It helps describe his message, it helps drive the news of the day which he can do every day and does every day. Hes constantly driving the message and therefore having us around really allows him to do that. Q a, sunday night at 8 00 eastern on cspan. Homeland Security Officials talked about what theyre doing to combat threats to the u. S. , focussing on interagency communication and efforts to improve efficiencies. They spoke before the Senate Homeland security and Governmental Affairs committee. Good morning. This roundtable of the Homeland SecurityGovernmental Affairs will come to order. I want to welcome our participants, well call them, i guess theyre witnesses. We have the honorable elaine duke, the honorable claire grady, the honorable george scott and the honorable john kelly from dhs, the gao as well as the office of the Inspector General. This roundtable discussed the attempt to reauthorize dhs. The house passed their bill. They have a memorandum of understanding to consolidate that entire process under the committee of Homeland Security in the house. Its a little messier here in the senate, which is not unusual. The Customers Committee has taken up and passed authorize for tsa and coast guard. The judiciary has a number of components. We have my staff keeps telling me somewhere around 40 to 50 of dhs thats really what were here to talk about today. I think its accurate to say that with the house authorization does, and this is what you need to do in these authorizations, take what dhs currently does and codify it. Take the recommendations from the gao and the i. G. Reading your testimony, its pleasing to see how many recommendations the department has made over a number of administrations to improve their operation. Lets also admit that this has not been an easy department to establish and operate. 22 agencies cobbled together, divot missions trying to development that Different Missions trying to development that unity of mission. We helped a little bit in the last Congress Working on some of that effort, unity of effort but, again, were trying to codify these things. There are i think a couple of key changes or new departments that want to codify the countering weapons of mass destruction office. I think we want to figure out some way to take nppd, focus its mission, do the renaming and weve talked a little bit about do we do that on a mustpass piece of legislation . Do we do that on this authorization . Think there is a great deal of desire to do it. Its just a matter of how do we get those efforts signed into law . A couple of items need to be worked out, authorization for fema grants. What are we going to do with the federal protective service . We continue to have those discussions. Maybe thats something we can determine and come to conclusion with voting in a markup. My last point, is i do want to talk about, think, the one glaring omission out of the house authorization and something that maybe its too controversial, but its something that i think the department really needs is a very serious look at all the committees jurisdiction to have that youre responsible to. In my briefing, we got this little chart of all the committees and, you know, ive never got because nobody really completely knows, i dont think, how many committees and subcommittees you actually do have that responsibility to report to and that have jurisdiction over you, but some of the information is pretty interesting. The number of hearings that dhs personnel have participated in prior congresses, 304, 219 in the 113th. 211 in the 114th congress. Witnesses in the 400 levels. The briefings, thousands. 4,000 in the 111th congress. Now, as the oversight committee, we strongly believe in Agency Responsibility in terms of reporting to us and transparency, all those types of things, but it needs to be more streamlined. So i think one of the things were suggesting is generally not real nuts about commissions. Im not sure any other way to do this. Open to other ideas, but establishing some kind of commission to work with house committees and Senate Committees to reduce that burden, because from my standpoint, i want to make sure that the department and focussing on its primary mission, which is keeping america safe and secure. With that, i ask unanimous consent that my written Opening Statement be entered into the record. With that, i open it up to our Ranking Member, senator mccaskill. Thank you, mr. Chairman. Im a little confused as to why this is a roundtable instead of a hearing. I hope someone can speak to that. This is an administration that prides itself on getting rid of senseless regulations and im being told the reason that we did this is because you didnt have time to get testimony approved by omb. Is that right . Is that why its not a hearing . I think it was a conversation between staff and dhs in term office what would be the best form to have these discussions to prepare for a markup. To actually pass this peace authorization. To me, its not a big difference one way or the other. Well, it, you know, i think its really important, the reauthorization of dhs. I think it rises to the level of a hearing. You and i may just have a disagreement about that. I didnt know that i was under the impression that it was something that the department didnt have ample opportunity to prepare for a hearing because of the approval of omb, but if it was just a choice of the chairman, then you and i just have a difference of opinion about whether or not this rises to the level of a hearing. Ive got a number of things id like to take time to talk about today. I probably wont have time to talk about all of them. Obviously i continue to be very concerned about acquisition. And how well the department handles acquisition. We see press about the most egregious examples, obviously the recently one, we have a contractor who clearly has a very troubled history with the federal government. Yet we entered into a contract for them to deliver meals and clearly they did not deliver on that contract. They did not perform under that contract. I think weve got to really drill down about debarment and suspension and why is that such a hard thing to do in the federal government . I can assure you my colleague, the chairman, if it was his company, if it was a private business and you had somebody that was a supplier and they screwed up time after time after time, you know what that business would do . Theyd quit doing business with them. But the federal government seems to never quit doing business with anybody who screws up and i dont get it. I would like us to get to the bottom of that. I also obviously have questions that i will spend some time on. Im very concerned about the privilege dispute in the i. G. Report. This is groundbreaking. It is unprecedented. It is very, very bad. And i want to get to the bottom of it. I also will put my written statement in the record, since we have great attendance this morning and i think everybodys got questions. Lets move to questions, and i will ask my written statement to be put into the record. Again, it is my understanding you each should have an Opening Statement. Why dont we start with the honorable elaine duke. The deputy secretary to the department of Homeland Security. I will thank you. And we just have one opening want to get closer if you can. Thank you. I will just give one Opening Statement for the department. Thank you for having both of us here. Claire grady, as the undersecretary for management, as our chief management officer and i as the deputy secretary am acting as our chief operating officer. There is a strong linkage to that. Hopefully with the two of us we can cover all the areas today. You have been great partners and were really looking forward to having some open and honest dialogue. Purpose for dhs is clear. Its even clearer now with the threats against our country, and we welcome an authorization act that would give us updated authorities, updated support and updated accountability, even, for the country which we support. We recognize that we have to ensure that we carry out the mission on behalf of the country and that were serving even our employees, our 240,000 employees right. When we think passage of the authorization act would be helpful in us executing our authorities and our responsibilities. Over the past year at dhs, ive been working on a unity of effort effort at dhs and this is critical, and hopefully well have time to talk about it today, but its really looking at how we as the headquarters operate to enable and support the headquarters. And i see three roles for the headquarters elements, leading a community of practice, being subject Matter Experts and servicing the headquarters. And i think that your proposal, mr. Chairman, of consolidating some of the committees would really be a great parallel to what were trying to do in headquarters and to line and streamline even better. Weve made great progress. We have to do more in this area. What were looking for in an authorization bill overall is something that does what you say and codify some of the efforts were making already, the leadership commitment, but doesnt go so far as to dictate legislate areas that really would be difficult to change or take away key and essential flexibilities of the secretary and the leadership of the department. So finding that right balance. We do feel like areas in an authorization bill that would help us with personnel, things such as hiring retention and separation flexibilities and management of our employees would be helpful and we can discuss those in a level of detail either now or in subsequent discussions with you or the Ranking Member later. Also, the departments cyber and infrastructure security. We do have the senior official performing the duties of the undersecretary, chris crebs, with us here today to talk about the nppd area and the countering of weapons of mass destruction. So we are looking forward to coming up with some agreements that can or providing you information that will help inform your authorization bill. Thank you. Well go to plo george scott. Mr. Scott . Thank you, chairman johnson, Ranking Member mccaskill and members of the committee. Im pleased to be here today to discuss opportunities to further strength the department of Homeland Security. Over the past 15 years, dhs has implemented a range of Homeland Security operations while making significant progress in addressing the highrisk area of transforming the department and strengthening its management functions. We now consider dhs to be a model for how other agencies should address their highrisk issues. That said, there are a number of key areas the Department Needs to continue to improve. Reauthorization provides an opportunity to reflect on the progress the department has made and also how best to align the dhs missions, roles and responsibilities to better counter new and emerging threats to the homeland. Id like to briefly discuss some specific examples where we think legislation to reauthorize the department would help. In terms of departmental organization, codifying the roles and responsibilities of the National Protection and programs directer renaming the office to better reflect those responsibilities would be a positive step. In the area of protecting Critical Infrastructure, congress could require dhs to evaluate the assistance and information it provides to stakeholders regarding Cyber Security protections, particularly those sectors that work with the department on a voluntary basis. It is important for dhs and the congress to better understand to what extent those efforts are yielding positive results. While the department has made progress addressing Financial Management issues, including receiving a clean audit opinion on its Financial Statements for five consecutive years, significant challenges remain, in particular, the department continues to struggle with its Financial System modernization efforts and additional oversight is warranted. Dhs also needs to continue to develop a Financial Management workforce with the skills necessary to uphold a strong internal control environment and the congress could require the department to develop a comprehensive strategy for doing so. Finally, no discussion of the department would be deplete without touching on the area of Acquisition Management. The department has taken a number of important steps in response to general recommendations to improve oversight of its acquisitions. For example, it reestablished the joint requirements council, codifying the role of the jrc as recently proposed by senator mccaskill and that the department continues to follow sound practices will help increase accountability for the billions of dollars the department spends each year. This concludes my statement and i look forward to answering any questions you have. Thank you. Our final witness is mr. John kelly. Acting Inspector General for the office of the department of Homeland Security. Good morning. Good morning. Thank you for inviting me to discuss dhs reauthorization act and positioning dhs to address new and emerging threats. Since its establishment, dhs has progressed in addressing challenges to accomplish its mission, however, to fulfill its Vital Mission of successfully protecting and securing our nation, dhs must continue to overcome challenges that hinders its effort. Over the last few years, my office has issued numerous reports that address the challenges that face dhs. Many of those challenges congress addressed in h. R. 2825, the dhs reauthorization act. With implementation of our recommendations and your legislation, dhs can continue to improve its operations and reduce fraud, waste and abuse. However, if the department ignores these challenges, it will be difficult for this to effectively and efficiently address new and emerging threats to the homeland. In our last two annual reports on dhs Major Management and performance challenges, we highlighted the two of the most significant longstanding challenges. First, dhs leadership must commit itself to ensuring dhs operates more as a single entity rather than a confederation of components. The Department Leadership must also establish and enforce a strong internal control environment. The current internal control environment is relatively weak and affects all aspects of the departments missions, including border protection, immigration enforcement, protection against terrorist attacks, natural disasters and Cyber Security. Fortunately, the dhs authorization act reenforces the need for the Department Unity by streamlining oversight, accountability and eliminating redundancy. Another important area is Acquisition Management. In fiscal year 2017, dhs spent more than 33 billion on contractual conservatives, supplies is services. Thus, the Acquisition Management is critical if fulfilling its mission. Implementing an effective Acquisition Management system is inherently complex. Dhs annually spends tens of billions of dollars on a broad range of assets and Services Including ships, arab, surveillance towers, Nuclear Detection equipment, financial and Human Resources systems and technology systems. To its credit, dhs has improved some of the acquisition processes, however, challenges remain. Provisions of the dhs authorization act which strengthen the role of the undersecretary of management implement efficiencies across components and better ensure oversight and accountability, this safeguarding billions of taxpayer dollars. Dhs must also strengthen aviation security. Nowhere is at symetric threat of terrorism more evident than the area of aviation security. Tsa cannot miss a single threat without catastrophic consequences. Terrorists need only to get it through once. The detection of dangers items on people and baggage our work has identified vulnerabilities in tsas screening operations. Weve conducted nine covert Penetration Testing audits on passenger baggage and screening operations. I cannot provide the results in an unclassified setting but can characterize them as troubling and disappointing. Tsas failures were caused by a combination of technology and human error. I am pleased that tsas leadership understands the gravity of our findings and is moving to address those. We recently audited the federal air marshals serves contributions to tsas security. Although the detailed results are classified, i can state that some of the funding could be discontinued and reallocated to higher priority areas. Finally, a primary focus of dhs is the integrity of the roughly 240,000 departmental employees, while the vast majority of dhs employees and contractors are honest and hardworking public servants, much of our investigative case load concerns allegations of corruption on part of dhs Law Enforcement personnel and government contractors. While the dhs authorization act implicitly grants the oig the right to first refusal, we suggest the act explicitly grant that right to us. Inspector generals play a Critical Role in assuring transparent, honest, effective and accountable government. The American Public must have a fundamental trust that the Government Employees are held accountable for crimes and serious misconduct by an independent factfinder. Mr. Chairman, this concludes my comments. Youre welcome to answer questions. Thank you, mr. Kelly. One of the reasons i like this roundtable approach in general in the past it allows a pretty free flow of questioning and we can stay on one topic. So the way i want to approach this, we have a timer. Its set for five minutes. The yellow light goes when there is one minute left and the red light goes when your time is up. I do want to accept and not necessarily encourage, but if you have a followon question that is pertinent to what another member is asking so we can cover the topic right then and there as opposed to, you know 15 minutes, a half hour later bring up the topic again and rehash it, you know, just raise your hand. I really want it disciplined, kind of one shot per member on a particular topic and it has to be pertinent, okay . I think that will add to the discussion. Ill defer my questioning and turn it over to senator mccaskill and see if this thing works. Im a little confused about the process here, but were going to well forge ahead. It will be good. This is going to be a roundtable, i sure hope were not cutting people off from being able to ask as many questions as they want. No. Okay. Lets start with the thing that concerns me because of my work with the i. G. Community as a former auditor. The Inspector General conducted an extensive review of the departments implementation of the president s travel ban. The cooperation hit a roadblock when the Inspector General roth took steps to release his findings. Not only did it take months for the department to respond to the Inspector General regarding privilege claims so the report could be released, in the end, the department decided to assert a privilege that had never been used before. Invoking a deliberate process privilege. Now, the irony is that youre invoking a deliberate process privilege in the implementation of the travel ban. If there was ever anything that wasnt deliberate, it was that. Because it occurred without adequate notice to the department, without adequate preparation to the department. Anybody with common sense could look at it and see that, so the irony is that youre using a deliberative process privilege to block information from the public. Are we allowed to see this information, ms. Duke . The concern over the deliberative process was it has to be protected. We have to be able to have discussions with the president , the administration, thats additionally, its under litigation, and thats the issue here. And we it is important that we protect this. Yes, we will provide the report as it is to the to the congress. I think that the important thing to note is that even with the redactions, does state what the process was. And i think and we believe that even with the deliberate process it gives adequate information about what happened with the travel ban. Well, but this is i mean, i just think its outrageous. I dont i dont understand it. Governments sued all the time. We cant use litigation as an excuse to stop information from the Inspector Generals. We cant do that because every department will then say, oh, were under litigation. Is this an executive privilege or a deliberate process privilege . Is this the white house that is exerting this privilege or is it your department . There were different pieces of the report that came under different privileges. Some were executive, some were deliberative process. The i. G. Got all that information. It was an issue of whether it could be made public through a public report. So the i. G. Does have the information. Okay. So but the i. G. Cannot share that with me . Correct. So or the chairman of this committee . We would happy to have a discussion about that with you if youd like to go over the findings of the report. I will commit to you that i will come in and talk to you about the report. Im going to need more explanation about this because this could be a trend. All of a sudden we could have i. G. S all over government saying this was a deliberative process, we cant talk about this, and then all of a sudden our oversight is done. Right. We find it highly unusual for an i. G. Report to be solely focused on discussions within the executive branch, between the, you know, a lot of the report was focused on email notifications, those types of things. Normally an i. G. Report would be focused on how to dhs implement the travel ban extension. For someone who has probably read as many i. G. Reports and gao reports in this room, emails are always a part of those reports. And emails regarded to how we implemented it i think would be appropriate. I think the deliberative process refers more in the early stages of how we converse predecisional, if you will, in the executive branch. Im going to ask for a oneonone briefing on this. If we have to do it in a classified setting, whatever. I want to know whats being hidden from the public and then we can go from there. Okay. On acquisitions, the recruiting contract. We have now entered into weve asked for information on this recruiting contract for the cpb. We asked january 3rd. We still havent gotten anything. Was it competitively bid . Yes, maam, it was. So the best deal we could get was paying 40,000 for every job that pays 40,000 . So we looked at it from a the perspective of competitive selection and that representing what best met our needs at a fair price. When we looked at it, we looked at it in its entirety. As you know, weve struggled to hire the necessary staff for Border Patrol agents, Border Patrol officers, air and marine. Despite using a range of options, including retention incentives and things weve done from a recruiting perspective, we have a net loss of 400 for Border Patrol agents every year. We needed to do something above and beyond what we were able to do, particularly with the intent to hire an additional 5,000 Border Patrol agents. We looked at it carefully and said this is a surge need. We still need to continue to push on all of the flexibilities from an h. R. Perspective we have to meet our staffing needs but to meet that surge, we needed assistance over and above what we had and we worked with a we ordered a contract to a company who has a proven track record for the ability to accomplish just that. But 40,000 for per employee is outrageously high. We are we are paying 40,000 to hire somebody were going to pay 40,000. And that i mean, for folks where i live, for people who think the governments lost its mind, that would be exhibit a. I understand the concern. One of the things that was important to us about that contract was structuring it so that we pay for actual on boarding when we get formal job offers. Were not paying for effort, were paying for delivering results. 40,000 per . Approximately. That includes initial startup costs pardon me, the initial startup costs that are oriented towards the recruiting efforts, safeguarding information associated with pii and all the branding efforts up front. So if you do a net division, you could come up with a figure close to that, but what we were really focused on is getting the results and it is a scaleable contract. Ill be anxious to get the contract file. Will it come soon . Were going to share that information with you and would be happy to discuss the specifics of the contract. We wrote the letter january 3rd. Will it come soon . I will look into the exact date were going to can we get it in two weeks . We will have issues associated with protected information within that competitive source selection information, but weer kmicommit to providing that information to you and being transparent about the processes. I dont think i got an answer. Yes, maam. Two weeks . Two weeks. All right. There is a boat load of money thats coming your way, and if we cant trust that youre spending it right, if we cant trust that the decisions are being made based on evidencerelated factors and by professionals, this is not going to go well. So these issues, these issues that were confronting today are critical. And i think senator mccaskill has done a great job outlining just two areas where we have concern, because if we cant see an i. G. Report and all the attachments, were not doing oversight. Right . And if weve got a problem hiring people, youve got a problem retaining people. What are you doing . Who are you talking to . What are the other strategies that are being deployed to maintain staff . We spend a lot of time i spend a lot of time, as you know, on the northern border. Hate to sound like a i talk to the Border Patrol and i talk to the challenges, with a few tweaks, you could get them to stay, instead of paying 40,000, you could walk into a high school and recruit high school students. You guys arent being creative enough. This is hard work and its going to require different thinking. But 40,000 to hire a job that pays 40,000 . There is no one who thinks thats a good idea. Just on the senator, you raise a good point about retention and other activity. So you may have heard about our leadership year. That is focused about exactly having a concerted effort on why are we losing people . And looking at that from both a leadership, a management and a supervisor perspective. The fact that we went up in the fed survey, the largest increase in government i think shows thats working. Were hearing from our employees what they want from a cultural perspective and we are addressing that. And we can talk more about that if you if you want the time. Additionally, in Border Patrol where we have high attrition and difficulty to recruit, a lot of that has to do with certain duty stations and were looking at legislative proposals on the end that might help. Some things, including if someone goes to a location where its not desirable, can they have first choice . So were looking at what we can do internally and what we might have similar to dod. You need to get this house in order. Like i said, were being asked to authorize and appropriate a lot of money. Yes. Yes. And if that money is just going to be poofed, and we look back on this time and say in our rush to get this done, we didnt do the right oversight, then shame on us. I want to talk a little bit about chairman johnsons chart. I want to talk about the 9 11 commission. I didnt know that you mentioned it, but this was one of the recommendations in proving, in government oversite by somehow bringing in more of a, you know, Defense Authorization structure to the department of Homeland Security. I think thats the direction that we need to head and that was the recommendation that the 9 11 commission made that was never followed through. Partly because we got jurisdictional, you know, turf battles that go with this, right . Give it up. Right. But weve got if were going to do the right kind of oversight, we cant have this kind of disparate jurisdictional challenges. This is probably more to the chairman and the Ranking Member. Weve got to start asserting our jurisdiction here and weve got to Start Talking about how we are going to do a broader oversight. If it makes sense for you guys to be consolidated into the agency that youre consolidated into, it makes sense for the for the committee on Homeland Security to have broad and consistent oversight with the mission of the agency. And when we dont have that, we dont have a plan, we dont have oversight when we havent figured this out, and maybe there are ways to tear down the barriers between the committee chairs. I know that the house is trying a different kind of select committee or whatever method. Can any of you comment on the kind of authorization process that the house is going through and whether you think thats working to give you a more narrow focused point of contact on oversight . We agree. I cant specifically comment on the house process, but we agree on the consolidation of authority and we are hoping an authorization bill would be a step in that direction. What we see from this committee is a wholistic look. So when you talk about acquisition, for example, senator, you talk about a program, but you also talk about the system. And the reason youre talking about the system is because of your committee. And in others, you know, they have just such a narrow slice that were not looking at the full system. So i agree with everything youre saying. I know the house is trying to do a similar effort to consolidate some of the authority, and we think we would get more comprehensive oversight with a consolidation of jurisdiction. Right. But thats i mean, you cant force that. Weve got to weve got to assert jurisdiction here. But lets not pretend that were going to get a broad reauthorization, you know, oversight capacity here with this kind of mixed jurisdiction. And so, you know, i really encourage this committee to start asserting its jurisdiction and start talk about this as a problem. We also cant pretend that were going to solve that problem overnight. Its going to require, i think but, ron, how old is the agency . It is 17 years old. How old . 15 years. Its not overnight. I realize lets quit, you know, quit pretending pussyfooting around. Right. Lets quit pretending that 15 years of, you know, disbursed jurisdiction here is accept and we have to wait longer. Weve got to get this problem fixed. Especially when youre going to get 25 billion extra dollars. Its why im were i think recommending some kind of commission with highly respected individuals serving to point out we are literally putting our nations security at risk by having dhs so scattered in terms of to answer the same question we had a commission, it was called the 9 11 commission that told us what we should do. I understand. Congress didnt follow it. We need again, were on the same painful here. We agree. Its how do you fix it. Senator peters . Thank you, mr. Chairman. I think ill follow on the theme of accountability, which has been a big part of the last two questioners, and that deals with some of the grant making that occurs within your agency. Certainly tens of billions of dollars of money have been put out in various grants since 9 11. Certainly the taxpayers have a right to know whether or not that money has actually made us safer or not. If it hasnt, we need to make some changes accordingly. I understand, mr. Kelly, i understand fema is currently reviewing the threat hazard identification and risk assessment, the thira, which is the process that agency and states use to undertake each year. Is it true that these thiras are not currently being used to drive grant ill have to get back to you. I dont have that answer to you right now. That would be important. We need to look at that. My understanding is that theyre not and yet theyre making these assessments and at some point they should get to the point where you actually have data, as was mentioned, actual metrics to be looking at before grants are provided. I would conceptively agree with you on that, but i cant give you the actual answer to that question. Great. Mr. Scott, related to that, does the does the language in the draft legislation require assessments in information . The state preparedness reports in the thira, do they have the potential . Do you believe they have the potential . Im not exactly familiar wig that. Do you have a response to that . In general, the house bill im sorry. Yes, sorry. I apologize. Sir, the house bill turn on your mike. The house bill does essentially what weve been recommending for over a decade, which send courage fema to better assess from year to year the effect of the preparedness grants. You mentioned the thira process, fema does use that but thats mostly developed by the state and fema release on the states assessment. What we dont know year in and year out is how these grants are making us safer and building our capabilities. In short, we dont know what our investment of 50 billion over the last 15 years is really buying us year in and year out. Well, thats pretty troubling. We dont know what 50 billion has actually bought us. What would be your recommendation . What weve been saying for over a decade now is that fema needs to come up with its own quantitative measure year to year of how these preparedness grants are building our capabilities, and thats whats not being done now and thats what we would like to see. And i think another point is, with all this investment on preparedness and predisaster grants, its not clear what the impact is on the postdisaster side because thats exploding. Were spending more and more every year on that, too. So right now it may not be buying down the costs on the back end either. Postdisaster. Great. Thank you. I appreciate that. The question also back to mr. Kelly and mr. Scott. There has been a proposal to consolidate some of this grant process, which is right now fairly fragmented. Has the oig or the gao done an assessment as to whether the action of consolidation would increase the efficiencies in these programs and perhaps also better align them to National Priorities . Is that something youve looked at. We have not initiated a review in that area. We have been looking at some of the preparedness grants and we for a lot of work on the Disaster Assistance grants. Weve identified a number of challenges that exist and we sent actually chairman johnson and senator mccaskill a letter in june, making suggestions on how fema can improve their structure and oversight of the Disaster Assistance grants. There were a number of legislative proposals and Administrative Changes in that proposal. Okay. Mr. Scott . Well, to the extent that across various Grant Programs there are opportunities to harmonize requirements, opportunities to streamline reporting requirements, you know, there are always opportunities i think to ring out additional efficiencies, both in the grantmaking process but also in the Grant Administration process. So a matter of practice, i think to the extent that actions can be taken to streamline grantmaking, i think thats generally a positive thing, as long as that goes with the necessary oversight of the grants. Its important not just to get the money out the door but to make sure we have the necessary oversight mechanisms in place to make sure that the grant money is properly spent. Great. Thank you. Honorable elaine duke, a question for you related to Cyber Security. When were dealing with cyber threats, the really the challenge is making sure that were hardening the weakest link bah the bad guys are always looking for the weakest link. My concern is although the federal government certainly has a lot to do to strength our Cyber Security efforts, im concerned about state and local governments that simply dont have the same kind of resources that we have here at the federal level and are certainly that weak link in the overall system. Im working with a colleague of mine in a bipartisan way, senator purdue, to look at ways in which we can get the department of Homeland Security to work with state and local governments that are voluntarily asking for assistance and expertise within your department. If you can talk a little bit about what you believe we can do from the department to help state and local governments and if there are any specific actions we should be taking here in the committee to assist you in your efforts. Yes, thank you, senator. We agree that state and locals can be assisted by the federal government on a voluntary basis. We also think the same for Critical Infrastructure segments. That the federal government can play a role in the integration, not in an involuntary way. I think the nppd, the Cyber Security agency act, will help with that. What were looking at is, we already have deployed tools, thats the number one that we can do is let state and locals, let Critical Infrastructure use some of the tools that we have deployed. Thats that could be done more. Were looking at that. Were doing evaluations. The election subsector is an example of when asked, we are going out and doing risk assessments of structures for the state governments or the local governments. I we think the collaboration what were looking at overall and then training is another area. Were giving training and then we have prepositioned protective security agents, psas, throughout the jurisdictions to do onsite assists and help and remediation. Those are nppd federal employees that are out there. We think more needs to be done in this area. We agree. And one of the things with the nppd act, we think it would do that by having Critical Infrastructure in cyber and realizing that cyber is a crosscut across everything. Its not a standalone function. Great. Thank you. Senator peters, one thing we do know about fema grants, state and local governments love them. So lets combine that with the fact that we dont know whether theyre actually working, thats definitely a concern. Senator portman . Id like to piggyback on the cyber issue because one of the questions i wanted to ask was about workforce. As you know, back in 2014 we wrote legislation, bipartisan legislation, this committee strongly supported it, to upgrade your abilities in the cyber space, very concerned about the lack of retention and also being able to attract top talent. That was three years ago. We asked that the gao do a report three years out. Im pleased to say, mr. Scott, we got the report just a few days ago, which is great. I saw it for the first time last night. Your report basically says that dhs has missed all kind office deadlines. So, you know, i understand the need to help state and local, i understand the need to harden our own, but if we dont have the personnel to do it, it makes it incredibly challenging so just quickly, mr. Scott, tell us what are your specific recommendations right now as to how we get dhs back on track and begin to attract this workforce we need. I thank you, senator portman. As you mentioned, just yesterday we issued a report really highlighting the urgent need for the department to take additional steps to identify its Cyber Security positions and critical skill requirements. In summary, the department has made some progress, categorizing and signing certain codes so some of its Cyber Security positions. There is also there are some concerns with the accuracy some some of the information they provided. For example, i think they estimated about 95 of the positions were identified. We came in and did an analysis and found its really around 79 because the department excluded some of the vacant positions. They didnt count that in the math. We made six recommendations, including for dhs to enhance the procedures around identifying these vacant positions, improving the Workforce Data and developing specific plans to identify and report on the critical cyber needs. The department concurred with all six of the recommendations so our expectation in the next two years or sa s. O. , they should be further along in addressing some of the Cyber Workforce needs. One of your recommendations was to have accountability. In other words, someone responsible for every component and i think thats something you two should focus on, given your management responsibilities. Second, i was involved in 2002 in the legislation that created the department, as some of you know, and ive wondered sometimes since then whether weve created a behemoth, something that is just too difficult to manage, but having said that, the risk that we face in an increasingly dangerous and volatile world i think require us to have one agency to focus on keeping us safe. At the time, we did try to align the Committee Structure with the department, unsuccessfully. Again, the 9 11 report, this was talked about, but i agree with what the chairman and other colleagues have said about that, is that its difficult for you and the chairman talked about the number of testimonies youve had to give over the last year and the inability for you all to focus on your core function because youre dealing with so many different committees and subcommittees. Do i think its a good idea, mr. Chairman. The first step in it is to have an authorization from this committee, because we have the bulk of the jurisdiction, and if we arent taking that jurisdiction seriously and, you know, ensuring that we do have authorizations, were going to continue to have even more erosion of that responsibility. So this is good. We tried this back in 2011. Susan collins and Joe Lieberman tried it. We were able to get it out of committee. We were never able to get it across the floor. So im glad youre doing this. This authorization, i understand its going to be a little bit more narrow to try to avoid issues and i hope we can do this in a bipartisan basis as the First Step Towards a much broader issue here, which is how do you manage this department which has so many different silos as mr. Kelly said earlier, and make it work better as a single entity . On oversight, ive got to raise as chairman of the psi subcommittee, you all have not been responsive in a few of our requests. We push, we wush, we write letters. Let me give three quickly. One is way back in april of 2017, we asked some questions about the management of the chief information officer. Im not going to get into the details because we dont make these investigations public typically until we report, but we need that information. Weve been given a minimal amount of documents. Most of which are not at all responsive to the request. Need help there. Second is, back in december we asked our privatelyrun immigration detense facilities. Again, not to get into the details, but be need that information. You guys have not been responsive. You havent produced any documents. Weve made phone calls, sent emails, status updates. We need that information. Thats back in december 6th. Finally in january of this year, just a couple of weeks ago, we asked you guys for information on the procedures to protect unaccompanied alien children. You remember we had a hearing and a report on this topic and deep concern about the lack of accountability. This was senator mccaskill and myself. We are simply looking for what we were told at the time yall were doing, which was a memorandum of agreement you were going to have between hhs and dhs. We were told it would be done a year ago, almost. You still havent done it. So we need to figure out a way to get that information to us. Figure out why you havent accomplished that and what we can do to push dhs and hhs to get that memorandum of understanding to protect these kids. So on all those issues, can i get a commitment for you all today . I want to ask for two weeks, ill be much more generous, i will ask for four weeks, but we need to have a response. My apologizes, senator. I was not personally aware of that and i commit to that. I will give this committee an update on all three and a timeline for getting you that information. Finally, mr. Chairman, my last point, with regard to the hearing and report from last week on the fact that dangerous chemicals, synthetic opioids are coming into our country through our own mail system opioids are coming through our country through our own u. S. Mail system, we need to pass this back, my colleagues are cosponsors of that, but we also asked for some other things in tra report, which is that dhs work better with the Chinese Government to shut down these labs, to stop the shippers, to deal with it in china. I know you were, along with general sessions, had a session on this broader issue of Security Issues with china last year, can you tell us what has happened with regard to china and their willingness to help us to stop this poison from coming into our communities . We have made progress with china. The percentage the biggest thing is that the percentage of packages that we can track, which is key to shutting it down, has overdoubled. And were making there are progress. We need to be able to track all of them. But the Chinese Government has been very cooperative in that. They do not it has not been cooperative. They have been very cooperative in being able to track packages. How are they being cooperative . Theyre giving us, helping us institute a tracking system with the mail service. We dont have a mail Service Tracking system in the United States. And there isnt an international one. We have very good tracking of dhl, ups and fedex. 100 tracking, we should require the post office to do the same thing. Only half of the packages coming in of that increased volume from china has that kind of advanced electronic data on it. Theyre not there yet, just so you know. My goal is not just to have that tracking information, which is very important, and thats what the stop act focuses on, but how do you get china to do what they say they want to do, after this hearing, Chinese Government officials, yes, we want to cooperate more with the United States. That was an extension of some kind of an olive branch to you all to get with them and to begin to crack down, not just to have the codes, but to actually stop the labs, thousands of them in china, we know that, creating this poison thats coming into our community, and prosecute the people involved. We have two indictments they have yet to arrest these individuals. Weve indicted over here who are chinese nationals. My question is, what more can we do on that front . What have you done . We have been working with them regularly in terms of principally through the department of state in terms of working with china. But it isnt just a china problem. We have an opioid conference going on now in miami that i leave for tonight to look at how we can do enforcement. As you know, and i dont its hard to discuss everything in this environment. But the transit to some countries, were looking at that and stopping it not only in china, but the transit. And then also the president s council on trying to do the deterrents for opioids. We support the stop act. Were hitting it from many angles. Its a challenging problem. We could go on and on. I would just say your own people tell us that primarily to our own mail system, and primarily from china right now, and understandably theres a lot of transshipment going on, and maybe theres new routes, but weve got an issue. Its the number one killer, personally in my state of ohio. Thank you for pushing the chinese more on helping to stop this at the source. Thank you, senator portman. Senator hassan. Thank you very much, mr. Chairman, and thank you all for being here today. I would add to what senator portman said, enforcement, deterrents on fentanyl coming into the country is obviously important. So is treatment so that we can reduce the demand in this country for opioids. If you would take that back to your colleagues throughout the administration, we cant arrest our way out of this. Wed love the administrations help. Secretary duke, i wanted to just start i have three areas to explore this morning. You talked about election securities, Critical Infrastructure. And i wanted to ask you to please share with us, in more detail, the scope of activities that dhs has undertaken to help secure our nations election infrastructure, what specific actions has the department taken in 2017 and 2018 to advance the mission . And ill have chris come up to the table to get into more specifics. But principally were doing assessments of the systems as requested by the state and local governments. Were also made available our save system for checking rosters. But on the critical cybersecurity side its principally focused around assessments. I think you all know chris krebs. Senior official performing the duties of the undersecretary for nppd. Say that again. Hoping to change that. Faster. Three principle lines of effort, information sharing, Technical Support and incident respondent planning. On the first line, were working cleesly with the multistate analysis center, direct relationships with state and locals to provide best practices, information on strategic and targeted risks to election infrastructure. But also providing security clearances to state and local officials. Thats that was going to be my next question. Yes, maam. So youre working to ensure that state Election Officials have the appropriate security . We have kicked off that line of effort. We have a number of 50 senior Election Officials, were about 37 into at least getting into the interim. Adding to that on clearances, while were making progress on the longer clearances, were giving oneday clearances to as an interim gap. Are you working to provide Election Officials with access to skiff . Yes, maam. That would be part part of a relationship with fbi. Were not giving them skiffs, but come in in ways, here in d. C. And local offices. Are you working to ensure that state Election Officials are coordinating with both the states Homeland Security adviser and the states chief information officer. Yes, maam, as a part of every state in the learning experience over the last couple years, last year, rather, weve come to understand that there is essentially a try ummver rat per state, the Homeland Security adviser. Each state has a different arrangement, particularly on the senior official side. Were developing separate and a individual information sharing protocols per state. Okay. I may follow up on this a little bit with mr. Scott and mr. Kelly about your own assessment about whether dhs is doing enough. I want to, because of time, move to a couple other issues. We may be able to talk more about that. To secretaries duke and grady, id like to touch upon an initiative being spearheaded by the dhs office of intelligence and analysis and dhss chief information officer. As i understand it, the dhs data Framework Initiative is the department toes effort to unify our data sets under one technological architecture to enhance the ability to identify terror threats in the travel system. Our existing framework is still in its official phase of development, but it promises to bring important capabilities to dhs analysts in their effort to keep out foreign fighters and those who wish to do us harm. Can you describe for us the value of the dhs data framework project, and the priority the department places on this initiative . Its value is i cant tell you how strong. It is a top priority. The data framework is essential for moving forward against terrorism, tcos, drugs. What it does, it does several things. One is a systems issue, at the pipes area. The second is were looking at better communicating between Law Enforcement sensitive and intelligence information. And also coordinating intelligence. Undersecretary glowie has a Major Initiative as part of this data network to be the chief Intelligence Officer of the department, part of the overall unity of effort. And thats going to be helpful. But then also not just having intelligence, but having intelligence communicate with Law Enforcement at the Law Enforcement sensitive level. And the timeliness and the accuracy. Things are moving at lightning speed, and especially with Something Like a radicalization. We dont have the years of tracking a criminal anymore. We are all focused on this. It requires management from the pipes standpoint, me from a leadership, and undersecretary glowie. There are those of us who want to support you in the effort. I look forward to working with you on that. I had one other issue. And i assume were going to get some other questions. I see, mr. Chairman, but youve been talking about the nppd change and wanting to put cybersecurity kind of into the title. Im a little concerned that cybersecurity is more important than that. And i am wondering what authorities would an independent operational cybersecurity component need to retain from nppd in order to be successful, and would any of nppds noncyberfunctions suffer if the cybersecurity was pulled out and turned into an independent component . Im over time. If you want to give a brief answer, and then work it into the rest of the discussion on this, that would be great. I think that the cyber area isnt just a name change. It comes with the authorities and the undersecretary. I do think that cyber and criminal infrastructure work well together. We can talk more about that. Thank you. Senator lankford. Thank you, and thanks to all of you. I know we have lots of questions were peppering you with, but it was interesting that we bring all these issues and some of this is 15 years of pent up energy and of questions. But for gao to begin a report, which is gao typically brings us with the bad news first, and gao led with good news here, and a lot of changes and adaptations. We had hearings two years ago talking about the h. R. System and how difficult this has been for dhs, now im hearing that the numbers are changing as far as the time period for hiring. Used to be for customs and Border Patrol, about 350 days plus. It got up closer to 400 days for a while to be able to hire one agent. Where are we now in that process . So those numbers are definitely coming down. And the other thing that we look at is the number of applicants. We need to hire a single single person, and that number was well into triple digits. We have that now into double digits, which is still way too high. But using a combination of streamlined processes, meaning combining multiple steps in a single site at a recruiting event, and other actions that weve taken, weve been able to drive that down. It is still too long. One of the things were looking at is we have been taking the keeping the numbers as a complete average on a metric. In some cases an individual can be an extreme outlier with 800 days is the worst ive seen. Were looking at the average for 80 so we dont have outliers driving the metric. Its heading in the right direction. It continues to be a focus. And i meet with the head of Human Capital and the chief Financial Officer for each of the components that have hiring challenges and Mission Critical operations to track that. That is something that senator heitkamp and i have worked on a lot. Were still committed to work on it. If there are specific legislative requests you have for that, we need to know so we can help that process. There are 120 different hiring authorities that are sitting out there, a complicated mess to be able to go through the process. If there are things you see, were doing our own work, if you see things, were glad to be able to hear those as well. Senator lankford, we have a couple. One would be expanded authority to waive polygraphs, for instance, for local Law Enforcement that currently that have been cleared. And we can give you more detail. And also some expanded hiring authorities. Right now we would like a delegation similar to department of defense. And i can articulate those for you or your staff to be able to do some flexibilities without having to ask permission. Let me ill stop your time. Talk about the polygraphs. In talking to cbp there have been impruchovements there, not rejecting any. We went to the fbi to get best practices and time and the types of polygraph they do. We changed the type of polygraph. It has been still effective, but it has pushed up the numbers. Additionally, we were looking for the ability to waive on certain classes of lowrisk people. And that would include local Law Enforcement. We have the d. O. D. With current ts clearances, those type of things would be helpful. That does tend to be longer. The all in one hiring that ms. Grady talked about is helpful. Expand ability to waive would be good. I just wanted to make the committee aware, we have ongoing work currently looking at the challenges the departments facing in terms of Border Patrol agent hiring, and we anticipate reporting on that later this year. One of the things i would also caution, though, is that its important to really understand the root causes, both in terms of whats preventing you from hiring the right people and targeting them initially, but also the need to sort of balance the goal of hiring additional agents and making sure we are not in some way potentially compromising the quality of the agents we are getting. And i know thats something im sitting here right next to claire, i know were well aware of this. But its important to emphasize having a goal to hire more is one thing, having a process to make sure you hire the right people is a totally different thing. I want to make sure that balance isnt lost in a rush to hire additional agents. I completely agree with that. Theres no one that would disagree at this table. Additional area, wups they hire them, properly training them and having the facilities available to provide the training to those individuals. Is there a specific need you see already at this point on the location and facilities for training . We have issued were doing some work thats identifying limitations in their ability to train the individuals that theyre hiring. Will there be recommendations attached to that as well . Yeah. When will we get that . I cant give you a hard date. Try. July. July, thats fair. Senator, also in secret service, there are training constraints. That is a critical path, and were working on expanding the facilities for secret service also. How much facility sharing can we use. Theres a lot of Law Enforcement training facilities, a lot of federal facilities, any of those we can share facilities . Yes, the undersecretary can talk more, were looking at not only facilities, but for initial training, but shooting ranges and those type of facilities for consolidation. Weve explored things like mobile firing rages to allow people to attain certain proficiencies and maintain that. We are looking at available facilities across federal land local to make sure were taking full advantage of whats available rather than duplicating. Yeah, again, theres no reason to rebuild something that already exists. Let me just make a couple quick comments with this as well. One is, for senator hassans comments on cybersecurity, specifically related around elections, senator harris and i have done a lot of work on this. Very pleased to hear your answers on cooperation. One of the frustrations we had was how long it took after the last election for individual states to even be notified. The common answer was we dont have anyone with clearance or no method to do that. To hear youre proactively pursuing that is helpful to know. Thats something were trying to put into legislative language to make consistent from here on out, that there is that ongoing cooperation. To chris, and once you mentioned before and for you all, thank you for doing that. Were going to work cooperatively with you. We think thats exceptionally important. I am also pleased, make this one comment for senator mccaskill. As this whole table has talked about metrics, im very pleased to hear that. This committee passed out unanimously a bill that senator mccaskill and i have called the taxpayers right to know. Identifying metrics and programs, what is out there. It has come out of this committee unanimously. It has not crossed the floor. Any way we can get that done, that will help us all. It is a nonpartisan bill on basic transparency on it. Were looking forward to being able to get that done. Thank you, mr. Chairman. Senator harris. Thank you, and i couldnt agree more, senator lankford, and i thank you for your leadership on those points. Secretary duke, i have to tell you i was troubled by the exchange you had with senator portman when he asked if youre familiar with the request that a member of the United States senate has made to your department and you were not personally aware. I would imagine before you come to testify before the United States senate you would have done an inventory to find out if there are any requests that have come in, what is the status of those, and have they been answered. On the issue of election cybersecurity, use know the midterm elections are coming theyre around the corner, in fact, in texas i believe that voters will go to the polls on march 6th. And while dhs has provided a risk and Vulnerability Assessment to some states, other states remain on a long waiting list, im told. The waiting list being as long as nine months. And i would like to know, what is your what is your timeline for getting these done . Okay. Chris will talk about the specific timeline. We have made measures in terms of both prioritizing and making the list less short. Can you give me a date by which it will be done . So first off, starting with the ninemonth wait list, thats probably about six months old. What weve done is reprioritized. Thats the benefit of the Critical Infrastructure at the scene nation, i can take election infrastructure and put it at the top of the list. When will they get done . Weve conducted five, ten or 11 in the hopper scheduled for beginning of april. The dependency here is whether we get requested for risk and Vulnerability Assessments. There are states, South Carolina for example, that has the capacity to conduct their own Technical Assessment of the security of their networks. While some states have their own abilities, were focusing and doing a lot of awareness on those states that need additional help. How many state haves requested that it be done . At this point, as i mentioned, up to so five have been done, and another 11 are in the queue. So my question is how many states have requested . 16. 16. Yes, maam. And when will all 16 be completed . My understanding of the scheduling is probably about midapril. Do you have a date certain . I dont have an april 15th or anything like that, but april is the timeline for completing the requested. And my hope is that we have more come in. And over the course of the next several weeks, in fact. But we will prioritize where is texas on that list, since their primaries are march 6th . I would have to get back to you on that. I dont have that information. I would want to know that youre aware of the 16 states, at least. Yes, maam. And what their dates are for their primary and that it would be your goal to have their assessment complete before their primaries actually occur, and before those voters go to the polls. Yes, maam. And im concerned that you dont know the timeline, given that we have unanimous consensus among our Intelligence Community that russia interfered in the election of the president of the United States. It would seem to me that this would be a high priority for the department of Homeland Security, and you would be clear about the timelines. I have other questions. Part of my understanding is that the delay in processing these requests are that you do not have skilled workers to complete the scans. Is that correct . Or is that not the problem . Im trying to understand what the problem is with the delay. Maam, the delay is that the risk and vulnerability assessme assessment capability is servicing other infrastructures and federal high value asset assessments. What weve done is put at the top of the pile the state and local Election Officials right now. We have deprioritized others and put those to the top. With more, i can do more. We are looking at ways to increase training, to bring additional personnel on, and also theres an equipment requirement that were procuring additional equipment. If we can be more precise, do you have the necessary personnel and funding and other forms of resources to provide the states with their request, and get this completed in a timely manner . For those that have requested right now, we have the capabilities to conduct, as i mentioned, on the existing timeline. Great. How many state Election Officials have applied for security clearances . At this point we have approximately i believe its 37 have submitted their paperwork. We have one final secret issued. We have about 17, i believe, interim secrets. This changes on a daily basis. But we have, again, the opportunity to do daily, oneday read ins on any issue that might come up. In fact, were going to do a number of briefings over the course of the next couple weeks for state Election Officials. Those daily, oneday read ins mean if you wanted to have consistent information about what is happening, youd have to call in every day to get a oneday reading . It depends on the bulk of the information and the intelligence we would share. It would require me to be in person with those folks, or have local intelligence officials read them in that day. That seems extremely bureaucratic. Of course. That is the reason were prioritizing. The goal is to get them permanently receiving their security clearance. Yes, maam, not just the senior election official in the state, but also additional staff. So were at the point right now of one senior election official per state and two additional staff with security clearances. So what percentage of those that should receive security clearances to completion, completing that process, have actually received those clearances . The percentage, i dont have percentages in front of me. I mentioned what number . I think were probably at about today, probably at about a 30 rate for the 50 senior Election Officials. That is including an interim secret level. Interim secret gets you effectively the same access as a permanent secret. We have prioritized, again, this process of vetting and issuing the clearances, and will continue to do so in advance of the 2018 elections. Lets just keep going with texas as the example. March 6th is their primary. Have they received their security clearance . Maam, id have to come back to you on texas. Please respond to this committee, give us a precise timeline on when they will be completed. Wed like to see on that timeline when each of these states are actually conducting their primaries to see if youre going to fwactually get this do by the time people start voting. Yes, maam. Chris, dont go away. Let me follow up. I remember in 2016, i think, one of the problems was just identifying who to contact in the states. And so the question i have for you, have we identified in every state the individual, or individuals that do need to be identified, that can effectively handle whatever information you provide them . Thats what i mentioned earlier. We have an individual state by state protocol for notifying, whether its a state commissioner of elections, or a secretary of state. So were working through those individual processes right now, each state will have, as i mentioned, that triumverate. Do we have those individuals for every state . Yes, we have them identified. I want to make sure we at least cleared that hurdle. Senator jones. Thank you, mr. Chairman. I want to go talk a little bit about the budgeting. Ive been focused on budgeting lately with all these c. R. S. Your mic, is it on . Okay, obviously its kind of an unusual situation with somebody sworn in as a u. S. Senator and we immediately start shutting down the government with things. And that has been a concern, budgeting, i heard, during the campaign. Weve heard secretary mattis being vocal about the defense department, and the negative effects these continuing c. R. S have on defense. Do you see that with Homeland Security . Is that a problem . If you could outline the effects that this kind of some people call it crisis budgeting, some people call it hostage budgeting, whatever it is from kicking the can down the road. Shutdowns are disruptive. Ill start with employees. We have 240,000 employees that go through a period where theyre not sure if theyre going to get paid, or those that must come to work have to come to work, and others dont. And probably still will get paid after the fact so theres a true employee issue. The mission, we have to focus on the mission. And because under a c. R. Or a shutdown youre at last years level, it constricts us in adapting to priorities. And we cant do new starts. So if any emerging need comes up, we cant address it because we cant start something new. In a mission area, dynamic is Homeland Security, that is very constricting. It also, like the jurisdictional issue the chairman talked about, is disruptive. Our new undersecretary has spent quite a bit of time with planning and reacting to shutdowns. Its administratively a huge burden that detracts from the mission. Also a huge burden operationally because youre operating under a continuing resolution, you dont know a certainty of your budgets for the next year, a problem with new starts you cannot begin, in the middle of the Second Quarter of the fiscal year without a full budget tells us what we have for the year. In terms of operational planning, in terms of moving out on important hiring efforts, in terms of important acquisitions, we are hamstrung until that gets resolved. That has a Ripple Effect throughout, especially when you try and compress spending of very, very important resources for very important capabilities, and then its now in a compressed period of time, potentially. It has a huge operational impact, adds Administrative Burden and is just difficult to operate on a number of shortterm c. R. S. Does it add costs, administrative costs and other costs . It absolutely does. You enter into shortterm decisions or shortterm bridges or you make shortterm decisions to accommodate from a financial perspective you would not make if you had the full budget available at the beginning of the fiscal year. The Ranking Member mentioned acquisition, which is always a high interest for all of us. The federal government traditionally spends too much in the Fourth Quarter anyway. And these shortterm c. R. S push it even further into awarding quickly in the Fourth Quarter. And spending maybe not in the most judicious ways. Okay. Not to bring up probably a sore subject. But this past week, a cnn reporter found some pretty sensitive documents in the back of an airplane, which could have jeopardized a lot of things. What happened . And what all was found . And what can be done to stop that . That was pretty serious breach in my opinion. The actual leaving of the documents well will handling under a personnel matter. You know, similar to anything else that is a breach of our responsibilities of our employees. So well handle it that way. In terms of the material in the documents, you know, that is something were working on. It is old information. Its what we tend to call a hot wash of what we see and what were looking forward to. But that will be handled in our personnel system. Anything that can be done in this to try to stop that . Are you looking at ways to try to figure out how to keep that i know that may be an isolated incident. Still, it could be a pretty serious isolated incident. Yeah, i mean, protecting both for official use only and classified information is very important, and just reiterating it, i think, that i think that this is a reminder to all employees when they hear about it of how careful we have to be, important responsibility of being a Civil Servant is protecting that. Slightly bigger response to that question from an Insider Threat perspective, which is safeguarding the information thats been entrusted to us. We have expanded Insider Threat program to go beyond classified information to look at the sensitive skpun classified information we have within our that are central to our missions to ensure were monitoring for usage and taking appropriate action if we identify a potential vulnerability. So weve gone beyond the traditional definition of Insider Threat, which would limit it to classified to look across the information that we can control and make sure that we are safeguarding against exfiltration and inappropriate use of that information. Thank you, mr. Chairman. Senator jones, were waiting for senator danes to come back. In the meantime, id like to pick up on shutdowns. What percent of the personnel within dhs were considered essential and required to come to work, approximate . Im not looking for it was about 70 . Most of the individuals that were determined to be nonessential are individuals who work on longer term actions. We did nothing that would in any way jeopardize national security. But individuals moving things forward in terms of critical policy initiatives, in terms of planning for future budgets, in terms of the longer term strategic efforts tend to be the individuals and the sorts of functions that you sent about 30 of your workforce home, they didnt report. Unfortunately ive been around here and weve had a shutdown, the fact of the matter is, everybody gets paid eventually. In our senate office, we they knew they didnt get paid. Is there anything were talking about authorization, have you thought during that shutdown anything we could do in the authorization to make it more clear cut and you protect your department, and we can potentially talk about doing a government wide . I support the end Government Shutdown act, if we dont get our act together, we just keep funding government at the current level. And then you start putting some little discipline in there after 90 days or 120 days, Something Like that. Set aside a governmentwide end Government Shutdown act. Is there something in this authorization we can take advantage of with this in the recent Rearview Mirror . We actually hadnt considered that. But, you know, that its not just the day of the shutdown, its the weeks leading up to it where theres angst. Some of the biggest portions of our workforce say transportation Security Officers are in the low end of the scale. And so even having to wait for the money could be critical for them. So whether its give that some thought. Im hoping to mark this bill up, if we cant do it by next week, were going to be holding a markup and maybe it would be the following week if we delay it if theres more complex issues. Give that some thought. Will do. The reality of the situation is, every time theres been a Government Shutdown, everybody gets the back pay. Its just you know, incredibly unfortunate that theres this level of dysfunction. But lets take a look at maybe addressing that here, and could be potentially an example for other parts of government. If we may, too, while were talking about personnel, and waiting for senator danes, disaster Workforce Flexibility is something that could help us in responding to future disasters. We have a major core workforce in fema that arent career employees. We have no ability to transition the best of those into the federal workforce. That is one of the personnel provisions we would look at under an authorization bill. In addition, having some ability to do noncompetitive temporary importments. We are looking at some of the things with recruiting from high schools and the pathways program. But some of those workforce structure flexibilities that we could have similar to d. O. D. S. Within cvp, Border Patrol specifically, were looking at incentives for families in some of the isolated areas. Can we do, similar to d. O. D. , give preference for spouses for spr federal employment. Those type of things that would help make those not as nondesirable locations. Weve held Something Like 25 informational meetings with staff between dhs and majority and minority staff. So if those things are outside of comments made during those meetings, get those you know, get a list of those compiled. Get some proposals. Im assuming these things are not in the house authorization bill. No, theyre not. List all these things. Okay. If we can come to agreement here on a bipartisan basis, those are good initiatives, we should include it here. We have a twopage list of what we would call our ask, things that would be helpful for us that would be in concert with not only you as the committee, but the ig and the gao. You have those today . And those have been largely a subject of the ondoing conversations with staff. Formalize it for the record here and well work with you on that. Senator mccaskill. Lets talk about this contract and suspension and debarment. Was this contract, was it bid for the meals, the tribute meals in fema . Yes, maam. It was bid . Yes. There wasnt any this wasnt a Small Business situation . It was not a Small Business set aside, no, thats my understanding. So and you all had no heads up, you had no ability to find the previous problems with their failure and the defaults . So i have not we are dragging into this one right now in looking at what happened. It was terminated quickly. I dont have information that i have seen relative to the Due Diligence we did on the front end for the responsibility determination. Obviously that is something we are looking at and understanding what happened associated with that. We do have a robust suspension and debarment program. We suspended and debarred about 190 people last year, or firms, that its the Third Largest in the federal government. We are in the process of updating our suspension and debarment instruction to make sure we are fully reflecting best practices. And eigs recommendation we are moving to a case Management System to ensure we have more complete documentation and tracking. So how do we tributes going to show up again, maybe not at d. O. D. How are we going to ding them so somebody we quit hiring them . So if anytime you terminate, theres a notification thats provided, in addition you provide the past performance information to inform that, and proceed with suspension and debarment activities. Why didnt that happen maybe you guys can speak to, they clearly had defaulted on a number of government contracts. Now, they were much smaller. But there had been a number of federal government contracts they defaulted on. But you from what i read about it, you all didnt have any flag in the system that would have shown up. So my suspicion, again this is just based on my professional judgment, not based on the facts, i want to make that clear, the dollar value, they were below the simplified acquisition threshold. That may have been a loophole in terms of reporting. Again, that is my speculation, not information i have verified. Kwoowere going to dig into. Lets Work Together and get to the bottom of it. I would really like to know what we need to do to strengthen the ability of the government for suspension and debarment. It has been byzantine at times in terms of the process. What has happened is rather than go through the process of suspension and debarment, you default the contract and move on. And then that bad actor remains a viable contractor in the federal system. I agree and the suspension and debarment, because of due process has been taken to an extreme, and the length of time it takes to get somebody on a debarred list is inordinate. How long does it take . Its about over two years, you typically allow things to go through the process. And as is the case of the contract were discussing, the company has disputed the termination. And so were going through that process under the contract disputes act and working through that. While thats being resolved, you cannot put them in the debarred list. But we certainly reflect that the performance, as we saw it, and the company has the opportunity to present the information as they saw it relative to their performance, so thats available to inform, a source selection decision, and we require our Contracting Officers to look at the past performance of companies in addition to suspension and debarment because our goal is to deal with companies who perform well. But only youre only looking within your department. No, across across federal government. My suspicion is, because of the very limited dollar value, that they did not get reported. But thats something we are looking into. I was going to say, on the responsibility determination, which is separate, there is a governmentwide repository of past performance information. Right. Under your Government Affairs role, information is not regularly entered in that. So you could if you matched the number of government contracts against the number of contracts that are reported in the performance system, it is woefully underreported. Woefully underreported. Id like to get to the bottom of that and see if we cant put something in this reauthorization, this authorization of the department that would be helpful with this. And the other thing i would say about fema, its not like you guys dont know youre going to have to buy meals. Right . Cant you have some kind of standing qualification for emergency meal providing in fema that you can then draw on when these occurrences happen . I mean, you know, the idea that we go with an unknown company to deliver 30 million meals seems bizarre to me. We do have and plan and have strategic vehicles available, and also avail ourselves of the Defense Logistics Agency who has also a number of vehicles available. I think the combination of the number of storms, the response, and the isolated location in puerto rico put a particular challenge on the system. For example, another contract that did not go well was blue tarps. We had a number of instances where we went beyond what we would normally use. We had just the amount of response and the amount of effort in multiple sites just tapped into all the sources. So we were expanding sources beyond which we would normally ever have to avail ourselves. Because of the fact you had three simultaneous situations. Right. You were trying to deal with. And the urgency and the that makes me feel better. And the meal mission in puerto rico was bigger and longer than anybody had anticipated. And quite frankly, historic in its nature. Yeah. Thank goodness for all the charitable work that went on to provide meals. Clearly the government fell down on the job. We work closely with ngos. I want to briefly ask about this vetting center. Im worried about the vetting center. Weve got so many, you know, weve got six or seven Different Things in government that do this. Why are we creating a new one . The intent of the National Vetting center is a consolidation. Its a what are you consolidates . It has not been determined yet. The terms of the vetting center are that we will do some consolidation, but the details are to be worked out. Now that the prosecute has announced it. What were looking for is having intelligence better available for vetting and for Law Enforcement people. Thats one of the biggest vulnerabilities right now is the difficulty in Law Enforcement and vetting personnel to get intelligence information. Thats one of the problems were trying to solve. Also okay, so all of these are going to some of these are going to go away, were not going to have the fbi terrorist screening center, the National Crime information center, were not going to have the National Counterterrorism center, the terrorist screening database, the terrorist identified data mart, the state Department Consular lookout and support system, and the National Targeting Center . We are looking at reducing the need for all those standalones by having a multiagency presence. I cant commit now. We can keep you apprised of what is im going to be cranky if its just an addon. If you dont get rid of some of these, it will drive me nuts. It will drive me nuts, too. Thats a lot. It is essential not only for efficiency, but it is essential for the info sharing and the speed. I want to be there, a fly on the wall when the fbi and state department and all these people give up their centers. Because if you can do that we can definitely get jurisdiction away from finance, judiciary and commerce. Not a problem. So well watch you work, secretary duke. Once you get this done, you can teach us how to do this. Because i have a bad feeling this is going to be an addon and just another layer of complexity and overlap and frankly, with still gaps in the system. Thank you, mr. Chairman. Just quick to clarify, what youre saying is we went over the capacity of the predetermined suppliers already in place . Yes, sir. So we had to find additional suppliers . And we are always seeking to bring in new vendors, and also to compete requirements, whenever possible to best meet our needs. Again, you had the suppliers already prevetted, preapproved, you just exceeded their capacity . Which is understandable. Senator hassan . Thank you very much. And, again, thank you for this is that better . Thank you for this round table to all of you and to the chair and Ranking Member. I want to return to the issue of nppd and cybersecurity. The advocates of the bill that passed the house said that nppd needed to be renamed in order to improve the morale of nppd workers, raise the profile of dhss cybercommission, and attract the best and brightest cyberprofessionals. I have a hard time thinking that a name change does all that. I understand youre saying its more than a name change. Just a year ago the cyberpolicy tasks force at the center for strategic and international studies, cochaired by senator white house and representative Michael Mccaul called for an independent cybersecurity component at dhs that was on par with the coast guard or cbp, beyond changing the name of nppd, this committee, i think, needs to hold hearings and specifically consider the possibility of creating a separate cybersecurity component at dhs, what so ill return to the question. I understand your first answer to me was, look, its all of a piece. And i do understand that. But i think cybersecurity is as important as Border Security. It is important as marine security. And so im having a hard time understanding why we wouldnt follow the independent report, and really elevate this to the to the command that it needs to be elevated to. So it is being elevated to an operating component, and thats essential in the distinction that it will have everything it needs to operate. So it will have its own you know, its own cao, own procurement, it will be now our eighth operating agency. That is important because it carries authorities, and Mission Support with it along with mission. What i think is and it is a judgment call. What goes together. In cbp, Border Security is important. But we also have trade. We have customs within it. Because there was a decision that even though those are independent they go together. So it is a judgment call on cyber and Critical Infrastructure, what are the benefits of those being together as opposed to being absolutely separate . I think that in the current draft having the undersecretary of cyber, and then having the cyber and the Critical Infrastructure under two political appointees will allow for the integration, but also allow for one big piece of the organization to truly focus on cyber. But it is a judgment call. And maybe just to follow up on that, then mr. Scott and mr. Kelly, have you all assessed the feasibility of creating an independent operational cybersecurity component at dhs . Have you assessed the likelihood that the name change at dppd would impact morale and recruitment efforts in the manner the bill suggested . To answer whether or not we are looking into that . Yeah. The answer is yes, were starting up an engagement thats focusing on infrastructure protection, which would include the cybersecurity function. Thank you. Have we looked at the name change as being a morale issue . We have not. Okay. I have, actually. Yeah, have you . Ofo, for instance, office of field operations, they have lost their branding. Thats an issue to them. I think thats why you see people with their they love being part of an organization. Its not a statistically thing, but i think it is an issue. Look, i understand that. But again, cybersecurity is a whole different kind of border. And it really it really does concern me because it takes a different mindset and a different kind of expertise than maybe protecting buildings does. And so im just i think it would be good for us to explore this more as a committee. And mr. Scott, you look ready to say something. I am. Thank you, senator hassan. A couple things, in 1997, gao designated federal Information Security as a gofd governmentwide high risk area. Weve been on this for a long time. In 2003 we added on, excuse me, to include the critical cyber aspect of this. In terms of nppd reorg, we do believe that a focus on cyber is needed. We also, to support secretary deputy secretary duke there, that a name change will help in terms of clarifying its mission. And also in talent recruitment. I think its also important that as we go through this transformation of nppd into the new organization, also making that an operational component is very important. But in terms of once we go through this transformation, its also important to build in clear expectations as to what exactly the missions and roles are, and clear measures of effectiveness. Its really important that whenever we create something new, that it is clear what it is we want it to do and how will we know whether its working or not . Maam, could i real quickly address your last statement, protecting buildings, federal protective service. We like the provision in the current draft that says that the secretary can consider moving that. We would support a similar provision for the buy graphic information system, to really look at whether that would detract from the mission. Thank you very much. Thank you, mr. Chairman. Let me ask chris krebs to step up to the plate here. My guess is you were itching to say something. How could you tell . Talk about your private sector background and your perspective of the name how important the name change is. Take a look at that, not that big a deal. Talk about that, and then the operational. Maam, three quick things. I did come out of the private sector to join the administration in march from microsoft. What youre asking, and youre citing back to the csi report, csis report, this is the nppd reorg. The linkages of the too, physical security and cybersecurity, thats how its going in industry. Theyre inextricably linked. Theres the logical, digital side of security, when you look at how organizations manage risk, they have to look across an entire enterprise. What is our physical risk, what is our cybersecurity risk . And theyre merging, particularly when you think about things like internet of things, industrial control systems. So its important that we keep them together because what i need to be doing from a field force perspective is when i go and engage any company out there, you know, when were knocking on the door, we need to be center a single point of industry. So if they have physical requirements, we can work with those. If they have infrastructure or cybersecurity requirements, we can work with those. Its not dhs knocking five times in the same day, or day after day. If we can consolidate those in a single store front sbomewhat, i think that is the way to do this. I appreciate that. What im really this has been helpful. What i am concerned about is trying to these are hard mics. But its still not there it is. What i am concerned about is the possibility of the cyberfunction kind of getting sublimated. And i theres no greater risk right now to our country. Mine too. The department may disagree. Its the thing i think about before going to bed, it is not subordinated to any other element. Thats really you know, while i was governor, i got reports of the number of attempted attacks every day. Yes, maam. We need to keep on it. So thank you. Absolutely, yes, maam. Senator jones, any further questions . Just briefly. The committee was furnished with a june 30th, 2017 gao letter suggesting the number of recommendations. Just briefly, how are you coming with those . Or, specifically, are there any of those recommendations that you got particular problems with . Obstacles that we can help with. Just briefly on that. Were trying to figure out, was that addressed to gao . Whoever can answer it best. Ill take a first shot at it, senator jones. We do have a number of every sings months or so were sending over priority recommendations letter to the department. And, you know, thus far weve continued to receive strong, robust responses to the issues weve raised in the priority rec letter. To give the Department Credit among agencies, they seem to take this seriously, continuing to make progress. Our expectation is we will be providing the secretary a new priority rec letter within the next month or so. Regarding the priority recommendations, we track all the outstanding recommendations, the priority, the high priority ones obviously we focus on and make sure were completing. One of the things thats important to remember with the gao recommendations are some of them are short term and some take much longer. If its a recommendation that will take three or four years to track, we track when it should be completed and track milestones associated with completion of those. Not all the gao recommendations are make this quick fix. A lot of them are systemic that take involved effort. And we work very closely with gao making sure that the recommendation we understand, and well address the challenge and follow through and get that implemented and make meaningful progress against it on a continual basis. If theres anything in that letter that you think that this bill could help with, please get that to us as soon as you can. Thank you, mr. Chairman. Thats all i have. Thank you, senator jones. I dont think we have any further questions. Obviously we want that list. We want to work with you very closely. And members and staff to do whatever we can to improve this authorization, add the things that we can add, that can be passed. So lets work, you know, roll up Shirt Sleeves the next couple weeks, and well get this thing done. I want to thank all the witnesses for your service and coming here and spending time and doing a good job answering our questions. This round table is adjourned. Shirt sleeves the next couple an awful lot of that is contemplated in the authorization. These are complex issues. The one issue she raised was very appropriate. I think the answer was the magnitude of these disasters. We had contracts preapproved. We had preapproved suppliers. We exceeded their capacity. Sometimes you cant anticipate that and you have to react. When youre reacting in emergency situations, its not going to be perfect. Reacting in emergency situation, its not going to be perfect. Were just trying to continue to improve, but i think the results of the Inspector General and the gao show they are making significant improvements so well just keep doing it. Okay . Thanks. Sunday on cspan q a, Staff Photographer doug mills talks about the photos he took while covering president trump. Obviously he enjoys having us around. I rail le believe, despite his constant, you know, comments about fake news and the media and so forth, i really feel he enjoys having us around. Because it really helps drive his message, it helps drooi the news of the day, which he can do every day and does every day. Hes constantly driving the message. And therefore, having us around really allows him to do that. Q a, sunday night at 8 00 eastern on cspan. This weekend on American History tv on cspan3, sunday at 10 00 a. M. Eastern, from the west point center for oral history, graduate Kenneth Carlson talks about growing new a military family and his service in vietnam. We go out to his bunker, and it had an actual viewpoint where you could see what was going on over the combat base. Were watching the rockets coming in. And explosions are going off. Ms arkansas is on one said and ms. Missouri is on the other side. Theyre scared to death. She says it kind of looks like the fourth of july. I said no it doesnt. What do you mean . People are dying when those land. That doesnt help at fourth of july and she started to cry. The 1953 film rebirth of soul and the 1963 film on the eighth Winter Olympics in california. Plenty of excitement here. America was pregame underdogs and now they upset all predecisions by winning this game against the russians, their play earning them the first gold medal ever won by a u. S. Team in hockey. Of. And at 8 00 p. M. Eastern on the presidency, scholars explore the relationships between the president s ronald reagan, george h. W. Bush and russian leader Mikhail Gorbachev at the end of the cold war. When you look back at 1989 when bush comes in, and then you look at bush and gorbachev in 90 and 91, from gorbachevs point of view, bush is not measuring up to what reagan had been. Watch American History tv every weekend on cspan3. Cspan, where history unfolds daily. In 1979, cspan was created as a Public Service by americas Cable Television companies and is brought to you today by your cable or sat lied provider. Satellite provider. Now,