Four key questions greet DHS in 2006

How strong a border do we want?

IT programs affected: Secure Border Initiative, U.S. Visit, Basic Pilot, Guest Worker Program

Secretary Michael Chertoff and members of Congress have been hitting hard on the need to strengthen border security. The Secure Border Initiative, which Chertoff named one of his top priorities for 2006, is expected to include about $2 billion to create a huge, integrated video and sensor surveillance system along thousands of miles of U.S. borders.

To be more effective, experts said, the border control IT systems eventually ought to encompass much more, including integration of immigration databases and greater IT capabilities for Border Patrol officers and U.S. Visit screening of incoming visitors.

"The real challenge is getting all the relevant information to the guy doing the first-tier screening," said James Jay Carafano, senior fellow with the Heritage Foundation. "There is a lot of great information within the system. The problem is the last mile of getting that data to the screener."

Major IT programs are at stake in the expansion of border control. Under immigration legislation the House passed in late 2005, Basic Pilot, a database to confirm Social Security numbers of prospective new workers, would become mandatory for millions of employers. The White House's proposed Guest Worker program also would require new databases.

But the critical unresolved issue that may throw things off schedule is how to deal with the decades-long inflow of millions of illegal immigrant workers who boost the U.S. economy and keep factories and farms operating. Is the nation ready for major new investments to cut off illegal immigration even if it hurts the economy, or will the debates rage for another year?

How much information sharing is necessary and worthwhile?

IT programs affected: Homeland Security Information Network, Homeland Security Data Network, Information-Sharing Environment, State Fusion Centers, National Information Exchange Model, Disaster Management Program (FEMA), Syndromic Surveillance programs (CDC), Terrorist Threat Integration Center (FBI)

Information sharing is a key mission of DHS, but it has been one of the most difficult to accomplish. The Homeland Security Information Network has been up and running for many months, but there are signs that communications are not necessarily valuable for all parties. For example, some participants in mid-2005 dropped out of the Joint Regional Information Exchange because of disagreements on what should be shared and who should have access to the information.

Similar obstacles have arisen with several other law enforcement information-sharing networks, whose members said they are not actively using the links with DHS. Such problems suggest a need for more focused goals in information sharing in 2006.

A big policy question likely to be examined in 2006 is whether metadata tagging, development and use of common data tags, or hierarchical labels of data, to enable interaction with databases in other agencies is necessary to get to the next level of information sharing. DHS participated in metadata efforts, led by Michael Daconta, but he left the agency in December 2005 after Congress failed to fund the $20 million Metadata Center of Excellence at DHS.

Other DHS metadata projects include the National Information Exchange Model, as well as the Federal Emergency Management Agency's partnership with industry and public safety agencies to create common messaging and data exchange among disparate emergency management agencies.

The General Services Administration recently concluded that commercial search engines are effective in lieu of metadata tagging for many search applications. However, proponents of metadata believe it is a worthwhile investment to expand homeland security-related information-sharing applications.

How big can a database be before it becomes Big Brother?

IT programs affected: Secure Flight, Terrorist Watch Lists, Real ID Act, CDC proposed rule for a passenger database, municipal video surveillance programs, Registered Traveler, Multistate Anti-Terrorism Information Exchange, Transportation Workers Identity Credential

Immediately after the Sept. 11, terrorist attacks, the Bush administration initiated more stringent screening of airline passengers, including comparing their identity information against terrorist watch lists.

As those screenings became formalized in the Computer-Assisted Passenger Prescreening System and Capps II, they engendered criticism for trespassing on passenger privacy, and both programs folded. DHS has been developing the successor program, Secure Flight, for 18 months and is supposed to roll it out with two airlines in early 2006.

But Secure Flight also has been dogged by privacy worries and technical glitches, and DHS received an "F" grade from the post-9/11 Commission's Public Discourse Project last month for failing to get the screening program operational.
The department's Data Privacy and Integrity Advisory Committee recommended in December 2005 that Secure Flight be more narrowly focused to avoid privacy concerns.

Identity management and use of biometrics and radio frequency identification to verify identity against databases also presents a plethora of challenges with regard to privacy.

The Real ID Act, with its standardized requirements for drivers' licenses, is viewed as a step toward a national identity card. Establishing identity, verifying it accurately and setting up fair procedures to correct errors and handle breaches are raising substantial public interest.

Resolving the ongoing privacy concerns related to anti-terrorism databases and to protection and verification of identity will take a long time, said Jennifer Kerber, homeland security director for the Information Technology Association of America.

"There is a great fear of creating a Big Brother network," Kerber said. However, she's optimistic that anxieties can be overcome by implementing IT appropriately.

Who is in charge of protecting critical infrastructure?

IT programs affected: IT Sector Coordinating Council; IT Information Sharing and Analysis Center, U.S. Computer Emergency Readiness Team

DHS released its draft National Infrastructure Protection Plan in November 2005, outlining a framework for 17 critical infrastructure sectors, including power, water, food, financial services and IT, to assess their vulnerabilities and to develop protections against terrorists. More than 80 percent of those sector assets are privately owned but are considered critical to national and economic security, as was demonstrated by the massive power blackout throughout the Northeast in August 2004.

But details of a critical infrastructure protection schema are absent. More than three years after the Sept. 11 terrorist attacks, it is not clear who will pay for and who will control protection of critical resources such as food, water, power and computer systems.

"No risk and vulnerability assessments [have been] actually made; no national priorities established; no recommendations made on allocation of scarce resources," states the Public Discourse Project report of December 2005. "All key decisions are at least a year away. It is time that we stop talking about setting priorities, and actually set some."

Staff Writer Alice Lipowicz can be reached at alipowicz@postnewsweektech.com.