in Government Accountability Office Reports
Information Sharing: Agencies Could Better Coordinate to Reduce Overlap in Field-Based Activities (GAO-13-471, April 2013) (72pp | 3.3m | PDF) — “Five types of field-based information-sharing entities are supported, in part, by the federal government—Joint Terrorism Task Forces, Field Intelligence Groups, Regional Information Sharing Systems (RISS) centers, state and major urban area fusion centers, and High Intensity Drug Trafficking Area (HIDTA) Investigative Support Centers—and have distinct missions, roles, and responsibilities. However, GAO identified 91 instances of overlap in some analytical activities—such as producing intelligence reports—and 32 instances of overlap in investigative support activities, such as identifying links between criminal organizations. These entities conducted similar activities within the same mission area, such as counterterrorism, for similar customers, such as federal or state agencies. This can lead to benefits, such as the corroboration of information, but may also burden customers with redundant information.”
Information Sharing: Additional Actions Could Help Ensure That Efforts to Share Terrorism-Related Suspicious Activity Reports Are Effective (GAO-13-233, March 2013) (68pp | 5.2m | PDF) — “This report addresses the extent to which (1) federal agencies have made progress in implementing the [NSI], and what challenges, if any, remain; (2) the technical means used to collect and share reports overlap or duplicate each other; (3) training has met objectives and been completed; and (4) federal agencies are assessing the initiative’s performance and results.”
Information Sharing: DHS Has Demonstrated Leadership and Progress, but Additional Actions Could Help Sustain and Strengthen Efforts (GAO-12-809, September 2012) (57pp | 1.4m | PDF) — “The Department of Homeland Security (DHS) has made progress in achieving its information-sharing mission, but could take additional steps to improve its efforts. Specifically, DHS has demonstrated leadership commitment by establishing a governance board to serve as the decision-making body for DHS information-sharing issues. The board has enhanced collaboration among DHS components and identified a list of key information-sharing initiatives. The board has also developed and documented a process to prioritize some of the initiatives for additional oversight and support. However, because DHS has not revised its policies and guidance to include processes for identifying information-sharing gaps and the results; analyzing root causes of those gaps; and identifying, assessing, and mitigating risks of removing incomplete initiatives from its list, it does not have an institutional record that would help it replicate and sustain those information-sharing efforts.” (57 pp. PDF)
Information Sharing: Progress Made and Challenges Remaining in Sharing Terrorism-Related Information (GAO-12-144T, October 2011) (23pp | 296kb |PDF) — "The government continues to make progress in sharing terrorism-related information among its many security partners, but does not yet have a fully-functioning ISE in place. In prior reports, GAO recommended that agencies take steps to develop an overall plan or roadmap to guide ISE implementation and establish measures to help gauge progress. These measures would help determine what information sharing capabilities have been accomplished and are left to develop, as well as what difference these capabilities have made to improve sharing and homeland security. Accomplishing these steps, as well as ensuring agencies have the necessary resources and leadership commitment, should help strengthen sharing and address issues GAO has identified that make information sharing a high-risk area."
Information Sharing Environment: Better Road Map Needed to Guide Implementation and Investments (GAO-11-455, July 2011) (80pp | 960kb | PDF) — "Since GAO last reported on the ISE in June 2008, the Program Manager for the ISE and agencies have made progress in implementing a discrete set of goals and activities and are working to establish an ‘end state vision’ that could help better define what the ISE is intended to achieve and include. However, these actions have not yet resulted in a fully functioning ISE…. The Program Manager and agencies also have not yet identified the incremental costs necessary to implement the ISE—which would allow decision makers to plan for and prioritize future investments—or addressed GAO’s 2008 recommendation to develop procedures for determining what work remains. Completing these activities would help to provide a road map for the ISE moving forward…. Without establishing an improved [enterprise architecture (EA)] management foundation, including an ISE EA program management plan, the federal government risks limiting the ability of ISE agencies to effectively plan for and implement the ISE and more effectively share critical terrorism-related information."
Critical Infrastructure Protection: DHS Has Taken Action Designed to Identify and Address Overlaps and Gaps in Critical Infrastructure Security Activities (GAO-11-537R, May 2011) (29pp | 365kb | PDF) — "[W]e found:  DHS coordinates with CIKR stakeholders, including other federal regulatory authorities, through information-sharing mechanisms, such as council meetings, and other efforts to identify overlaps and gaps in CIKR security activities.  DHS is taking action to address overlapping security activities by clarifying roles and responsibilities for CIKR security activities with agencies that have regulatory oversight, such as the Nuclear Regulatory Commission, through coordination mechanisms, including memorandums of understanding and working groups.  DHS works to address gaps in infrastructure security by developing and distributing tools such as guides that promote common security activities; conducting voluntary training and security exercises to enhance security capabilities; providing information on resources available to security partners; and, as appropriate, conducting site vulnerability assessments and security surveys at both public and privately."
Biosurveillance: Developing a Collaboration Strategy Is Essential to Fostering Interagency Data and Resource Sharing (GAO-10-171, December 2009) (38pp | 523kb | PDF) — "To carry out its early detection and situational awareness mission, NBIC has made efforts to acquire data from the integration center’s community of federal partners, obtain analytical expertise from other agencies, establish governance bodies to develop and oversee the community of federal partners, and provide information technologies to support data collection, analysis, and communication. However, NBIC does not receive the kind of data it has identified as most critical for supporting its early detection mission—particularly, data generated at the earliest stages of an event…. NBIC is not fully equipped to carry out its mission because it lacks key resources—data and personnel—from its partner agencies, which may be at least partially attributed to collaboration challenges it has faced…. Development of a strategy for collaboration and the use of these key collaboration practices could enhance NBIC’s ability to foster interagency data and resource sharing."
Defense Biometrics: DOD Can Better Conform to Standards and Share Biometric Information with Federal Agencies (GAO-11-276, March 2011) (50pp | 1.42kb | PDF) — "DOD has adopted a standard for the collection of biometric information to facilitate sharing of that information with other federal agencies. DOD recognized the importance of interoperability and directed adherence to internationally accepted biometric standards. DOD applied adopted standards in some but not all of its collection devices…. To improve DOD’s ability to collect and share information, GAO recommends that DOD implement processes for updating and testing biometric collection devices to adopted standards; fully define and clarify the roles and responsibilities for all biometric stakeholders; finalize an agreement with the Department of Homeland Security (DHS); and identify its long-term biometric system capability needs."
Homeland Security: Better Use of Terrorist Watchlist Information and Improvements in Deployment of Passenger Screening Checkpoint Technologies Could Further Strengthen Security (GAO-10-401T, January 2010) (26pp | 365kb | PDF) —"In October 2007, GAO reported that not checking [all individuals] against all records may pose a security risk and recommended that DHS and the FBI assess potential vulnerabilities, but they have not completed these assessments….Further, the government lacks an up-to-date strategy and implementation plan—supported by a clearly defined leadership or governance structure—which are needed to enhance the effectiveness of terrorist-related screening and ensure accountability…. As GAO reported in October 2009, since TSA’s creation, 10 passenger screening technologies have been in various phases of research, development, procurement, and deployment, including the Advanced Imaging Technology (AIT)—formerly known as the Whole Body Imager….Since GAO’s October report, TSA stated that it has completed the testing as of the end of 2009. We are currently verifying that all functional requirements of the AIT were tested in an operational environment. Completing these steps should better position TSA to ensure that its costly deployment of AIT machines will enhance passenger checkpoint security."
Information Technology: Federal Laws, Regulations, and Mandatory Standards for Securing Private Sector Information Technology Systems and Data in Critical Infrastructure Sectors (GAO-08-1075R, September 2008) (74pp | 835kb | PDF) — "Federal policy identifies 18 infrastructure sectors—such as banking and finance, energy, public health and healthcare, and telecommunications—that are critical to the nation’s security, economy, public health, and safety. Because these sectors rely extensively on computerized information systems and electronic data, it is crucial that the security of these systems and data is maintained. Further, because most of these infrastructures are owned by the private sector, it is imperative that public and private entities work together to protect these assets. The federal government uses both voluntary partnerships with private industry and requirements in federal laws, regulations, and mandatory standards to assist in the security of privately owned information technology (IT) systems and data within critical infrastructure sectors."
Information Sharing: Definition of the Results to Be Achieved in Terrorism-Related Information Sharing Is Needed to Guide Implementation and Assess Progress (GAO-08-637T) (26pp | 268kb |PDF) — "ISE stakeholders are taking steps to improve terrorism-related information sharing, but work remains to define the scope of the ISE, roles and responsibilities, the desired results to be achieved, and measures for assessing progress….This testimony discusses three key information sharing efforts: (1) the actions that have been taken to guide the design and implementation of the Information Sharing Environment (ISE) and to report on its progress, (2) the characteristics of state and local fusion centers and the extent to which federal efforts are helping to address some of the challenges centers reported, and (3) the progress made in developing streamlined policies and procedures for designating, marking, safeguarding, and disseminating sensitive but unclassified information."
Information Sharing: DHS Should Take Steps to Encourage More Widespread Use of Its Program to Protect and Share Critical Infrastructure Information (GAO-06-383, April 2006) (41pp | 444kb | PDF) — "DHS faces challenges that impede the private sector’s willingness to share sensitive information. Key challenges include defining specific government needs for critical infrastructure information[;] determining how the information will be used[;] assuring the private sector that the information will be protected and who will be authorized to have access to the information[;] and demonstrating to critical infrastructure owners the benefits of sharing the information. If DHS were able to surmount these challenges, it and other government users may begin to overcome the lack of trust that critical infrastructure owners have in the government’s ability to use and protect their sensitive information."
Establishing Effective Information Sharing with Infrastructure Sectors (GAO-04-699T, April 2004) (43pp | 300kb | PDF) — "Federal policy has encouraged the voluntary creation of Information Sharing and Analysis Centers (ISACs) to facilitate the private sector’s participation in CIP [critical infrastructure protection] by serving as mechanisms for gathering and analyzing information and sharing it among the infrastructure sectors and between the private sector and government …. The ISACs themselves, although they have similar missions … serve the unique needs of the sectors they represent and … operate under different business models and funding mechanisms. According to ISAC representatives, a number of challenges to their successful establishment, operation, and partnership with DHS and other federal agencies remain. These challenges include increasing the percentage of entities within each sector that are members of its ISAC; building trusted relationships and processes to facilitate information sharing; overcoming barriers to information sharing, clarifying the roles and responsibilities of the various government and private sector entities that are involved in protecting critical infrastructures; and funding ISAC operations and activities."