The First DHS Bottom-up Review

In February, at the direction of Congress, the Department of Homeland Security (DHS) issued its first Quadrennial Homeland Security Review (QHSR), which outlined high-level, national strategic priorities for the country’s “homeland security enterprise.” In July, DHS issued a follow-up report, the Bottom-Up Review (BUR), which assessed how the department’s own “programmatic activities and organizational structure” comport with the QHSR’s long-term, national-level objectives. The BUR process catalogued over 300 potential initiatives, and the BUR itself serves as a bridge between the QHSR, the FY 2012 budget request (to be unveiled next February), and the DHS FY 2012–2016 Future Years Homeland Security Program (FYHSP), which will identify the budget plan needed to fully execute BUR initiatives in the coming years.

Like the QHSR, the BUR is framed around five core missions: counterterrorism, border security, immigration enforcement, cyber security, and resilience to disasters. The document also outlines three additional goals: building up DHS effectiveness, accountability, and maturity; strengthening ties between DHS and its state, local, tribal, territorial, and private-sector partners; and enhancing cooperation with international partners.
 
Indeed, the December 25 attempted airliner bombing highlighted the ability of terrorists to attack the homeland without ever setting foot on U.S. soil. The BUR thus rightly prioritizes greater international collaboration, to include information sharing and technology development and expanded DHS-related training and technical assistance. A number of security assistance models exist within the U.S. government, but many face—at one time or another—turf battles over funding and authority, plus questions about program effectiveness. It will thus be important to watch for how the department actually executes this effort.
 
Making Sense of the Document
 
Both the QHSR and BUR have been criticized for speaking in relative generalities (by contrast, the latest Quadrennial Defense Review—after which the QHSR was modeled—provides clear priorities with associated funding). The QHSR was mandated by the Implementing Recommendations of the 9/11 Commission Act of 2007, which articulated a number of specific reporting requirements, for example on providing budget plans. Given the lack of specificity in the QHSR, members of Congress were looking to the BUR for answers to those reporting requirements. Senator Joseph Lieberman (I-CT), chairman of the Senate Committee on Homeland Security and Government Affairs, criticized both documents, saying that “the narrative is too broad and the goals too vague.” And Representative Bennie Thompson (D-MS), chairman of the House Homeland Security Committee, lamented that the BUR failed to be the “deep dive” that Congress had expected. Part of this frustration may owe to the BUR’s design. As the authors note in the preface, the BUR was neither meant to frame strategy (as in the QHSR) nor outline specific budgetary and resource requirements (which is set to happen with the FY 2012 request and the FYHSP). Reading between the lines, however, it is possible to glean priorities likely to be reflected in future budget requests.
 
Whether at borders, airports, critical infrastructure facilities, or during immigration benefits processing, DHS is responsible for dozens of programs that entail the biographic and biometric screening and risk assessment of people, and the BUR includes a number of commitments to make that process smarter and more person-centric. An integrated DHS information sharing architecture is to be developed to allow for consolidated vetting, and DHS also commits to building recurrent screening (so that benefits are revoked as new threat information becomes available) into programs that don’t already do so. The BUR also hints at harmonized standards for credentialing of airport and surface transportation workers and a commitment to prioritize the fraud detection and national security arm of Citizenship and Immigration Services, which will presumably be important to any effort at comprehensive immigration reform.
 
DHS also created a National Protection and Programs Directorate (NPPD) in 2007, and the BUR aims to bring greater cohesiveness to NPPD’s infrastructure protection mission, both cyber and physical. Recall that the largest pre-9/11 terrorist attack on U.S. soil was the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City. Numerous Government Accountability Office (GAO) reports and congressional hearings have scrutinized the effectiveness of the Federal Protective Service (FPS), the DHS agency charged with protecting federal office buildings, and the BUR commits to redesign FPS (recently relocated to NPPD) to better match mission requirements to the risk profile of federal buildings.
 
And on cyber security, the BUR promises—among other points—more resources and advanced analytics to improve adversary identification, advance deterrence strategies, and promote better understanding of emerging cyber threats.
 
The BUR also indicates that, to procure cyber-security technology, DHS will seek to use new acquisition models—leasing agreements, technical service agreements, and the development of secondary markets for cyber-security technology among state, local, tribal, and territorial governments.
 
One question that DHS has struggled with since its inception is how better to organize its resources in the field—the amalgamation of legacy agencies has made for a hodgepodge of component-specific regional structures. The BUR commits to realign component regional configurations into a single regional structure (no small task). More importantly, one of the most frequently cited examples of effective cross-component field collaboration is the model established in South Florida under the umbrella of Southern Command’s Joint Interagency Task Force–South (JIATF-South), and the BUR commits to apply the JIATF-South model nationally. According to the BUR, “DHS will unify the uses of technology, surveillance capabilities, and related resources across air, land, and maritime domains, with an increased emphasis on data collection, data processing, and integrating sensors across domains.”
 
The BUR also commits to institutionalize the National Fusion Center Network through a new National Fusion Center Program Management Office (NFC-PMO). These examples illustrate two broader points. First, DHS appears to be embarking on a concerted effort to enable a generally smarter cross-DHS use of data collected across its mission sets, through advanced analytics and other tools, for better risk assessment of potential threats. Second, to have an effective requirements planning process, DHS must nurture an internal relationship between its relatively young headquarters planning, budgeting, and acquisition components and the much more established counterpart functions in its component bureaus. Components will be protective of those functions, especially as growth slows in the DHS budget. The BUR thus presumably reflects an effort to balance those component priorities with initiatives that enable DHS as a whole to be greater than the sum of its parts.
 
Next Steps
 
Subsequent budgets will tell where the true priorities lie, and the FY 2012 budget request, while not unveiled until next February, is in fact already well on its way to being built.
 
Of course, the BUR by its own admission entails initiatives that are multiyear in nature, and so an even better indication of DHS’s commitment to change will be the next FYHSP, which is prepared annually but has not heretofore been publicly released (by contrast, the Department of Defense and select other agencies publish five-year forward budget estimates). For an administration committed to greater transparency in government decisionmaking, publicly releasing the next FYHSP budget figures would be a useful way of laying out where the department’s sustained priorities will lie.
 
Rick “Ozzie” Nelson is director of the Homeland Security and Counterterrorism Program at the Center for Strategic and International Studies (CSIS) in Washington, D.C. Adam Isles is director of strategy and policy consulting at Raytheon Homeland Security. He is also a nonresident senior associate with the CSIS Homeland Security and Counterterrorism Program.
 
Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).
© 2010 by the Center for Strategic and International Studies. All rights reserved.
Image
Adam Isles

Adam Isles

Senior Associate (Non-resident), Homeland Security and Counterterrorism Program

Adam Isles