Summary: The Homeland Security Act of 2002, which created the Department of Homeland Security, brought together 22 diverse organizations to help prevent terrorist attacks in the United States, reduce the vulnerability of the United States to terrorist attacks, and minimize damage and assist in recovery from attacks that do occur. To accomplish this mission, the act established specific homeland security responsibilities for the department, which included sharing information among its own entities and with other federal agencies, state and local governments, the private sector, and others. GAO was asked to discuss DHS's information sharing efforts, including (1) the significance of information sharing in fulfilling DHS's responsibilities; (2) GAO's related prior analyses and recommendations for improving the federal government's information sharing efforts; and (3) key management issues DHS should consider in developing and implementing effective information sharing processes and systems.
DHS's responsibilities include the coordination and sharing of information related to threats of domestic terrorism within the department and with and between other federal agencies, state and local governments, the private sector, and other entities. To accomplish its missions, DHS must, for example access, receive, and analyze law enforcement information, intelligence information, and other threat, incident, and vulnerability information from federal and nonfederal sources; and analyze such information to identify and assess the nature and scope of terrorist threats. DHS must also share information both internally and externally with agencies and law enforcement on such things as goods and passengers inbound to the United States and individuals who are known or suspected terrorists and criminals. GAO has made numerous recommendations related to information sharing. Although improvements have been made, more efforts are needed to address the following challenges, among others, that GAO has identified: (1) developing a comprehensive and coordinated national plan to facilitate information sharing on critical infrastructure, (2) developing productive information sharing relationships between the federal government and state and local governments and the private sector, and (3) providing appropriate incentives for nonfederal entities to increase information sharing with the federal government and enhance other critical infrastructure protection efforts. Through its prior work, GAO has identified potential information sharing barriers, critical success factors, and other key management issues that DHS should consider as it establishes systems and processes to facilitate information sharing among and between government entities and the private sector. It will be important for the department to understand the numerous potential barriers to information sharing and develop appropriate strategies to address them, considering any related provisions of the Homeland Security Act. GAO's work has also identified critical success factors for information sharing that DHS should consider as it proceeds. Further, as part of its information technology management, DHS should develop and implement an enterprise architecture to integrate the many existing systems and processes required to support its mission and to guide the department's investments in new systems to effectively support homeland security in the coming years. Other key management issues include ensuring that sensitive information is secured, developing secure communications networks, integrating staff from different organizations, and ensuring that the department has properly skilled staff.