February 3, 2004As the Bush administration implements strategies to fight terrorism, it must strengthen plans that address cybersecurity, data collection and other fields, a government official told lawmakers on Tuesday.
"We're moving to the implementation stage, and strategies need to be firmed up," said Randall Yim, managing director of homeland security and justice issues for the General Accounting Office (GAO). Yim testified before the House Government Reform National Security subcommittee about a recent GAO report on the seven national strategies the administration issued after the Sept. 11, 2001, terrorist attacks.
While he noted that Congress has passed several mandates and President Bush has better defined strategies with recent presidential directives, Yim said "much more needs to be done." He said Congress should consider moving legislation to mandate milestones for the different strategies.
Yim's comments support legislation introduced last year by House Homeland Security Committee Chairman Christopher Cox, R-Calif., and ranking Democrat Jim Turner of Texas to require the Homeland Security Department to meet certain metrics. The lawmakers have said they would push for Congress to pass the bill this year.
The GAO report -- which analyzed the strategies, including those for cyber security and collecting data on critical infrastructure -- found that while the administration accomplished much by quickly developing the plans after the attacks, it needs to strengthen the strategies to enhance their usefulness.
The report outlined several characteristics it deemed as fundamental, such as defining purpose, scope and methodology; assessing risks and threats; defining goals, priorities, objectives and performance measures; integrating and implementing initiatives with other agencies; and tying a strategy to resources, investments and risk management.
While a majority of the strategies partially address the characteristics, no single plan "addresses all of the elements of resources, investments, and risk management or integration and implementation," GAO found.
Yim told lawmakers that those two characteristics are the most critical. He said that without funding incorporated into a strategy, the resources and technology needed to implement the plans would not follow.
Yim also stressed to lawmakers the importance of "good data" on critical infrastructure and financial markets, among other things. He also believes an improved plan is necessary for sharing intelligence among federal, state and local law enforcement officials. He said current technological barriers soon would be dissolved, and then state and local authorities would receive a flood of data. But federal officials need to define which information to share that would not require analytical training.
When asked how quickly the administration would have a plan in place, Yim characterized it as not anytime soon.
GAO also rated the seven strategies from strong to weak, and the administration's cyber-security plan ranked as the most developed. But Yim said some of the strategies understandably are developed in general terms, such as the overall national strategy on homeland security.
February 3, 2004