The first 100 days

At the Homeland Security Department, the clock is always running.

June 8 will mark the 100th day since DHS officially opened for business March 1. It has been 21 months since the terrorist attacks that spurred the creation of the department, and the recent bombings in Saudi Arabia and Morocco are reminders that more attacks are possible anywhere — even here in the United States — and at any time.

The first 100 days — the time frame often used to measure the success of a new political organization — were tough ones for the new department. The expectations were remarkably high, and so was the pressure to accomplish a seemingly impossible task. If you ask experts if this country is any safer than it was 100 days ago, the answer is typically "no."

"The mission of the Department of Homeland Security is really a mission with no end," DHS Secretary Tom Ridge told a luncheon gathering at the National Press Club April 29. "And knowing our foes as we do now, the demise of hatred and the threat it carries for this nation is unlikely."

Technology, of course, is expected to play a major role in homeland security, enabling the department's various agencies to collect, analyze and share information that could help anticipate or respond to an attack. But if you ask how much progress the agency has made toward realizing those goals, the answer is not necessarily encouraging.

Ridge acknowledged that information technology integration is "a monstrous task," and some observers are quick to point out that the department has little to show for its work so far.

Robert David Steele, an author and former intelligence officer, points out that there are at least 30 separate intelligence systems and no money to connect them to one another or make them interoperable. "There is nothing in the president's homeland security program that makes America safer," he said.

Still, department officials and observers say that work is under way — both inside DHS and between the department and its partners — that will pay off in the future. Work is being done in fits and starts, they say, but that is to be expected.

"It's hard to glue all these pieces together — it normally takes a long time," said James Lewis, senior fellow at the Center for Strategic and International Studies. "The difficulty in the federal government is that it still takes time to get a management team in place. In some ways, we're still at the start."

Work in Progress

People inside the department dispute the assessment that they have little to show for their work.

Patrick Schambach, chief information officer at the Transportation Security Administration, said DHS officials are working through three phases: discovering what tools they have, planning how to use them and implementing them.

Schambach said DHS officials are still in the discovery phase, figuring out exactly what tools they have in their arsenal. "It's a very complex picture. It's going to be a challenge," he said.

This work includes creating an inventory of all the information systems being used in the department and deciding which should stay and which should go.

The systems inventory, to be completed next month, is the first step toward an enterprise architecture plan that will be unveiled in September. That has not been an easy task. The inventory has already tallied more than 2,000 applications, most of them in stand-alone systems inherited from the 22 agencies that were folded into DHS.

Most of the work to integrate the department has fallen on the shoulders of CIO Steve Cooper, an industry executive who decided to seek a job with the government after witnessing the attack on the World Trade Center from a ship in New York Harbor while he was attending a conference.

"Once we have formulated our 'to be' architecture, we can develop the migration strategy needed to move from where we are today to where we want to be as a department," Cooper told the House Government Reform Committee May 8.

In the meantime, DHS officials have set up key business systems, including departmentwide e-mail and directory services, to link the department's various agencies.

Yet some experts say that in the rush to create a department, officials may be focusing on the bureaucracy rather than the safety and security of the United States in the wake of the Sept. 11, 2001, terrorist attacks.

"So far we haven't paid any big price for the slowness," said I.M. "Mac" Destler, public policy professor at the University of Maryland. "So far, nothing horrendous has happened within its jurisdiction."

Of particular concern are several key systems intended to track the arrival and departure of every foreigner who visits the United States.

As part of an entry/exit system, officials had hoped to be able to photograph and fingerprint all foreign visitors when they arrive at major ports and airports by the end of this year. DHS officials expect to have the system in place at airports and seaports, but they said earlier this year they would miss the 2005 deadline for land entry points.

With the Student and Exchange Visitor Information System (SEVIS), DHS aims to register all foreign students studying in the country to ensure that they do not stay beyond their allotted time.

However, the system has run into numerous snags since it was installed earlier this year. Colleges and universities have misplaced data and some of it has been irretrievably lost. There aren't enough inspectors to look over the applications, and there's no procedure to identify sham schools.

Earlier this month, DHS folded SEVIS and the entry/exit system into one program: the U.S. Visitor and Immigrant Status Indication Technology system.

Other border systems are proving just as daunting, although some progress has been made. Officials at the Bureau of Customs and Border Protection face the monumental challenge of inspecting millions of container cargo shipments each year.

To tighten border controls, the bureau has already launched a plan to inspect some container cargoes before they leave a foreign port and to obtain an electronic manifest of what's on a ship 24 hours before it arrives in the United States.

The idea is to identify shipments that could be a cause for concern and focus on those. For example, a ship from Norway that lists bananas would be flagged because bananas are not grown in Scandinavia.

"The separation of 'high risk' from 'no risk' is critical because searching 100 percent of the cargo and people that enter the United States would unnecessarily cripple the flow of legitimate trade and travel to the United States," said Robert Bonner, the bureau's commissioner.

Meanwhile, the United States and Canada have signed an agreement to inspect rail cargo crossing the border and collect advance electronic manifest information before shipments come into the United States.

George Weise, a former commissioner of the Customs Service who is now vice president of global trade compliance at Vastera Inc., a global technology solutions company that handles compliance issues, said the coordination is improving the policing of the border, but "there's no way to have a fail-safe border. It will never be completely fail-safe."

Connecting the Dots

The dual concept of knowledge management and cross-agency collaboration underlies many of the department's initiatives and remains one of its major challenges.

For instance, DHS is linking existing networks among the federal, state and local law enforcement communities. State and local users of the Regional Information Sharing Systems now have access to sensitive but unclassified data held by the FBI through the Law Enforcement Online network.

Federal and state law enforcement agencies also can tap into a State Department database of 34 million visa applications with pictures of applicants.

In addition, DHS officials will soon announce how they intend to fix one of their most troubling problems — consolidating multiple watch lists to share information among law enforcement agencies, Cooper told Federal Computer Week.

Although two Sept. 11 hijackers living in San Diego were on watch lists, the CIA and FBI did not share information that could have prevented them from carrying out their attacks, which was just one of many holes in the U.S. security system discovered after Sept. 11.

"Databases used for law enforcement, immigration, intelligence, public health surveillance and emergency management have not been integrated in ways that allow us to...'connect the dots,'" Cooper told the House Government Reform Committee. "To secure the homeland better, we must link the vast amounts of knowledge residing within each government agency while ensuring adequate privacy."

Plagued by technical problems and criticized by civil liberties groups, the systems are still in their infancy. Officials are working through the bugs and conducting pilot projects for what they hope will be a seamless integration for the future.

One system of high interest to both DHS officials and privacy watchdogs is TSA's Computer Assisted Passenger Prescreening System II. CAPPS II would comb public databases for any information that suggests ticketed airline passengers could pose a security risk.

"CAPPS II has the most potential to improve security and customer service," TSA Administrator James Loy testified May 6 before the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee.

The proposed system has drawn fire from privacy advocates, who question how the risk would be determined and said officials failed to clearly outline the project. The plans for the project have changed since its inception, and TSA officials have said they are working closely with privacy groups. Nevertheless, there are major questions about it.

"I'm all in favor of finding ways to be smarter about aviation security and to target aviation security resources more efficiently," Sen. Ron Wyden (D-Ore.) said recently. "But a system that seeks out information on every air traveler or anyone who poses a possible risk to U.S. security and then uses that information to assign a possible threat 'score' to each one raises some very serious privacy questions."

A Long To-Do List

But the work goes on. In the next six months, DHS will have an enterprise architecture that will help officials integrate their systems. Congress is expected to appropriate more money for homeland security. State and local government systems will be more closely linked to the federal department.

Wireless emergency systems will become integrated across the country. Remote video cameras that can detect even the slightest anomaly will be placed across the U.S./Canadian border. Automatic alert systems for emergency responders will be put in place.

The Centers for Disease Control and Prevention and other public health organizations will implement computerized systems that can detect the spread of a bioterrorism agent or even the spread of a rare disease such as severe acute respiratory syndrome.

But the American psyche may never be the same no matter how much technology is embedded into our safety systems.

"We can't really say with any certainty that we are safer than we were," said David Ropeik, director of risk communication at the Harvard Center for Risk Analysis.

"Certainly a great deal has been done to enhance security," he said. "But we still don't know so much.... Who are the specific terrorists who may strike, where will they attack, when, with what kinds of weapons? Without knowing these factors, nothing certain can be said about our relative level of safety."

Ridge, for one, is optimistic that one day the terrorist alert system will be lowered to green — the lowest level on its scale. Even so, he said, the United States will never lower its defenses.

"Regardless of even if we get to the lowest level, we're going to have to remain vigilant," he said. "We're going to have to remain on guard, and the institutions that we're setting up will have to still perform effectively and efficiently."