Congressional Hearings
ROUNDTABLE REAUTHORIZING DHS: POSITIONING DHS TO ADDRESS NEW AND EMERGING THREATS TO THE HOMELAND
Congressional Hearings
SuDoc ClassNumber: Y 4.G 74/9
Congress: Senate
CHRG-115shrg31265
| AUTHORITYID | CHAMBER | TYPE | COMMITTEENAME |
|---|---|---|---|
| ssga00 | S | S | Committee on Homeland Security and Governmental Affairs |
[Senate Hearing 115-457]
[From the U.S. Government Publishing Office]
S. Hrg. 115-457
REAUTHORIZING DHS: POSITIONING DHS TO
ADDRESS NEW AND EMERGING THREATS TO THE HOMELAND
=======================================================================
ROUNDTABLE
BEFORE THE
COMMITTEE ON
HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
ONE HUNDRED FIFTEENTH CONGRESS
SECOND SESSION
__________
FEBRUARY 7, 2018
__________
Available via the World Wide Web: http://www.govinfo.gov
Printed for the use of the
Committee on Homeland Security and Governmental Affairs
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
__________
U.S. GOVERNMENT PUBLISHING OFFICE
31-265 PDF WASHINGTON : 2019
-----------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center,
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free).
E-mail, gpo@custhelp.com.
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
RON JOHNSON, Wisconsin, Chairman
JOHN McCAIN, Arizona CLAIRE McCASKILL, Missouri
ROB PORTMAN, Ohio THOMAS R. CARPER, Delaware
RAND PAUL, Kentucky HEIDI HEITKAMP, North Dakota
JAMES LANKFORD, Oklahoma GARY C. PETERS, Michigan
MICHAEL B. ENZI, Wyoming MAGGIE HASSAN, New Hampshire
JOHN HOEVEN, North Dakota KAMALA D. HARRIS, California
STEVE DAINES, Montana DOUG JONES, Alabama
Christopher R. Hixon, Staff Director
Gabrielle D'Adamo Singer, Chief Counsel
Daniel P. Lips, Policy Director
Michelle D. Woods, Senior Professional Staff Member
Margaret E. Daum, Minority Staff Director
Charles A. Moskowitz, Minority Senior Legislative Counsel
J. Jackson Eaton IV., Minority Counsel
Subhasri Ramanathan, Minority Counsel
Laura W. Kilbride, Chief Clerk
Bonni Dinerstein, Hearing Clerk
C O N T E N T S
------
Opening statement:
Page
Senator Johnson.............................................. 1
Senator McCaskill............................................ 3
Senator Heitkamp............................................. 10
Senator Peters............................................... 13
Senator Portman.............................................. 15
Senator Hassan............................................... 19
Senator Lankford............................................. 21
Senator Harris............................................... 24
Senator Jones................................................ 27
Prepared statement:
Senator Johnson.............................................. 39
Senator McCaskill............................................ 40
WITNESSES
Wednesday, February 7, 2018
Hon. Elaine C. Duke, Deputy Secretary, U.S. Department of
Homeland Security; accompanied by Hon. Claire M. Grady, Under
Secretary for Management; U.S. Department of Homeland Security;
and Christopher Krebs, Senior Official Performing the Duties of
the Under Secretary, National Protection and Programs
Directorate, U.S. Department of Homeland Security.............. 4
George A. Scott, Managing Director, Homeland Security and
Justice, U.S. Government Accountability Office; accompanied by
Chris Currie, Director, Emergency Management and National
Preparedness Issues, U.S. Government Accountability Office..... 5
John V. Kelly, Acting Inspector General, U.S. Department of
Homeland Security.............................................. 6
Alphabetical List of Witnesses
Duke, Hon. Elaine C.:
Testimony.................................................... 4
Prepared statement........................................... 43
Kelly, John V.:
Testimony.................................................... 6
Prepared statement........................................... 58
Scott George A.:
Testimony.................................................... 5
Prepared statement........................................... 46
APPENDIX
Chart submitted by Senator Johnson............................... 70
GAO cybersecurity report submitted by Senator Portman............ 71
CSIS cybersecurity report submitted by Senator Hassan............ 118
Information submitted for the Record by Ms. Grady................ 148
Responses to post-hearing questions for the Record from:
Ms. Duke..................................................... 149
Mr. Kelly.................................................... 177
ROUNDTABLE REAUTHORIZING DHS:
POSITIONING DHS TO ADDRESS NEW AND EMERGING THREATS TO THE HOMELAND
----------
WEDNESDAY, FEBRUARY 7, 2018
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 10:01 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Ron Johnson,
Chairman of the Committee, presiding.
Present: Senators Johnson, Portman, Lankford, Daines,
McCaskill, Heitkamp, Peters, Hassan, Harris, and Jones.
OPENING STATEMENT OF CHAIRMAN JOHNSON
Chairman Johnson. Good morning. This roundtable of the
Senate Committee on Homeland Security and Governmental Affairs
will come to order.
I want to welcome our participants, we will call them. I
guess they are witnesses, but we have the Honorable Elaine
Duke, the Honorable Claire Grady, Mr. George Scott, and Mr.
John V. Kelly from the Department of Homeland Security (DHS),
the Government Accountability Office (GAO), as well as the
Office of Inspector General (OIG).
This roundtable will discuss the attempt to reauthorize
DHS. The House has passed their bill. They had a memorandum of
understanding (MOU) to consolidate that entire process under
the Committee of Homeland Security in the House.
It is a little more messier here in the Senate, which is
not unusual. The Commerce Committee has taken up and passed
authorization for the Transportation Security Administration
(TSA) and the U.S. Coast Guard (USCG). The Judiciary has a
number of components. We have, my staff keeps telling me,
somewhere around 40 to 50 percent of DHS under our Committee's
authorization. That is really what we are here to talk about
today.
I think it is accurate to say that what the House
authorization does is--and this is what you need to do in these
authorizations--take what DHS currently does and codify it,
take the recommendations from the GAO and the Inspector General
(IG). And by the way, reading your testimony, it is actually
pretty pleasing to see how many of the recommendations the
Department has addressed over a number of Administrations to
improve their operation.
And let us also admit that this has not been an easy
Department to establish and operate--22 agencies cobbled
together, different missions trying to develop that unity of
mission. We helped, I think, a little bit in the last Congress
in working on some of the authorization of that Unity of
Effort.
But again, we are trying to codify these things. There are,
I think, a couple of key changes or new departments that want
to codify the Countering Weapons of Mass Destruction (CWMD)
office. I think we want to figure out some way to take National
Protection and Programs Directorate (NPPD), focus its mission,
do the renaming, and we have talked a little bit about doing
that on a must-pass piece of legislation, or we do this on this
authorization. I think there is a great deal of desire to do
it. It is just a matter of how do we get those efforts signed
into law.
A couple of items need to be worked out. Authorization for
Federal Emergency Management Agency (FEMA) grants. What are we
going to do with Federal Protective Service? We will continue
to have those discussions. Maybe that is something we can
determine and come to conclusion with voting in a markup.
My last point is I do want to talk about the one glaring
omission out of the House authorization and something that
maybe it is too controversial, but it is something I think that
the Department really needs, is a very serious look at all of
the committees of jurisdiction to have that you are responsible
to.
In my briefing, we got this little chart of all the
committees,\1\ and I do not think, how many committees and
subcommittees do have that responsibility to report to and that
have jurisdiction over DHS. But some of the information is
pretty interesting.
---------------------------------------------------------------------------
\1\ The chart referenced by Senator Johnson appears in the Appendix
on page 70.
---------------------------------------------------------------------------
The number of hearings that DHS personnel have participated
in prior Congresses, 304 in the 111th, 289 in the 112th, 219 in
113th, 211 in the 114th Congress. Witnesses are in the 400
levels; the briefings, thousands. I mean 4,000, the 111th
Congress; over 4,000 in the 114th.
Now, as the oversight committee, we strongly believe in
agency responsibility in terms of reporting to us and
transparency, all those types of things, but it needs to be
more streamlined. So one of the things I think we are
suggesting is--I am really not real nuts about commissions, but
I am not quite sure of any other way of doing this. I am open
to other ideas, but some kind of commission to work with House
committees and Senate committees to reduce that burden because
from my standpoint I want to make sure the Department is
focusing on its primary mission, which is keeping America safe
and secure.
So, with that, I do ask unanimous consent that my written
opening statement be entered into the record.\2\
---------------------------------------------------------------------------
\2\ The prepared statement of Senator Johnson appears in the
Appendix on page 39.
---------------------------------------------------------------------------
With that, I will turn it over to our Ranking Member,
Senator McCaskill.
OPENING STATEMENT OF SENATOR MCCASKILL
Senator McCaskill. Thank you, Mr. Chairman.
I am a little confused as to why this is a roundtable
instead of a hearing. I hope someone can speak to that. This is
an Administration that prides itself on getting rid of
senseless regulations, and I am being told that the reason we
did a roundtable is because you did not have time to get
testimony approved by the Office of Management and Budget
(OMB).
Is that right? Is that why it is not a hearing?
Chairman Johnson. I think it was just a conversation
between staff and DHS in terms of what would be the best format
to have these discussions to prepare for a markup to actually
pass this piece of authorization. To me, it is not a big
difference one way or the other.
Senator McCaskill. Well, I think it is really important,
the reauthorization of DHS. I think it rises to the level of a
hearing, but you and I may just have a disagreement about that.
I did not know that it was under the impression it was
something that the Department did not have ample opportunity to
prepare for a hearing because of the approval of OMB, but if it
was just a choice of the Chairman, then you and I just have a
difference of opinion about whether or not this rises to the
level of a hearing.
I have a number of things I would like to take time to talk
about today. I probably will not have time to talk about all of
them. Obviously, I continue to be very concerned about
acquisition and how well the Department handles acquisition.
We see press about the most egregious examples. Obviously,
the recent one, we have a contractor who clearly has a very
troubled history with the Federal Government, but yet we
entered into a contract for them to deliver meals, and clearly
they did not deliver on that contract. They did not perform
under that contract. I think we have to really drill down on
debarment and suspension and why this is such a hard thing to
do in the Federal Government.
I can assure you my colleague, the Chairman, if it was his
company, if it was a private business and you had somebody that
was a supplier and they screwed up time after time after time,
do you know what that private business would do? They would
quit doing business with the supplier, but the Federal
Government seems to never quit doing business with anybody who
screws up. And I do not get it. I would like us to get to the
bottom of that.
I also obviously have questions that I will spend some time
on. I am very concerned about the privilege dispute in the IG
report. This is groundbreaking, it is unprecedented, and it is
very bad. And I want to get to the bottom of it.
And I also will put my written statement in the record\1\
since we have great attendance this morning, and I think
everybody has questions. Let us move to questions
---------------------------------------------------------------------------
\1\ The prepared statement of Senator McCaskill appears in the
Appendix on page 40.
---------------------------------------------------------------------------
Chairman Johnson. Again, it is my understanding you will
each have an opening statement, so why do we not just start
with the Honorable Elaine Duke. She is the Deputy Secretary of
the Department of Homeland Security.
TESTIMONY OF THE HONORABLE ELAINE C. DUKE,\1\ DEPUTY SECRETARY,
U.S. DEPARTMENT OF HOMELAND SECURITY; ACCOMPANIED BY HONORABLE
CLAIRE M. GRADY, UNDER SECRETARY FOR MANAGEMENT, U.S.
DEPARTMENT OF HOMELAND SECURITY; AND CHRISTOPHER KREBS, SENIOR
OFFICIAL PERFORMING THE DUTIES OF UNDER SECRETARY, NATIONAL
PROTECTION PROGRAMS DIRECTORATE, U.S. DEPARTMENT OF HOMELAND
SECURITY
Ms. Duke. OK. Thank you. I will just give one opening
statement for the Department.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Duke appears in the Appendix on
page 43.
---------------------------------------------------------------------------
Thank you for having both of us here. Claire Grady, as the
Under Secretary for Management, is our Chief Management
Officer, and I as the Deputy Secretary and acting as our Chief
Operating Officer. And there is a strong linkage to that, and
hopefully with the two of us, we can cover all the areas today.
You have been great partners, and we are really looking
forward to having some open and honest dialogue.
The purpose for DHS is clear. It is even clearer now with
the threats against our country, and we welcome an
Authorization Act that would give us updated authorities,
updated support, and updated accountability for the country
which we support.
We recognize that we have to ensure that we carry out the
mission on behalf of the country and that we are serving even
our employees, our 240,000 employees right, and we think
passage of the Authorization Act would be helpful in us
executing our authorities and responsibilities.
Over the past year at DHS, I have been working on a Unity
of Effort at DHS, and this is critical. And hopefully, we will
have time to talk about it today, but it is really looking at
how we as the headquarters operate to enable and support the
headquarters.
And I see three roles for the headquarters elements:
leading a community of practice, being subject-matter experts,
and servicing the headquarters. And I think that your proposal,
Mr. Chairman, of consolidating some of the committees would
really be a great parallel to what we are trying to do in
headquarters and align and streamline even better. We have made
great progress. We have to do more in this area.
What we are looking for in an authorization bill overall is
something that does what you say and codifies some of the
efforts we are making already, the leadership commitment, but
it does not go so far as to dictate and legislate areas that
really would be difficult to change or take away key and
essential flexibilities of the Secretary and the leadership of
the Department, so finding that right balance.
We do feel like areas in an authorization bill that would
help us with personnel, things such as hiring retention and
separation flexibilities and management of our employees would
be helpful, and we can discuss those in a level of detail
either now or in subsequent discussions with you and the
Ranking Member later.
Also, the Department's Cyber and Infrastructure Security,
we do have the senior official performing the duties of the
Under Secretary, Chris Krebs, with us here today to talk about
the NPPD area and the Countering Weapons of Mass Destruction.
So we are looking forward to coming up with some agreements
that can provide you information that will help inform your
authorization bill.
Thank you.
Chairman Johnson. Mr. George Scott is the Managing Director
for the U.S. Government Accountability Office, Homeland
Security and Justice team. Mr. Scott.
TESTIMONY OF GEORGE A. SCOTT,\1\ MANAGING DIRECTOR, HOMELAND
SECURITY AND JUSTICE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE;
ACCOMPANIED BY CHRIS CURRIE, DIRECTOR, EMERGENCY MANAGEMENT AND
NATIONAL PREPAREDNESS ISSUES, U.S. GOVERNMENT ACCOUNTABILITY
OFFICE
Mr. Scott. Thank you, Chairman Johnson, Ranking Member
McCaskill, and Members of the Committee. I am pleased to be
here today to discuss opportunities to further strengthen the
Department of Homeland Security.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Scott appears in the Appendix on
page 46.
---------------------------------------------------------------------------
Over the past 15 years, DHS has implemented a range of
homeland security operations while making significant progress
in addressing the high-risk area of transforming the Department
and strengthening its management functions. In fact, we now
consider DHS to be a model for how other agencies should work
to address their high-risk issues.
That said, there are a number of key areas where the
Department needs to continue to improve. Reauthorization
provides the opportunity to reflect on the progress the
Department has made and also how best to align the DHS
missions, roles, and responsibilities to better counter new and
emerging threats to the homeland.
I would like to briefly discuss some specific examples
where we think legislation to reauthorize the Department would
help.
In terms of departmental organization, codifying the roles
and responsibilities of the National Protection and Programs
Directorate would help strengthen DHS's focus and
responsibilities on cybersecurity. Also, renaming the office to
better reflect those responsibilities would be a positive step.
In the area of protecting critical infrastructure, Congress
could require DHS to evaluate the assistance and information it
provides to stakeholders regarding cybersecurity protections,
particularly those sectors that work with the Department on a
voluntary basis.
It is important for DHS and the Congress to better
understand to what extent those efforts are yielding positive
results. While the Department has made progress addressing
financial management issues, including receiving a clean audit
opinion on its financial statements for 5 consecutive years,
significant challenges remain. In particular, the Department
continues to struggle with its financial system modernization
efforts, and additional oversight is warranted.
DHS also needs to continue to develop a financial
management workforce with the skills necessary to uphold a
strong internal control environment, and the Congress could
require the Department to develop a comprehensive strategy for
doing so.
Finally, no discussion of Department would be complete
without touching on the area of acquisition management. The
Department has taken a number of important steps in response to
GAO recommendations to improve oversight of its acquisitions.
For example, it reestablished the Joint Requirements
Council (JRC). Codifying the role of the JRC, as recently
proposed by Senator McCaskill, and ensuring that the Department
continues to follow sound acquisition practices will help
increase accountability for the billions of dollars that the
Department spends each year.
This concludes my statement, and I look forward to
answering any questions that you have. Thank you.
Chairman Johnson. Thank you.
Our final participant witness is Mr. John V. Kelly. He is
the Acting Inspector General for the Department of Homeland
Security's Office of Inspector General. Mr. Kelly.
TESTIMONY OF JOHN V. KELLY,\1\ ACTING INSPECTOR GENERAL, U.S.
DEPARTMENT OF HOMELAND SECURITY
Mr. Kelly. Good morning, Chairman Johnson, Ranking Member
McCaskill, and Members of the Committee. Thank you for inviting
me to discuss DHS's Reauthorization Act and positioning DHS to
address new and emerging threats.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Kelly appears in the Appendix on
page 58.
---------------------------------------------------------------------------
Since its establishment, DHS has progressed in addressing
challenges to accomplish its mission. However, to fulfill its
vital mission of successfully protecting and securing our
Nation, DHS must continue to overcome challenges that hinders
its efforts.
Over the last few years, my office has issued numerous
reports that address the challenges that face DHS. Many of
those challenges, Congress addressed in H.R. 2825, the DHS
Reauthorization Act. With implementation of our recommendations
and your legislation, DHS can continue to improve its
operations and reduce fraud, waste, and abuse. However, if the
Department ignores these challenges, it will be difficult for
DHS to effectively and efficiently address new and emerging
threats to the homeland.
In our last two annual reports on DHS's major management
and performance challenges, we highlighted two of the most
significant longstanding challenges. First, DHS's leadership
must commit itself to ensuring DHS operates more as a single
entity rather than a confederation of components.
The Department leadership must also establish and enforce a
strong internal control environment. The current internal
control environment is relatively weak, and it affects all
aspects of the Department's missions, including border
protection, immigration enforcement, protection against
terrorist attacks, natural disasters, and cybersecurity.
Fortunately, the DHS Authorization Act reinforces the need for
the Department unity by streamlining oversight, accountability,
and eliminating redundancy.
Another important area is acquisition management. In fiscal
year (FY) 2017, DHS spent more than $33 billion on contractual
services, supplies, and assets; thus, DHS's acquisition
management system is critical in fulfilling its mission.
However, implementing an effective acquisition management
system is inherently complex.
DHS annually spends tens of billions of dollars on a broad
range of assets and services, including ships, aircraft,
surveillance towers, nuclear detection equipment, financial and
human resources (HR) systems, and information technology
systems. To its credit, DHS has improved some of the
acquisition processes; however, challenges remain. Provisions
of the DHS Authorization Act would strengthen the role of the
Under Secretary of Management, implement efficiencies across
components, and better ensure oversight and accountability,
thus, safeguarding billions of taxpayer dollars.
DHS must also strengthen aviation security. Nowhere is the
asymmetric threat of terrorism more evident than the area of
aviation security. The Transportation Security Administration
cannot afford to miss a single genuine threat without
potentially catastrophic consequences, yet terrorists need only
to get it through once.
The detection of dangerous items on people and baggage
requires reliable equipment, effective technology, and well-
trained transportation security officers. Our work has
identified vulnerabilities in TSA's screenings operations. We
have conducted nine covert penetration testing audits on
passenger baggage and screening operations.
I cannot provide the results in an unclassified setting but
can characterize them as troubling and disappointing.
TSA's failures were caused by a combination of technology
and human error.
I am pleased that TSA's leadership understands the gravity
of our findings and is moving to address those.
We recently audited the Federal Air Marshals Service (FAMS)
contributions to TSA's security. Although the detailed results
are classified, I can state that some of the funding for FAMS
could be discontinued and reallocated to higher priority areas.
Finally, a primary focus of DHS is the integrity of the
roughly 240,000 departmental employees. While the vast majority
of DHS's employees and contractors are honest and hardworking
public servants, much of our investigative caseload concerns
allegations of corruption on part of DHS law enforcement
personnel and government contractors.
While the DHS Authorization Act implicitly grants the OIG
the right to first refusal, we suggest that Act explicitly
grant that right to us.
Inspectors General play a critical role in assuring
transparent, honest, effective, and accountable government. The
American public must have a fundamental trust if the government
employees are held accountable for crimes and serious
misconduct by an independent fact-finder.
Mr. Chairman, this concludes my comments. You are welcome
to answer questions.
Chairman Johnson. Thank you, Mr. Kelly.
One of the reasons I like this roundtable approach is, in
general, in the past, it allows pretty free flow of
questioning, and we can stay on one topic.
So the way I want to approach this is we do have a timer
here. It is set for 5 minutes. I think the yellow light goes
off when there is 1 minute left, and the red light goes when
your time is up.
But I do want to accept or encourage, but if you have a
follow-on question that is pertinent to what another Member is
asking, so we can cover the topic right then and there as
opposed to 15 minutes, half hour later, bring up the topic
again and rehash it, just raise your hand. But, again, I really
want to discipline kind of one shot per member on a particular
topic, and it has to be pertinent, OK? So, again, I think that
will just add to the discussion.
So I will defer my questioning. I will turn it over to
Senator McCaskill, and we will see if this thing works.
Senator McCaskill. I am a little confused about the process
here, but we will forge ahead.
Chairman Johnson. It will be good.
Senator McCaskill. If this is going to be a roundtable, I
sure hope we are not cutting people off from being able to ask
as many questions as they want.
Chairman Johnson. No.
Senator McCaskill. OK. Let us start with something that
concerns me because of my work with the IG community as a
former auditor.
The Inspector General conducted an extensive review of the
Department's implementation of the President's travel ban. The
cooperation hit a roadblock when Inspector General Roth took
steps to release his findings. Not only did it take months for
the Department to respond to the Inspector General regarding
the Department's privileged claim so the report could be
released, in the end, the Department decided to assert a
privilege that had never been used before, invoking a
deliberate process privilege.
Now, the irony is that you are invoking a deliberate
process privilege in the implementation of the travel ban. If
there was ever anything that was not deliberate, it was the
travel ban because it occurred without adequate notice to the
Department, without adequate preparation to the Department.
Anybody with common sense could look at it and see that.
So the irony is that you are using a deliberative process
privilege to block information from the public. Are we allowed
to see this information, Ms. Duke?
Ms. Duke. The concern over the deliberative process was it
has to be protective. We have to be able to have discussions
with the President, the Administration. That is process.
Additionally, it is under litigation, and that is the issue
here. It is important that we protect this.
Yes, we will provide the report as it is to the Congress. I
think that the important thing to note is that even with the
redactions, it does state what the process was, and we believe
that even with the deliberative process, it gives adequate
information about what happened with the travel ban.
Senator McCaskill. I mean, I just think it is outrageous. I
do not understand it. Government is sued all the time. We
cannot use litigation as an excuse to stop information from the
Inspectors General. We cannot do that because every Department
will then say, ``Oh, we are under litigation. We cannot''--and
is this an executive privilege, or is this a deliberative
process privilege? Is this the White House that is exerting
this privilege, or is it your Department?
Ms. Duke. There were different pieces of the report that
came under different privileges. Some were executive. Some were
deliberative process.
The IG got all that information. It was an issue of whether
it could be made public through a public report. So the IG does
have the information.
Senator McCaskill. But the IG cannot share that with me?
Ms. Duke. Correct.
Senator McCaskill. Or the Chairman of this Committee?
Ms. Duke. We would be happy to have a discussion about that
with you if you would like to go over the findings of the
report. I will commit to you that we will come in and talk to
you about the report.
Senator McCaskill. Well, I am going to need more
explanation about this because this could be a trend. All of a
sudden, we could have IGs all over government encountering
Departments saying, ``Well, this was a deliberative process. We
cannot talk about this,'' and then, all of a sudden, our
oversight is gone.
Ms. Duke. Right. We find it highly unusual for an IG report
to be solely focused on discussions within the Executive Branch
between--a lot of the report was focused on email
notifications, those type of things, where normally an IG
report would be focused on how did DHS implement the travel
restriction.
Senator McCaskill. Well, as somebody who has read probably
as many IG reports as anybody in this room and as many GAO
reports as anybody in this room, emails are always a part of
those reports.
Ms. Duke. And emails regarded to how we implemented it, I
think would be appropriate. I think the deliberative process
refers more in the early stages of how we converse pre-
decisional, if you will, within the Executive Branch over how
decisions were made.
Senator McCaskill. Well, I am going to ask for a one-on-one
briefing on this. If we have to do it in a classified setting,
whatever. I want to know what is being hidden from the public,
and then we can go from there.
On acquisitions, the recruiting contract, we have asked for
information on this recruiting contract for Customs and Border
Protection (CBP). We asked on January 3. We still have not
gotten anything. Was it competitively bid?
Ms. Grady. Yes, ma'am, it was.
Senator McCaskill. OK. So the best deal we could get was
paying $40,000 for every job that pays $40,000?
Ms. Grady. So we looked at it from the perspective of
competitive selection and that representing what best met our
needs at a fair price.\1\ So when we looked at it, we looked at
it in its entirety.
---------------------------------------------------------------------------
\1\ The information for the Record from Ms. Grady appears in the
Appendix on page 148.
---------------------------------------------------------------------------
As you know, we have struggled to hire the necessary staff
for border patrol agents, border patrol officers, Air and
Marine, and even despite the efforts of using a range of
options, including retention incentives and different things we
had done from a recruiting perspective, we have an average, a
net loss of about 400 positions for border patrol agents every
year.
This year, first quarter, we are down another 100. We
needed to do something above and beyond what we were able to
do, particularly with the intent to hire an additional 5,000
border patrol agents. We looked at it carefully and said this
is a surge need. We still need to continue to push on all of
the flexibilities from an HR perspective we have to meet our
staffing needs, but to meet the surge, we needed assistance
over and above what we had. And we had awarded a contract to a
company who has a proven track record for ability to accomplish
just that.
Senator McCaskill. Well, $40,000 per employee is
outrageously high. We are paying $40,000 to hire somebody we
are going to pay $40,000. For folks from where I live, for
people who think the government has lost its mind, this would
be Exhibit A.
Ms. Grady. I understand the concern, and one of the things
that was important to us about that contract is structuring it
so that we pay for actual onboarding when we get formal job
offers. We are not paying for effort; we are paying for
delivering results.
Senator McCaskill. $40,000 per?
Ms. Grady. Approximately. That includes initial startup
costs that are granted toward the recruiting efforts,
safeguarding information associated with personally
identifiable information (PII), and all of the branding and
efforts up front. So if you do on that net division, you could
come up with a figure close to that, but what we were really
focused on is getting the results. And it is a scalable
contract. It is an indefinite delivery indefinite quantity
(IDIQ) contract.
Senator McCaskill. Well, I will be anxious to get the
contract file. Will it come soon?
Ms. Grady. We are going to share that information with you,
and we would be happy to discuss the specifics of the contract.
Senator McCaskill. Well, we sent the letter on January 3.
Will it come soon?
Ms. Grady. I will look into the exact date we are going to
get it back to you.
Senator McCaskill. Can we get it in 2 weeks?
Ms. Grady. We will have issues associated with protected
information within that competitive source selection
information, but we are committed to providing that information
to you and being transparent about the processes.
Chairman Johnson. Senator Heitkamp?
Senator McCaskill. I hope you have an answer.
Ms. Grady. Yes, ma'am.
Senator McCaskill. Two weeks?
Ms. Grady. Two weeks.
Senator McCaskill. All right.
OPENING STATEMENT OF SENATOR HEITKAMP
Senator Heitkamp. there is a boatload of money that is
coming your way, and if we cannot trust that you are spending
it right, if we cannot trust that the decisions are being made
based on evidence-related factors and by professionals, this is
not going to go well. And so these issues that we are
confronting today are critical, and I think Senator McCaskill
has done a great job outlining just two areas where we have
concern because if we cannot see an IG report and all the
attachments, we are not doing oversight, right?
And if we have a problem hiring people, you have a problem
retaining people, what are you doing? Who are you talking to?
What are the other strategies that are being deployed to
maintain staff?
We spend a lot of time. I spend a lot of time, as you know,
on the Northern Border. I hate to sound like a--and I talk to
border patrol, and I talk to the challenges. And with a few
tweaks, you could get them to stay. Instead of paying $40,000,
you could walk into a high school and recruit high school
students. You guys are not being creative enough.
And this is hard work, and it is going to require different
thinking, but $40,000 to hire a job that pays $40,000? There is
no one who thinks that is a good idea.
Ms. Duke. Senator, you raise a good point about retention
and other activities.
So you may have heard about our leadership year. That is
focused on exactly having a concerted effort on why are we
losing people and looking at that from both a leadership and
management and a supervisor perspective.
The fact that we went up in the Federal Employee Viewpoint
(FEV) survey, the largest increase in government, I think,
shows that is working. We are hearing from our employees what
they want from a cultural perspective, and we are addressing
that. And we can talk more about that if you want the time.
Additionally, in border patrol especially where we have
high attrition and difficult to recruit, a lot of that has to
do with certain duty stations, and we are looking at
legislative proposals that might help and some things including
if someone goes to a location where it is not desirable, can
they have first choice. So we are looking at what we can do
internally and what we might have similar to Department of
Defense (DOD).
Senator Heitkamp. You need to get this house in order----
Ms. Duke. Yes.
Senator Heitkamp [continuing]. Because, like I said, we are
being asked to authorize and appropriate a lot of money.
Ms. Duke. Yes.
Senator Heitkamp. And if that money is just going to be
poofed and we look back on this time and say in our rush to get
this done, we did not do the right oversight, then shame on us.
I want to talk a little bit about Chairman Johnson's
chart,\1\ and I want to talk about the 9/11 Commission. I did
not know that you mentioned it, but this was one of the
recommendations, improving this, government oversight, somehow
by bringing in more of a defense authorization structure to the
Department of Homeland Security. I think that is the direction
that we need to head, and that was the recommendation that the
9/11 Commission made that was never followed through, partly
because we got jurisdictional turf battles that go with this,
right?
---------------------------------------------------------------------------
\1\ The chart referenced by Senator Heitkamp appears in the
Appendix on page 70.
---------------------------------------------------------------------------
Chairman Johnson. Nobody wants to give it up.
Senator Heitkamp. Yes, right.
If we are going to do the right kind of oversight, we
cannot have this kind of disparate jurisdictional challenges,
and this is probably more to the Chairman and the Ranking
Member. We have to start asserting our jurisdiction here, and
we have to start talking about how we are going to do a broader
oversight.
If it makes sense for you guys to be consolidated into the
agency that you are consolidated into, it makes sense for the
Committee on Homeland Security to have broad and consistent
oversight with the mission of the agency, and when we do not
have that, we do not have a plan. We do not have oversight when
we have not figured this out, and maybe there is ways to tear
down these barriers between the committee chairs.
I know that the House is trying a different kind of select
committee or whatever method. Can any of you comment on the
kind of authorization process that the House is going through
and whether you think that is working to give you a more narrow
focused point of contact on oversight?
Ms. Duke. We agree. I cannot specifically comment on the
House process, but we agree on the consolidation of authority,
and we are hoping an authorization bill would be a step in that
direction.
What we see from this Committee is a holistic look. So when
you talk about acquisition, for example, Senator, you talk
about a program, but you also talk about the system. And the
reason you are talking about the system is because of your
Committee, and in others, they have just such a narrow slice,
that we are not looking at the full system. And so I agree with
everything you are saying.
I know the House is trying to do a similar effort to
consolidate some of the authority, and we think we would get
more comprehensive oversight with a consolidation of
jurisdiction.
Senator Heitkamp. Right. I mean, you cannot force that. We
have to assert jurisdiction here.
But let us not pretend that we are going to get a broad
reauthorization oversight capacity here with this kind of mixed
jurisdiction, and so I really encourage this Committee to start
asserting its jurisdiction and start talking about this as a
problem.
Chairman Johnson. We also cannot pretend that we are going
to solve that problem overnight. It is going to require, I
think----
Senator Heitkamp. But, Ron, how old is the agency?
Ms. Duke. It is 15 years.
Senator Heitkamp. How old?
Mr. Kelly. Fifteen years.
Senator Heitkamp. Fifteen years. It is not overnight.
Chairman Johnson. Oh, no. I realize----
Senator Heitkamp. Let us quit pretending.
Chairman Johnson. Pussy-footing around.
Senator Heitkamp. Right. Let us quit pretending that 15
years of dispersed jurisdiction here is acceptable and we have
to wait longer. We have to get this problem fixed.
Especially when you are going to get 25 billion extra
dollars.
Chairman Johnson. It is why we are, I think, recommending
some kind of commission with highly respected individuals
serving to point out we are literally putting our Nation's
security at risk by having DHS so scattered in terms of--and
answer the same question with different committees.
Senator Heitkamp. Guess what? We had a commission. It was
called the 9/11 Commission, and they told us what we should do.
Chairman Johnson. I understand. Right. And Congress did not
follow it.
Again, we are on the same page here. We agree it is how you
fix it. Senator Peters.
OPENING STATEMENT OF SENATOR PETERS
Senator Peters. Thank you, Mr. Chairman.
I think I will follow on the theme of accountability, which
has been a big part of the last two questioners, and that deals
with some of the grant making that occurs within your agency.
Certainly, tens of billions of dollars of money have been put
out in various grants since 9/11, and certainly the taxpayers
have a right to know whether that money has actually made us
safer or not. And if it has not, then we need to make some
changes accordingly.
Mr. Kelly, I understand FEMA is currently reviewing the
Threat Hazard Identification and Risk Assessment (THIRA), which
is the process that agency and States use to undertake each
year. Is it true that these THIRAs are not being currently used
to drive grant allocations?
Mr. Kelly. I will have to get back to you on that specific.
I do not have that answer to you right now.
Senator Peters. OK. So that would be important because I
think we need to look at that, and my understanding is they are
not, and yet they are making these assessments. At some point,
they should get to the point where you actually have data, as
was mentioned, the actual metrics to be looking at before
grants are provided.
Mr. Kelly. Conceptually, I would agree with you on that,
but I cannot give you the actual answer right now to that
question.
Senator Peters. Great.
Mr. Scott, related to that, does the language in the draft
legislation require assessments and information? The State
prepared its reports in the THIRA. Do they have the potential?
I know you have looked at that issue. Do you believe that they
have----
Mr. Scott. I am not exactly familiar with that.
I will call on my colleague, Chris Currie.
Chris, do you have any responses?
Mr. Currie. Yes, Senator Peters.
So, in general, the House bill does essentially what we
have been recommending for over a decade, which is encourage
FEMA to better assess from year to year the effect of the
preparedness grants.
You mentioned the THIRA process. FEMA does use that, but
that is mostly developed by the State, and then FEMA relies on
the State's assessment.
So what we do not know year in and year out is how these
grants are making us safer and building our capabilities. So,
in short, we do not know what our investment of $50 billion
over the last 15 years is really buying us year in and year
out.
Senator Peters. Well, that is pretty troubling. If we do
not know what $50 billion has actually bought us, what would be
your recommendation?
Mr. Currie. Well, what we have been saying for over a
decade now is that FEMA needs to come up with its own
quantitative measure year to year of how these preparedness
grants are building our capabilities, and that is what is not
being done now. And that is what we would like to see.
And I think another important point is with all this
investment on preparedness and pre-disaster grants, it is not
clear what the impact is on the post-disaster side because that
is exploding. We are spending more and more very year on that
too.
So right now, it may not be buying down the cost on the
back end either post disaster.
Senator Peters. Great. Thank you. I appreciate that.
The question also back to Mr. Kelly and Mr. Scott, there
has been proposals to consolidate some of this grant process,
which his right now really fragmented. Has the OIG or the GAO
done assessment as to whether the action of consolidation would
increase the efficiencies in these programs and perhaps also
better align them to national priorities? Is that something you
have looked at?
Mr. Kelly. We have not initiated a review in that area. We
have been looking at some of the preparedness grants, and we do
a lot of work on the disaster assistance grants. We have
identified a number of challenges that exist.
We sent actually Chairman Johnson and Senator McCaskill a
letter in June making suggestions on how FEMA can improve their
structure and oversight of the disaster assistance grants.
There were a number of legislative proposals, administrative
changes in that proposal.
Senator Peters. OK. Mr. Scott.
Mr. Scott. Well, to the extent that across various grant
programs, there are opportunities to harmonize requirements,
opportunities to streamline reporting requirements. There is
always opportunities, I think, to wring out additional
efficiencies, both in the grant-making process, but also in the
grant administration process. So, as a matter of practice, I
think to the extent that actions can be taken to streamline
grant making, I think that is generally a positive thing, as
long as that goes with the necessary oversight of the grants.
It is important not just to get the money out the door but to
make sure we have the necessary oversight mechanisms in place
to ensure the grant money is properly spent.
Senator Peters. Great. Thank you.
Honorable Elaine Duke, a question for you related to
cybersecurity. When we are dealing with cyber-threats, really
the challenge is making sure that we are hardening the weakest
link because the bad guys are always looking for the weakest
link. And my concern is that although the Federal Government
certainly has a lot to do to strengthen our cybersecurity
efforts, I am very concerned about State and local governments
that simply do not have the same kinds of resources that we
have here at the Federal level and are certainly that weak link
in the overall system.
I am working with a colleague of mine in a bipartisan way,
Senator Perdue, to look at ways in which we can get the
Department of Homeland Security to work with State and local
governments that are voluntarily asking for assistance and
expertise within your Department. If you could talk a little
bit about what you believe we can do from the Department to
help State and local governments and if there are any specific
actions we should be taking here in the Committee to assist you
in your efforts.
Ms. Duke. Yes. Thank you, Senator.
We agree that State and locals can be assisted by the
Federal Government on a voluntary basis. We also think the same
for critical infrastructure segments. That the Federal
Government can play a role in the integration, not in an
involuntary way.
I think the NPPD, the Cybersecurity Agency Act will help
with that, and what we are looking at is we already have
deployed tools. That is the number one thing that we can do, is
let State and locals, let critical infrastructure use some of
the tools that we have deployed. That could be done more. We
are looking at that.
We are doing evaluations. The election subsector is an
example of when asked, we are going out and doing risk
assessments of structures for the State governments or the
local governments.
We think the collaboration--what we are looking at
overall--and then training is another area. We are giving
training, and then we have pre-position protective security
agents (PSA), put PSAs throughout the jurisdictions to do
onsite assist and help and remediation, and those are NPPD
Federal employees that are out there.
We think more needs to be done in this area. We agree. And
one of the things with the NPPD Act, we think it would do that
by having critical infrastructure and cyber and realizing that
cyber is a cross-cut across everything. It is not a stand-alone
function.
Senator Peters. Great. Thank you.
Chairman Johnson. Senator Peters, one thing we do know
about FEMA grants, the State and local governments love them.
So combine that with the fact that we do not know whether they
are really actually working, it definitely is a concern.
Senator Portman.
OPENING STATEMENT OF SENATOR PORTMAN
Senator Portman. I would like to piggyback on that cyber
issue because one of the questions I wanted to ask was about
workforce. As you know, back in 2014, we wrote bipartisan
legislation--this Committee strongly supported it--to upgrade
your abilities in the cyberspace, very concerned about the lack
of retention and also being able to attract top-flight talent.
That was 3 years ago. We asked that the GAO do a report 3
years out.\1\ I am pleased to say, Mr. Scott, that we got the
report just a few days ago, which is great. I saw it for the
first time last night, and your report basically says that DHS
has missed all kinds of deadlines.
---------------------------------------------------------------------------
\1\ The GAO report referenced by Senator Portman appears in the
Appendix on page 71.
---------------------------------------------------------------------------
So I understand the need to help State and local. I
understand the need to harden our own, but if we do not have
the personnel to do it, it makes it incredibly challenging.
So just quickly, Mr. Scott, tell us what are your specific
recommendations right now as to how we get DHS back on track
and begin to attract this workforce we need.
Mr. Scott. Thank you, Senator Portman.
As you mentioned, just yesterday, we issued a report really
highlighting the urgent need for the Department to take
additional steps to identify its cybersecurity positions and
critical skill requirements.
In summary, then Department has made some progress
categorizing and signing certain codes to some of its
cybersecurity positions.
There are some concerns with the accuracy of some of the
information they provided. For example, I think they estimate
about 95 percent of the positions were identified. We came in
and did an analysis and found it is really around 79 percent
because the Department basically excluded some of the vacant
positions. They did not count those in the math.
We made six recommendations, including for DHS to enhance
the procedures around identifying these vacant positions,
improving the workforce data, and developing specific plans to
identify and report on the critical cyber needs.
The Department concurred with all six of the
recommendations, so our expectations within the next 2 years or
so that they should be further along in addressing some of its
critical cyber workforce needs.
Senator Portman. That is great.
Ms. Grady and former Secretary, Acting Secretary, and now
Deputy Secretary Duke here, one of your recommendations was to
have accountability; in other words, have someone responsible
for every component. And I think that is something that you two
should focus on, given your management responsibilities.
Second, I was involved in 2002 in the legislation that
created the Department, as some of you know, and I have
wondered sometime since then whether we have created a
behemoth, something that is just too difficult to manage.
But having said that, the risk that we face in an
increasingly dangerous and volatile world, I think require us
to have one agency to just focus on keeping it safe, and at the
time, we did try to align the Committee structure with the
Department, unsuccessfully.
Again, in a 9/11 report, this was talked about, but I agree
with what the Chairman and other colleagues have said about
that, is that it is difficult for you. And the Chairman talked
about the number of testimonies you have had to give over the
last year and the inability for you all to focus on your core
function because you are dealing with so many different
committees and subcommittees.
So I do think it is a good idea, Mr. Chairman, and the
first step in it is to have an authorization from this
Committee because we have the bulk of the jurisdiction, and if
we are not taking that jurisdiction seriously and ensuring that
we do have authorizations, we are going to continue to have
even more erosion of that responsibility.
So this is good. We tried this back in 2011. Susan Collins
and Joe Lieberman tried it. We were able to get it out of
Committee. We were never able to get it across the floor, and
so I am glad you are doing this. And this authorization, as I
understand, is going to be a little more narrow, to try to
avoid issues, and I hope we can do this in a bipartisan basis
as kind of the first step toward a much broader issue here,
which is how do you manage this Department that has so many
different siloes, as Mr. Kelly said earlier, and make it work
better as a single entity. And this will help.
On oversight, I have to raise, as Chairman of the Permanent
Subcommittee on Investigations, you all have not been
responsive in a few of our requests, and we push. We write
letters, but let me just give you three quickly.
One is way back in April 2017, we asked some questions
about the management of the Chief Information Officer (CIO),
and I am not going to get into the details because we do not
make these investigations public typically until we report, but
we need that information. We have been given a minimal amount
of documents, most of which are not at all responsive to the
request, so need help there.
Second is back in December, we asked about your privately
run immigration detention facilities. Again, not to get into
the details, but we need that information, and you guys have
not been responsive. You have not produced any documents. We
have made phone calls. We have sent emails, status updates. We
need that information. That is back in December 6.
Then finally, in January of this year, just a couple of
weeks ago, we asked you guys for information on the procedures
to protect unaccompanied alien children. You remember we had
this hearing and a report on this topic and deep concern about
the lack of accountability. This was with Senator McCaskill and
myself. We were simply looking for what we were told at the
time you all were doing, which was a memorandum of agreement
that you were going to have between the Department of Health
and Human Services (HHS) and DHS. We were told that would be
done a year ago almost, February 22, 2017. You still have not
done it. So we need to figure out a way to get that information
to us, figure out why you have not accomplished that, and what
we can do to push DHS and HHS to get that memorandum of
understanding to protect these kids.
So on all those issues, can I get a commitment from you all
today? I will not ask for 2 weeks. I am going to be much more
generous. I will ask for 4 weeks, but we need to have a
response.
Ms. Duke. I apologize, Senator. I was not personally aware
of that, and I do commit that to you. I will give you, this
Committee, an update next week on all three and a timeline for
getting you that information.
Senator Portman. OK.
Finally, Mr. Chairman, this is going to be my last point.
With regard to the hearing and report from last week on the
fact that dangerous chemicals, synthetic opioids are coming
into our country through our own U.S. mail system and your
Customs and Border Protection people are not able to stop it
because they do not have the information, but we need to pass
the Synthetics Trafficking and Overdose Prevention (STOP) Act.
My colleagues, for the most part here, are cosponsors of
that and I think would agree with me, but we also asked for
some other things in that report, which is that DHS work better
with the Chinese government to shut down these labs, to stop
the shippers, to deal with it in China.
And I know you were along with Attorney General Sessions at
a session on this broader issue of security issues with China
last year. Can you tell us what has happened with regard to
China and their willingness to help us to stop this poison
coming into our communities by stopping it at the source?
Ms. Duke. We have made progress with China. The biggest
thing is that the percentage of packages that we can track,
which is key to shutting it down, has over doubled, and we are
making more progress. We need to be able to track all of them,
but the Chinese government has been very cooperative in that.
Senator Portman. It has not been very cooperative?
Ms. Duke. They have been very cooperative in being able to
track packages.
Senator Portman. How have they been cooperative?
Ms. Duke. They are helping us institute a tracking system
with the mail service. We do not have a mail service tracking
system in the United States, and there is not an international
one. So we have very good tracking of like Dalsey, Hillblom and
Lynn (DHL), United Parcel Service (UPS), and Federal Express
(FedEx).
Senator Portman. You have 100 percent tracking there
because we require them to do it, and we should require the
post office to do the same thing, but only half the packages
coming in of that increased volume admittedly from China has
that kind of advanced electronic data on it. So they are not
there yet, just so you know.
And my goal is not just to have that tracking information,
which is very important and that is what the STOP Act focuses
on, but how do you actually get China to do what they say they
want to do, because after our hearing in this committee room,
the Chinese government official spokespeople said, ``Yes, we
want to cooperate more with the United States.'' To me, that
was an extension of some kind of an olive branch to you all to
get with them and to begin to crack down, not just to have the
codes and to have the information, but to actually stop these
labs.
There are thousands of them in China. We know that. They
are creating this poison that is coming into our community and
to begin to prosecute some of these people who are involved.
We have two indictments. They have yet to arrest these
individuals that we have indicted over here who are Chinese
nationals. So my question is what more can we do on that front,
and what have you done?
Ms. Duke. I mean, we have been working with them regularly
in terms of--principally through the Department of State in
terms of working with China, but it is not just a China
problem. We have an opioid conference going on now in Miami
that I leave for tonight to look at how we can do enforcement.
As you know, it is hard to discuss everything in this
environment, but the transit to some countries, we are looking
at that, and stopping it not only in China but the transit, and
then also the President's council on trying to do the
deterrence for opioids.
So we support the STOP Act. We are hitting it from many
angles. It is a challenging problem.
Senator Portman. Yes. Well, we could go on and on, but I
would just say your own people tell us that primarily in our
own mail system and primarily from China right now and
understandably there is a lot of transshipment going on and
maybe even some new routes that are being developed, but we
know we have a huge issue here. It is the number one killer in
my home State of Ohio. Now 60 percent of overdose deaths this
last year were from fentanyl and carfentanil.
So thank you for pushing the Chinese more on helping to
stop this at the source.
Chairman Johnson. Thank you, Senator Portman. Again, you
are doing great work on that. Senator Hassan.
OPENING STATEMENT OF SENATOR HASSAN
Senator Hassan. Thank you very much, Mr. Chairman, and
thank you all for being here today.
I will just add to what Senator Portman said. Enforcement
deterrence on fentanyl coming into the country is obviously
important. So is treatment so that we can reduce the demand in
this country for opioids, so if you would take that back to
your colleagues throughout the Administration. We cannot arrest
our way out of this. We have to do everything to get out of
this, and we would love the Administration's help.
Secretary Duke, I wanted to just start. I have three areas
to explore this morning. You talked about election securities,
critical infrastructure, and I wanted to ask you to please
share with us in more detail the scope of activities that DHS
has undertaken to help secure our Nation's election
infrastructure. What specific actions has the Department taken
in 2017 and 2018 to advance the mission?
Ms. Duke. And I will have Chris come up to the table to get
into more specifics, but principally, we are doing assessments
of the systems, as requested by the State and local
governments.
We have also made available our Systematic Alien
Verification Entitlements (SAVE) system for checking rosters,
but on the critical cybersecurity side, it is principally
focused around assessments.
And I think you all know Chris Krebs.
Mr. Krebs. Good morning, ma'am.
Senator Hassan. Good morning.
Mr. Krebs. Senior Official performing the duties of the
Under Secretary for NPPD.
Senator Hassan. Can you say that again? [Laughter.]
Mr. Krebs. Hoping to change that.
Chairman Johnson. Faster.
Mr. Krebs. Three principal lines of effort: information
sharing, technical support, and incident response planning.
On the first line with information sharing, we are working
closely with the Multi-State Information Sharing and Analysis
Center, which has direct relationships with State and locals,
to provide best practices, information on strategic and
targeted risks to election infrastructure, but also providing
security clearances to State and local officials.
Senator Hassan. That was going to be my next question.
Mr. Krebs. Yes, ma'am.
Senator Hassan. So you are working to ensure that State
election officials have the appropriate security?
Mr. Krebs. And we have kicked off that line of effort. We
have a number of the 50 senior election officials, where about
37 into at least getting into the interim----
Ms. Duke. And just adding to that, on clearances, while we
are making progress on the longer clearances, we are giving 1-
day clearances as an interim gap.
Senator Hassan. And are you working to provide election
officials with access to Sensitive Compartmented Information
Facility (SCIF)?
Mr. Krebs. Yes, ma'am. That is part of the relationship
with the Federal Bureau of Investigation (FBI). We are not
going to give them SCIFs, but we are going to coordinate ways
that they can come into SCIFs, whether here in DC. or in their
local offices.
Senator Hassan. OK. And are you working to ensure that
State election officials are coordinating with both the State's
homeland security advisor and the State's chief information
officer?
Mr. Krebs. Yes, ma'am. So, as a part of every State, in the
learning experience over the last year, rather, we have come to
understand that there is essentially a triumvirate per State,
and you have just highlighted--the senior election official,
the State CIO, and the homeland security advisor. And so each
State has a bit of a different arrangement, particularly on the
senior official side; we are developing separate and individual
information sharing protocols per State.
Senator Hassan. OK. I may follow up on this a little bit
with Mr. Scott and Mr. Kelly about your own assessment about
whether DHS is doing enough, but I want to, just because of
time, move on to a couple of other issues. And then we may be
able to talk some more about that.
To Secretaries Duke and Grady, I would like to touch upon
an initiative being spearheaded jointly by the DHS Office of
Intelligence and Analysis and DHS's Chief Information Officer.
As I understand it, the DHS Data Framework Initiative is
the Department's effort to unify your disparate datasets under
one technological architecture in order to enhance DHS's
ability to identify terrorist threats in our travel system.
As I understand it, our existing framework is still in its
initial phase of development, but it promises to bring
important capabilities to DHS analysts in their effort to try
to keep out foreign fighters and those who wish to do us harm.
Can you describe for us the value of the DHS Data Framework
project and the priority the Department places on this
initiative?
Ms. Duke. I cannot tell you how strong, and it is a top
priority.
The Data Framework is essential for moving forward against
terrorism, TCOs, drugs. So what it does, it does several
things. One is a systems issue at kind of the pipes area. The
second is we are looking at better communicating between law
enforcement-sensitive and intelligence information and also
coordinating intelligence.
Under Secretary Glawe has a major initiative as part of
this data network to really be the Chief Intelligence Officer
of the Department. It is part of the overall Unity of Effort,
and that is going to be helpful, but then also not just having
intelligence, but having intelligence communicate with law
enforcement at the law enforcement-sensitive level.
And the timeliness and the accuracy, things are moving at
lightning speed and especially with something like a
radicalization. We do not have the years of tracking a criminal
anymore. We are all focused on this. It requires management
from the pipe standpoint, me from a leadership and Under
Secretary Glawe.
Senator Hassan. Well, certainly, there are those of us who
want to support you in the effort, and I would look forward to
working with you on that.
I had one other issue, and maybe--I assume we are going to
get some other questions. I see it, Mr. Chair.
But you have been talking about the NPPD change and wanting
to put cybersecurity kind of into the title. I am a little
concerned that cybersecurity is more important than that, and I
am wondering what authorities would an independent operational
cybersecurity component need to retain from NPPD in order to be
successful and would any of NPPD's non-cyber functions suffer
if the cybersecurity mission was pulled out and turned into an
independent DHS component.
I am over time. If you want to give a very brief answer and
then work it into the rest of the discussion on this, that
would be great.
Ms. Duke. I think that the NPPD reorganization and name
change is not just a name change. It does come with the
authorities and the Under Secretary.
I do think that cyber and critical infrastructure together
work well. We can talk more about that.
Senator Hassan. All right. Thank you.
Chairman Johnson. Senator Lankford.
OPENING STATEMENT OF SENATOR LANKFORD
Senator Lankford. Thank you, and thanks to all of you. I
know we have lots of questions we are peppering you with, but
it was interesting that we bring all these issues. And some of
this is 15 years of pent-up energy and of questions, but for
GAO to begin a report, which GAO typically brings us all the
bad news first, and GAO led with there is a lot of good news
here. And there is a lot of things that are changing and making
those adaptations.
We had hearings just 2 years ago talking about the HR
system and about how difficult this has been for DHS, and now I
am hearing that the numbers are changing as far as the time
period for hiring.
It used to be for Customs and Border Patrol, it was about
350 days-plus. It got up close to 400 days for a while to be
able to hire one agent. Where are we now in that process?
Ms. Grady. So those numbers are definitely coming down, and
the other thing that we look at is the number of applicants. We
need to hire a single person, and that number was well into
triple digits. We have that now into double digits, which is
still way too high, but using a combination of streamlined
processes, meaning combining multiple steps in a single site at
a recruiting event and other actions that we have taken, we
have been able to drive that down. It is still too long.
One of the things that we are looking at is we have been
keeping the numbers as a complete average on a metric. In some
cases, an individual can be an extreme outlier with 800 days.
That is literally the worst I have seen. So we are looking at
what is the average for, say, the 80 percent so that we do not
have outliers driving the metric.
It is headed in the right direction, not as fast as we
would like. It continues to be a focus, and I meet with the
head of Human Capital and the Chief Financial Officer (CFO) for
each of the components that have hiring challenges and mission-
critical operations to track that number.
Senator Lankford. That is something that Senator Heitkamp
and I have worked on a lot, and it is something we are still
committed to be able to work on. If there are specific
legislative requests that you have for that, we need to know,
and so we can help work through that process.
There are 120 different hiring authorities that are sitting
out there. It is a complicated mess to be able to go through
the process.
If there are things that you see--we are doing our own
work, but if you see things, we are glad to be able to hear
those as well.
Ms. Grady. We appreciate that, sir.
Ms. Duke. Senator Lankford, we do have a couple. One would
be expanded authority to waive polygraphs; for instances, for
local law enforcement that have been cleared and we can give
you more detail and also some expanded hiring authorities.
We would like to be a delegated special hiring authorities
similar to Department of Defense, and I can articulate those
for you or your staff to be able to do some flexibilities
without having to ask permission.
Senator Lankford. OK.
Chairman Johnson. I will stop your time. Talk about the
polygraphs because in talking to CBP, there have been
improvements there, and it is more streamlined. We are not
rejecting so many, but still, I think getting the good
information.
Ms. Duke. Right. First of all, we went to the FBI to get
some best practices and time and the types of polygraph they
do. We changed the type of polygraph, and it has been still
effective, but it has pushed up the numbers.
Additionally, we were looking for the ability to waive on
certain classes of low-risk people, and that would include
local law enforcement. We have the DOD with current top secret
(TS) clearances. Those type of things would be helpful. That
does tend to be longer.
I think the all-in-one hiring that Mr. Grady talked about
is really helpful, but expanded ability to waive would be good.
Senator Lankford. Mr. Scott, you were going to mention as
well?
Mr. Scott. Yes. I just wanted to make the Committee aware,
we do have some ongoing work currently looking at the
challenges the Department is facing in terms of border patrol
agent hiring, and we anticipate reporting out on that later
this year.
One of the things I would also caution, though, is that it
is important to really understand the root causes, both in
terms of what is preventing you from hiring the right people
and targeting them initially, but also the need to sort of
balance the goal of hiring additional agents and making sure we
are not in some way potentially compromising the quality----
Senator Lankford. Right.
Mr. Scott [continuing]. Of the agents we are getting.
And I know that is something--I am sitting here right next
to Claire. I know it is something they are well aware of, but I
think it is really important to emphasize. Having a goal to
hire more is one thing.
Senator Lankford. Right.
Mr. Scott. Having a process to make sure you hire the right
people is a totally different thing, and I want to make sure
that balance is not lost in the rush to hire additional agents.
Senator Lankford. And I would completely agree with that,
and I do not think there is anyone at this table that would
disagree.
Mr. Kelly. If I could add an additional area that they have
a challenge in, and that is once they hire them, promptly train
them, and having the facilities available to provide the
training to those individuals.
Senator Lankford. Is there a specific need that you see
already at this point on the location and facilities for
training?
Mr. Kelly. We are doing some work that is identifying
limitations and their ability to train the individuals that
they are hiring.
Senator Lankford. Will there be recommendations attached to
that as well?
Mr. Kelly. Yes.
Senator Lankford. OK. When will we get that?
Mr. Kelly. I cannot give you a hard date.
Senator Lankford. Try.
Mr. Kelly. July.
Senator Lankford. July?
Mr. Kelly. Yes.
Senator Lankford. OK. That is great.
Ms. Duke. And, Senator, also in Secret Service, there are
training constraints. That is a critical path, and we are
working on expanding the facilities for Secret Service also.
Senator Lankford. OK. How much facilities sharing can we
use? Obviously, there is a lot of law enforcement training
facilities nationwide that we have that are Federal facilities.
Are there any of those that we can share facilities?
Ms. Duke. Yes. The Under Secretary can talk more, but we
are looking at not only facilities, but--for initial training,
but shooting ranges and those type of facilities for
consolidation.
Ms. Grady. We have explored things like mobile firing
ranges to allow people to attain certain proficiencies and
maintain that, and we are looking at available facilities
across Federal and local to make sure that we are taking full
advantage of what is available rather than duplicating.
Senator Lankford. Yes. Again, there is no reason to rebuild
something that already exists.
Let me just make a couple of quick comments with this as
well. One is for Senator Hassan's comments on cybersecurity,
specifically related under our elections, Senator Harris and I
have done a lot of work on this. I was very pleased to be able
to hear your answers of the cooperation.
It is one of the frustrations that we had in going through
this, was how long it took after the last election for
individual States to even be notified, and the common answer
was ``We do not have any one with clearance,'' ``We do not have
any method to do that.'' So to hear you are proactively
pursuing that is very helpful to know. That is something we are
trying to put into legislative language to make consistent from
here on out that there is that ongoing cooperation.
So to Chris and what you had mentioned before and for you
all, thank you for doing that. We are going to continue to be
able to work cooperatively with you because we think that is
exceptionally important.
And I can just make this one comment here for Senator
McCaskill as well. As this whole table so far has talked about
metrics, I am very pleased to hear that. This Committee passed
out unanimously a bill that Senator McCaskill and I have called
the Taxpayer's Right to Know that works on identifying the
metrics and programs and what is out there. It has come under
this Committee unanimously. It is not across the floor, and if
any way we can get that done, that will help us all. It is a
nonpartisan bill on basic transparency on it, and we are
looking forward to being able to get that done.
Thank you, Mr. Chairman.
Chairman Johnson. Senator Harris.
OPENING STATEMENT OF SENATOR HARRIS
Senator Harris. Thank you, and I could not agree more,
Senator Lankford, and I thank you for your leadership on those
points.
Secretary Duke, I have to tell you I was a bit troubled by
the exchange you had with Senator Portman when he asked if you
were familiar with the requests that he as a member of the U.S.
Senate has made to your Department, and you were not personally
aware. I would imagine that before you come to testify before
the U.S. Senate, you would have done an inventory to find out
if there are any requests that have come in, what is the status
of those, and have they been answered.
On the issue of election, cybersecurity, as you know, the
midterm elections are coming. They are around the corner. In
fact, in Texas, I believe that voters will go to the polls on
March 6, and while DHS has provided a risk and vulnerability
assessment to some States, other States remain on a long
waiting list, I am told, the waiting list being as long as 9
months.
And I would like to know what is your timeline for getting
these done.
Ms. Duke. OK. Chris will talk about the specific timeline,
but we have made measures in terms of both prioritizing and
making the list short.
Senator Harris. Can you give me a date by which it will be
done?
Mr. Krebs. So, first off, starting with the 9-month wait
list, that is actually probably about 6 months old, and in
fact, what we have done is we have reprioritized. That is the
benefit of the critical infrastructure designation, I can take
election infrastructure and put it at the top of the list.
Senator Harris. Great.
Mr. Krebs. So we have done that.
Senator Harris. When will they get done?
Mr. Krebs. So we have conducted five. We have another 10 or
11 in the hopper, ready to schedule through probably about the
beginning of April.
The dependency here is whether we get requested for risk
and vulnerability assessments. There are States--South
Carolina, for example--that has the capacity to conduct their
own technical assessment of the security of their networks.
So while some States have their own abilities, we are
focusing and doing a lot of awareness on those States that need
additional help, so that is what we are focused on right now.
Senator Harris. How many? How many States have requested
that it be done?
Mr. Krebs. At this point, as I mentioned, five have been
done. Another 11 are in the queue.
Senator Harris. So my question is, how many States have
requested?
Mr. Krebs. Sixteen.
Senator Harris. Sixteen.
Mr. Krebs. Yes, ma'am.
Senator Harris. And when will all 16 be completed?
Mr. Krebs. My understanding of the scheduling, probably
about mid-April.
Senator Harris. Do you have a date certain?
Mr. Krebs. I do not have an April 15 or anything like that,
but April is the timeline for completing the requested.
And my hope is that we have more come in and over the
course of the next several weeks, in fact, but we will
prioritize----
Senator Harris. But where is Texas on that list since their
primaries are March 6?
Mr. Krebs. I would have to get back to you on that. I do
not have that information.
Senator Harris. OK. I would want to know that you are aware
of the 16 States at least and what their dates are for their
primary----
Mr. Krebs. Yes, ma'am.
Senator Harris [continuing]. And that it would be your goal
to have their assessment complete before their primaries
actually occur and before those voters go to the polls.
Mr. Krebs. Yes, ma'am.
Senator Harris. And I am concerned that you do not know the
timeline. Given that we have unanimous consensus among our
intelligence community that Russia interfered in the election
of the President of the United States, it would seem to me that
this would be a high priority for the Department of Homeland
Security, and you would be clear about the timelines.
I have other questions. Part of my understanding is that
the delay in processing these requests are that you do not have
skilled workers to complete the scans. Is that correct, or is
that not the problem? I am trying to understand what the
problem is with the delay.
Mr. Krebs. Ma'am, the delay is that the risk and
vulnerability assessment capability is also servicing other
critical infrastructure sectors and in fact also Federal high-
value asset assessment.
So what we have done is put at the top of the pile the
State and local election officials right now. So we have
deprioritized others and put those at the top.
With more, I can do more. So we are looking at ways to
increase training, to bring additional personnel on, and also
there is an equipment requirement that we are procuring new--
additional equipment.
Senator Harris. So if we can be a little bit more precise,
do you have the necessary personnel and funding and other forms
of resources to provide the States with their request and get
this completed in a timely manner?
Mr. Krebs. For those that have requested right now, we have
the capabilities to conduct, as I mentioned, on the existing
timeline.
Senator Harris. Great. How many State election officials
have applied for security clearances?
Mr. Krebs. At this point, I believe it is 37 have submitted
their paperwork. We have one final secret issued. We have about
17, I believe, interim secret. This changes on a daily basis.
Again, the opportunity to do daily 1-day read-ins on any issue
that might come up, and in fact, we are going to do a number of
briefings over the course of the next couple weeks for State
election officials.
Senator Harris. So those daily 1-day readings----
Mr. Krebs. One-day read-ins, yes.
Senator Harris [continuing]. Mean that if you wanted to
have some consistent information about what is happening, you
would have to call in every day to get a 1-day reading? Is that
what you are saying?
Mr. Krebs. It depends on the bulk of the information and
the intelligence that we want to share, but it would require me
to either be in person with those folks or have local
intelligence officials read them in that day.
Senator Harris. That seems extremely bureaucratic.
Mr. Krebs. Of course. That is the reason----
Senator Harris. And they are not in agreement.
Mr. Krebs. Yes, ma'am. And that is the reason we are----
Senator Harris. So the goal, then, is to get them
permanently receiving their security clearance?
Mr. Krebs. Yes, ma'am. In fact, not just the senior
election official in the State, but also additional staff. So
we are at the point right now of one senior election official
per State and two additional staff with security clearances.
Senator Harris. So what percentage of those that should
receive security clearances to completion, completing that
process, have actually received those clearances?
Mr. Krebs. The percentage, I do not have percentages in
front of me.
Senator Harris. About what number?
Mr. Krebs. I think we are probably at about a 30 percent
rate for the 50 senior election officials, and that is
including an interim secret level. And an interim secret gets
you effectively the same access as a permanent secret, but we
have prioritized, again, this process of vetting and issuing
the clearances. And we will continue to do so in advance of the
2018 election.
Senator Harris. So let us just keep going with Texas as the
example. March 6 is their primary. Have they received their
security clearance?
Mr. Krebs. Ma'am, again, I would have to come back to you
on the specifics of Texas. Every State has----
Senator Harris. OK. Please respond to this Committee and
give us a precise timeline on when they will be completed, and
we would like to see on that timeline when each of these States
are actually conducting their primaries to see if you are going
to actually get this done by the time people start voting.
Mr. Krebs. Yes, ma'am.
Senator Harris. Thank you.
I have nothing else.
Chairman Johnson. Chris, do not go away. Let me just follow
up.
I remember in 2016, I think one of the problems was just
identifying who to contact in the States, and so the question I
have for you, have we identified in every State the individual
or individuals that do need to be identified that can
effectively handle whatever information you provide them?
Mr. Krebs. And that is what I mentioned earlier. We have an
individual State-by-State protocol for notifying, whether it is
a State commissioner of elections or a Secretary of State. So
we are working through those individual processes right now.
Each State will have, as I mentioned that kind of triumvirate
of----
Chairman Johnson. Again, my question is, do we have those
individuals identified for every State?
Mr. Krebs. Yes, sir.
Chairman Johnson. So now just going through the protocol of
getting them security clearances?
Ms. Duke. Yes. We have them identified.
Chairman Johnson. OK. I want to make sure we at least
cleared that hurdle. Senator Jones.
OPENING STATEMENT OF SENATOR JONES
Senator Jones. Thank you, Mr. Chairman.
I want to go talk a little bit about the budgeting. I have
been really kind of focused on budgeting lately with all these
continuing resolutions (CRs). Obviously, it is kind of an
unusual situation with somebody sworn in as a U.S. Senator and
we immediately start shutting down the government with things,
and that has bene a concern, budgeting, I heard during the
campaign.
We have heard Secretary Mattis being pretty focal about the
Defense Department and the negative effects that these CRs have
on defense. Do you see that with Homeland Security? Is that a
problem? And if you could outline the effects that some people
call it crisis budgeting. Some people call it hostage
budgeting. Whatever it is, from just kicking the can down the
road, can you address that a little bit?
Ms. Duke. Shutdowns are disruptive. I will start with our
employees. We have 240,000 employees that go through a period
where they are not sure if they are going to get paid or those
that must come to work have to come to work and others do not
and probably still will get paid after the fact. So there is a
true employee issue.
We have to focus on the mission, and because under a CR or
a shutdown, you are at last year's level, it constricts us in
adapting to priorities, and we cannot do new starts. So if any
emerging need comes up, we cannot address it because we cannot
start something new. In a mission area so dynamic as homeland
security, that is very constricting.
It also, like the jurisdictional issue the Chairman talked
about, is disruptive. Our new Under Secretary has spent quite a
bit of time with planning and reacting to shutdowns. It is
administratively a huge burden that distracts from the mission.
Ms. Grady. It is also a huge burden operationally because
you are operating under a continuing resolution. You do not
know with certainty what your budgets are going to be for the
next year. You have the problem with any new starts that you
cannot begin. We are in the middle of the second quarter of the
fiscal year without a full budget telling us what we have for
the year.
So in terms of operational planning, in terms of moving out
on important hiring efforts, in terms of important
acquisitions, we are hamstrung until that gets resolved, and
that has a ripple effect throughout, especially when you try
and compress spending of very important resources for very
important capabilities, and then it is now in a compressed
period of time potentially.
It has a huge operational impact. It adds administrative
burden, and it is just difficult to operate, especially a
number of short-term CRs.
Senator Jones. Does it add cost, administrative cost and
other cost?
Ms. Grady. It absolutely does because you enter into short-
term decisions or short-term bridges, or you make short-term
decisions to accommodate what you have from a financial
perspective that you would not make if you had the full budget
available at the beginning of the fiscal year.
Senator Jones. Right.
Ms. Duke. The Ranking Member mentioned acquisition, which
is always a high interest for all of us.
The Federal Government traditionally spends too much in the
fourth quarter anyway, and these short-term CRs push it even
further into awarding quickly in the fourth quarter and
spending maybe not in the most judicious ways.
Senator Jones. OK. Not to bring up probably a sore subject,
but this past week, a CNN reporter found some pretty sensitive
documents in the back of an airplane, which could have
jeopardized a lot of things. What happened, and what all was
found? And what can be done to stop that? That was a pretty
serious breach, in my opinion.
Ms. Duke. Yes. The actual leaving of the documents, we will
be handling under a personnel matter, similar to anything else
that is a breach of our responsibilities of our employees. We
will handle it that way.
In terms of the material and the documents, that is
something we are working on. It is old information. It is what
we tend to call a hot wash of what we see and what we are
looking forward to, but that will be handled in our personnel
system.
Senator Jones. Is there anything that can be done in this
to try to stop that? Are you looking at ways to try to figure
out how to keep that?
I know that may be an isolated incident, but still it could
be a pretty serious isolated incident.
Ms. Duke. Yes. I mean, protecting both for official use
only and classified information is very important, and just
reiterating it, I think that this is a reminder to all
employees when they hear about it of how careful we have to be.
An important responsibility of being a civil servant is
protecting that.
Ms. Grady. So a slightly bigger response to that question
from an insider threat perspective, which is safeguarding the
information that has been entrusted to us. We have expanded our
Insider Threat program to go beyond classified information, to
look at the sensitive and unclassified information that are
essential to our missions, to ensure that we are monitoring for
usage and taking appropriate action if we identify a potential
vulnerability.
So we have gone beyond the traditional definition of
insider threat, which would limit it to classified, to look
across the information that we can control and make sure that
we are safeguarding against exfiltration and inappropriate use
of that information.
Senator Jones. OK. Great.
Thank you, Mr. Chairman.
Chairman Johnson. Thank you, Senator Jones.
I think we are waiting for Senator Daines to come back, but
in the meantime, I would just like to pick up on what Senator
Jones was talking about, shutdowns. What percent of the
personnel in DHS were considered essential and required to come
to work? Approximate. I am not looking for----
Ms. Grady. It was about 70 percent. Most of the individuals
that were determined to be nonessential are individuals who
work on longer-term actions. We did nothing that would in any
way, of course, jeopardize national security, but individuals
who were moving things forward in terms of critical policy
initiatives, in terms of planning for future budgets, in terms
of just the longer-term strategic efforts tend to be the
individuals and the sorts of functions that----
Chairman Johnson. So you really did send about 30 percent
of your workforce home. They did not report.
Now, unfortunately, I have been around here, and we have
had a shutdown. The fact of the mater is everybody gets paid
eventually. In our Senate office, we made them all essential
because we knew they were going to get paid.
Seems we are talking about authorization, have you thought
of during that shutdown anything we could do in the
authorization to make this more clear-cut and really protect
your Department and we can potentially talk about doing it
governmentwide? I support the End Government Shutdown Act,
which would just--if we do not get our act together, if we just
keep funding government at the current level, and then you
start putting a little discipline in there after 90 days or 120
days, something like that, but, I mean, set aside a
governmentwide End Government Shutdown Act. Is there something
in this authorization we can take advantage of in the recent
rearview mirror?
Ms. Duke. We actually had not considered that, but it is
not just the day of the shutdown. It is the weeks leading up to
it where there is angst.
Some of the biggest portions of our workforce, say
transportation security officers, are in the low end of the
scale. So even having to wait for the money could be critical
for them.
Chairman Johnson. Well, give that some thought. I am hoping
to mark this bill up. If we cannot do it by next week, we are
going to be holding a markup, and maybe it will be the
following week, if we delay it, if there are more complex
issues. But give that some thought.
Ms. Duke. Will do.
Chairman Johnson. Again, the reality of the situation is
every time there has been a government shutdown, everybody gets
the backpay, and it is incredibly unfortunate that there is
this level of dysfunction. But let us take a look at maybe
addressing that here, and it could be potentially an example
for other parts of government.
Ms. Duke. If we may, too, while we are talking about
personnel and waiting for Senator Daines, disaster workforce
flexibility is something that could help us in responding to
future disasters.
We have a major core workforce in FEMA that are not career
employees. We have no ability to transition the best of those
into the Federal workforce. That is one of the personnel
provisions we would look at under an authorization bill.
In addition, having some ability to do noncompetitive
temporary appointments, we are looking at some of the things
with recruiting from high schools and the Pathways program, but
some of those workforce structure flexibilities that we could
have similar to DODs.
Within CBP, I mentioned within border patrol specifically,
we are looking at incentives for families in some of the
isolated areas. Similar to DOD, give preference for spouses for
Federal employee, those type of things that would help make
those not as non-desirable locations?
Chairman Johnson. So I know we have held something like 25
informational meetings with staff to engage us and majority and
minority staff. If those things are outside of comments made
during those meetings----
Ms. Duke. OK.
Chairman Johnson [continuing]. Get a list of those
compiled. Get some proposals. I am assuming these things are
not in the House authorization bill.
Ms. Duke. No, they are not.
Chairman Johnson. So, again, let us list all these things.
Ms. Duke. OK.
Chairman Johnson. And if we can come to agreement here on a
bipartisan basis, I think those are some good initiatives. We
should include it here so that we can get this passed.
Ms. Duke. OK. And we have a two-page list of what we would
call our ask, things that would be helpful for us that we think
are in concert with not only you as the Committee but the IG
and GAO, and we will have those to you today.
Chairman Johnson. OK. You have those today?
Ms. Duke. Yes.
Chairman Johnson. Good.
Ms. Grady. And those have been largely a subject of the
ongoing conversations with staff, so that we can make sure that
they are being----
Chairman Johnson. OK. We can formalize it for the record
here, and again, we will get back with you on that. Senator
McCaskill.
Senator McCaskill. Yes. Let us talk about this contract and
suspension and debarment. Was it bid for the Tribute meals in
FEMA?
Ms. Grady. Yes, ma'am.
Senator McCaskill. It was bid?
Ms. Grady. Yes.
Senator McCaskill. This was not a small business situation?
Ms. Grady. This was not a small business set-aside, no.
Senator McCaskill. OK.
Ms. Grady. That is my understanding.
Senator McCaskill. And you all had no heads-up. You had no
ability to find the previous problems with their failure in the
defaults?
Ms. Grady. We are dragging into this one right now and
looking at what happens. It was terminated quickly. I do not
have information that I have seen relative to the due diligence
we did on the front end for the responsibility determination.
Obviously, that is something that we are looking at and
understanding what happened associated with that.
We do have a robust suspension and debarment program, but
we suspended and debarred about 190 people last year--or firms,
the largest in the Federal Government, and we are in the
process of updating our suspension and debarment instruction to
make sure that we are fully reflecting best practices, and at
the IG's recommendation, we are going to be moving to a case
management system to ensure that we have more complete
documentation and tracking.
Senator McCaskill. So Tribute is going to show up again,
maybe not at DOD, but at another agency. How are we going to
ding them so we quit hiring them?
Ms. Grady. Anytime you terminate, there is a notification
that is provided. In addition, you provide the past performance
information to inform that and proceed with suspension and
debarment activities.
Senator McCaskill. Why did not that happen? Maybe you guys
can speak to--they clearly had defaulted on a number of
government contracts. Now, they were much smaller, but there
have been a number of Federal Government contracts they
defaulted on. But from what I read about it, you all did not
have any flag in the system so it would have shown up.
Ms. Grady. So my suspicion--and again, this is just based
on my professional judgment, not based on facts, so I want to
make that very clear--is because the dollar value, they were
below the simplified acquisition threshold, and that may be
have been a loophole in terms of reporting, but again, that is
my speculation, not information that I have verified.
Senator McCaskill. Well, we are going to dig into it.
Ms. Grady. As are we.
Senator McCaskill. And I know you all will. Let us work
together and try to get to the bottom of it.
I would really like to know what we need to do to
strengthen the ability of the Federal Government for suspension
and debarment because I know that it has been byzantine at
times in terms of the process, and what has happened is rather
than go through the process of suspension and debarment, you
just default the contract and move on. And then that bad actor
remains a viable contractor in the Federal system.
Ms. Grady. I agree. And the suspension and debarment,
because of due process, has probably been taken to an extreme,
and the length of time it takes to get somebody on the debarred
list is inordinate in terms of protecting the Federal----
Senator McCaskill. How long do you think it takes?
Ms. Grady. My estimate would be it is probably over 2 years
because you typically allow things to go through the process.
As is the case of the contract we are discussing, the company
has disputed the termination, and so we are going through that
process under the Contract Disputes Act and working through
that.
While that is being resolved, you cannot put them in the
debarred list. It would certainly reflect that their
performance as we saw it--and the company has the opportunity
to present the information as they saw it relative to their
performance, so that is available to inform a source-selection
decision, and we require our contracting officers to look at
the past performance of companies in addition to suspension and
debarment because our goal is to deal with companies who
perform will.
Senator McCaskill. But are you only looking within your
Department?
Ms. Grady. Across Federal Government. My suspicion is
because of the very limited dollar value that they did not get
reported, but that is something that we are looking into.
Ms. Duke. I was going to say on the responsibility
determination, which is separate, there is a governmentwide
repository of past performance information.
Senator McCaskill. Right.
Ms. Duke. Under your government affairs role, information
is not regularly entered in that. If you matched the number of
government contracts against the number of contracts that are
reported in the performance system, it is woefully
underreported.
Senator McCaskill. Woefully underreported.
Well, I would like to get to the bottom of this and see if
we cannot put something in this authorization of the Department
that would be helpful with this.
And the other thing I would say about FEMA, it is not like
you guys do not know you are going to have to buy meals, right?
Cannot you have some kind of standing, qualification for
emergency meal providing in FEMA that then you can draw on when
these occurrences happen?
I mean, the idea that we would go with an unknown company
to deliver 30 million meals seems bizarre to me.
Ms. Grady. So we do have--and planned and have strategic
big vehicles available and also avail ourselves of the Defense
Logistics Agency, who has also a number of vehicles available.
I think the combination of the number of storms, the response,
and the isolated location in Puerto Rico put a particular
challenge on the system.
For example, another contract that did not go well was blue
tarps.
Senator McCaskill. Right.
Ms. Grady. We had a number of instances where we went
beyond what we would normally use. We had just the amount of
response and the amount of effort in multiple sites just tapped
into all the sources, so we were expanding sources beyond which
we would normally ever have to----
Senator McCaskill. Because of the fact that you had three
simultaneous----
Ms. Grady. Right.
Senator McCaskill [continuing]. Situations you were trying
to deal with.
Ms. Grady. And the urgency and----
Senator McCaskill. That makes me feel a little better.
Ms. Grady. Well, the meal mission in Puerto Rico was bigger
and longer than anybody had anticipated and quite frankly
historic in its nature.
Senator McCaskill. Yes. Thank goodness for all the
charitable work that went on to provide meals because clearly
the government fell down on the job.
Ms. Grady. We always work closely with the non-governmental
organization (NGOs), and that is a key element associated with
the response and recovery of any disaster.
Senator McCaskill. I want to briefly ask about this vetting
center. I am a little worried about the vetting center. I mean,
we have six or seven different things in government that do
this. Why are we creating a new one?
Ms. Duke. The intent of the National Vetting Center is a
consolidation.
Senator McCaskill. What are you consolidating?
Ms. Duke. It has not been determined yet. The terms of the
vetting center are that we will do some consolidation, but the
details are to be worked out, now that the President has
announced it.
What we are looking for is having intelligence, better
available for vetting and law enforcement people. That is one
of the biggest vulnerabilities right now is the difficulty in
law enforcement and vetting personnel to get intelligence
information. That is one of the problems we are trying to
solve.
Senator McCaskill. OK. So some of these are going to go
away. We are not going to have the FBI Terrorist Screening
Center, the National Crime Information Center? We are not going
to have the National Counterterrorism Center, the Terrorist
Screening Database, the Terrorist Identified Data Environment,
the State Department Consular Lookout and Support System,
Consular Consolidated Database, and the National Targeting
Center?
Ms. Duke. We are looking at reducing the need for all those
standalones by having a presence, a multiagency presence. I
cannot commit now. We can keep you apprised of what is going to
be ongoing----
Senator McCaskill. I am going to be cranky if it is just an
add-on. If you do not get rid of some of these, it is going to
drive me nuts.
Ms. Duke. It will drive me nuts too.
Chairman Johnson. I cannot imagine that. [Laughter.]
Senator McCaskill. I mean, that is a lot.
Ms. Duke. It is essential not only for efficiency, but it
is essential for the info sharing and the speed. We have to do
a better----
Senator McCaskill. Well, I want to be there, a fly on the
wall, when the FBI and State Department and all these people
give up their centers because if you can do that, then we can
definitely get jurisdiction away from Finance, Judiciary, and
Commerce.
Chairman Johnson. Yes. Not a problem. [Laughter.]
Senator McCaskill. So we will watch you work, Secretary
Duke, and once you get this done, you can teach us how to do
this because I have a bad feeling this is going to be an add-on
and just another layer of complexity and overlap in a system
that frankly still has gaps.
Thank you, Mr. Chairman.
Chairman Johnson. Just quick to clarify, what you are
saying is we went over the capacity of the predetermined
suppliers already in place?
Ms. Grady. Yes, sir.
Chairman Johnson. So we had to find additional suppliers
and----
Ms. Grady. And we are always seeking to bring in new
vendors and also to compete requirements whenever possible to
best meet our needs.
Chairman Johnson. But again, you had the suppliers already
pre-vetted, preapproved. You just exceeded their capacity,
which is understandable. Senator Hassan.
Senator Hassan. Thank you very much, and again, thank you
for this roundtable, to all of you and to the Chair and Ranking
Member.
I want to return to the issue of NPPD and cybersecurity.
The advocates of the bill that passed the House said that NPPD
needed to be renamed in order to improve the morale of NPPD
workers, raise the profile of DHS's cyber mission, and attract
the best and brightest cyber professionals.
I do have a hard time thinking that a name change really
does all that, and I understand that you are saying it is more
than a name change.
But just a year ago, the Cyber Policy Task Force at the
Center for Strategic and International Studies (CSIS) co-
chaired by Senate Whitehouse and Representative Michael McCaul
called for an independent operational cybersecurity component
at DHS that was on part with the Coast Guard or CBP. Beyond
just changing the name of NPPD, this Committee, I think, needs
to hold hearings and specifically consider the possibility of
creating a separate cybersecurity component at DHS.
So I will return to the question. I understand your first
answer to me was, look, it is all of a piece, and I do
understand that, but I think cybersecurity is as important as
border security. It is important as marine security, and so I
am having a hard time understanding why we would not follow the
independent report and really elevate this to the command that
it needs to be elevated to.
Ms. Duke. So it is being elevated to an operating
component, and that is essential in the distinction that it
will have everything it needs to operate. So it will have its
own CFO, its own procurement. It will be now our eight
operating agency. That is important because it carries
authorities and mission support with it along with mission.
And it is a judgment call, what goes together, and CBP,
border security is important, but we also have trade. We have
customs within it, because there was a decision that even
though those are independent, they go together. So it is a
judgment call on cyber and critical infrastructure. What are
the benefits of those being together as opposed to being
absolutely separate?
I think that in the current draft, having the Under
Secretary of Cyber and then having the cyber and the critical
infrastructure under two political appointees will allow for
the integration but also allow for one big piece of the
organization to truly focus on cyber. But it is a judgment
call.
Senator Hassan. And maybe just to follow up on that, Mr.
Scott and Mr. Kelly, have you all assessed the feasibility of
creating an independent operational cybersecurity component at
DHS? Have you assessed the likelihood that the name change at
NPPD would impact morale and recruitment efforts in the manner
that the bill suggested?
Mr. Kelly. To answer whether or not we are looking into
that?
Senator Hassan. Yes.
Mr. Kelly. The answer is yes. We are starting up an
engagement that is focusing on infrastructure protection, which
would include the cybersecurity function.
Senator Hassan. Thank you.
Mr. Kelly. Have we looked at the name change as being a
morale issue? We have not.
Senator Hassan. OK.
Ms. Duke. I have actually.
Senator Hassan. Have you?
Ms. Duke. For instance, the Office of Field Operations
(OFO), they have lost their branding, and that is an issue to
them. I think that is why you see people with their--they love
being part of an organization. It is not a statistically--
thing, but I think it is an issue.
Senator Hassan. Look, I understand that, but again,
cybersecurity is a whole different kind of border. And it
really does concern me because it takes a different mindset and
a different kind of expertise than maybe protecting buildings
does. So I think it would be good for us to explore this more
as a Committee.
And, Mr. Scott, you look ready to say something.
Mr. Scott. I am. Thank you, Senator Hassan.
Just a couple of things. In 1997, GAO designated Federal
information security as a governmentwide high-risk area. So we
have been on this for a long time, and in 2003, we added on to
include the critical cyber aspect of this.
In terms of NPPD reorganization, we do believe that to
focus on cyber is needed, and to support Deputy Secretary Duke
there, that a name change will help in terms of clarifying its
mission and also in title recruitment.
I think it is also important that as we go through this
transformation of NPPD into the new organization--and also
making an operational component is very important, but in terms
of once we go through this transformation, it is also important
to build in career expectations as to what exactly the missions
and roles are and clear up measures of effectiveness. It is
really important that whenever we create something new that it
is clear what it is we want it to do and how will we know
whether it is working or not.
Ms. Duke. Ma'am, could I real quickly address your last
comment?
Senator Hassan. Yes.
Ms. Duke. Protecting buildings, Federal Protective Service,
we like the provision in the current draft that says that the
Secretary can consider moving that. We would support a similar
provision for the Office of Biometric Identity Management
(OBIM), the Biographic Information System, to really look at
whether that would detract from the mission.
Senator Hassan. Thank you very much.
Thank you, Mr. Chairman.
Chairman Johnson. Let me ask Chris Krebs to step up to the
plate here. My guess is you were itching to say something.
[Laughter.]
Could you talk a little bit about your private-sector
background and then your perspective of how important the name
change is. You take a look at that and go not that big a deal,
but just talk about that and then the operational.
Mr. Krebs. So, ma'am, three quick things. I did come out of
the private sector to join the Administration in March from
Microsoft, where I directed cybersecurity policy for the U.S.
Government Affairs team.
What you are asking--and you are citing back to the CSIS
report--is exactly what the NPPD reorganization built. It
creates an independent cybersecurity and critical
infrastructure component.
Now, the importance of the linkages of the two--physical
security and cybersecurity--that is how it is going in
industry. They are inextricably linked. Yes, there is the
logical, the digital side of security, but when you look at how
organizations manage risk, they have to look across an entire
enterprise and say, ``What is our physical risk? What is our
cybersecurity risk?'' And they are emerging, particularly when
you think about things like Internet of Things, industrial
control systems and SCADA systems. So it is important that we
keep them together because what I need to be doing from a field
force perspective is when I go and engage any company out
there, when we are knocking on the door, we need to be a single
point of entry.
So if they have physical requirements, we can work with
those. If they have infrastructure or cybersecurity
requirements, we can work with those. So it is not DHS knocking
five times in the same day or day after day after day. So if we
can consolidate those in a single storefront somewhat, I think
that is the way to do this.
Senator Hassan. I appreciate that, and this has been
helpful. What I am just concerned about is the possibility of
the cyber function kind of getting supplemented.
Mr. Krebs. There is no greater risk right now to our
country, at least that is my perspective.
Senator Hassan. Well, it is mine too.
Mr. Krebs. Others in the Department may disagree, but that
is the thing I think about if we are going to them, the first
thing I wake up in the morning. It is not going to be
subordinated to any other element.
Senator Hassan. I mean, that is while I was Governor, I got
reports of the number of attempted attacks every day, and it is
just we need to keep on it, so thank you.
Mr. Krebs. Absolutely. Yes, ma'am.
Chairman Johnson. Senator Jones, do you have any further
questions?
Senator Jones. Just briefly.
The Committee was furnished with a June 30, 2017, GAO
letter suggesting a number of recommendations. Just briefly,
how are you coming with those, and specifically, are there any
of those recommendations that you got, particular problems
with, obstacles that we can help with? Just briefly on that.
Mr. Scott. So, yes, we are trying to figure out was that
addressed to GAO or----
Senator Jones. Whoever can answer it best.
Mr. Scott. Well, I will take a first shot at it, Senator
Jones.
We do have a number. Every 6 months or so, we are sending
over priority recommendations letter to the Department, and
thus far, we have continued to receive strong, robust responses
to the issues we have raised in the priority recommendation
letter. I give the Department credit. Among the agencies, they
really seem to take this seriously, and I mean, they are
continuing to make progress.
Our expectation is we will be providing the Secretary a new
priority recommendation letter within the next month or so.
Senator Jones. OK.
Ms. Grady. So regarding the priority recommendations, we
track all the outstanding recommendations. The high-priority
ones, obviously we focus on and make sure we are completing.
One of the things that is important to remember with the
GAO recommendations is some of them are short term, and some of
them take much longer. So if it is a recommendation that is
going to take 3 to 4 years to track, we track when it should be
completed and track milestones associated with completion of
those. But not all the GAO recommendations made are a quick
fix. A lot of them are systemic that take involved effort, and
we work very closely with GAO and making sure the instruction
recommendation, that we understand it will address the
challenge, and that we follow through and get that implemented
and make meaningful progress against it on a continual basis.
Senator Jones. And if there is anything in that letter that
you think this bill could help with, please get that to us as
soon as you can.
Thank you, Mr. Chairman. That is all I have.
Chairman Johnson. Thank you, Senator Jones.
I do not think we have any further questions. Obviously, we
want that list. We want to work with you very closely, Members
and staff to do whatever we can to improve this authorization,
add the things that we can add that can be passed, so let us
work, roll up our shirt sleeves over the next couple of weeks,
and we will get this thing done, OK?
I want to thank all the witnesses for, first of all, your
service and coming here and spending some time and doing a good
job answering our questions.
This roundtable is adjourned.
[Whereupon, at 11:43 a.m., the Committee was adjourned.]
A P P E N D I X
----------
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
[all]
| MEMBERNAME | BIOGUIDEID | GPOID | CHAMBER | PARTY | ROLE | STATE | CONGRESS | AUTHORITYID |
|---|---|---|---|---|---|---|---|---|
| Enzi, Michael B. | E000285 | 8328 | S | R | COMMMEMBER | WY | 115 | 1542 |
| Carper, Thomas R. | C000174 | 8283 | S | D | COMMMEMBER | DE | 115 | 179 |
| McCaskill, Claire | M001170 | 8252 | S | D | COMMMEMBER | MO | 115 | 1820 |
| Peters, Gary C. | P000595 | 7994 | S | D | COMMMEMBER | MI | 115 | 1929 |
| Lankford, James | L000575 | 8113 | S | R | COMMMEMBER | OK | 115 | 2050 |
| Hoeven, John | H001061 | 8331 | S | R | COMMMEMBER | ND | 115 | 2079 |
| Paul, Rand | P000603 | 8308 | S | R | COMMMEMBER | KY | 115 | 2082 |
| Johnson, Ron | J000293 | 8355 | S | R | COMMMEMBER | WI | 115 | 2086 |
| Daines, Steve | D000618 | S | R | COMMMEMBER | MT | 115 | 2138 | |
| Heitkamp, Heidi | H001069 | S | D | COMMMEMBER | ND | 115 | 2174 | |
| Harris, Kamala D. | H001075 | S | D | COMMMEMBER | CA | 115 | 2301 | |
| Hassan, Margaret Wood | H001076 | S | D | COMMMEMBER | NH | 115 | 2302 | |
| Jones, Doug | J000300 | S | D | COMMMEMBER | AL | 115 | 2364 | |
| McCain, John | M000303 | 8253 | S | R | COMMMEMBER | AZ | 115 | 754 |
| Portman, Rob | P000449 | 8266 | S | R | COMMMEMBER | OH | 115 | 924 |
Disclaimer:
Please refer to the About page for more information.