Homeland strategy sets IT agenda

The National Strategy for Homeland Security released last week shows how heavily the Bush administration is counting on technology to improve the nation's ability to collect, analyze and disseminate information.

The strategy identifies six critical areas — such as improving intelligence, protecting critical infrastructure and defending against catastrophic threats — and lists the major initiatives essential to each one.

Technology permeates the list — with initiatives as varied as creating a secure videoconferencing capability for communications between first responders and federal officials and creating "smart borders" using databases and biometrics.

Most programs listed — such as developing a secure data-sharing system for federal, state and local law enforcement and biometrics for border control — are already under way.

It is not surprising that the homeland security strategy focuses so much on technology, said Phil Anderson, a senior fellow at the Center for Strategic and International Studies (CSIS).

"Technology in large part is going to help us solve this problem," he said. "Everywhere you look, there are enormous advantages that can be gained through the use of technology."

Some of the technology essential to the strategy will require more research and development, particularly in the area of sensors and surveillance, but many of the requirements can be met with existing technology. "Most of the stuff is already on the shelf," Anderson said.

Connecting the Dots

The strategy follows close on the heels of the administration's plan for creating a Homeland Security Department, drawing together nearly two dozen agencies involved with national security. The national strategy takes the first close look at the information that is necessary to support the functions performed by those organizations.

"There's less focus here on moving boxes, and more on integrating information," said Don Kettl, executive director of the Century Foundation's Working Group on Federalism Challenges in Homeland Security. "There's a focus on connecting the dots through connecting the information."

Beyond the initiatives in each mission area, information sharing and systems form one of the four foundations of the national strategy. The strategy outlines five major initiatives in which technology will support homeland security:

* Integrate information sharing across the federal government.

* Integrate information sharing across state and local governments, private industry and citizens.

* Adopt common metadata standards for keeping track of data stored in databases across government.

* Improve public safety emergency communications.

* Ensure reliable public health information.

Information sharing is important to crossing boundaries that are in place at the federal, state and local levels, said Steve Cooper, senior director of information integration and chief information officer at the Office of Homeland Security.

The IT section of the strategy essentially provides "an overall charter or business strategy" for making that happen, he said.

One aspect of the IT plan that is likely to cause a lot of "interesting" discussion is the concept of databases of record, Cooper said. The idea is to identify or develop databases across government to serve as the official resources in certain topic areas, so that someone looking for particular information knows where to turn.

The strategy also outlines plans to develop metadata standards for "communities of practice" that cut across agency boundaries, such as first responders and law enforcement. These standards, likely based on Extensible Markup Language, will help users organize and search the information in agencies' databases.

The Office of Homeland Security has already formed several working groups to look at the legal and policy issues that might be involved, Cooper said. One hurdle is accommodating the information needs of particular agencies.

For example, much of the information that the FBI gathers is not intelligence, but evidence, and is closely held for use in prosecuting cases. Would, or should, the FBI begin to share such information?

Another hurdle, though, is the requirements to balance homeland security requirements with privacy and civil liberties, observers say.

"If the data is all from criminal histories or on foreign nationals from suspect countries, it may not be a problem," said Jim Harper, a lawyer who operates the privacy advocacy Web site Privacilla.org. "But if it's a big database accessible to lots and lots of people," and it contains information about people not suspected of being terrorists, that could be a problem, he said.

But both civil liberties and security advocates will have to be patient as the technology and policy come together and the information from across all levels of government and industry is consolidated or linked, Cooper said.

"Part of getting the balance right will be a bit of a pendulum, and I don't think that we're going to be able to nail it perfectly right out of the box," he said.

Building Blueprints

The federal government has taken steps to enable information sharing by developing an enterprise architecture that shows how different systems supporting homeland security will work together.

This initiative will build on the federal enterprise architecture already created by the Office of Management and Budget, although it must also include national security and intelligence agencies, Cooper said.

Federal officials are also working with the National Association of State Chief Information Officers (NASCIO) to get input on the architecture from the first-responder community.

Several NASCIO members had a conference call with officials from the Office of Homeland Security earlier this month to discuss different approaches to working together on this issue, and the two groups plan to meet face-to-face in mid-August, according to Elizabeth Miller, executive director for NASCIO.

Through its e-government strategy and the annual budget process, OMB also is pushing agencies to collaborate on technology initiatives. The emphasis on developing joint business cases will be enforced for homeland security investments as well, said Mark Forman, associate director for IT and e-government at OMB.

OMB has approved three homeland security-related pilot projects, which will last three to six months, to prove the concept of information sharing and joint investments, Cooper said. They are:

* Virtually consolidating or linking the many terrorist watch lists in existence at multiple agencies.

* Creating a homeland security portal for users at all levels of government to access and link to key subject areas, such as critical infrastructure protection.

* Developing a 10-state system to share and analyze sensitive information related to law enforcement among federal, state and local agencies.

Still Sketchy Picture

Those ideas are why the IT aspect of the national strategy is the most detailed — and therefore complex — part of the strategy, Kettl said. But every part of the national strategy still needs many more details before it can be considered complete, experts say.

"A strategy should lead to a plan or plans" for executing the strategy, said CSIS' Anderson.

"What we have here is the commander's intent," he said. What is still needed is "a detailed plan that states how it is going to be accomplished."

It will probably be left to the proposed Homeland Security Department to develop that plan, Anderson said. "What's missing is a pretty good articulation of the threat," Anderson said of the president's strategy. "There may be one that's classified," but a threat assessment is essential for developing the "operations plan" needed to execute the strategy, he said.

Judi Hasson, William Matthews and Dibya Sarkar contributed to this report.