DHS responds to criticism of database on vulnerable infrastructure

A top Homeland Security Department official lashed out in frustration Tuesday at critics who say the department is failing to make good judgments when it comes to risks and threats facing the country.

The department has come under heavy criticism recently -- and become the butt of jokes by late-night comedians -- due to its decision in May to cut urban antiterror funding to major metropolitan areas and an inspector general's report last week that found a national database of vulnerable targets rife with locations that pose no security risk.

The IG cited more than 32,000 assets out of about 72,000 in the database that "are not nationally significant," including a Mule Day Parade in Columbia, Tenn.; an Old MacDonald's Petting Zoo in Woodville, Ala.; an Amish popcorn factory in Berne, Ind.; a bean festival in Mountain View, Ark.; and the Kangaroo Conservation Center in Dawsonville, Ga.

Robert Stephan, the department's assistant secretary for infrastructure protection, told reporters that the inspector general "ignored" the facts and came to conclusions that are "fundamentally false."

"This is just a ridiculous thing that happened," he said.

Stephan, speaking at an event billed as a briefing on a recently released National Infrastructure Protection Plan, defended the asset database the plan relied on, but acknowledged that the department now faces a serious public perception problem.

Senate Democrats scolded the department last week by including a provision in the fiscal 2007 Homeland Security appropriations bill that requires it to comply with the inspector general's recommendations for overhauling the database.

The amendment, offered by Sen. Barbara Boxer, D-Calif., would prohibit the department from spending preparedness funds on administrative and management employee travel until the recommendations are implemented or officials explain to Congress why they were not.

"The Inspector General's report outlines a case of gross mismanagement within the Department of Homeland Security," Boxer said. "There is no excuse for including sites facing no significant threat at a time when the Department of Homeland Security is downgrading its risk assessment for San Diego, Sacramento and other high-risk locations."

Attempting to set the record straight, Stephan said neither he nor key members of his management team were interviewed for the IG's report. He said low-level members of his staff were initially interviewed, but none of their input showed up in the report.

"The lower level provided feedback that was ignored by the IG," he said, adding that the inspector general never came back for additional information.

Stephan did acknowledge that the database contains locations and assets that are not at risk, but he said that information is raw data provided by state and local governments.

He asserted the department does not include no-risk assets in making decisions about priorities or how to spend money and distribute grants. "No single raw data point . . . has any relevance to anything," he said.

He said those decisions are made after evaluating targets based on threat, vulnerability and the consequence of an attack.

Stephan added that the department's National Infrastructure Protection Plan identifies critical infrastructure for 17 sectors, and how the federal government will work with state and local governments and the private sector to protect those assets.

"We now have a playbook, commonly agreed to in an organized manner," he said. "This is a way out of the wilderness."

The private sector, however, is not required to comply with the plan.