IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Statement for the Record of

John O. Brennan

Director, Terrorist Threat Integration Center

Before the

House of Representatives Committee on the Judiciary and the

House of Representatives Select Committee on Homeland Security

Washington, D.C.

Good afternoon, Chairman Sensenbrenner, Chairman Cox, Ranking Member Conyers, Ranking Member Turner, and the Members of the Committee on the Judiciary and House Select Committee on Homeland Security.

I appreciate the opportunity to join my colleagues from the Department of Homeland Security and the Federal Bureau of Investigation to discuss the mutually supporting relationship between the Terrorist Threat Integration Center (TTIC) and the Department of Justice/Federal Bureau of Investigation (DOJ/FBI) and Department of Homeland Security (DHS).

As the members of the Judiciary and Homeland Security Committees well know, international terrorism poses a serious threat to U.S. interests, both at home and abroad. Al Qa’ida and other terrorist organizations continue to make plans to carry out attacks against U.S. citizens and facilities worldwide. While many of these plans have been disrupted since the tragic events of 11 September 2001, constant vigilance and proactive efforts on the part of many government departments and agencies are required to prevent the loss of additional U.S. lives in terrorist attacks. In recent years we have learned that terrorist threats that initially appear to be directed at overseas targets may actually be threats against our homeland, with the reverse being possible as well. We need to have all of our efforts – both overseas and domestic – working together in a seamless manner. DHS is a critical part of that seamless effort; TTIC is as well.

A key ingredient of the U.S. Government’s counterterrorism strategy is to ensure that the many government agencies and departments involved in the war on terrorism work closely together and share threat information and analysis that could be used to prevent terrorist attacks. The May 1, 2003 establishment of the Terrorist Threat Integration Center is supporting this objective.

TTIC’s mission is to enable full integration of terrorist threat-related information and analysis. It is a multi-agency joint venture that integrates and analyzes terrorist-threat related information, collected domestically or abroad, and disseminates information and analysis to appropriate recipients. As of today, TTIC has a little over one hundred (100) officers drawn from partner agencies, and we anticipate a workforce of several hundred by this time next year. As established, TTIC has sufficient authority to accomplish this overarching mission. It is important to note that TTIC does not engage in any collection activities nor does it engage in operations of any kind. It is not part of the Central Intelligence Agency. Rather, it is a joint venture composed of partner organizations including the Departments of Justice/Federal Bureau of Investigation, Homeland Security, Defense and State, and the Central Intelligence Agency. As Director of TTIC, I report to the Director of Central Intelligence in his statutory capacity as head of the Intelligence Community. At the same time, as the head of this innovative joint venture of partner agencies, I believe I must be responsive to the Director of the FBI and to the Secretaries of Homeland Security, Defense, and State. TTIC’s roles and responsibilities are spelled out in Director of Central intelligence Directive (DCID) 2/4, which was effective as of 1 May 2003. I have provided a copy of this DCID to the Chairmen and Ranking Members of your committees.


When TTIC opened for business, we were fortunate to have seven (7) DHS and eight (8) FBI representatives assigned. Over the next year, we expect to have approximately forty (40) DHS assignees and thirty (30) FBI assignees in TTIC. From the very first day at TTIC, these assignees were contributing to the development of terrorist threat-related analysis and finished products.

Current DHS representatives assigned to TTIC include two from the Information Analysis and Infrastructure Protection (IA/IP) directorate; an analyst each from U.S. Secret Service, Transportation Security Administration, and Coast Guard; and two analysts from the Bureau of Immigration and Customs Enforcement. Of these DHS representatives, five (5) provide direct support to the development of terrorist threat-related analytic products, while the other two serve as part of the TTIC senior leadership team. Bill Parrish has served as the TTIC Associate Director for Homeland Security and principal senior conduit back to the Department of Homeland Security; as you are aware, he has returned to the Information Analysis and Infrastructure Protection directorate of DHS and is currently serving as Acting Secretary for Information Analysis.

Current FBI representation at TTIC includes the Principal Deputy Director, Jim Bernazzani, nine (9) analysts and two (2) agents. The inclusion of agents with extensive field experience in TTIC informs the analytic process and helps apply innovative approaches to ‘connect the dots’ in a more comprehensive manner. FBI officers in TTIC maintain close contact with FBI Headquarters elements as well as with FBI field offices, as appropriate, on a variety of important international terrorism issues.

In the context of TTIC, embedded DHS and FBI representatives, and analysts assigned from the other TTIC partner organizations, have exceptionally broad access to intelligence. Within TTIC, there is desktop access to all partner agency networks, which are accessible only by those who are appropriately cleared and have a need-to-know. This extensive access to threat-related intelligence has resulted in unprecedented sharing of information among analysts from a variety of federal departments and agencies. This type of information sharing is critical to the many federal, state, local, and law enforcement entities that are responsible for detecting, disrupting, deterring, and defending against terrorist attacks. Through regular interaction, TTIC, Intelligence Community, DHS, and FBI analysts work hand-in hand to understand and substantiate terrorist threat-related information.

Just as analysts are partnering to address substantive issues, TTIC, DHS, and FBI senior leadership are also partnering on various initiatives. One such initiative is the establishment of a joint program office to implement a systematic approach to inter-agency information sharing. The task at hand is to ensure that all obligations are met, as detailed in the Homeland Security Act and in the Homeland Security Information Sharing Memorandum of Understanding (MOU), signed by Secretary Ridge, Attorney General Ashcroft, and the Director of Central Intelligence (DCI). On behalf of the DCI, TTIC is facilitating efforts within the Intelligence Community – in concert with law enforcement activities – to ensure that the Department of Homeland Security has access to all information and analytic products required to execute its mission. In this endeavor, we must move with alacrity to ensure that we are doing everything possible to support the national effort to protect our homeland, while balancing the absolute need to safeguard the Constitutional liberties of all Americans. These are difficult issues, and we are endeavoring to address them in a conscientious, yet forward-leaning manner.

Progress has already been made. As an example, there are currently ninety (90) registered DHS users and three hundred sixty two (362) registered FBI users of a TTIC-sponsored classified website providing terrorism-related information. This website, which has over two thousand (2,000) users throughout the government is currently being updated to include expanded need-to-know access with rich content available at varying classification levels, from Top Secret to Sensitive-But-Unclassified. Further, it is being updated in a manner that will also enable users to search across disparate data sets in many different ways. The website will increasingly include products tailored for the needs of state and local officials, as well as private industry, such that the DHS and FBI – who are, by mandate, the designated conduits of information to state and local representatives, and private industry – can readily pass this information along. It is my belief that the combination of this increasingly robust website, full implementation of the MOU on information sharing, and the application of advanced analytic tools in a conscientious manner will allow TTIC, DHS, FBI, and the entire terrorism analytic community to stand a far better chance of successfully “connecting the dots” and taking the necessary preemptive actions to prevent future terrorist attacks.


Another area where we are making progress toward enhanced information sharing and streamlined governmental processes is in regard to terrorist identities and watchlisting. As you are aware from the GAO study released this year, there is a critical need to establish uniformity and enhanced access to watchlist information. Through coordinated partnership with entities across the Federal government, we are converting various existing terrorist identities databases into a comprehensive, all-source repository of information.


In closing, this good news story does not mean that we are without significant challenges ahead. But, together we are making progress. I would even venture to say that TTIC itself – as an innovative construct in the Federal government - is serving as a forcing function for progress in addressing long-standing challenges such as inter-agency information sharing. After only eleven weeks in existence, TTIC has been a lightening rod, attracting hard issues and running them to ground through the active collaboration of partner agencies. Together, we are defining issues and systematically addressing them with all deliberate speed to protect the nation, while dedicating significant attention to the protection of civil liberties. We need your help in these activities and in finding ways to reconcile the inherent tensions therein. We recognize the need for an expanded and ongoing dialogue with various interested committees on Capitol Hill. This will enable appropriate oversight as well as sufficient latitude for us to be effective in supporting the overall national effort to protect America. I look forward to our continued dialogue. 




I. Background:

A. The TTIC concept:

·    TTIC is an Administration homeland security initiative announced in the President’s State of the Union (SOTU) address:

“Since September the 11th, our intelligence and law enforcement agencies have worked more closely than ever to track and disrupt the terrorists. The FBI is improving its ability to analyze intelligence, and is transforming itself to meet new threats. Tonight, I am instructing the leaders of the FBI, the CIA, the [Department of] Homeland Security, and the Department of Defense to develop a Terrorist Threat Integration Center, to merge and analyze all threat information in a single location. Our government must have the very best information possible, and we will use it to make sure the right people are in the right places to protect all our citizens.”

·    TTIC was intended to be a joint venture of four equal partners – DHS, CIA, FBI, and DoD (with State participation) – which would, for the first time, bring together for comprehensive analysis all terrorist threat-related information available to the USG, regardless of whether it had been processed in any way.

o That is, of course, an equally good description of what DHS’s Information Analysis sub-directorate was meant to do in re terrorist threat analysis.

B. TTIC’s legitimacy and lawfulness:

·    TTIC, functioning as outlined in President’s SOTU and WH “Fact Sheets,” can exist and meet its objectives without contravening the HS Act’s mandates. TTIC is not unlawful per se. Implementation and day-to-day management decisions will determine whether TTIC remains lawful, absent some legislative foundation.

o As conceived, TTIC does not change the duties of DHS/IAIP, it just answers the question “how” DHS will, at least in its early days, meet a portion of IAIP’s responsibilities.

·    TTIC’s consistency with the HS Act, nevertheless, depends on strict adherence to TTIC’s original structure and role (see WH releases of 1/28 and 2/14).

o Those implementing the TTIC concept have found it difficult to adhere to those standards. (E.g., citing TTIC, DepSec England testified that DHS/IAIP did not intend to meet the letter of the law requiring it to develop an independent, all-source-based, threat analysis capability (2/26/03, SGAC).)


o Many TTICers consider the DHS/IAIP mandate to conduct all-source-based analysis of terrorist threat-related information inappropriate, and believe TTIC should, therefore, essentially supplant that function.

·    TTIC’s end state capability will not satisfy DHS’s responsibility under the HS Act for conducting independent, all-source analysis of terrorist threat-related information. (Chairman’s 5/1-2/03 statements on TTIC amplify this point.)

o TTIC stance: TTIC is DHS doing its work, inasmuch as DHS is an “equal partner” in the TTIC venture. (Corollary: There is no reason for DHS to develop an in-house terrorist threat analysis capability, as that would be inherently duplicative of the functions “it” is performing through TTIC.)

·    Bottom line: TTIC is lawful as conceived, but may, in practice, frustrate HS Act.

C.  Relevant materials:

SOTU paragraph; WH “Fact Sheets” (1/28/03 & 2/14/03); Joint Statement of TTIC Senior Steering Group to SGROC (2/26/03); transcript of 2/26/03 SGROC Committee hearing on TTIC (including testimony of DepSecHS England); DCID 2/4 (5/1/03). Exchange of letters between Sen. Lieberman and SecHS (4/29/03 et seq.).

II. Fundamental Issues:

1.   Is TTIC a usurpation of authority assigned to DHS under the HS Act?


2.   Is TTIC’s role the same as that of DHS with respect to all-source analysis of terrorist threat-related information?

3.   Will TTIC impede full effectuation of the Department’s mandate?

4.   Is TTIC an end-run of congressional oversight over the new Department?

5.   Funding TTIC: How will TTIC’s activities be authorized and funded?

6.   Leadership: Given the scope, origin, and nature of the information to which TTIC has access, is it appropriate that TTIC was made answerable to the DCI (as head of the Intelligence Community), rather than the Secretary of Homeland Security?

7.   Is TTIC, under the DCI’s auspices, really just the DCI’s existing CTC writ large? Is it really a quantum leap, as advertised, or low-impact incrementalism?

III. Appropriate questions concerning TTIC for senior DHS officials:

            A variety of TTIC-related questions organized by topic area follows. These questions assume a need for constructive oversight of DHS activities as a means of ensuring full implementation of the Homeland Security Act and, by extension, the President’s program. All these questions reach TTIC through DHS.

List of Question Topics (in order attached)

·    Is TTIC side-tracking the DHS Information Analysis sub-directorate?

·    Bringing DHS’s IA sub-directorate to its full, statutorily-driven, end-state.

·    Level of TTIC control over DHS terrorist threat-related analysis.

·    Zero sum? Can both DHS and TTIC reach end-state analytic capabilities?

·    DHS and TTIC analytic capabilities and tools.

·    Disseminating warnings and advice to state/local/privates and public.

·    Is TTIC a re-tread – the DCI’s CTC with a new bumper sticker?

·    Access to information – Foundation of DHS’s capabilities.

·    DHS access through the Secretary or access only to the Secretary?

·    Moving information from where it’s collected to where it’s needed.

·    Implementing the Memorandum of Understanding on information sharing.

·    Making HS-related information useable – Revising the ORCON rules.

·    Making sure DHS employees get access to all pertinent information.

·    Getting state/local officials get the information they need, when they need it.

·    Funding the TTIC consistent with its non-legislated structure.

·    Scope and level of DoD support to DHS and TTIC.

·    Could TTIC usefully be brought under the DHS umbrella?

·    Redundancy follow-up: Won’t TTIC duplicate DHS’s threat analysis?

                        Topic – Is TTIC side-tracking the DHS Information Analysis sub-directorate?

Foundation: Sec. 201 of the HS Act makes the DHS Under Secretary for IAIP responsible for obtaining law enforcement, intelligence, and other information from federal, state, and local government agencies, as well as from private sector entities, and for integrating all that information in order to “identify and assess the nature and scope of terrorist threats to the homeland” (sec. 201(d)(1)(A)).


·    The DHS April 29 Press Release captioned “First 100 Days of Homeland Security” is a several page list of what the DHS has accomplished since its January 24 inception.


o It does not mention integration or analysis of terrorist threat-related information. What, if any, progress has DHS made in that area?

·    Can you assure us that the Department will – TTIC notwithstanding – have an independent, all-source-based capability to analyze all terrorist threat-related information available to the US Government?

·    In his confirmation hearing statement, Secretary Ridge told the Senate Governmental Affairs Committee that: “a fundamental priority in our mission must be to analyze the threat, while concurrently and continuously assessing our vulnerabilities. The Department is structured in such a way as to efficiently conduct this task.”

o Does that statement still apply? Require some qualification?


o Given the prominence of TTIC as a venue for analyzing terrorist-related threats, would you still say that DHS is structured efficiently to conduct not only vulnerability assessments, but also threat analysis?

·    In his confirmation hearing statement to the SGAC, Secretary Ridge stated:

“The Information Analysis and Critical Infrastructure Directorate will bring together for the first time under one roof the capability to identify and assess threats to the homeland, map those threats against our vulnerabilities, issue warnings, and provide the basis from which to organize protective measures to secure the homeland.” That amounts to a paraphrase of what the HS Act requires DHS/IAIP to do.

o And I’m wondering whether TTIC’s creation qualifies the Secretary’s statement. A White House “Fact Sheet” issued in connection with the President’s SOTU – when he announced the TTIC venture says:

“* The Department’s Information Analysis and Infrastructure Protection Directorate will:


“* “Perform comprehensive vulnerability assessments of the Nation’s critical infrastructure and key assets.


“* “Receive and analyze terrorism related information from the Terrorism Threat Integration Center, as well as open sources, the public, private industry, state and local law enforcement, and the entire federal family.”


·    What’s missing is, of course, the statement that DHS IAIP will conduct comprehensive, independent analysis of all terrorist threat-related information, including “raw” – completely unprocessed – information.

o Is TTIC taking over this aspect of the Department’s mission?


o Will DHS/IAIP get terrorism related information only from TTIC?

o Is DHS/IAIP receiving all reports (including information reports containing intelligence which has not been fully evaluated), assessments, and analytical information relating to threats of terrorism against the United States? (HS Act, sec. 202(b)(2)(A)).


Topic -- Bringing DHS’s IA sub-directorate to its full, statutorily-driven, end-state:

·    Last June, the DCI testified in support of the DHS proposal. He stated: “The new department will merge under one roof the capability to assess threats to the homeland, map those threats against our vulnerabilities, and take action to protect America’s key assets and critical infrastructure.” That is a good characterization of what the HS Act requires DHS’s Information Analysis sub-directorate to do.

o Will it? -- Or is the plan now that TTIC will take care of the threat assessment portion of the Department’s responsibilities?

·    The Homeland Security Act requires the DHS Information Analysis sub-directorate --


“(1) To access, receive, and analyze law enforcement information, intelligence information, and other information … and to integrate such information in order to--


“(A) identify and assess the nature and scope of terrorist threats to the homeland;


“(B) detect and identify threats of terrorism against the United States; and


“(C) understand such threats in light of actual and potential vulnerabilities of the homeland.” (HS Act, sec. 201(d)(1).)

o When will DHS’s IA sub-directorate be able to meet that responsibility?


·    Can you assure us that TTIC’s rapid development will not be allowed to delay or otherwise hinder DHS/IA’s reaching its full, statutorily mandated, capability to conduct independent, all-source, analysis of terrorist threat-related information?


·    Obviously, TTIC cannot instantaneously reach its full, end-state capabilities. But if what TTIC is supposed to do is as critical as we all think it is – after all, we put those responsibilities into the Homeland Security Act – then it’s important that TTIC reach its full, end-state capability as soon as possible. When will that be?

If answer is that the date for end-state capability is uncertain, but tied to the date when CTC and CTD are collocated in an off-HQS facility, follow with:

·    Reaching TTIC’s full, end-state capability does not in any way depend on the collocation of the DCI’s CTC and the FBI’s CTD, does it?


o It is, in fact, an independent, synergistic initiative involving two of TTIC’s partners, isn’t it?


·    Why couldn’t the building where TTIC will be collocated with the FBI’s CTD and the DCI’s CTC have been made available to DHS for its threat analysts, rather than to TTIC? Wouldn’t that have generated the same synergies?

When will the Department’s IAIP reach its full end-state capability to analyze terrorist threats based on all sources of information available to the USG?

Equal partners or bit parts? [If responses suggest that TTIC is largely a CIA creature.]

Foundation: What you seem to be describing is another new CIA colony called TTIC somewhere in the DCI’s intelligence empire. But that’s not what the President called for in his SOTU address. The TTIC the WH announced was supposed to be a joint venture of four equal partners.


But what you’ve described is another CIA-led, CIA-funded, CIA-housed center, operating under CIA’s existing rules and regulations (which seem to be delaying its reaching end-state capability), doing work that is, frankly, exactly what the Homeland Security Act says DHS is supposed to be doing. If Congress had thought CIA could and should do the job with a little more help from its friends, the Act would’ve said so.

·    It doesn’t, of course. The President approved the Homeland Security bill; he signed it into law. That Act explicitly requires DHS to analyze all terrorist threat-related information available to the US Government and to make sure that whoever needs that analysis gets it in time for it to be useful.

o When and how is DHS going to fulfill its statutory mandate?        


Topic -- Level of TTIC control over DHS terrorist threat-related analysis:


·    In February of this year, in a Joint Statement of the TTIC Senior Steering Group, its Chairman told the Senate Government Reform and Oversight Committee that: “At TTIC’s end-state, all national-level terrorist threat-related analysis will be coordinated with the Director of TTIC or his/her authorized representative.”

o DHS Deputy Secretary England was a member of the TTIC Senior Steering Group. Is it, then, the Department’s intention to coordinate all its terrorist threat-related analysis through Director/TTIC?

o That coordination requirement suggests that if Director/TTIC disagrees with a DHS/IA analytic conclusion on the significance of terrorist-related information, DHS/IA could not disseminate its conclusion. Correct?


o Is that choke-point coordination by TTIC consistent with ensuring that the Department’s Information Analysis sub-directorate serves the independent analytic role the Homeland Security Act requires?

Topic – Zero sum? Can both DHS and TTIC reach end-state analytic capabilities?

·    Where is the Department getting its analysts? If from other USG agencies, how is it attracting them away?


o Won’t DHS have to compete with TTIC for terrorism threat analysts?


·    What personnel resources are you contributing to the TTIC? Will you assign any DHS analysts to TTIC? How many?

o How can you spare them, consistent with meeting DHS/IA’s existing statutory responsibility for conducting all-source-based analysis of terrorist threat-related information?


o Surely the Department won’t send TTIC its top analysts, given that sec. 201 of the HS Act requires DHS to create that same analytic capability?

·    Will TTIC – with its DHS analysts – eventually be folded into DHS?


Topic -- DHS and TTIC analytic capabilities and tools:

·    Among many other things, section 201(d)(14) of the Homeland Security Act requires that the Under Secretary of HS for IAIP:

“establish and utilize … a secure communications and information technology infrastructure, including data-mining and other advanced analytical tools, in order to access, receive, and analyze data and information in furtherance of the responsibilities under [section 201], and to disseminate information acquired and analyzed by the Department, as appropriate.”

o What is the status of the Department’s efforts – in conjunction with the intelligence and law enforcement communities – to enable DHS analysts to achieve their full, statutorily mandated, analytic capability?

·    The 2/03 Joint Statement of the TTIC Senior Steering Group asserts that “TTIC analysts will … have available … the Intelligence Community’s most powerful analytic tools for searching, analyzing, linking, and visualizing the Intelligence Community’s data holdings to best understand the terrorist threat picture.”


o What about the Department’s own analysts?

·    Last June, the DCI pledged, “on behalf of the entire U.S. Intelligence Community to give our fullest support to the Department of Homeland Security. … We will help the Department develop the analytical methodologies, tradecraft and techniques…, based on our own vast experience ….”

o Where analysis of terrorist threat-related information is concerned, isn’t that support really going to go to TTIC, rather than to the Department?

Topic -- Disseminating warnings and advice to state/local/privates and public:

Foundation: DHS/IAIP has statutory responsibility “[t]o administer the Homeland Security Advisory System, including--


“(A) exercising primary responsibility for public advisories related to threats to homeland security; and


“(B) in coordination with other agencies of the Federal Government, providing specific warning information, and advice about appropriate protective measures and countermeasures, to State and local government agencies and authorities, the private sector, other entities, and the public.” HS Act, sec. 201(d)(7).

·    The HS Act gives the DHS Under Secretary for IAIP “primary responsibility for public advisories related to threats to homeland security” and “in coordination with other agencies,” requires that he provide “specific warning information and advice … to State and local government agencies and authorities, the private sector, other entities, and the public” (sec. 201(d)(7)).

o Do you understand these DHS warning responsibilities to be exclusive or shared? Does the FBI have a role? Does any other federal agency/entity?


o Does TTIC? Could it issue a threat warning directly to state officials?

·    The HS Act requires the Under Secretary for IAIP to “disseminate, as appropriate, information analyzed by the Department … to agencies of State and local governments and private sector entities … in order to assist in the deterrence, prevention, preemption of, or response to, terrorist attacks against the United States” (sec. 201(d)(9)).

o Will TTIC now exercise that function for DHS/IAIP?


o Will TTIC itself disseminate any of its analytic products directly to state, local, or private sector officials? Which? To whom? How?

o Will DHS disseminate TTIC products to state/local officials? As TTIC products and without annotation or other changes?

Topic -- Is TTIC a re-tread – the DCI’s CTC with a new bumper sticker?

·    There’s a “Counterterrorist Center” (CTC) at CIA headquarters, isn’t there?

·    That’s really not a CIA center, is it? It has representatives from the FBI, Secret Service, Customs, and various DoD entities like NIMA and NSA and is run by the DCI in his capacity as head of the Intelligence Community, isn’t that right?

·    And the DCI’s CTC analyzes terrorist related information from all sources available to the US Government, doesn’t it?

o What was the problem with the DCI’s CTC?

o What will TTIC have or do that CTC hasn’t had?


o We in the Congress designed DHS’s Information Analysis sub-directorate to be the solution to CTC’s analytic and information sharing shortcomings. The President agreed; he approved the Homeland Security bill and it’s the law.

§Does TTIC’s creation represent any diminution in the Department’s commitment fully to meet its statutory responsibility for conducting comprehensive analysis of all the terrorist threat-related information the USG has available to it?


§Will the Department itself meet that binding legal mandate?

§Is there any reason to think that TTIC can do a better job of meeting the Department’s responsibilities than the Department itself can?

§Is there any way we can enhance DHS’s legal authority to assist its Information Analysis sub-directorate in doing its prescribed job?

·    DHS is one of TTIC’s four “equal partners.” The missions of three of TTIC’s four partners are independent of the HS Act. Accepting your assurance that the Department remains fully committed to meeting its statutory mandate --


o Why should we expect TTIC to share that interest and commitment?


o Given TTIC’s non-legislated structure and its preponderance of non-DHS partner-participants, wouldn’t it be logical to expect, in TTIC, a 75% dilution of DHS’s institutional commitment to terrorist threat analysis?

Topic -- Access to information – Foundation of DHS’s capabilities:


Foundation: Section 202 of the HS Act is concerned with ensuring that the Department will have access to all the information it needs. Section 202(d) provides that the Secretary of Homeland Security, “in consultation with the Director of Central Intelligence, shall work to ensure that intelligence or other information relating to terrorism to which the Department has access is appropriately shared with the elements of the Federal Government” responsible for analyzing terrorist threat information, “as well as with State and local governments, as appropriate.”

·    Last June, the DCI testified that he was “committed to assuring that the new Department receives all of the relevant terrorist-related intelligence available.”

o Can you assure us that you are satisfied that the Department is now getting all of the relevant terrorist-related intelligence available?


o Under the HS Act, DHS is entitled to receive threat and vulnerability-related information, regardless of whether the Secretary of HS has requested it and “whether or not such information has been analyzed” (sec. 202(b)(2)).

§Can you assure us that DHS is, in fact, receiving the “raw,”
unevaluated information to which it is, by law, entitled?

·    DHS – particularly, its Information Analysis sub-directorate – was designed to fuse not only information, but “bureaucracies, missions, and cultures.” The HS Act broke through restrictive boundaries to bring our best resources together to solve an otherwise intractable problem.


o Arguably, TTIC (whatever its virtues) doesn’t do that – it just brings representatives of those bureaucracies together around a table.


·    Can you give us a DHS perspective on that?

Topic -- DHS access through the Secretary or access only to the Secretary?

·    Section 202 of the HS Act, which is the “access to information section,” repeatedly refers to providing “the Secretary” with threat and vulnerability information, generally without his having to request it.


o Do you understand that to mean that [you/the Secretary] are getting that information for the use of the elements of the DHS that need it?


§Not just for the Secretary’s personal use?


o Are you satisfied with the relevance, volume, usability, and timeliness of the threat information DHS is getting from, e.g., CIA, FBI, and DoD?

§On timeliness: Does this information routinely come to DHS in a readily usable form, free of handling restrictions confining access and use to a few, highly cleared individuals?


§Do unclassified, “tear-line,” versions of classified reports come to DHS near real-time, so that DHS can quickly make the substance of those reports available to state, local, and private sector customers who need it to safeguard American people and interests?

·    If not, have you been told when you can expect that?

o Has any intelligence or law enforcement agency ever denied a request for information the Secretary has [you have] made, not for your personal use, but to assist elements of the Department in meeting their responsibilities?

Topic -- Moving information from where it’s collected to where it’s needed:

·    Last October, in an open hearing on the 9/11 tragedy, DCI George Tenet testified:

“[W]e must move information in ways and to places it has never before had to move. … Now, more than ever before, we need to make sure our customers get from us exactly what they need – which generally means exactly what they wantfast and free of unnecessary restrictions. … We don’t have the luxury of an alternative.”

DHS represents a vast array of new customers for intelligence information. Only a few DHS elements are elements of the Intelligence Community.

o Can you describe for us any innovations in information sharing that the Intelligence Community has made to serve the Department’s needs?


o The HS Act is about moving information to those who need it. In some ways, DHS is a clearinghouse. But is DHS the one-stop way to get homeland security-related information to all federal entities that need it?

[FYI: Answer is NO! “[T]he responsibility to share information relevant to the mission … of any covered entity in addition to DHS remains the responsibility of the originator or initial federal recipient of the information and does not shift to DHS by virtue of DHS’ receipt of the information” (March 4, MOU, sec. 3(m)).]

Topic -- Implementing the Memorandum of Understanding on information sharing:

Foundation: On March 4, 2002, the Secretary of HS, the Attorney General, and the DCI (as head of the Intelligence Community) signed a comprehensive MOU on information sharing under the Homeland Security Act. Section 3 of the MOU sets out agreed policies and procedures for sharing homeland security-related information. Like the Act itself, the MOU present cultural and practical challenges for intelligence, L/E, and HS agencies.

·    Last October, the DCI testified: “It is … clear that, when errors occur – when we miss information or opportunities – it is often because our sharing and fusion are not as strong as they need to be. Communication across bureaucracies, missions, and cultures is among our most persistent challenges ….”


o The information sharing MOU provides that “the Secretary shall be provided access to all information necessary for him to carry out the mission of the Department” (sec. 3(g)). Can you assure us that the Intelligence Community is giving you everything you think you need?

·    The March 4 information sharing MOU (sec. 3(f)) provides that “when fully operational,” TTIC “shall be the preferred, though not the exclusive, method for sharing [terrorist threat-related] information at the national level” and that “TTIC information-sharing mechanisms and procedures shall be consistent with the DHS Legislation” (i.e., the HS Act).

o Is TTIC the Department’s preferred method for sharing terrorist threat-related information with other federal agencies?


o Are you aware of any type of information that is shared solely via TTIC? If so, is there a written agreement to that effect? [MOU at sec. 3(f).]

o Will sharing information with TTIC meet, e.g., CIA’s HS Act obligations to share that same information with the DHS entities that need it?

[FYI: Answer is NO! MOU, sec. 3(m) cautions: “A covered entity’s voluntary or obligatory provision of covered information to another covered entity does not in itself discharge or diminish any other obligation the providing entity may have to provide that information, or any part of it, to any other department, agency or other public or private organization or individual under any statute, Presidential Directive, or other agreement.”]

o Has any federal agency told you that if you want certain terrorist threat-related information from them, you’ll need to go ask TTIC?

Topic -- Making HS-related information useable – Revising the ORCON rules:

Foundation: Since the September 11 attacks, it has become obvious how absolutely critical it is that ALL information that may shed light on a potential terrorist threat gets precisely where it’s needed in time to be useful. The DCI testified last October, that it must move “fast and free of unnecessary restrictions.” The information sharing MOU recognizes that reality. It provides: “In general, parties shall disclose … information free of any originator controls or information use restrictions” (sec. 3(k)).

The MOU also refines the old “ORCON” and “third agency” rules to permit covered entities to share information without asking the originating agency’s permission. The old rule gave the originator complete control over whether and how information it had obtained would be used. The new rule permits HS-related information to be shared without permission, but “to the greatest extent possible, in a manner that permits the originating agency to know to whom the information has been provided” (sec. 3(l)).


·    The MOU requires the parties to recommend changes to existing formulations of the “ORCON” and “third agency” rules, including EO 12958, “in order to comply with the DHS Legislation and to carry out the President’s announced policies for protecting against terrorist threats to the homeland ...” (sec. 3(l)).


o Have the AG, Secretary of HS, and DCI agreed on recommended changes to the ORCON and “third agency” rules, as the MOU requires?


o Are those discussions now underway? When do you expect that they will be completed? Please keep this committee informed of your progress.

Topic – Making sure DHS employees get access to all pertinent information:

o The President has granted DHS the authority to clear its employees for access to classified information (EO 13284, sec. 19(c) (1/23/03)).

·    Can you assure us that all US Government entities, including TTIC, are honoring DHS clearance and access decisions?


·    In the same Executive order, the President ordered DHS to recognize and give effect to the clearances of those who became DHS employees when their agencies were merged into DHS.

·    Can you assure us that TTIC is recognizing and giving full effect to the clearances of DHS analysts and others who may be assigned by DHS to support the TTIC?


·    TTIC is not imposing additional requirements?

·    Sort of an our-way-or-no-way deal? Meet our requirements or your people aren’t welcome here?

·    Whose requirements are those? How is that consistent with the model of a joint venture of equal partners?

·    Is there a single document that states the requirements applicable to TTIC analysts? [FYI: Answer is Yes.]

o That document governs DHS participation in the TTIC, right? Who issued that document?


o Have you provided a copy to this committee?

o Will you see that we receive a copy without delay?

·    Are DHS analysts are less trustworthy than TTIC’s?

·    Once again, I’m wondering why it wouldn’t be more efficient to fulfill its architects’ ambitions by bringing TTIC into DHS.

Topic -- Getting state/local officials the information they need, when they need it:

Foundation: If the Department is going to fulfill its mandate to get HS-related information to the people who really need it, out where the rubber’s hitting the road, some state, local, and private sector officials will need access to classified information.

·    Is the Department providing homeland security related information to state/local officials?


o Even if it – e.g., an indication of a possible attack – is classified?

·    Who decides if state/local officials really need access to classified information?

o If the mayor of, e.g., a mid-sized city gets an unclassified warning of a possible terrorist threat and then says he needs access to additional threat-related information, which is classified, in order to assess the city’s vulnerabilities, will DHS grant the mayor the access he is seeking?


o Under what conditions? How soon? Who decides?

·    Has the Department ever denied any state or local official’s request for access?

·    Does the Department itself conduct the clearance process for state/local HS officials, or does the FBI or some other entity do that?

·    Approximately how long does it take to clear state and local officials? Are some state/local officials considered priorities for clearance? How is that determined?

o Is that determination based on an assessment of the risk of terrorist attack on that official’s jurisdiction? On population? On other criteria?

o Could a state or local official ever be denied access only because DHS did not consider his/her locale populous enough to warrant a clearance?

·    Is there an effort to make the clearance process for state and local officials more efficient? Would a new Executive order specifically on clearing state/locals help?

·    Two recent Executive orders (1/23 & 2/28/03) give several senior DHS officials, including the Secretary, the authority to make clearance and access determinations for DHS applicants and employees.

o Wouldn’t those DHS officials also be the most appropriate officials to make clearance and access determinations for state and local officials?

·    How will you prevent state and local officials from getting bogged down in current federal clearance processes that delay, e.g., nominations to senior Administration positions?

·    Do you see any objections to applying existing executive branch clearance processes on elected state/local officials who need classified information to do their jobs effectively?

[FYI: There’s an arcane, metaphysical argument that forcing existing federal clearance standards (EO 12968) on elected state/local officials who have HS-related duties would be unconstitutional, as it would amount to imposing an additional qualification for their offices by executive branch fiat. Qualifications of state/local officials are a matter of state law under the 10th Amendment of the Constitution (reservation of powers to states).]

Topic -- Funding the TTIC consistent with its non-legislated structure:

·    Will DHS participation in and expenditures on TTIC have to be enabled by the Department’s annual authorization and appropriation legislation?

·    Is it your understanding that [each/none] of TTIC’s four agency venturers will seek an annual appropriation to fund its participation in TTIC?

o If just “some,” which and why?

·    Personnel and costs: Correct that salaries/benefits of those assigned to TTIC will be paid by their home agencies? Will that change in the out-years?


o Have you asked that CIA and FBI assign analysts to DHS?

o Will DHS be able to assign analysts who have been detailed to DHS on to TTIC as a DHS contribution to TTIC’s analytic cadre? (If so, who will pay their salaries? How will DHS replace them in IAIP?)

·    Facilities and costs: What entity or entities is/are paying the build-out costs for TTIC’s temporary accommodations? (Why?)

o What is the Department’s approximate cost, if any, attributable to preparing TTIC’s temporary accommodations and its permanent facility?

·    Operating expenses: Will TTIC’s operating expenses be shared among its four equal partners? If so, how will each agency participant be taxed to pay its share? (N.b., operating expenses must be appropriated to an agency – cannot be shared.)

Topic -- Scope and level of DoD support to DHS and TTIC:

Foundation: The President’s SOTU address and the White House “Fact Sheets” issued in connection with the TTIC announcement make clear that the Department of Defense, like DHS itself, is to be a full and equal partner in the TTIC. In addition, DoD now has Under Secretaries for Intelligence and Homeland Defense.

·    Describe the type and level of support DoD entities are providing to DHS.

o Does this routinely include DoD intelligence and logistical support?

o Is any DoD entity providing terrorism threat analysts to assist the DHS Information Analysis sub-directorate in getting up and running?

·    Have you asked DoD for support? (Are you aware of any instance in which DoD has denied a request for assistance, including intelligence support, to DHS?)

o Have you been informed that DoD is providing such support to the TTIC?

·    What, precisely, do you understand to be DoD’s current participation in TTIC?


o Is DoD providing equivalent support to the DHS IA sub-directorate?


o Is NORTHCOM, the new homeland defense command, supporting DHS?

·    To your knowledge, has DoD assigned specific units to work in the TTIC?

Topic -- Could TTIC usefully be brought under the DHS umbrella?

·    Let’s concede for these purposes that TTIC is a good idea, that it will generate efficiencies, if not savings, and that it does not, per se, violate the HS Act.

o Wouldn’t it have been more appropriate to build TTIC within the DHS?

o Is there any role assigned to the TTIC that DHS could not itself perform, whether through IAIP or some other entity or combination of entities?

·    Last June, the DCI testified: “We are committed to bringing the Intelligence Community into genuine partnership with the Department of Homeland Security.”

o Assume you share that commitment and that it’s more than an appealing turn of phrase. But partnership implies more than a customer-supplier relationship.


o So I’d like to know precisely where and how -- other than through TTIC -- that partnership is reflected?


o Is there a similar commitment to partnership with the law enforcement community?

§Would such a partnership be useful in order to eliminate the potential for duplicative and conflicting efforts in providing threat warnings to states, localities, and private sector entities?

·    Would bringing TTIC into the DHS – presumably into the DHS Information Analysis sub-directorate -- assist in ensuring TTIC is adequately funded?

Topic – Redundancy follow-up: Won’t TTIC duplicate DHS’s threat analysis?

·    Is TTIC a temporary, early-days, expedient to maximize DHS’s capability ASAP?

o If so, when will TTIC “sunset” in favor of an indigenous DHS capability?

·    Granted that TTIC isn’t a per se violation of the HS Act, provided that the Department meets its threat analysis obligations under the Act --


o When DHS/IAIP reaches its statutorily mandated capability, won’t TTIC be redundant?


o What will TTIC do that the Department will not?

·    If the Department meets its statutory mandate to “identify and assess the nature and scope of terrorist threats to the homeland,” what’s the point of TTIC?

[FYI: Mandate is at sec. 201(d)(1)(A) of HS Act.]


·    If the Department cannot yet meet that statutory mandate, isn’t TTIC transitional?