Leveraging Capabilities
“When you talk about the Department from a headquarters perspective, my job is very much about looking at how we integrate, how we operate and the way we work together,” explained Kathy Kraninger, Deputy Assistant Secretary for Policy, Screening Coordination Office at DHS.
“And the synergies -- a word I don’t generally use and don’t like, but it’s appropriate in this case-- that we find among the components within the Department; what they can leverage and do with each other and the capability that then results in protecting this country.”
Kraninger has two sometimes competing but hopefully complimentary goals in mind. One is actually delivering on the promises and pledges that the Secretary has made with respect to programs that are going to better screen out undesirables who want to enter this country to do harm such as US-VISIT and SBI.
The other is looking at integration focusing on how DHS sets policies at the Department level; how to put enterprise architecture in place and how that framework will work so that everything converges in a way that makes sense within the Department.
“On that front one of those things is IDENT, the biometric service that is really a core service that provides great capability within DHS,” said Kraninger. “We have that as part of the target architecture for every entity within the Department that is going to collect biometrics for screening purposes, to use that as basically our identity repository.”
Part of Kraninger’s duties are to take into account are funding, DHS’s legal authorities and privacy issues involved when building the DHS framework. But the benefits will be worth it according to Kraninger.
Among the other things Kraninger is working on is a policy on physical security features for credentials. “Obviously we have a lot of different credentials that are issued by this Department for different benefits, purposes, and privileges,” noted Kraninger. “We put in place a resource for those program managers to look at, the types of things that they should be doing when they are considering issuance of a credential.”
“And of course we continue to work on the strategic framework for credentialing and taking some of those types of ideas and taking the direction that we are giving to the Department and putting that to paper that program managers can use to develop their plans and their programs and understand the direction of the Department on the policy front.”
Progress is being made in this area as DHS initiates requirements such as the WHTI, Real ID, SBI and the Container Security Initiative that will make the nation’s land, sea and air ports of entry safer.
“Certainly it is not a silver bullet, as nothing is in the security world, but this is a step that is long overdue and is a great direction towards actual requirements of secure identification at the borders and deployment of RFID technology,” explained Kraninger.
Information Sharing Gains
According to Kraninger, DHS has made significant progress on the international information sharing front. “We have made significant progress certainly on the biometrics front; also on the biographics and intelligence front and in actually sharing travel information to do a lot more and really solidify that net to capture and to recognize terrorist traveling internationally.” An example is the sharing of lost and stolen passport information and the passenger name records agreement that was signed last summer continues to be a corner stone of discussions with the EU and with other countries as DHS works to close that gap on detecting terrorist travel.
“One point that’s worth making on the domestic front,” added Kraninger, “is at domestic airports TSA has made great progress in looking at how to better use behavior detection at their checkpoints; and in airports to detect people, whom we may not otherwise see as a threat, certainly watching for hostile intent.”
Across the board DHS is trying to incorporate that holistically into what it does. “Because, at the heart, this is all a risk-based effort and we have to look at the opportunities we have and the way we train our people to look for that type of behavior and TSA has deployed that in full force and to great results,” said Kraninger.
Kraninger also talked about the success of the deployment of TWIC over the last six years where DHS now has 125,000 people enrolled and has issued 45,000 cards.
“This is really the first major deployment of smart card technology,” said Kraninger. “With all the planning that’s gone into HSPD-12, certainly I can give some kudos to the Department of Defense for the CAC card; this is a major deployment effort that has been a big challenge to the Department and to the program all along. How do we do this? How do we have a distributed system where the cards are actually going to be read by other than the essential entity?”
Making all this work is hard work. “Obviously we are still working on the reader side of this, but we are deploying cards; we are conducting background checks and we will be doing spot checks at ports as we go on here in the enrollment process,” Kraninger said.
April 2008 • Volume 6 • Number 4
The End of the Beginning
“Winston Churchill once said, ‘We are at the end of the beginning.’ We have a long way to go, but we are at the end of beginning if we are going to share information as we must share it to protect the nation.” That bold statement was made by Ambassador Thomas McNamara, Program Manager for the Information Sharing Environment at the recent AFCEA conference on Information Sharing.
But to reach the end, the nation must face up and meet five distinct challenges said McNamara. “Because there is much more in front of us than behind.”
According to McNamara, we need to:
1. Fix problem of reciprocity for personnel security clearances and facilitate accreditations. This is a significant problem in the government and even more so if we are going to get state, locals, tribal, private sector involved. We have to get that problem solved.
2. Continue to define common processes and data standards to guide key IS activities such as those associated with Watch List, information alerts and other business processes.
As an example, we recently released a common governmentwide set of data standards for suspicious activity reporting, so at all government levels all the way down to the cop on the beat we now have a common framework to sharing information with respect to suspicious activities with potential terrorism nexus.
All federal, state and local agencies plus the private sector will adopt these common standards and take them and apply them; so that we can take what I refer to as “snowflakes” of suspicious activities that no one could make a snowball of out them before because we couldn’t put this stuff together. Now with new system being tested in pilot and already being used in urban areas of southern California and LA, we have a method for making sure those individual suspicious activity reports are analyzed and looked at; and when brought to the attention of regional and national officials.
Frankly, those types of changes and standards are going to have to occur faster if we are going to succeed.
3. Maintain the strongest commitment to the high national priority of preserving, protecting and defending information privacy and the legal rights of Americans. We must do that to survive…
We are beginning a long term transformation whose evolution can finally move the government into the new information age. We need a national effort to responsibly guide a national IS effort that can protect our society and at the same time protect our liberties and either would not endanger the other.
4. Rationalize, standardize and simplify the procedures for marking up and handling terrorism information, homeland security information and law enforcement information. Particularly for that that is sensitive but unclassified SBU information. DOD is planning to transition to these new regime and taking a leadership role. We must rationalize, standardize and simplify SBU or we are not going to be able to share outside the national security community effectively. Those outside this environment don’t get this type of information routinely. It must be made more understandable to that everyone can share the information.
5. Accept and manage risk. We have to understand how to manage it and we can’t avoid it. We need to learn how to use risk models to mitigate risk and share information when warranted and permissible. This sharing has to occur within as trusted and secure environment and must be protected or won’t be shared. This is true in both public and private environments. While our information is well protected now, but not well enough. We must do better.
We have a new cyber initiative is because we are not sitting in a safe and secure environment today. Our networks are being attacked daily. We are challenged, threatened and penetrated.
I come back to culture. We need to institutionalize a culture of information sharing among all echelons of government. This new culture of IS while its growing, is not a pervasive culture in the US government.
The need to know; the need to share; the responsibility to provide; we need mid-level managers to buy into this to make it work. They are like the top Sergeants; they make the services run, they make the stuff go.
Finally, we must not hinder new technology tools. Frankly it will be a disaster if the private sector and the society at large enter into the information world of the 21st Century and the government is condemned to remain in the 20th century and not even in the last decades of the 20th century.
