In Part 1 of our series, we investigate the context, fears and executive orders that shaped the formation of DHS Talk about pressure. The Department of Homeland Security, its 23 agencies cobbled together as fast as it takes to choose a team for a game of pickup hoops, is shouldering quite a lot of it these days. Beginning operations in January of 2003, in the wake of 9/11, when all of Washington was scrambling to figure out the best way to respond to future attacks, DHS is still an organizational baby. Yet it’s being asked to perform miraclesprotect the nation from the bad guys while simultaneously undertaking the biggest reorganization of government in decades.In a more peaceful world, the department might be cut a little more slack as it attempts to weave together some 180,000 employees, integrate scores of legacy IT systems, hire top-level leaders to guide the emerging behemoth, fight turf battles with longstanding agencies like the FBI and CIA, and figure out how best to allocate scarce resources. But the nation’s relatively comfortable state of security pre-9/11 has been shattered like a thin pane of glass, and fair or not, DHS doesn’t have the luxury of shrugging off the many mistakes it will make as it rises from the ground up, because any mistake could have consequences much worse than the destruction wreaked upon the World Trade Center and the Pentagon.The relative speed with which this massive reorganization is taking place certainly raises many questions. Was DHS too hastily put together in response to political pressures? Is it too big and cumbersome? What hurdles must it overcome to succeed? Will it ultimately prove more capable of fighting terrorism than would the individual efforts of the 23 discrete agencies that make up its DNA? As a kickoff to CSO’s homeland security series, this story looks at how DHS came into being, its current organization and some of the challenges it faces as it moves forward into an era in which a nation with a history of openness, unguarded borders and a Cold War defense paradigm must defend against shadowy, unpredictable opponents bent on its destruction.Past Is ProloguePrior to 9/11, federal responsibility for homeland security (though the term was not widely used then) was highly fragmented and decentralized. “There was no focal point for operational responsibility or accountability for the execution of a homeland security strategy,” says Ronald Dick, director of national security and foreign affairs at Computer Sciences Corp. and former director of the National Infrastructure Protection Center. A variety of agencies, such as the FBI, CIA, National Security Council and others, certainly paid attention to counterterrorism, but those organizations by and large had different objectives. “Each agency essentially had its own security prioritizations. There was little in the way of intelligence-sharing, little in the way of coordination or threat analysis,” says Michael Hershman, president and CEO of Civitas Group, a homeland security consultancy, and a former counterterrorism specialist in military intelligence. Hershman adds that what typified the nation’s response to terrorism, both in the public and private sectors, were reactive measuresfor example, beefing up security in New York City following the World Trade Center bombing in 1993. But after such incidents, he says, instead of thinking ahead strategically on how best to address future threats, the country lulled itself back into complacency, partly because the events were sporadic and seemingly uncoordinated. In 1998, the secretary of defense, with support from Congress and the White House, chartered the U.S. Commission on National Security/21st Century, commonly known as the Hart-Rudman Commission after cochairs and former senators Gary Hart and Warren Rudman. The commission undertook the most comprehensive review of national security since the National Security Act of 1947. Its findings, released in three reports from 1999 through 2001, suggested some of what was to come. The 1999 report concluded that “America will become increasingly vulnerable to hostile attacks on our homeland, and our military superiority will not entirely protect us.” In its February 2001 report, the commission recommended creating a national homeland security agency to coordinate the U.S. government’s efforts with regard to homeland security. Protection Here at HomeThe fragmented approach to counterterrorism came under a harsh light after 9/11. Following the attacks, the Bush administration realized the president had no one person or agency he could turn to to coordinate a response. It also became clear that the president needed to show the public that fighting terrorism was job one.On Sept. 20, 2001, Bush announced to Congress the creation of the Office of Homeland Security. Two weeks later, he issued Executive Order 13228, which established OHS in the Executive Office of the President (EOP) and appointed Tom Ridge as director. OHS’s mission was to develop and coordinate the implementation of a comprehensive national strategy to secure the United States from terrorist threats or attacks. The order also established the Homeland Security Council, made up of top executive branch officials, to coordinate the homeland security efforts of the executive departments and agencies. The Ridge appointment was viewed favorably by many in Washingtonhe had strong leadership qualities, having served in Congress and as governor of Pennsylvania, and was a good friend of the president, which gave him access to the Oval Office. However, the executive order that created OHS did not give Ridge the authority or resources to take the substantial steps needed to centralize the homeland security function; his advisory position gave him no control over the many agencies that played a role in homeland defense. Those agencies, like any institutional entity that feels threatened, also jealously guarded their turf. OHS’s relationship with the Homeland Security Council was also unclear, though Ridge served on it.Many members of Congress took issue with the executive order creating OHS. Because it classified Ridge as the assistant to the president for homeland security, Senate approval was not required for his appointment (presidential advisers don’t need confirmation). Nor could Congress compel Ridge to testify, because he was not a Cabinet officer. And, because of OHS’s location in the EOP, Congress had no oversight of the new office.It didn’t take long for some in Congress to propose a different homeland security framework. Three days after the creation of OHS, Sens. Joseph Lieberman (D-Conn.) and Arlen Specter (R-Pa.) introduced legislation to establish a Cabinet-level department of homeland security, based largely on the recommendations of the Hart-Rudman Commission (similar legislation was introduced in the House). In a press statement, Specter said, “As a practical matter, it is impossible for Gov. Ridge to go to the president every time there is a turf battle. There is a need for governmental structure in regards to homeland defense. That is the job of the Congress, and this legislation provides that structure.” However, lawmakers held off on pushing the legislation through, hoping the administration would act on its own.Holding Bush’s Feet to the FireThe pressure on the Bush administration to make OHS a Cabinet-level department continued unabated during the next few months. Ridge did submit to some informal questioning before Congress on the administration’s progress in securing the homeland, but they weren’t official hearings. In the meantime, frustration mounted on the Hill, and the House and Senate held a number of hearings on homeland security, prompting lawmakers to take matters into their own hands. In April 2002, at a Senate Governmental Affairs Committee hearing, senatorsLieberman, Specter and Bob Graham (D-Fla.)submitted a bipartisan proposal to create a National Department for Homeland Defense, which would combine the Coast Guard, Border Patrol, Customs, the Federal Emergency Management Agency (FEMA) and three smaller critical infrastructure offices.Meanwhile, in the nation’s press and from congressional hearings, new details were emerging daily, such as those involving the Phoenix and Minnesota FBI agents whose warnings about Middle Easterners studying at flight schools went unheeded.As pressure on the administration grew, the White House launched a top-secret plan for a new Cabinet-level department. Bush’s resistance to such an entity had begun to fade. Ridge had quietly been pushing the administration for months to create a more powerful, centralized agency. And Congress might have preempted the White House with its own planbad PR for a president trying to assure the public that the administration was doing all it could to protect the homeland. “If it was going to happen, it was going to happen on their terms,” says Donald Kettl, professor of political science and public affairs at the University of Wisconsin at Madison, and director of the project on federalism and homeland security at the Century Foundation.In late April, according to The Washington Post, Bush assembled four of his most trusted aidesRidge, White House Chief of Staff Andrew Card, then Office of Management and Budget Director Mitchell Daniels, and White House counsel Alberto Gonzalesto craft an initial proposal. Over a number of weeks, they met in an underground room at the White House known as the Presidential Emergency Operations Center. Eventually more aides were pulled in, but the group remained small. All participants were held to a code of silence. Cabinet officers, members of Congress and other top White House staffers were not consulted about the plan. The Bush team felt that the element of surprise would give the plan its best chance for success. If word had leaked, or the process had been made public, many in Congress would have jumped into the fray, adding their own desires and agendas while slowing down the process. On June 6, 2002, the president announced his proposal to create a Department of Homeland Security. It was a shrewd move politicallyBush grabbed the initiative back from Congress and took on the new department, which he had previously resisted, as his own cause. But the narrow makeup of the group had drawbacks. “You don’t engage everybody who knows something about [homeland security],” says I.M. Destler, professor and director of the international security and economic policy program at the University of Maryland School of Public Affairs. “And the people who were involved in the process didn’t know a lot about it.” Nonetheless, after some months of debate, Congress passed the law establishing the new department in November. In January 2003, DHS opened for business.Putting Together the PuzzleDHS is a startup wrapped in an acquisition wrapped in a mergerit makes business unions such as HP-Compaq and J.P. Morgan Chase-Bank One look like exercises at an offsite. The 23 agencies composing DHS are a patchwork quilt of missions; all have some homeland security-related duties but plenty of other responsibilities as well. (Note: At the time of its formation, DHS comprised 22 agencies. Currently, there are 23.) FEMA, for example, focuses on responding to natural disasters while the Coast Guard enforces marine safety, rescues stranded boaters and interdicts narcotics. “If you think of the 22 entities in DHS, probably only one would have said [before 9/11] that homeland security was its primary mission: the Transportation Security Administration, which didn’t get formed until after 9/11,” says Randall Yim, a managing director of the homeland security and justice team at the General Accounting Office. (For a look at DHS’s 23 agencies, see “Catch-23,” opposite page.)DHS must grapple with a mission that’s constantly in flux. The services that came together under the Department of Defense at least had a common purpose. “The toughest challenge is figuring out what DHS is trying to do and whom to work with to get the job done,” says Kettl.Did the White House bite off more existing agencies than the new department could possibly chew? That question was raised by some who, pre-DHS, advocated a smaller, more streamlined, more flexible organization. For example, in a 2002 report titled “Assessing the Department of Homeland Security,” the Brookings Institution argued for a Cabinet-level agency that focused on border security and would have included the Coast Guard, Customs, TSA, part of the Agriculture Department, and the Immigration and Naturalization Service enforcement units.The speed at which this off-the-charts overhaul of the federal government was occurring was also a controversial issue. When Hershman first heard the plan for DHS, “My first thoughts were, ‘My God, let’s not do this so quickly,'” he says. He favored a more cautious approach, noting that, “We were still in a time of great emotional upset. Typically in times like that, you’re not thinking as clearly and rationally as you need to be.”The Many Management ChallengesWhether a DHS-Mini-Meor the one that came together later, after further deliberationwould have been a more desirable result amounts to Monday-morning quarterbacking. For now, the department is what it isbig, diffuse and facing a multitude of management, cultural and homeland security challenges that almost seem unfair to impose on this baby-faced organization. The list of management issues that come part and parcel with creating and staffing up a new bureaucracy reaches as high as the Washington Monument. Even figuring out what’s on the list has been difficult. The GAO’s Yim says that DHS was supposed to have delivered its strategic plan, with milestones and performance goals, last September. Instead, the department postponed doing that until the first quarter of 2004.Trying to integrate hundreds of legacy technology systems in 23 agencies is an unenviable task. In addition to wiring itself, DHS must also create links to outside agencies like the DoD, CIA and FBI, as well as state and local governments. It must consolidate redundant systemsas of last fall, more than 80 financial management applications exist in the legacy systems of DHS agencies. And it must develop new ones. But introducing new technologies and systems takes months, even years, to roll outand that’s before dealing with the inevitable bugs.Then there are the cultural issues. Employees must change their mind-sets from loyalty to their legacy agencies to loyalty to DHS. That’s a difficult transition, especially for those who’ve served in one agency for a long time and take pride in its history and traditions (Customs, for example, dates back to 1789). Also, the government has always been organized around stovepipes. Agency leaders jealously guard their turf, and many employees have little interaction with agencies outside their four walls. Now DHS employees must think of themselves as working for a larger entity and coordinate and share in ways they’ve never had to before. (One only needs to look at the lack of intelligence-sharing among agencies like the FBI and CIA to know that agency insularity won’t change overnight.)Leadership is extremely important, and Ridge has the confidence of the president and wide support in Congress to lead the department. However, DHS has experienced worrisome turnover in other key positions. Richard Clarke and Howard Schmidt, two of the Bush administration’s top cybersecurity officials, both resigned last year (Clarke has criticized what he sees as the administration’s loss of focus on cybersecurity in recent months). Deputy Secretary Gordon England and Paul Redmond, assistant secretary for information analysis, also both left in 2003 (Redmond stirred controversy last June when he testified before the House Select Committee on Homeland Security that he had only 26 intelligence analysts after five months). “Homeland security is a big, unifying force,” says Yim. “But it doesn’t help that you’ve had top management turnover, criticism about lack of transparency and lack of a strategic plan.”Intelligence-sharing remains a hot-button issue. DHS is still trying to figure out how to work with DoD, the Terrorist Threat Integration Center and other intelligence agencies, and those agencies are grappling with their own sharing issues. A report the Department of Justice released in December shows how far there is to gotwo years after 9/11, the FBI still gets poor marks for sharing intelligence both within its ranks and with other agencies. And a GAO report released last August, which surveyed federal, state and local officials, found that information-sharing processes have a long way to gojust 13 percent of federal government respondents said that sharing with states and cities is “effective” or “very effective,” and only 15 percent of the large cities that responded said they receive information about the movement of known terrorists. These reports suggest that information-sharing will likely remain an albatross around DHS’s neck for the foreseeable future.Moneymore specifically, the lack of itis also a never-ending source of contention. Governors and mayors plead for more funding, particularly for first responders. The private sector wants financial assistance to secure the nation’s infrastructure. State and federal agencies, feeling understaffed and overworked with new homeland security duties, want more money to carry out their missions. But with burgeoning deficits and operations in Iraq making resources even more scarce, DHS is just one more organization fighting for a piece of the federal funding pie.The FutureIt’s easy to pick on a new organization that’s still trying to find its way, but one can’t ignore the progress DHS has made in some areas. Border security, for instance. The US-Visit program, which was unveiled in January in 115 airports and in cruise ship terminals at 14 seaports, requires foreign visitors (some countries are exempted) to have their index fingers digitally scanned and a digital photograph taken as they enter the country. Finger scans will be run against a database of known and suspected terrorists and criminals. Container security is another hot spot where progress has been made: DHS’s C-TPAT (Customs Trade Partnership Against Terrorism) requires member companies to formally audit the security of their supply chains. The Container Security Initiative puts U.S. Customs officials at major international ports to inspect high-risk cargo before it embarks for the United States. Another regulation requires foreign shippers to declare cargo 24 hours before it enters the United States. And most would agree that airline travel is safer now than before 9/11.But controversy follows many of DHS’s moves like a shark trailing the scent of a freshly opened wound. The US-Visit program is a good example. Supporters hail the program as an important step in making our borders safer. Privacy advocates, on the other hand, decry the fact that millions of innocent travelers will now have their finger scans and photos in a database (the U.S. government hasn’t said how long it will keep that information). Airlines worry about long lines. People in countries singled out in the program say it’s discriminatory, especially because visa waivers are given to citizens from 28 countries.So DHS lumbers on, under the watchful gaze of employees who wonder how they fit in, a Congress that wants more oversight, foreign nations troubled by some of its initiatives, CSOs who are being asked to beef up the security of the critical infrastructure but worry about the financial burden, and an American public that wants more security but complains about the hassles and worries about privacy. Most people would agree that our country needs a Department of Homeland Security. They’re just not sure how it’s going to work, and at this point, neither is DHS. Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe