IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Homeland Security Advisory System: Preliminary Observations Regarding Threat Level Increases from Yellow to Orange. GAO-04-453R, February 26, 2004.

Results in Brief

Based on analyses of intelligence, the Secretary of Homeland Security, in consultation with members of the Homeland Security Council,3 determines whether the national threat level should be elevated or lowered. Once the Secretary makes this decision, DHS and others begin the process of notifying federal, state and local government agencies, through various means, such as conference calls. The department has not yet documented its protocols for executing notification. DHS officials told us they are working to develop such documentation. However, they could not provide us with a specific time frame as to when they expect to complete this effort. Federal, state, and local government agencies we met with expressed concern about hearing of threat level changes from media and other sources prior to receiving notification from DHS. DHS officials maintain that the Homeland Security Advisory System is evolving and that they are continually adjusting it to provide additional information regarding specific threats.

Various sources, including the Federal Emergency Management Agency (FEMA), provided guidance and information to federal, state, and local government agencies to assist them in developing plans for responding to each of the advisory system’s five threat levels following establishment of the system in March 2002. Additionally, DHS and others provided federal, state, and local government agencies with guidance and information to assist them in determining actions to take in response to each codeorange alert occurrence. For the most part, the 15 federal agencies responding to our questionnaire noted that the guidance and information they received was useful and timely. However, 14 of these 15 federal agencies, along with officials from three states and six local governments we met with, noted that they would have benefited by receiving additional information on region-, sector-, site-, and event-specific threats when deciding additional actions to take for the three most recent codeorange alerts. We will continue to assess this guidance and information to determine its consistency and the extent to which the entities that provided the guidance and information coordinated with other agencies providing similar information.

Federal agencies responding to our questionnaire indicated that they maintain a high security posture and, as a result, did not need to implement a substantial number of additional protective measures to respond to code-orange alerts. For the most part, these 15 federal agencies reported enhancing protective measures they already had in place to respond to the code-orange alerts, such as increasing the frequency of facility security patrols. To a lesser degree, these federal agencies indicated that they continued existing protective measures at their pre-code-orange alert levels, such as the use of intrusion detection systems. To ensure that protective measures operate as intended, federal agencies for which we received questionnaire responses reported conducting tests on the functionality and reliability of protective measures. They also reported receiving confirmation of the enhancement or implementation of measures from component entities, offices, or personnel. Protective measures benefited federal agencies in various ways, but also affected agency operations, according to the agencies responding to our questionnaire. For example, while actions taken during code-orange alerts promoted employees’ sense of security, they also resulted in delays for employees entering facilities. State and local government officials we met with noted that their agencies implemented various protective measures for code-orange alerts, including additional law enforcement patrols.

Thirteen federal agencies, one state, and six localities provided information on the additional costs incurred during at least two of the three orange alert periods in our review. The cost information the federal agencies provided was generally estimates. Nine agencies reported incurring additional costs while 4 stated that they did not incur any additional costs. Eight of the 9 agencies provided cost estimates, whereas the ninth provided actual costs extracted from its financial accounting system. For the 9 agencies that reported incurring additional costs, we calculated the additional average daily costs incurred during each of the three orange alert periods. The additional average daily costs varied by alert period and ranged from as little as about $160 dollars for a small independent agency to more than $165,000 for a cabinet department. For 8 of the 9 agencies, the additional average daily costs were lower for the third alert period than the first alert period. Cost information for the one state and six localities was limited, and we have little or no information on how those costs were determined. Thus, we cannot assess the reliability and comparability of these costs.

Some federal, state, and local government agencies we contacted reported that they have threat advisory systems in place to ensure government agencies are notified of impending emergencies such as natural disasters or terrorist threats, allowing them to prepare a response. These systems, which were generally in place before the creation of the Homeland Security Advisory System, are similar to the Homeland Security Advisory System or have been revised to conform to it and include threat levels with associated protective measures. For example, one federal agency told us that it had developed its own five-level alert system 8 years ago to ensure protection of critical national security assets. While federal, state, and local government agencies said they raise or lower their systems’ threat levels to correspond to changes in the national threat level, they also independently change threat levels to respond to specific threats or for large public events.



Full GAO Report [2.8 MB]