inefficient, that we should — it's better to go back to using pencils and styluses as opposed to computer keyboards, it strikes me this is a completely sensible and in fact a mandatory effort to continue to accelerate our capabilities, to analyze, understand and be able to make use of information in the service of protecting our national interest.
Finally, let me turn to the last of the goals, which is the maturation of the Department of Homeland Security as we are entering our fifth year of operation. Central to the ability of the senior leadership of this department and in fact of all the leadership of the department to manage the activities of DHS employees and assets is information.
Whatever we deploy around the world, whether it's the most advanced cutter or the smallest fingerprint reader, it isn't really useful unless we can capture the information, communicate freely, and have a common operating picture that lets the leadership of the department fully understand the threats that are out there and the capabilities we have to meet those threats.
When our component agencies entered the department on March 1, 2003, I venture to say the department faced probably the greatest IT integration challenge in the history of this country. Twenty-two separate human resource offices, 8 payroll systems, 19 financial management centers, and 13 separate procurement systems. Imagine if I selected 22 CEOs from the audience, put you all in a room and said, okay, now merge all your companies at once and make sure they run efficiently. And, begin by harmonizing all your IT systems on a single platform. I think you'd have a big challenge there.
Well, that is the challenge we've had, but we've had some terrific leadership, and we've made a lot of progress to date. We are working to consolidate 17 major data centers into just two. And that's going to give us robust and resilient data management and save millions of taxpayer dollars.
Through our One-Net program, we're consolidating seven legacy wide area networks into a single department network that gives us a secure standard platform to facilitate information flow and streamline our IT infrastructure.
We're working to create a common e-mail operation, and this work is almost complete. And under HSBD 12, we're also creating a single, tamper-proof smart card for all DHS employees. All of this is part of that merging and unifying element which is so much at the core of our strategy for managing this department.
To coordinate all of this work and ensure prudent annual investment of over $3 billion in IT, we need to have a strong information officer who is empowered to make decisions, control spending and ensure consistency. Accordingly, I'm issuing later today a management directive that will enhance and elevate the authority of our department's Chief Information Officer, Scott Charbo. By doing this, DHS will be at the forefront of fulfilling the promise of the Clinger-Cohen Act of 1996, which established the role of the CIO in major federal agencies.
Under this new mandate, which I will issue today, each DHS component will be required to submit its IT budget to the CIO, who will make recommendations to me for final inclusion in the department's budget request.
Second, any IT acquisition larger than $2.5 million will have to first be approved by the department's Enterprise Architecture Board as being aligned with the department's enterprise architecture, and then submitted to the CIO for approval.
Third, the DHS CIO will approve the hiring of component CIOs and set and approve their performance plans, ratings and annual award compensation.
To implement these new authorities, we will be strengthening the department's investment review process and more tightly integrating it with our budget acquisition and procurement business functions.
In a department of our size and complexity, and particularly in a department built from a lot of legacy agencies, this unification and strengthening of core management will not be easy. Some of the components will not be used to this level of centralized coordination, particularly as it relates to IT systems. But I'm convinced after two years, as is my leadership team, that we must make this happen, because it is necessary to get to the next level of effective and cost-effective management of our IT resources to fulfill our mission of protecting the American people and our homeland.
Let me conclude by saying — and I know that's always a welcome phrase — that we cannot provide a solution to every problem or challenge we face through technology. But I will say technology is at least part of the solution for almost every problem.
I appreciate the work that this Council does to help expand the universe of technological possibility for our country and for the Department of Homeland Security, and I look forward to continuing to work with you in the future.
Thank you very much.
Secretary Chertoff: And by the way, I see Scott Charbo is here, so if you get like into the weeds at all, he's the guy to ask. I mean, I've kind of just given you the depth of technical knowledge I have, so Scott will be available to answer questions.
Question: I congratulate you on elevating your CIO and strengthening that position. I appointed the first CIO in the government in the Treasury Department during the Reagan Administration. My question relates to the information sharing environment plan that came out last fall and the reference in it that they "may eventually" — that's a quote — move to tagged information such as XML. Can you tell me why we're looking at a 20th Century technology?
Secretary Chertoff: Okay. Now you've already gotten into the weeds below where I —
Secretary Chertoff: I think if you're asking me on specific technology like XML, I'm going to have Scott Charbo answer it. I will tell you on the information sharing environment what the concept is here.
The concept is — and I think you all recognize the challenge — there are two elements. One is making sure that we have the capability of connecting the interoperable, and the other is having the rules and protocols and culture that allows that to happen.
I spend most of my time on the latter part, because I'm not a software programmer or expert, and essentially what the cultural element is, is making sure people reorient themselves to understand they don't have propriety — or a proprietary relationship with their information, they don't own their information. It has to be shared, albeit in a disciplined and secure fashion. And I think we're doing a lot to build a culture and a set of processes that promote that.
Then, assuming everybody is on board to do the right thing, the question is, can they do it? Or can the systems talk to one another? Can you find either a common language or a bridging language that will allow people to talk to one another?
I can tell you that there is underlying this and underlying the whole interoperability issue a practical problem which I think you all probably have seen if you've ever dealt with an integration or a merger. There's a lot of sunk investment in existing systems which were developed and built obviously in an uncoordinated fashion.
In some ways, conceptually, the easiest thing to say is, hey, let's scrap everything. We'll build everything in a common platform at once, and then everything is by definition interoperable. But nobody has the budget or the stomach to scrap all their existing systems. And, frankly, sometimes there are arguments that existing systems serve individuated purposes better. For example, on the interoperability front, the mayor of New York is passionate about using a frequency of 400 mHz range that is different from what most people use because he thinks it works better in New York.
So the solution is often some kind of a device or some middleware that allows bridging among these different systems.
Now I've really exhausted the limit of my technical capability, so go to Scott.
Question: Mr. Secretary as a side note, we do make the best firewall, so.
Since you brought that up. But aside from that, I wanted to address a particular point you made about the use of sharing the information and using the computer systems to improve the rapid analytics of evidence and information to build cases, as you were saying, going from the Post-It notes system to actually using computers to speed that technology and sharing that data with others who can provide better and do analytical work on that to enhance security.
What steps could you maybe elaborate on that the department will be taking to secure that information? Because just as you have improved the speed of the analytics, the paper system at least has the advantage that for you to take and photocopy all of the paper evidence and reproduce it and disseminate it to tens of thousands of people would also take a great deal of time.
What steps would the agency take to protect the data, such as disk encryption software and other things, to make sure that only valid people have copies of that data? They don't just take it, put it on a USB stick and pass it out to 20 friends to post on the Internet to make it widely available inadvertently or through the use of a laptop theft or something like that. Could you maybe elaborate on the agency's work on that?
Secretary Chertoff: Sure. First of all, it's actually pretty easy to leak old-fashioned paper, as experience shows. It's not the volume, it's the significance of the piece of paper. So we've lived with this problem of leaking or theft for a long time, and it operates in the physical world as well as the virtual world.
However, it is true it's more efficient to steal or leak a large volume of information in the virtual world. There are two elements to this. One, of course, is to make — and this is a problem I know you're all aware of. Because as you create a system that is more efficient and user friendly, and this is true whether it's the kind of thing that we do or whether it's a system used to operate, you know, public utilities or the energy sector, as you make it more accessible and as you create more portals, the possibility of penetration becomes all the greater.
If you were truly to wall your network off and have it self-contained and keep it off, you know, the web, it would be a lot easier to prevent people from penetrating from outside.
So we're looking at a series of things. One is obviously, again, in the area of technology, whether it be hardware or software, finding ways to build better protection against people hacking into something. Obviously, we also need to make sure that people who have authorized access are properly vetted and trained so they don't misuse that access. That's a problem as old as the hills.
Among other things I think that's a critical issue, though, and I personally think it's an area where we can add real value, is you can design great systems, but if you don't have people disciplined about the way they protect their password or disciplined about the way they operate the system, whatever security measures you build will be crumbled.
I know, for example, that dual authentication is a useful exercise, where you have both some element of a password, but, for example, a fingerprint that you also have to insert in order to get access to a particular system.
So my general philosophy on this is, layered defense, lots of different defenses, recognizing there's nothing that's perfect, and also recognizing that at some point you will make a tradeoff between making it so cumbersome that it becomes useless, but also not making it so fragile that it becomes a real threat.
Let me challenge you in one area as someone who is a relatively well tutored by definitely a lay user of computer equipment. The challenge you have is in the real world where people have to do a lot of different things at the same time, is to build systems that are sufficiently robust in terms of protection, that they are — achieve security, but not so cumbersome that people don't either circumvent them or disable them. Because I think you see that happens a lot.
If you require, for example, constant changing of passwords, people will start to find ways to make it easy for themselves, so they're going to write it down. And we all know that writing your password down and putting it on a memo pad is not a good way to preserve security.
So you also have to — I mean, this is a plea for making things operational, meaning you've got to test in the real world and not just with people who love this stuff, but with people who really don't love this stuff, to see what techniques work in the real world.
Mr. Lee: Last question.
Question: Good morning, Mr. Secretary. Thank you for joining us this morning.
My question is, what is Homeland Security doing from an acquisition policy perspective to make sure that some of the latest innovations coming out of the open source community, the academic community, are able to be quickly leveraged by our guys on the front line, the first responders, the border patrol.
And the second part of the question, Mr. Secretary, is what are we doing to maximize the investment that we've already made in technology development efforts from the Defense Department and the intelligence community?
Secretary Chertoff: Good questions. Our Science and Technology Directorate, we have a comparatively new Under Secretary Jay Cohn, an admiral who came to us from the Navy, who ran the Navy's equivalent with respect to R&D.
He has completely revolutionized the way we do science and technology, and he basically breaks it into different elements. Some of it involves carrying forward on research and development activities that have been specifically mandated by Congress. Some of them is the process of putting into place short-term R&D on things that are relatively well developed but have to be taken over the finish line so they can be used.
And then there's an element of the budget he's carved out for what he calls innovation, which is the real Hail Mary pass, the kind of R&D that recognizes, you know, more likely than not, not to turn out a useful result, but, you know, the 2 in 10 or the 3 in 10 can be a game change and completely change the configuration.
And the things which we're talking about is short-term, high confidence level it's going to produce a good result. We drive that R&D budget with the operators. He sets up teams in each of the significant bands of activity, and the teams are populated by operators. And they drive the focus of our research and development budget in the direction that satisfies the needs that they've identified are critical for them to be supporting their mission.
And then on the innovation front, although there's a lot of operator input, that's more a question of really thinking outside the box. What this has done, and I think it's been really effective, it has made sure that our research decisions are being driven by the people who actually are going to use this stuff in the field.
I will be honest. I am not a fan of the style of research and decision-making that involves people coming up to members of the department or members of Congress and saying, wow, here's a really neat gizmo I have. Let's find a way to use it so I can sell it to you. I have to be honest. I don't think that's an intelligent way to invest the taxpayers' money.
I think what we ought to do, which is the approach we took in SBInet, is lay out what it is we want to do, have the operators who know what it is that works and what they're trying to achieve, be integrally involved in the process of setting what the requirements are and driving forward on the research so that we can make sure we're satisfying our needs as customers and, frankly, not your needs as vendors. Because the job of the vendor is to satisfy the customer.
So that's what we're doing, and I think that we've seen some very promising results. And I believe that in some ways the real value add for DHS is going to particularly be in the area of leveraging research and development and technology.
Mr. Lee: Thank you very much.
# # #
This page was last reviewed/modified on March 21, 2007.