Review of the Terrorist Screening Center
(Redacted for Public Release)
Audit Report 05-27
June 2005
Office of the Inspector General
Terrorist Screening Center Response The United States (US) Department of Justice (DOJ) Office of the Inspector General (OIG) conducted an audit of the Terrorist Screening Center (TSC) in 2004. The purpose of that audit was to determine whether the TSC: 1) has implemented a viable strategy for accomplishing its mission; 2) is effectively coordinating with participating agencies; and 3) is appropriately managing the terrorist-related information to ensure that a complete, accurate and current watch list is developed and maintained. On April 18, 2005, the TSC received a copy of the draft audit report for the purpose of providing comments on the recommendations and a sensitivity review. A separate response was required for each of the reviews, due to the DOJ/OIG within two weeks from April 18, 2005. For its response to the recommendations, the TSC was requested to provide: a statement that the TSC either agrees or disagrees with each recommendation; if the TSC agrees, a description of actions completed and planned including dates when corrective action will be achieved; if the TSC disagrees that the recommendations can be implemented, a description of alternate corrective action for the DOJ/OIG's consideration. What follows below is the TSC response to those recommendations. Executive Summary First and foremost, the DOJ/IG began their audit within the first five months of the TSC initial operation and concluded several months later. Before TSC’s inception, no agency or organization was responsible for consolidating the names and identities of both domestic and international terrorists. Furthermore, no agency was responsible for coordinating the Government’s approach to terrorism screening. Since the initial days of the DOJ/OIG audit, and continuing several months after the on-site audit was concluded, the TSC maintains an accelerated pace of growth and evolution to building and refining a singular, unique and precedent setting agency which consolidates the Government’s approach to terrorism screening. In the seventeen months of operation, the TSC has made significant strides.66 Most notably, since December 1, 2003, on a routine and daily basis, the officer on the street, the inspector and the border, and the consular officer at the embassy all have access to same updated list of known and suspected terrorist maintained by the United States Government. Because the TSC mission cuts across traditional boundaries between law enforcement, national security and homeland defense, the TSC embraces the uniqueness and expertise of the multi-agency participation. The distinct and exceptional proficiency, the culture of best practices and the wealth of contacts developed over years of law enforcement service that are brought together by personnel assigned to the TSC enable the TSC as an entity to break through long standing and difficult Government barriers as well as stovepipe operations which in turn fosters and encourages outstanding communication among the various agencies within the US which interact with the TSC. It is noted that a tremendous amount of the DOJ/OIG audit is devoted to discussion of the Terrorist Screening Database (TSDB) 1A and 1B. The creation of TSDB 1A and 1B were part of a phased approach to developing a database which had never existed before in the history of the United States Government, that would meet the criteria outlined in Homeland Security Presidential Directive (HSPD) – 6, that is one that would maintain critical data to the defense of the United States that is thorough, accurate and current. As a part of that phased approach, there is no longer a TSDB 1A and 1B, but only TSDB. As such, much of the report is no longer relevant in the TSC’s rapidly developing approach to consolidating the Government’s approach to terrorism screening. As part of the responsibility to maintain critical data that is thorough, accurate and current, the TSC has taken a large responsibility as mandated in HSPD-6. However, the responsibility is not the TSC’s alone. HSPD-6 clearly calls for the participation of every relevant Government agency. HSPD-6 requires the heads of executive departments and agencies to the extent permitted by law to provide all appropriate Terrorist Information in their possession, and conduct screening at all appropriate opportunities. Also, while privacy issues and redress procedures remain an integral part of TSC operations, the TSC will not establish an Office of the Ombudsmen for redress issues. The ombudsman function will be at the nominating agency level. Each agency that has nominated an individual for inclusion in the TSDB will ultimately be responsible for authorizing the continued inclusion or exclusion from the TSDB. The TSC’s will establish a Redress office to coordinate and facilitate that process among and between Federal agencies in the most efficient and effective manner. The TSC has expended maximum effort to ensure it provides excellent service to its customer base, the law enforcement population that encounters terrorists on a daily basis. In pursuit of that excellence, the TSC maintains a high standard of response to inquiry on terrorist identification. The TSC now averages a ten minute response time to those individuals who have encountered a known or suspected terrorist. This maximizes not only efficiency of operations, but provides an extra layer of safety to the law enforcement community. In the Draft Audit Report, the DOJ/OIG made 40 recommendations to the TSC. Of the 40 recommendations, the TSC had already implemented 38. In addition, of the 38, 17 were in process prior to the completion of the DOJ/OIG audit of the TSC and were initiated independently of the DOJ/OIG audit as a natural process of growth and maturity associated with a start-up operation that was not yet one year old. Of the remaining 21, all are expected to be fully implemented by the end of FY 2005. There were two recommendations with which the TSC did not agree and appropriate explanations are provided. In summary, the TSC has: 1) implemented a viable strategy for accomplishing its mission; 2) effectively coordinated with participating agencies; and 3) is appropriately managing the terrorist-related information to ensure that a complete, accurate and current watch list is developed and maintained. Background The TSC was signed into existence by the President of the US on September 16, 2003. The mission of the TSC, understood by all participants, was to devote all available resources to prevent terrorist acts against the US through the consolidation of the government's approach to terrorist screening. The mission of preventing terrorist acts in the US defined every decision made in the initial year of operation and will continue to do so. As such, the focus of the TSC, with limited resources, staffing and funding, has been primarily related to the efficacy of operations first. All time, resources, and materials, as a matter of consequence, had to be devoted to ensuring that the TSC could perform effective screening of terrorists against a consolidated database of terrorist identifiers in the US, at its borders, and outside the US where appropriate. Every other aspect of operations was subordinated to this main focus. However, no aspect of appropriate screening operations was ignored or subverted; it simply maintained a lower priority than the actual support of operations to prevent terrorism against the US. The team that initiated the start-up of the TSC was assembled and reported to the TSC, under the direction of TSC Director Donna A. Bucella in late October of 2003. Due to the urgency of the mission, the TSC was organized within 33 days of the initial team’s formation and reporting dates. As a result of the deadline under which the TSC was mandated to be operational, it was understood by all parties associated with this task and mission that the TSC would operate within an initial operational capability (IOC) for a minimum of a year as the TSC invested what time and resources were available to design an appropriate information technology architecture, business processes to support that architecture and mission, as well as a plan to respond to the totality of requirements outlined in HSPD - 6 and its Memorandum of Understanding (MOU). During this year, the TSC, according to this concept, incrementally developed the areas in priority order that would assist the mission first and administrative concerns second. The TSC was created in an out of cycle budget environment. As a result, the TSC did not have the opportunity to participate in the budget process initially, nor did it have the background to give a true estimate of normal operating requirements. Funding for the first fiscal year (FY) was reallocated from participating agencies' FY 2004 budgets. No personnel were granted to the TSC to stand up or operate it. Because the budget formulation process leads the execution phase of the budget process by two and one half years, the TSC was not able to have sufficient input into a budget cycle based on normative operational environment requirements until January of 2005, for the FY 2007 budget process, with the exception of a supplemental request for FY 2005 and an enhancement request for FY 2006. The first year that the TSC will have any opportunity to be granted personnel from the budget process is FY 2006, and it only addresses Federal Bureau of Investigation (FBI) personnel, not any of the other agencies since the budget is being requested through the FBI. It is important to note that the TSC is a new concept and is a living and growing environment that is constantly evolving to meet emerging threats and requirements within the framework of its governing documents, HSPD-6, the MOU, and Addendum A. The TSC immediately developed an initial planning document and supporting Process Flows in November of 2003. These underlying support structures have formed the basis and the standard from which all evolutionary changes have been made to the TSC when it has been faced with new challenges, mandates, and unexpected events that impact the TSC's ability to prevent terrorist acts against the US. The TSC will never reach a stasis point where it has "arrived," or where it will not need to improve. To adopt that approach and mentality would be to concede defeat to the terrorists who will never stop trying to conquer the US, its allies, and the principles on which they were founded. The DOJ/OIG formal on-site portion of the audit was concluded in November of 2004 less than one year after the TSC established initial operating capability. In this first year of operation, the TSC has accomplished significant achievements in the furtherance of defending the US from terrorist acts as it continues to improve, evolve and change to stay ahead of the expertise level and creativity of the terrorists who perpetuate that activity. Some of these milestones are detailed below: Visa Revocation: The TSC initiated a Visa Revocation Project to identify known terrorists that may have entered the US on a valid visa, but were unknown to the FBI. This project was expanded to include any terrorist in the Terrorist Screening Database (TSDB) that may have entered the US, including through the visa waiver program. The TSC is vetting the entire TSDB against the Department of State’s (DOS’s) Consular Lookout and Support System (CLASS). In those instances where the location is unknown, the National Joint Terrorism Task Force (NJTTF) is coordinating efforts to locate them by setting out leads to JTTFs in the field. TSC is compiling a complete historical background on each of these subjects and providing the results to the NJTTF. No Fly List: In 2004, after the DOJ/IG formal on-site portion of the audit was concluded, the White House Homeland Security Council (HSC) approved new criteria for inclusion of names on the No Fly and Selectee lists used for screening passengers on commercial airlines. The TSC identified the names of international and domestic terrorist subjects and prepared a spreadsheet detailing their current status on the lists. These lists contained over 7,000 names. The FBI JTTF case agent responsible for each terrorist subject on the list re-evaluated their No Fly/Selectee status. The review and re-evaluation was based on the new criteria and case agents changed the subject’s No Fly/Selectee status as appropriate. This effort ensured that with regard to all FBI subjects, their No Fly/Selectee status is consistent with the most recent criteria. Associates Project: The Associates Project was developed to identify possible associates of known or suspected terrorists. During their normal course of duties, law enforcement officers, DOS officials and Border Agents encounter known or suspected terrorists in the TSDB from querying their case management systems during an encounter. These encounters provide valuable information which includes who the known or suspected terrorist is with at the time of the encounter. These encounters with possible associates will be documented and provided to the office of origin for appropriate action. [SENSITIVE INFORMATION REDACTED] Self Inspection Audit: The Director of the TSC directed and documented a self inspection of the entire TSC operation in December 2004. The main purpose of this self inspection was to ensure the TSC was meeting all of its mandates as detailed in HSPD-6. Quality Assurance: TSC is in the process of conducting a manual review of every record listed in the TSDB. The results for each review will be documented and will ensure that there is adequate derogatory information to justify the inclusion of each subject as a known or suspected terrorist in the TSDB. In addition, TSC is modifying its nominations procedures to ensure that such a review also occurs at the outset for all new and modified nominations to the TSDB. Liaison: The TSC Watch Commanders implemented a policy in which they meet on a monthly basis with Watch Commanders from the National Targeting Center (NTC) and Supervisory staff from TSOU/TSC Operations. TSC Call Center personnel interact hourly on a 24/7 basis with NTC and TSOU staff and these monthly meetings have proven invaluable in streamlining TSC’s daily interactions with these two partner agencies. Tactical Analytical Group: The Tactical Analysis Unit (TAU) was formed in May of 2004 and provides intelligence analysis for the TSC and documents the conducted analysis in a daily report which is distributed to the intelligence community and TSC’s customers. TAU produces a daily report each work day. This report summarizes the TSC’s positive encounters for the prior day. The Intelligence Cell within TAU summarizes the type of encounter, what occurred, and what action was taken. The report notes the subject’s affiliation with any groups and a summary of the derogatory information available on the individual. Maps depicting the encounters and locations are also included in the report. The report is issued in two basic versions, International Terrorist only and International + Domestic Terrorist. The reports are disseminated by email to TSC’s customers in the FBI, Department of Homeland Security (DHS), Transportation Security Administration (TSA), Central Intelligence Agency (CIA), DOS, National Counterterrorism Center (NCTC), Defense Intelligence Agency (DIA), Counterintelligence Field Activity (CIFA), Federal Air Marshals (FAMs) and the HSC at the White House. The principal analysis conducted by TAU is event based, not threat based. TAU maintains situational awareness of domestic and world events and does not issue threat based analysis products. TAU has the additional responsibility of conducting analytical briefings for TSC Executive Management and groups that have a particular interest in TSC’s analytical process or products. This information has never been previously created nor shared within the US Government. HSPD-6 and Cooperation with Foreign Governments: The President on April 19, 2005, signed a proposal TSC co-authored with DOS on the U.S. government’s strategy to boost cooperation with foreign governments in screening individuals for terrorism, a proposal required by HSPD-6. TSC has the lead on the U.S. side in negotiations with the G-8 nations (UK, Canada, France, Italy, Germany, Japan, and Russia) to establish a mechanism to exchange terrorist screening information. The proposal has DOS and TSC as the two key entities in establishing new relationships with foreign governments for the sharing of terrorist screening information. During the first year of operations:
DOS Support: In addition to the cooperation with Foreign Governments, the DOS has also:
System Engineering: TSC was provided initial information technology (IT) support by partner organizations. Over the course of the year, TSC has added system engineering capability, designed and implemented development, test, and training environments, and initiated participation in the FBI Enterprise Architecture development effort. Application Development: In March 2004, an initial prototype system of the TSDB was deployed and populated with the terrorist identities from the watchlists identified by the General Accounting Office. In June 2004, a sensitive but unclassified (SBU) version of the TIPOFF system was deployed at TSC and updates began to flow from the Terrorist Threat Integration Center (TTIC), which is now called the National Counterterrorism Center (NCTC). Development was completed for the upgraded operational system (TSDB 1.1) in October 2004. This delivery increases the number of fields in the database to accommodate new types of identification data. TSDB Versions 1.1.1 through 1.1.4 were implemented to fix problems and improve data flow. Version 1.1.5, due to be installed in May 2005, will restore inter-system updating of TSDB to CLASS by correcting problems created in December 2004 when changes to CLASS by DOS rendered data modifications and deletes inoperable. Re-design of TSDB to version 2.0 is being accomplished in stages by gradually incorporating capabilities developed to prepare for NCTC’s implementation of the Terrorist Identities Datamart Environment (TIDE) program which will require TSC to stop using its TIPOFF-based TSDB. Database compatibility with TIDE will exist when TIDE becomes operational in 2005. TSDB’s end-user interface will be re-designed to be TIDE-compatible, and access to additional fields of data cited in Addendum A to HSPD-6 will provided by December 2005. The Encounter Management Application (EMA) was developed as a prototype and has been in production since July 2004. EMA supports the Call Center by tracking call-in encounters by law enforcement personnel; it also supports intelligence gathering and reporting. IT Operations: [SENSITIVE INFORMATION REDACTED] For SBU connectivity, each of the partner agencies has brought its system into TSC space and used those paths to pass data to and from the home systems. Purely unclassified connectivity is provided by the Techtrack system. Project Management Office: The Project Management Office (PMO) was established in August 2004. PMO coordinates schedules for IT projects across the TSC in order to support effective operational capabilities and to improve this capability over time. The PMO does not directly manage projects, but fills a staff role in support of project managers. The PMO provides support for project initiation, portfolio management, master scheduling, project reporting, and weekly reviews. The PMO also administers the TSC Configuration Control Board (CCB). The CCB is the entry point of new projects into the IT portfolio of TSC. It requires project initiators to explain and justify new initiatives. Existing projects that need to be re-baselined (redefined and/or re-launched) must justify the action and receive approval from the CCB. Members of the PMO support Special Projects as needed in concert with members from other segments of TSC. Data Management Office: Given the goal of increasing TSC data accuracy, currency, and thoroughness while maintaining security, the CIO created a Data Management Office (DMO) in March of 2005. The mission of the DMO is to create tools that help our substantive data owners increase the quality of TSC data. The DMO is supporting the following activities: moving data from one security level or system to another; creating tools to monitor data as it arrives and moves to screening locations; creating reports to analyze data in TSDB and related systems; answering technical questions through analysis if database content; measuring the accuracy, currency, and thoroughness of screening data. Legal Unit: The TSC established a Legal Unit in June of 2004, and to date they have:
Training Highlights/Accomplishments:
Privacy/Redress: An attorney from the TSA was hired to serve as TSC’s first Privacy Officer in January 2005. Her role is to coordinate all matters related to privacy and redress. Since her hire, the Privacy Officer has been working toward the completion of key privacy compliance documents, including the Privacy Act notice and Privacy Impact Assessment. In late January, the Privacy Officer established a formal process to track and respond to all redress inquiries referred to TSC by other agencies. The TSC is also working to develop a consolidated government approach to helping individuals who are repeatedly misidentified during a U.S. government screening process. The Privacy Officer also modified the Configuration Control Board process to require program managers to conduct an analysis of the privacy impact of any proposed new or modified IT project. The Privacy Officer will also regularly attend CCB meetings. With this as a short summary background, the TSC offers the following in response to the DOJ/OIG Draft Audit of the TSC: Recommendation #1: That the TSC develop a formal IT plan for maturation of the IT environment at the TSC to address: a) IT staffing needs; b) controls to ensure data integrity; c) adequate oversight over IT contracts and contractors, and d) future improvements in the areas of TSDB connectivity, name-search capabilities, acceptance of biometric data, as well as other IT planning issues. Response: The TSC agrees with this recommendation, but has operated according to this recommendation since its inception. a) The TSC developed an initial formal staffing plan in January of 2004. Due to the TSC's creation in an out of cycle budget environment, the FBI provided the majority of the TSC's permanent and temporary staffing. Within this initial plan, the TSC detailed IT staffing requirements from all participating agencies and contract employees. That staffing plan and the organization chart that it was initially derived from are included as TSC Response Exhibits (TSCREs) #1 and #2. The TSC used this initial staffing plan until it became apparent that the TSC's requirements would exceed its proposed staff. As a result, beginning in August of 2004, the TSC began work on a Master Staffing Plan, of which the IT staffing was an integral portion. This Master Staffing Plan was published via an electronic communication (EC) to the Director of the FBI and other entities as of October 29, 2004 (TSCRE #3). The MSP is a living document that is updated as requirements dictate. Attached is the most current version of the MSP (TSCRE #4). b) As part of its ongoing Strategic Planning, the TSC has developed three separate software products that will have a tremendous impact on the ability of the TSDB to add audit trails within the database, including historical data and detailed transactions by user, which will enhance human access controls. The first is the Nomination form Project, which is part of the TSDB v1.4 Project described below. The Nomination form is a manual form that is used by the FBI to nominate terrorists for inclusion in the TSDB through submission of the form to the FBI’s Terrorist Watch and Warning Unit (TWWU). The Nomination form project automates that process and creates built-in audit capability. The Nomination form will require user login for traceability, it will track date, time, and the username of the last update made to any nomination. The Nomination form Project of the TSDB version 1.4 is scheduled for implementation in May of 2005. The second part of the TSDB v1.4 Project provides for web-based transaction processing of TSDB updates to NCIC’s VGTOF file according to NCIC’s protocol. It means that adds, modifications, and deletes to VGTOF will occur in real time with TSDB updates at TSC. Version 1.4 is scheduled to be operational at TSC on May 13, 2005. The third is TSDB v1.5, which will allow TSC to ingest data from NCTC’s TIDE system (which is designed to replace TIPOFF) while maintaining TSC operations using TSDB. The TSDB 1.5 is currently installed at TSC’s Independent Verification and Validation (IV & V) test lab while undergoing acceptance testing, but is dependent upon the NCTC’s new TIDE software coming online and completing a rigorous testing phase. That is estimated to be finalized in July of 2005. NCTC advises TSC that they plan to make TIDE operational following a second round of NCTC/TSC acceptance testing scheduled for the week of May 9, 2005. TSC expects more testing will be necessary before TIDE is "hardened" sufficiently to replace TIPOFF. Either way, TSC will be able to receive TIDE exports and continue operating TSDB whenever TIDE is activated. c) The TSC has four contracts which support IT, three of which are funded by the TSC through the FBI budget process. All contract work activity is reviewed by the TSC CIO, a 20 year IT professional renowned for his IT accomplishments at the Department of Defense. The first IT contract is a large personnel contract with an 8a contractor. This contract provides not only IT personnel but also Administrative and Operational personnel. This contract has a direct program contact at the company level, an on-site Program Manager (PM) located at the TSC, a Contracting Officer (CO) from the Department of the Interior, and an onsite FBI Contracting Officer’s Technical Representative (COTR). The COTR maintains daily contact with the on-site PM. There are government employees who oversee the work of all the IT contract employees on the 8a contract. The second contract is a software development contract. This contract has a direct program contact at the company level, an on-site program manager who splits time at the TSC and the software development offsite (the overwhelming majority of these employees are located offsite), an FBI CO, an onsite FBI COTR, and a FBI software development (SD) IT PM. The FBI COTR has weekly meetings with the contract PM, and the FBI SD IT PM to provide appropriate direction to and control over the contract company with reference to current project work for the TSC. The FBI SD IT PM has daily contact with all the SD contract project teams. The SD contract has strict project plans, schedules and milestones that are reviewed regularly by the TSC COTR, Executive Management and IT government staff. Furthermore, the primary focus of the SD contract is the development of the TSDB. The TSC made a tactical decision to develop the TSDB on an incremental basis. As such, the TSC has been able to implement robust processes for requirements analysis and promulgation, development, testing, integration, and production that have greatly increased effectiveness of the TSC under tightly controlled circumstances. The third contract is with a Federally Funded Research and Development Center. This contract provides the TSC with a secondary layer of control over its IT contracts. Experienced IT professionals from this contract have been integrated into the project management oversight to provide further safeguards from fraud, waste and abuse. Finally, the DHS has provided the TSC with one contract IT employee for infrastructure support. This employee comes under the direct oversight and control of a 19 year FBI employee with 14 years of IT experience. The TSC believes it has had and continues to exercise substantial and sufficient control over its IT contracts and personnel. d) As noted above, the TSC made a tactical decision to develop the TSDB in an incremental fashion. This decision was made to ensure the TSC always maintained the ability, from its first day of operation, to provide an effective accomplishment of its mission. Incremental development ensures that systems are always functional with full available capacity as improvements are made gradually. As such, the IT management team, in association with the Executive Management of the TSC, has planned for multiple releases associated with the TSDB. In its Strategic Plan, the TSC has, from its inception, planned increased connectivity, search capabilities, and development of new capability derived from constant review of the TSC mission, function and requirements. Fruits of this planning have been evident with various releases of the TSDB since June of 2004, and continue with releases of TSDB 1.4 and 1.5 later in 2005. The TSC notes that the DOJ/OIG Draft Audit references through most of the report that the TSDB was divided in two parts. This report was drafted based on observations made during the infancy stages of the TSC and there is one TSDB now. Recommendation #2: Enhance the TSDB to add audit trails to track activity within the database, including historical data and detailed transactions by user, as well as to include enhanced human access controls. Response: The TSC agrees with this recommendation and has been developing requirements and software to address this recommendation since November of 2004. As noted in response to recommendation #1(b), as part of its ongoing Strategic Planning, the TSC has developed three separate software products that will have a tremendous impact on the ability of the TSDB to add audit trails within the database, including historical data and detailed transactions by user, which will enhance human access controls. The first is the Nomination form Project, which is part of the TSDB 1.4 Project, and was initiated November 8, 2004. The Nomination form is currently a manual form that is used by the FBI to nominate terrorists for inclusion in the TSDB through submission of the form to the FBI’s Terrorist Watch and Warning Unit (TWWU). The Nomination form project automates that process and creates built in audit capability. The Nomination form will require user login for traceability, it will track date, time, and the username of the last update made to any nomination. The Nomination form Project of the TSDB 1.4 is scheduled for implementation in May of 2005. (TSCRE #5) The second is the National Crime Information Center (NCIC) Query Project portion of TSDB 1.4 which was initiated on December 13, 2004. (TSCRE #6) In this project, among other increased capability, the NCIC Query portion of TSDB 1.4 will allow for automated tracking of system transactions between the TSDB and NCIC. The NCIC Query TSDB 1.4 is scheduled for implementation in May of 2005. The third is TSDB 1.5, which was initiated December 15, 2004. (TSCRE #7) The TSDB 1.5 requires a transactional audit history of information flow from the NCTC and the TSDB. The TSDB 1.5 is currently in Independent Verification and Validation (IV & V) testing, but is dependent upon the NCTC’s new TIDE software coming online and completing a rigorous testing phase. Recommendation #3: Develop staffing protocols to ensure that the TSC remains a multi-agency operation and make further efforts to encourage DHS to provide additional staff. Response: The TSC agrees with this recommendation and has operated according to this recommendation since its inception. As noted in the response to recommendation #1, the TSC has been working from an initial staffing document authorization since January of 2004 (TSCRE #1 & #2), which was updated to the MSP as of October 29, 2004 (TSCRE #3 & #4). The MSP is a living document that is updated as requirements dictate. This document is the staffing protocol that governs the staffing of the TSC to include the levels of participation from other agencies. With particular respect to the DHS, the Principal Deputy Director (PDD) of the TSC and Human Resources Specialist (HRS) of the TSC have periodically met with DHS’s Chief Human Capital Officer, to further communication regarding staffing initiatives. To date, position classification actions have been completed for nine DHS positions and vacancy announcements have been drafted. The DHS has been unable to advertise these announcements due to Funded Staffing Level restrictions for FY 2005, since no participating agency was granted personnel to stand up or operate the TSC. With these restrictions in place, the DHS prepared a memorandum under the signature of Susan Richmond, Chief of Staff for Janet Hale, Under Secretary for Management, requesting agencies that report to the Secretary of Homeland Security to provide staff positions to the TSC on a non-reimbursable basis for the remainder of FY 2005. (TSCRE #8) Further, each agency is responsible for keeping their assigned positions filled with detailees in future years on a non-reimbursable basis until such time as permanent positions are created and funded. Listed below are the positions the DHS will staff and by which agency the positions will be staffed: BORDER AND TRANSPORTATION SECURITY (2 positions, 0 filled)
CUSTOMS AND BORDER PROTECTION (6 positions, 1 filled)
CITIZENSHIP AND IMMIGRATION SERVICES (1 position, 0 filled)
EMERGENCY PREPAREDNESS AND RESPONSE (1 position, 0 filled)
FAMS SERVICE (1 position, 0 filled)
INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION (7 positions, 6 filled)
ICE (4 positions, 1 filled)
OFFICE OF GENERAL COUNSEL (1 position, 0 filled)
TSA (8 positions, 8 filled)
US COAST GUARD (6 positions, 3 filled)
UNDER SECRETARY FOR MANAGEMENT (1 position, 0 filled)
US SECRET SERVICE (2 positions, 2 filled)
Recommendation #4: Take steps to increase the number of permanent government personnel and long term TDY staff employed by the TSC to take advantage of valuable expertise and institutional knowledge and to reduce the necessity of constant orientation and training. Response: The TSC agrees with this recommendation and has operated according to this recommendation since its inception. The TSC has taken aggressive steps to increase the number of permanent and long term TDY personnel and further reduce the need for orientation and training. Due to the unique TSC mission, at the time of the creation of the TSC, there had, obviously, been no position descriptions created, no vacancy announcements developed, and no postings advertised to fill permanent positions for the TSC. With respect to the FBI and contract hires, beginning in January of 2004, the TSC developed a full complement of position descriptions at multiple grade levels, created vacancy announcements and posted all positions. The TSC then conducted career boards according to merit promotion principles, screening hundreds of applicants, interviewing where appropriate, and making selections for each position, finally working with each candidate to obtain background data to facilitate appropriate investigations for the purpose of obtaining a Top Secret/Secure Compartmentalized Information clearance. The typical hiring time process for the FBI from the date of background initiation can take up to one year. With the initial process to develop the positions and select the candidates, the process can easily take over 18 months. Even with these constraints, by the time of the end of the DOJ/IG audit, the TSC had a remarkable 73% of permanent staff on board in approximately 10 months. Since November 9, 2004, the TSC has advertised 13 Supervisory Special Agent (SSA) FBI positions. Of those positions advertised, three closed with no applicants applying for the vacancy, five are currently open and will close on April 29, 2005, one is pending with the Executive Development and Selection Program (EDSP) Section to be posted, and a local career board was conducted on March 28, 2005 for four SSA positions and recommendations were forwarded to the EDSP Section for final selection. To better meet the demands of the TSC, management reorganized its SSA positions during December 2004 (TSCRE #9) and April 2005 (TSCRE #10) to more evenly distribute assigned projects and responsibilities managed by the TSC and to capture individuals at the highest level possible that possess appropriate competencies. Through these reorganizations, two additional GS 15 SSA positions were established. Since November 9, 2004, the TSC has increased its permanent FBI staff by five, with an additional four pending approval of a successful background investigation to complete the hiring process. Two professional support positions are currently posted and three posting requests are pending with the Staffing Unit. During November 2004, the FBI advertised a critically needed Policy Development Officer position. A local career board was conducted in December 2004 and a conditional job offer was made in early January 2005. The offer was accepted; however, the applicant later rescinded her acceptance of the position. During December 2004, the TSC requested an increase in funded staffing level to support the permanent establishment of Intelligence Analyst positions (TSCRE #11). TSC continues to receive an increasing number of calls for identification as to whether the person encountered is a positive or negative identity match to a known or suspected terrorist. To provide adequate analysis, the TSC proposed that 28 Intelligence Analyst positions be established and added to the TSC staffing level. These positions would be supported and staffed by the following components: 6 FBI; 6 DHS; 4 DOD; and 12 from the Intelligence Community. The request for FBI personnel is pending with the Office of Intelligence for approval. A follow-up communication was prepared on January 14, 2005 (TSCRE #12), requesting the Office of Intelligence detail six Intelligence Analysts to the TSC for a period of 90 days to augment the TSC's analytical staff until such time as the TSC could be sufficiently staffed with permanent Intelligence Analysts. Unfortunately due to a shortage of Intelligence Analysts within the FBI this request will not be filled until May of 2005. On March 29-30, 2005, the HRS attended an OPM-sponsored job fair to recruit Presidential Management Fellows (PMF). The government-wide PMF Program is designed to attract outstanding young men and women from diverse academic disciplines to federal service. Prior to the job fair, the TSC reviewed hundreds of resumes. The TSC interviewed seven PMFs and provided three conditional job offers. Unfortunately, all offers were declined. On April 6, 2005, the TSC requested to hire 19 professional support positions over the current FBI funded staffing level to meet the increased workload associated with the Secure Flight program (TSCRE #13), which is scheduled to begin in August 19, 2005. The DHS and its reporting agencies have contributed to the TSC employee complement by providing nine long-term TDY staff members since November 9, 2005. Refer to Recommendation #4 for further details regarding DHS's future staffing initiatives to support the TSC. To further enhance multi agency operations and take advantage of valuable expertise, the TSC set forth a formal request on December 10, 2004 (TSCRE #14) to detail a military officer for a one year non-reimbursable tour of duty, with a possible extension, in conjunction with force protection in order to support the Global War on Terrorism. This employee maintains a Top Secret Clearance and recently received his pre-polygraph interview in order to receive indoctrination for SI/TK/G and HCS. It is anticipated that this employee will report to the TSC in 6/2005. In addition, 16 contract employees have reported since November 9, 2004 to support the mission of the TSC. The TSC continues to interview viable candidates for various positions within the center and has three in background awaiting hire (TSCRE #15). The TSC has also recently mandated that all temporary duty (TDY) employees report to the TSC for a minimum of 90 days to minimize the need for constant orientation and training. However, as of January 2005, the TSC also now has a robust training program that provides the TDY personnel with appropriate skills sets at a much higher rate than was possible in the past. As such, the potential negative effects on the TSC operations are essentially mitigated. In summary, the TSC has always recognized the need for permanent or long term expertise skill levels and has aggressively pursued that goal since its inception. Recommendation #5: Ensure that the information placed into the TSDB accurately represents the data that was submitted by the nominating agency. In addition, the TSC should establish controls to ensure that it can trace the origin of the record to the nominating agency. Response: The TSC agrees with this recommendation and has taken appropriate action to address this matter beginning in November of 2004. As previously noted, the TSDB 1.4 and 1.5 requirements phase were implemented in November and December of 2004. A substantial portion of these requirements addresses the need to ensure the TSDB accurately represents the data that was submitted by the nominating agency, and establish controls to ensure it can trace the origin back to the nominating agency. There are three important software development projects associated with the TSDB 1.4 and TSDB 1.5 that address these requirements. The first is the Nomination form Project (TSCRE #5), which is part of the TSDB 1.4 Project, initiated November 8, 2004. The Nomination form is currently a manual form that is used by the FBI to nominate terrorists for inclusion in the TSDB through submission of the form to the FBI’s Terrorist Watch and Warning Unit (TWWU). The Nomination form project automates that process and creates built in audit capability. The Nomination form will require user login for traceability, it will track date, time, and the username of the last update made to any nomination. The Nomination form Project of the TSDB 1.4 is scheduled for implementation in May of 2005. The second is the National Crime Information Center (NCIC) Query Project portion of TSDB 1.4 which was initiated on December 13, 2004 (TSCRE #6). In this project, among other increased capability, the NCIC Query portion of TSDB 1.4 will allow for automated tracking of system transactions between the TSDB and NCIC. The NCIC Query TSDB 1.4 is scheduled for implementation in May of 2005. The third is TSDB 1.5, which was initiated on December 15, 2004 (TSCRE #16). The TSDB 1.5 requires a transactional audit history of information flow from the NCTC and the TSDB. The TSDB 1.5 requires the NCTC to pass message identification (ID), Nomination ID, Nomination Type, TIDE ID, and TIDE Alias Group ID, all of which are mandatory. All of these fields are used to trace the origin of individual records back to the nominating agency. Furthermore, TSDB enforces over 35 business rules in the receipt of data between NCTC and the TSDB. This helps ensure the accuracy of the data from the nominating agency as it applies specific system checks in accordance with the NCTC – TSC data agreement outlined in the Interface Control Document. The TSDB 1.5 is currently in Independent Verification and Validation (IV & V) testing, but is dependent upon the NCTC’s new TIDE software coming online and completing a rigorous testing phase. Finally, a major Quality Assurance (QA) effort (see response #10) is under way in TSC to ensure that records of highest priority for correction are addressed by a record-by-record search. This QA effort will verify the data of historical TSDB data and allow new data quality to be controlled through the automated processes in TSDB 1.4 and 1.5. Recommendation #6: Take measures to automate the daily upload of records nominated for inclusion in the TSDB to reduce the need for human intervention. Response: The TSC agrees with the recommendation and has taken steps to implement it since December of 2004. As noted above in responses to recommendations #2 and #5, when implemented as part of the TIDE project, TSC’s TSDB 1.5 (TSCRE #16) will enforce more than 35 business rules to validate that data received from NCTC complies with legal and negotiated restrictions on data relationships. Examples of rules include changing exports of a record when a US person is inappropriately targeted for a foreign country’s watch list, and when a person is placed on both the No Fly and Selectee lists. Current policy calls for visual examination of the individual record during ingest. The real issue with timely and quality ingest relates to the multiple levels of security involved. The Intelligence Community (IC) has been working for years to develop a trusted guard to provide a network connection to move data from top secret to the sensitive but unclassified (SBU) level. Until this capability is available through the IC, TSC must live with significant delays in data arrival from NCTC, and poor data quality. Recommendation #7: Develop a more vigorous outreach plan that includes specific target organizations and industries, and establish timelines for the completion of outreach goals. Incorporate the plan into the TSC strategic plan, when formally created. Response: The TSC agrees with this recommendation and has complied with this recommendation since the inception of the TSC. The TSC has had as part of its ongoing Strategic Planning, a clear structure and process for outreach from the TSC. To date, a TSC Video was developed and sent to law enforcement agencies all over the U.S. A TSC Brochure tri-fold (TSCRE #17) was developed and is used in every presentation opportunity to distribute to law enforcement officials all over the US. The TSC has written articles on the TSC and had them published in The CJIS Link (October 2004) (TSCRE #18) and Crime & Justice International (March/April 2005) (TSCRE #19). Both have resulted in a number of calls to the TSC seeking additional information. The TSC also has a new DVD in production that will be completed in June 2005 for dissemination to law enforcement agencies all over the US and outside the US. The TSC regularly trains FBI National Academy classes which are comprised of elite law enforcement officials from all over the world. The TSC participates in conferences for District Attorneys, US Attorneys, Task Forces, State-wide law enforcement conferences, Regional law enforcement conferences, National law enforcement conferences, and Department of Defense legal conferences. Through the use of targeted on-line searching, substantive law enforcement organizations have been located in all the states, and most have been contacted to explore the possibilities of speaking at conventions, conferences, or training sessions in an effort to touch all levels of law enforcement. In addition, thanks to the diverse sources of the TSC workforce, leads have been provided and used for conferences initiated by their agencies. As of April 20, 2005, presentations have been, or are scheduled to be, made in 27 states and the District of Columbia. Presentations outside the US have been made in Ottawa, Ontario, Canada, and London, United Kingdom (TSCRE #20). For the future, the TSC has initiated a plan to ensure TSC presentations will be made in all 50 states. The TSC will also be involved in training Legal Attaches in all FBI Legats in the next year. The TSC will also be developing a website in for the FBI’s Law Enforcement Online (LEO) system to host a TSC informational web site. As the LEO system is available to anyone involved in law enforcement, the TSC will post the Outreach schedule, and provide a forum for those who visit the website to contact the TSC to schedule other outreach opportunities. As with other areas of operation of the TSC, there will never be a time when the TSC has completed its outreach goals. There will always be the need for not only initial training to every law enforcement component that interacts with the TSC, but also refresher training as the TSC continues to evolve. As such, the TSC will constantly review and revise it outreach goals on an annual basis in conjunction with its annual reviews of the Strategic Plan. Recommendation #8: Encourage the DHS to finalize guidelines to allow the TSC to begin regular screening for private sector organizations. Response: The TSC concurs with this recommendation and has complied with this recommendation as part of its mission under HSPD-6. TSC initiated several meetings between DHS headquarters and its component agencies over the last six months in furtherance of this objective (TSCRE #21). DHS recognizes their responsibility for this initiative and will focus on the critical infrastructure industries first. Per HSPD-6, the TSC is dependent upon the DHS to initiate and lead in this effort. To date, no current schedule exists for rolling out this effort, but the TSC is fully cognizant of its complementary role to the DHS in this effort and is fully engaged in giving encouragement to the process. Recommendation #9: Review the 1,200 TSDB 1A records that may require manual correction to ensure that these records are included in TSDB 1B, if appropriate. Response: The TSC agrees with this recommendation and has completed this task. The TSDB was consolidated into one database on April 1, 2005. During the course of this consolidation, TSC identified approximately 1,200 records in the former TSDB 1A that needed to be examined for duplication and added to the official TSDB (previously referred to as TSDB 1B). On March 16, 2005, the TSC sent 1,183 TSDB 1A records to the NCTC for analysis and ingestion back into the TSC TSDB as necessary. On April 20, 2005, based on the NCTC record analysis, 1,131 former TSDB 1A records were transferred to the TSDB, with 52 duplicates identified that were not transferred (TSCRE #22). This task is fully completed. Recommendation #10: Review and correct the 31 duplicate records identified in the TSDB 1B. Response: The TSC agrees with this recommendation and has taken steps to complete it. In the Draft Audit Report, the OIG has identified these 31 records as being part of a larger set of records associated with a large number of potentially duplicate records created with the transfer of the FBI’s international terrorism records from the VGTOF to the NCTC. The TSC was aware of this issue previously and had independently conducted analysis to determine the source of these records. Through the analysis conducted at the TSC, this mass export of the FBI’s international terrorism records to the NCTC was identified as occurring on August 3, 2004. In an effort to address the duplicate records and other QA issues with the TSDB, the TSC initiated a complete record-by-record review of the entire TSDB. With this process initiated in April, 2005, the TSC will review every record in the TSDB to identify and correct the duplicate record issue (TSCRE #23, #24). Since the August 3, 2004, VGTOF records appear to be the cause of duplicate records, the TSDB QA review will begin with the review of approximately 18,500 records that resulted from this VGTOF transfer of records to the NCTC. The review is estimated to be complete by July of 2005. It is important to note, that although there are duplicate records present in the TSDB, this has not reduced the efficacy of the TSC screening processes. Recommendation #11: Review and correct the four records identified in the TSDB 1B as having duplicate TIPOFF record numbers. Response: The TSC agrees with this recommendation and has taken steps to complete it. In the Draft Audit Report, the Inspector General has identified these four records as being part of a larger set of records associated with a large number of potentially duplicate records created with the transfer of the FBI’s international terrorism records from the VGTOF to the NCTC. The TSC was aware of this issue previously and had independently conducted analysis to determine the source of these records. Through the analysis conducted at the TSC, this mass export of the FBI’s international terrorism records to the NCTC was identified as occurring on August 3, 2004. In an effort to address the duplicate records and other QA issues with the TSDB, the TSC initiated a complete record-by-record review of the entire TSDB. With this process initiated in April, 2005, the TSC will review every record in the TSDB to identify and correct the duplicate record issue. (TSCRE #23, #24) Since the August 3, 2004, VGTOF records appear to be the cause of duplicate records, the TSDB QA review will begin with the review of approximately 18,500 records that resulted from this VGTOF transfer of records to the NCTC. The review is estimated to be complete by July of 2005. It is important to note, that although there are duplicate records present in the TSDB, this has not reduced the efficacy of the TSC screening processes. Recommendation #12: Develop procedures to regularly review and test the information contained in the TSDB to ensure data is complete, accurate, and non-duplicative. Response: The TSC agrees with this recommendation and has taken steps to complete it. The Data Management Office (DMO) at the TSC was created in March of 2005 with the mission of creating tools that help increase the quality of TSC data. The DMO is creating structured query language (SQL) and small-scale database tools to empower QA effectiveness. In addition, TSC is modifying the TSDB 1.5 software to accept the entire TSDB as a batch file. This will apply all of the TSC business rules envisioned for future ingests from the TIDE system against the existing stock of TIPOFF records. (TSCRE #24) Recommendation #13: Ensure that each record in the TSDB 1B can be traced to either the FBI or NCTC databases. Response: The TSC agrees with this recommendation and has taken appropriate steps to implement it. In April 2005, this issue was discussed with the Branch Chief, Terrorist Identities Group, NCTC. He has agreed to provide the source of each record in the TSDB, since his computer database at the NCTC tracks the agency that provided all international terrorist information. This will also be captured in TSDB 1.5. (TSCRE #7) The TSC Nominations Unit is responsible for inputting all Domestic Terrorism records in the TSDB and therefore will track this information. Recommendation #14: Establish codes that more accurately describe domestic terrorist activity, replacing the INA codes that are currently applied to domestic terrorist records. Response: The TSC agrees with this recommendation and has taken steps to implement it. When the TIPOFF program resided at the DOS and the Immigration and Naturalization Service was placing TIPOFF lookouts in its database, the INA code was linked to the Immigration and Nationality Act as a reference for possible inadmissibility charges. Since the start of NCTC and TSC relations, however, the INA code has been used as a means to categorize the derogatory information associated with a subject. This code has been used regardless of citizenship or whether the subject is associated with international or domestic terrorism. The INA code is required for export to IBIS, the database operated by the U.S. Bureau of Customs and Border Protection. It should be noted however that INA codes are pre-9/11 screening tools. The INA code is but one factor in determining whether or not a person is a threat. In October 2004, it was requested that three new INA codes be established for the sole purpose of describing domestic terrorist activity (TSCRE #25). These INA codes will be scheduled in a future release of TSDB. Recommendation #15: Review the INA codes applied to domestic terrorist records to ensure they properly reflect domestic terrorist activity. Response: The TSC agrees with this recommendation and has taken steps to implement it. This issue will be addressed with the creation of three new INA codes, which were requested in October, 2004, to be established for the sole purpose of describing domestic terrorist activity (TSCRE #25). This should be scheduled in a future release of TSDB. It will also be addressed with the previously referenced record by record review of the TSDB to include an examination of the INA codes for each record. The INA code originated from the Immigration and Nationality Act as a reference for possible inadmissibility charges. Since the start of NCTC (formerly known as the Terrorist Threat Integration Center- TTIC) and TSC relations, however, the INA code has been used as a means to categorize the derogatory information associated with a subject. This code has been used regardless of citizenship or whether the subject is associated with international or domestic terrorism. The INA code is required for export to IBIS, the database operated by the US Bureau of Customs and Border Protection. Recommendation #16: Assign handling codes to all records within the TSDB that are exported to VGTOF, including the 336 records that we identified as lacking handling codes. Response: The TSC agrees with this recommendation and is taking steps to complete it. The 336 records identified have been addressed. Also, as previously noted, in April of 2005 the TSC initiated a massive QA review of the entire TSDB. This review is being completed with the use of a form with multiple questions (TSCRE #23). The accuracy of the TSDB handling code (HC) issue will be addressed with question eight in the record-by-record review of the TSDB. Question eight states "Do all linked and unlinked TSDB records have the same VGTOF Handling code? (If no, explain discrepancies in the comments field.)." This question will identify and correct all records that do not have an HC, as well as identifying and correcting conflicting HCs in linked records. TSC has identified part of this issue because HCs for the DT subject records (with valid HCs) that were exported from VGTOF into the TSDB on October 9, 2004, inadvertently omitted placement of the HC into the VGTOF Export Eligibility HC box. This oversight was rectified in late-2004. In addition, there were approximately 60 subject records in VGTOF that did not contain a valid SubGroup (SGP), e.g., HC. These records were not previously entered by or reviewed by the TSC since they were pre-existing records from 2002. Upon the creation of HCs, the Criminal Justice Information Services (CJIS) Division coordinated the change of old/obsolete SGP data, (e.g., 'CNFDRT KNGT AMERICA*RLNC'), to the newly created HC data. These records were identified by the CJIS Division as not having responded to the CJIS's change request, and were modified appropriately by the TSC. Recommendation #17: Review and correct the inconsistent assignment of low-threat handling codes to records with "armed and dangerous" INA codes. Response: The TSC does not agree with this recommendation because there is no link with VGTOF Handling Codes (HCs) used to inform state and local law enforcement officers with the TIPOFF INA Codes used to classify the type of known or suspected terrorists. The following information should serve to further clarify this for the DOJ/OIG. None of the four existing HCs are considered "low-threat." In fact, HCs are not associated with threat levels. HCs provide instruction as to when the person is encountered, what action should occur. However, different thresholds must be met prior to the issuance of a particular HC to any IT or DT subject. [SENSITIVE INFORMATION REDACTED] All other subjects are reviewed and assigned a HC based on: a) the Case Agent's recommendation (or VGTOF Nomination Team recommendation for non-FBI IT subjects); and b) the quantity and quality of the biographical/identifying data submitted by the Case Agent (or NCTC, for non-FBI IT subjects). The lack or absence of quality biographical/identifying data would warrant consideration that the subject be placed into a HC4 status, rather than a HC3 status, depending on the HC recommendation submitted by the Case Agent. If a clear photograph or useful biographical/identifying data is not provided, attempts to efficiently and accurately conclude a positive or negative hit will be hampered. HC3 is where the majority of the persons are categorized. The assignment of INA Codes is a means to quickly label the type of derogatory that exists for a subject. The "armed & dangerous" designation is an old carry over from when the TIPOFF program shared records with the Immigration and Naturalization Service (INS). The INS designated certain INA Codes, linked at that time to possible inadmissibility charges, to the Interagency Border Information System's "A&D designator." NCTC merely uses the INA Codes to categorize the derogatory information compiled on a particular person and label that person by assigning an INA Code. While the INA Code assigned to a subject record is examined, it is a factor, but not a primary consideration in the review and assignment of a HC. Lastly, it should be noted that HCs are not assigned to subjects "according to the level of threat the individual poses," as is cited throughout the DOJ/OIG Audit Report. [SENSITIVE INFORMATION REDACTED] Enclosures/Supporting Documentation: -VGTOF Nomination Protocol (dated 02/25/2005) (TSCRE #26) Recommendation #18: Establish in TSDB 1B separate fields to identify [SENSITIVE INFORMATION REDACTED] and [SENSITIVE INFORMATION REDACTED]. Response: The TSC agrees with this recommendation and this is complete. In October of 2004, the TSDB Wedge Project was placed in production. This project was specifically designed to address all fields in TIPOFF that could be exported from the NCTC, but could not be held in the TSDB. Of these fields, [SENSITIVE INFORMATION REDACTED] and [SENSITIVE INFORMATION REDACTED] were included. As such, this item has been completed since August of 2004. (TSCRE #27) Recommendation #19: Enhance the TSDB 1B by ensuring that available all fields of information have been activated and populated as appropriate. Response: The TSC agrees with this recommendation and has completed this action. Per recommendation #18, and the response to that question, the TSDB Wedge Project was completed in August of 2004. All appropriate fields have been activated and populated as appropriate. The only fields not activated and populated to date are those associated with the TIDE implementation, which will export all Addendum A material, and will occur later in 2005. (TSCRE #27B) Recommendation #20: Implement automated procedures to ensure records and corresponding data transmitted to and from the TSDB is accurate, consistent, and complete. This should include a review of the eight VGTOF records and the three TIPOFF records that were omitted from the TSDB 1B and the two TIPOFF records omitted from the TSDB 1A. Response: The TSC agrees with this recommendation and has taken steps to complete this action. The previously referenced record by record QA review of the TSDB (TSCRE #23, #24), initiated in April, 2005, will address "the eight VGTOF records and the three TIPOFF records" that were not in TSDB 1B. This review is expected to be complete in June of 2005. It is also noted that there is no longer a TSDB 1A and TSDB 1B, but only a TSDB. For information to be "accurate, consistent and complete," the TSC relies on the input from the nominating agencies. It should be noted that all Intelligence Community and law enforcement agencies are reviewing all of their record. Quality assurance is a shared responsibility and does not belong to the TSC alone. With regards to automated procedures to ensure "accurate, consistent, and complete" data transmission to and from TSDB, TSDB 1.5 will help to ensure data integrity with built-in protections and buffers. When implemented as part of the TIDE project, TSC’s TSDB 1.5 will enforce more than 35 business rules to validate that data received from NCTC complies with legal and negotiated restrictions on data relationships. Examples of rules include changing exports of a record when a US person is inappropriately targeted for a foreign country’s watch list, and when a person is placed on both the No Fly and Selectee lists. Current policy calls for visual examination of individual record during ingest. The real issue with timely and quality ingest relates to the multiple levels of security involved. The IC has been working for years to develop a trusted guard to provide a network connection to move data from top secret to the SBU level. Until this capability is available through the IC, TSC must live with significant delays in data arrival from NCTC, and poor data quality. Recommendation #21: Work with partner agencies to establish data field definitions and consistently apply them within all coordinated databases. Response: The TSC agrees with this recommendation and has taken steps to implement it, and will be the first and only entity to date interacting with the IC to use the new standard. The Terrorist Watch Person Data Exchange Standard (TWPDES) was adopted by the IC Metadata Working Group (ICMWG) and incorporated into the data flow from NCTC to TSC. TWPDES is being integrated with the Justice Global Information Sharing XML 3.0 standard, but will remain a named subset of data. With the implementation of TSDB 1.4 in May of 2005, the TSC will be the first entity to use this standard in any interaction with the IC. (TSCRE #’s 5, 7, & 28) Recommendation #22: In coordination with the supporting agencies, establish procedures to identify and resolve missing and conflicting record information. Response: The TSC agrees with this recommendation and has had procedures to identify and resolve missing and conflicting record information since its inception. To date, the TSC has completed a review of and corrected approximately 18,744 records. These records include 854 referrals from the EMA since May, 2004; 1,132 records transferred from the old TSDB 1A database to the current TSDB in April, 2005; about 6,000 VGTOF records reviewed and reconciled since April, 2004; about 1,800 Chechen Suicide Bomber records applied to the appropriate No Fly/Selectee list in September, 2004; about 50 INA records reviewed in January, 2005; 1,408 No Fly/Selectee records for possible duplication in December, 2004; and the March/April, 2005 review of over 7,500 FBI cases to apply the new White House No Fly/Selectee criteria. The Nominations Unit at TSC has weekly meetings with NCTC and regular telephonic contact with the Terrorist Watch and Warning Unit, FBI Counterterrorism Division (CTD); TSOU, CTD; the NTC, Customs and Border Patrol, DHS; TSA, DHS; and NCTC to resolve missing and conflicting records. In addition to this liaison, the record-by-record review of the TSDB will identify and correct missing and conflicting records. The Nominations Unit has a QA component that provides the following procedures for handling TSDB discrepancies: Current Procedures for handling QA Matters at the TSC: Daily Call Center Reports are submitted to QA. Pages needing Quality Assurance Review (QAR) are tagged for QA. Copies of tagged pages are duplicated and subsequently logged onto a separate spreadsheet. Copies are maintained in folders in date order until resolved and then archived alphabetically. Call Center Reports are analyzed to determine the type of matter needing resolution. The appropriate databases are queried and contact is made with appropriate sources to verify/resolve each QA matter. All measures taken to resolve each QA matter are logged onto a separate activity log for statistical purposes. Computer Modifications requested to manage QA matters: QA worked with an FFRDC (June/July 2004) to document requirements to modify TSC's existing Encounter Management Database. Additional meetings transpired April 2005. The modifications will allow QA Matters to be submitted to QA personnel electronically. A separate QA screen will be established and fields added to better monitor, track and quantify QA Matters. The following are computer requirements discussed and requested:
Types of QA matters received: QA receives a variety of matters to research and resolve. Although there is no limit or way to predict the types of matters QA will encounter in the future most received to date have fallen into specific categories as listed below:
Current procedures for resolving QA matters: The following are newly established procedures for resolving the aforementioned QA matters. Each QA matter is unique in nature therefore the below are simply guidelines:
Project initiated to review all records contained in TSDB for accuracy: The TSC is in the process of launching the TSDB QATracker Project. This project will identify inconsistencies within TSDB. Once the inconsistencies are identified, QA will work to resolve same. This project will enable the TSC to work in a pro-active manner versus a reactive manner. (TSCRE #23, #24) Recommendation #23: In coordination with the TWWU, streamline operations to ensure nominations are made to the appropriate system in a timely manner and in accordance with HSPD-6 so that domestic terrorist records are not forwarded to the NCTC. Response: The TSC agrees with this recommendation and has taken the appropriate steps to resolve this issue. The VGTOF Nomination Team has addressed this issue with the TWWU on numerous occasions, most recently during a face-to-face meeting held at the TSC on April 5, 2005. While there has been a noticeable difference in the length of time it takes for the TSC to receive DT nomination paperwork from the TWWU, primarily because the TWWU had not worked through their backlog of paperwork, there will always be a gap in the time the Case Agent prepares and submits the nomination paperwork until the time that the TSC receives it. This delay can be days and, as seen in some cases, weeks. The TSC continues to receive, on a regular basis, IT nominations from the TWWU, as well as receiving DT nomination paperwork and discovering that the same paperwork was forwarded to the NCTC, in error, for entry into TIPOFF. The TWWU continues to assert that they review and direct IT and DT nominations to the best of their ability, but that the volume of paperwork they receive makes contributes to the lack of 100% accuracy difficult. Other incidences of confusion within the TWWU regarding the handling of DT nominations have also been addressed with them. The TWWU has advised that each nomination packet is reviewed by a supervisor prior to being forwarded to the TSC or the NCTC. The VGTOF Nomination Team at the TSC has suggested that one of the members of the Team be "detailed" to the TWWU to ensure the proper review and flow of DT nominations; however, the TWWU responded that they did not believe that it was necessary. The electronic version of the Nomination form will be disseminated throughout the FBI and to the Intelligence Community. With respect to the FBI, all Terrorism cases will be electronically moved from the FBI Field Division to the TWWU for review, with the International Terrorist cases being forwarded to the NCTC for processing and ingesting into the TSDB. The Domestic Terrorist cases will be forwarded to the TSC for direct input into the TSDB. This electronic format will allow for a more thorough electronic examination of each Nomination form to ensure that the 266 FBI classifications for Domestic Terrorist cases are not forwarded to NCTC. Only the 315 FBI classifications for International Terrorist cases will proceed to the NCTC. It is anticipated that with the implementation of TSDB 1.4, particularly the Nomination form Project, this will relieve 100% of the errors being made through the paper manual process in place now. TSDB 1.4 is scheduled for implementation in May of 2005. Enclosures/Supporting Documentation: -E-mails dated 11/17/2004 and 11/18/2004. (TSCRE #29) -E-mail exchange dated 03/17/2005 and 3/18/2005. (TSCRE #31) Recommendation #24: Establish procedures to regularly review the DOS’s List of Terrorists under Executive Order 13224 to ensure individuals are accurately included in the TSDB. Response: The TSC agrees with this recommendation and has completed this action. The "DOS’s List of Terrorists" referred to in this recommendation is likely the list established by Executive Order 13224 (TSCRE #32) of September 23, 2001 on "Blocking Property and Prohibiting Transaction with Persons Who Commit, Threaten to Commit, or Support Terrorism." This Executive Order authorizes both the Secretary of State, in consultation with the Secretary of the Treasury and the Attorney General, or the Secretary of the Treasury, in consultation with the Secretary of State and the Attorney General, to designate individuals and entities pursuant to specified criteria. Once the Secretary of State or the Secretary of the Treasury designates an individual or entity, the Office of Foreign Assets Control (OFAC) of the Department of the Treasury takes appropriate action to block the assets of the individual or entity in the US or in the possession or control of U.S. persons, including notification of the blocking order to US financial institutions, directing them to block the assets of the designated individual or entity. This list is publicly available online at www.ustreas.gov/offices/enforcement/ofac/sanctions/terrorism.html. HSPD-6’s accompanying MOU, paragraph 10 states, "The TTIC database will include, to the extent permitted by law, all information the U.S. government possesses related to the identities of individuals known or appropriately suspected to be or have been involved in activities constituting, in preparation for, in aid of, or related to terrorism, with the exception of Purely Domestic Terrorism Information." Paragraph 11 further states, "…Federal departments and agencies will provide to the TTIC on an ongoing basis all relevant Terrorist Information in their possession, custody, or control…" TSC management met with the management team from OFAC in the winter of 2004 and informed them of their responsibility to provide this information to TTIC. As TTIC is now the NCTC, TSC executive management has confirmed that OFAC regularly provides its updated list to NCTC for analysis and possible inclusion of identities contained within it in NCTC’s identities database, which is the source of all International Terrorist identities contained in the TSC’s TSDB. Recommendation #25: Establish supervisory controls to ensure that the work of the Call Center personnel is reviewed on a regular basis for completeness, accuracy, and timeliness. Response: The TSC agrees with this recommendation and has implemented procedures to correct this concern. The DOJ/OIG Draft Audit report indicated that the TSC’s response time to terrorist encounters was on the order of 20 minutes. This is no longer the case. The TSC now responds to law enforcement officials who have potentially encountered a known or suspected terrorist in approximately 10 minutes (average). This is due to a number of factors. In October, 2004, six permanent TSC Call Center employees, all with experience in reviewing the documentation of other screeners for completeness, accuracy and timeliness were designated as team leaders. These team leaders are the supervisors of a particular shift and all documentation regarding a call/encounter is reviewed by them. The team leader also has the responsibility of ensuring all of the documentation is completed prior to disseminating the information to TSOU, the NTC and other law enforcement agencies. To further establish supervisory controls, in November 2004, TSC hired five Watch Commanders, all with experience in various crisis centers, to oversee the operations in the TSC Call Center and a permanent GS-15 FBI Unit Chief arrived in January 2005. Since December 2003, the TSC Call Center was supervised by TDY FBI agents who possessed various backgrounds, but minimal counterterrorism experience. Upon their arrival, these agents were provided no formal training and were expected to quickly adjust to the informal protocols of the TSC. Often, these agent supervisors never screened a call/encounter, resulting in a lack of knowledge and understanding of what is required to conduct a complete, accurate, and timely call. The lack of experience in working with the various databases also proved to be a problem for the supervisory agents, without the understanding of how to navigate the databases to locate pertinent information needed to make a timely decision and created an extended turnaround times for the caller. The majority of the calls resulted in the TSC forwarding the encounter as inconclusive to TSOU. This resulted in TSOU having to provide redundant checks to make an identity match. As the TSC expanded, it was apparent that the permanent screeners had more knowledge than the TDY agents, who where continually being rotated in and out of the TSC. The agents were relying on the expertise of the veteran screeners, to include their training and reviewing of calls for accuracy. The need for permanent team leaders to review TSC Call Center work product was evident and based upon these facts, TSC executive management approved the designation of team leaders. (TSCRE #33) Recommendation #26: Establish protocols for the proper entry and review of data into the Encounter Management database. Response: The TSC agrees with this recommendation and has established procedures to address it. In view of the time constraints experienced by TSC’s executive management to ensure the TSC was operational, there was no formal standardization of procedures implemented for EMA. Since its inception, TSC relied upon TDY FBI agents, US Secret Service, US Coast Guard and contract employees in order to identify the proper way of handling incoming calls from the field. Within a short time frame, TSC and the veteran employees began building their own Standard Operating Procedures (SOPs) for handling calls and how the information would be captured. The TSC Call Center management restructured the log sheets to ensure there was gathering of better quality information/data. In July 2004, the previous Oracle based encounter management system was replaced with EMA to better fit the growing needs of the Call Center. Over the past eight months, TSC has implemented a training program that allows for the EMA training of each Call Center employee. The training module includes a specific section on EMA which details the information a screener needs in order to fill out and complete a call sheet accurately (TSCRE #34). It also encompasses a PowerPoint training guide (TSCRE #35) that walks the employee from opening the database, to finalizing an entry into the application. Upon completion of the training course, the employee is provided a copy of the training received and it is made available on the shared drive for further review. If a deficiency is determined, the employee is provided with additional training that allows the employee the ability to better learn the information, ask additional questions and address the deficiency. There is a proficiency check sheet that allows the team leaders and watch commanders the ability to track the progress of the employees and to identify any further deficiencies. When a call arrives into the TSC Call Center, the employee takes the information. The employee runs both individuals (traveler and preliminary match) through four systems after the TSDB for derogatory information including Automated Case Support (ACS), NCIC, TIPOFF, and EMA. The employee treats the information as two separate individuals and makes an identity match based upon the information derived from the database checks. Considering most of the information being reviewed is classified, only the information that is deemed unclassified can be placed on the call sheets. To ensure only unclassified information is entered on the call sheets, security policies are addressed during training and all databases are marked with the level of classification it holds. Once the employee has made an identity match, the employee will take the call to the team leader and they will decide whether it is a positive, negative or inconclusive match. If the match is positive, the call is sent via fax to TSOU and they will act as the liaison between the field offices to assist the case agent in their requests. If the call is a negative match, the caller is advised of the results. If it is inconclusive, the employee and team leader will collectively use the information located in the databases to formulate questions, without revealing classified information, which will assist in resolving the identity match. Once the identity match is made and notifications are made to the appropriate personnel, the employee will then make the entry into EMA. When the entry is completed, the employee provides the sheet to the team leader to review for accuracy and ensure that no classified information was entered into the system. With the current system of veteran team leaders’ review, there is minimal opportunity for classified information to be entered into the system. Once the team leader has reviewed the information in EMA, it is left as pending until there is a final resolution from the agency handling the call. The log is then updated and closed out. In addition, SOPs have been created for the various TSC Call Center special projects to ensure that all employees are familiar with the project and that they understand how to proceed with the project. These SOPs have been provided to the employees and have incorporated into the training process. Recommendation #27: Develop an automated method for flagging records in the Encounter Management database that require follow-up actions, and establish procedures to complete the necessary follow-up conducted within a reasonable period of time. Response: The TSC agrees with this recommendation and has taken steps to address it. As discussed in response to recommendation #22, in the portion titled "Computer Modifications requested to manage QA matters," the QA section has requested specific changes to the EMA system to enable automated flagging of encounters for QA follow-up, and electronic tracking of QA matters in EMA or another appropriate application. The TSC has developed a system to prioritize encounters in EMA by assigning Zones to the type and urgency of the possible match. Calls will be ranked by Zone 1 to Zone 5 with Zone 1 being the highest priority. The TSC is in the process of having these zones automatically assigned in EMA as soon as an encounter is entered. As part of this new release, an enhancement to tracking encounters in progress, and encounters needing following up action by units at the TSC, other than the TSC Call Center, is being developed. These are part of the numerous requirements be addressed in EMA, Version 2.0. By using Zones, should there be a specific threat, the system is more flexible and agile to respond to the varied threats. As also discussed in response to recommendation #22, the QA staff has developed procedures to process QA matters and complete follow-up for all such matters in as timely a fashion as resources currently permit. The QA section intends to establish a formal SOP documenting these procedures this year. Recommendation #28: Establish regular training for Call Center screeners to keep them informed of the proper approach to screening subjects in the database and providing information to TSOU, as well as for the entry of appropriate data into the unclassified database. Response The TSC agrees with this recommendation and has completed this item. Prior to December 1, 2004, the position of Training Coordinator for the TSC was vacant and the position was filled by temporary, TDY personnel. Training up to that point was basically conducted "on-the-job" in the TSC Call Center, with no formalized training program in place. On December 1, 2004, a retired FBI Special Agent with extensive teaching experience at the college level, as well as at the FBI Academy, was hired to coordinate the TSC training program. On April 1, 2005, a training assistant was assigned full time to assist the training coordinator. Since December 1, 2004, the following accomplishments have been recorded. Specific training needs were identified through the use of questionnaires and personnel employee interviews. The results of the questionnaires clearly demonstrated Call Center training, to be a top priority for the TSC. As a result of this feedback from the questionnaires, a 20 plus hour training syllabus was developed and implemented for TSC Call Center personnel (TSCRE #36). No employee begins work in the TSC until he or she has completed this training. Included in this syllabus is a mandatory Information Security (INFOSEC) briefing; an Overview of the TSC- History and Operations; as well as blocks of instruction on the Nomination process; Intelligence flow process; Outreach/Customer Service responsibilities; NCIC/VGTOF Overview; as well as the EMA, TSDB and TIPOFF data bases. Incorporated in this training is one day of hands on computer work, using specific role playing scenarios that were drafted to mirror live call situations that the trainees will encounter in the Call Center. After the classroom phase of training, the new Call Center employee is assigned to an experienced Call Center operations specialist, for two days of hands on "mentoring." It should be noted that a dialog with TSOU is on-going. If a specific training need is identified or specific "refresher" training needs to be conducted, it will be addressed on an immediate basis. After an employee begins work in the Call Center, they are assessed by their team leader as to their skill development. If they have not attained proficiency in the basic skill areas identified for the Call Center, they return to training to address their deficiencies. Since the inception of this program approximately 60 TDY and new employees have gone through this program. Feedback from these individuals is used to continually assess training and to add or delete modules, when appropriate. "Refresher" or "advanced" data base training was also provided and scheduled for Call Center employees. Training on NCIC was given by trainers from CJIS and ACS training was provided by representatives from the FBI Academy, Quantico, VA. Additional ACS training is scheduled for April 21, 2005, for Call Center employees, as well as Intelligence Branch employees. A schedule of "Informational Presentations" that are designed to heighten the awareness of all employees in topical areas related to the war on terrorism was also implemented. To date, the TSC has had approximately twelve presentations. Examples of topics include "How a name gets on the Watch List; "Document Classification Rules and Regulations"; an "Overview of the NTC"; an "Overview of the NCTC"; an "Overview of the FBI Counterterrorism Division"; "Sunni Extremists in the U. S."; "The threat of al – Qa’ida"; and "Arabic Names and How They Relate To The Mission of the TSC", etc. These presentations are provided approximately three times a month by subject mater experts, and are open to all employees of the TSC. Recommendation #29: Establish and implement an automated system for tracking the amount of time that elapses between the key events of an encounter, such as when the TSC receives a call, when the call is forwarded to TSOU, the amount of time before instructions are provided to the caller, and the amount of time before a call is resolved. Response: The TSC agrees with this recommendation and has taken steps to address it. The TSC has identified the need to track these timelines in order to provide the best service to TSC customers. The TSC has begun to analyze the scope of work in order to provide these statistics as part of the EMA Case Disposition and Tracking System. Expected implementation date should be within the next six months. In addition to the above initiative, the TSC is developing an automated system to prioritize encounters within EMA by assigning Zones that reflect the type and urgency of the encounter. Calls received at the TSC will be triaged by these Zones. These changes are part of the numerous requirements being addressed in EMA, Version 2.0. Recommendation #30: Establish an automated method for the entry of call data and the sharing of such data with TSOU to eliminate the redundancy of recording call information on the Call Intake Form and in the Encounter Management database, and to reduce the time it takes for TSOU to receive the data and initiate further actions necessary. Response: The TSC agrees with this recommendation and has taken steps to address it. The TSC has taken steps to address this issue by placing the database the TSC uses to track encounter information, EMA on a local TSC FBI network. The TSC is prepared to place EMA on a global FBI network. This will allow the TSOU to access the same information the TSC has on a real time basis. However, the TSC cannot proceed with the full implementation of this plan until the TSC is migrated to the TRILOGY system designed for universal use within the FBI. Once the TSC has TRILOGY installed (expected timeframe is June 1, 2005), the TSC will be able to effectively have EMA accessed by any computer in the FBI network. Recommendation #31: Assign a full-time security officer to handle security requirements and provide the TSC staff guidance and training on the proper handling of national security information. Response: The TSC agrees with this recommendation, but has operated to fulfill this recommendation since its inception. As the TSC was brought to initial operating capability, the Counterterrorism Division (CTD) assigned a Security Specialist (SS) to the TSC as the Security Officer (SO). The TSC was assigned a long-term TDY employee to address personnel security matters in January of 2004, Personnel Security Specialist (PSS). In March of 2004, the TSC SO was replaced by an FBI Supervisory Special Agent (SSA). Also in March of 2004, the TSC hired an FBI Information Systems Security Manager (ISSM), and a TSC Information Systems Security Officer (ISSO). In April of 2004, the FBI SSA was transferred to another FBI Field Office and the PSS was assigned primary responsibilities for the Security Officer of the TSC. Due to the transfer of the FBI SSA, and the lack of ability for the CTD to assign an onsite SO, the CTD authorized the posting of a Security Specialist for the TSC, which was accounted for in the initial staffing authorization in January of 2004. As a result, on June 3, 2004, a vacancy was posted for a full time SS to act as the SO for the TSC. This position was career boarded on July 16, 2004, and interviews were conducted in July, with primary and alternate selections made on July 28, 2004. Candidates were placed into background after receipt of their FD-140 applications. In October of 2004, the TSC hired a Management Assistant (MA), who was immediately cross trained in all PSS responsibilities. As of November 5, 2005, the PSS was reassigned to FBIHQ, and the MA assumed all the PSS personnel security responsibilities. At the same time, the SS was reassigned to the TSC to act as the CTD TSC SO in the absence of the PSS, and later in November, another SS replaced the original SS as the CTD TSC SO. In December of 2004, the TSC posted for a permanent PSS. After career boarding this position, the TSC interviewed viable candidates in January of 2005 and selected a primary candidate for background. Also in January of 2005, the ISSO was replaced by a Management Assistant and a Senior Chief of the US Coast Guard was appointed to the onsite SO for the TSC to work with the SS (CTD SO for the TSC), ISSM, MA (acting as PSS) and MA (acting as ISSO). On April 18, 2005, the FBI hired a full time onsite FBI SO for the TSC. The SO will work with the ISSM, MA (acting as PSS), MA (acting as ISSO), and Senior Chief (Deputy Security Officer). On April 21, 2005, the primary candidate for PSS was removed from the background process. On April 22, a new request to post the PSS was made. Per the above sequence of events, the TSC has had all security functions addressed since early March of 2004 with a combination of personnel. As of January of 2005, the TSC has had a permanent interim onsite SO with a full complement of personnel to address all necessary facets of the security process. As of April 18, the TSC has a permanent SO with a full complement of personnel (four) to address all aspects of the security for the TSC. Recommendation #32: Review all records in the Encounter Management database for classified data within the unclassified system and develop a process for regularly checking the work of the call screeners to ensure that classified information is not entered into the unclassified system. Response: The TSC disagrees with this recommendation and the explanation follows below. On February 2, 2005, the Encounter Management Application (EMA) was moved to a classified network. As such, a comprehensive review of all records in EMA for classified data, and the development of a process to ensure classified information is not entered into the unclassified system, is no longer necessary. On February 4, 2005, the Information System Security Officer (ISSO) organized and facilitated cleanup procedures for EMA. Two TSC Contractors wrote a local script in Sequel 7 code, following guidance by the ISSO. The newly appointed Project Manager (PM) for EMA, was informed of all updates. (TSCRE #37) For cleanup, the script first accessed the schemas and disabled all of the triggers, or snags, in the database. This was to ensure that the data would not stay on as residual data or be restored in the future. The code found each of the comment fields and began an overwrite process, matching the value of characters in the field. This method ensured that the data would be overwritten, instead of creating new sectors. This method of data allocation is unique to Oracle clients. The script made 3 passes of the comments: The first pass had overwritten with a 1, the second pass had overwritten with a 0, and the last pass had overwritten the data using the hexadecimal character 1A. This surgical method was necessary so EMA could continue on the unclassified network until the FBI approved EMA to be relocated. In February, 2005, after the surgical cleanup was complete, a Change Control Board request was made to move EMA to the SECRET enclave. Attached is a hard copy of the Change Request (TSCRE #38) and announcement of the move (TSCRE #39). The Call Center analyst can now process and store higher level data. Regarding backups, the ISSO has marked any backups of TESTNET, DEVNET, and TSBD as SECRET. The backups have not been used and are destroyed after their cycle is over. If a backup containing data is necessary for mission requirements, the ISSO will run the sequel script on the new instance, and verify that the hardware is sterile before use. Recommendation #33: Develop a method for recording and reporting security breaches. Response: The TSC agrees with this recommendation and has taken steps to address it. The ISSO handles all security incidents within the TSC (TSCRE #40). A breach, violation, or other system anomaly may be discovered and reported to the ISSO by a number of means. The most common reporting methods are by user-driven events, system administrative notification of anomalies, and ISSO auditing. Upon notification of an incident, the ISSO determines the category, threat, and potential impact of the incident. For normal issues, the ISSO follows a template and procedural guideline for crisis handling. This documentation can be found in Attachment G of every System Security Plan (SSP) for our network (TSCRE #41). All actions will be handled after the incident has been contained. The ISSO will notify the system owner immediately and attempt to contact the ISSM. If the ISSM cannot be reached, the ISSO will contact the ESOC. The ESOC will determine what actions need to be taken either in conjunction with or in lieu of previous actions taken by the ISSO. After the situation is contained, the ISSO will fill out the ESOC Incident Response Form (TSCRE #42) and create memorandum of record. The memorandum will have a file descriptor of TSC-IR-2005-xxx, where xxx is denoted by the number of the incident. TSC-IR-2005-003 is attached as an example (TSCRE #43). The ISSO then coordinates with the TSC Security Officer to draft an Electronic Communication (EC) referencing TSC-IR-2005-xxx. Once approved, the ISSO maintains a hard and soft copy at all times. The TSC Information Assurance Office is committed to compliance with FBI and DOJ/OIG requirements concerning the tenets of information security. Recommendation #34: Work with partner agencies such as TSOU and DHS's NTC to reduce possible redundancies and duplication of effort. Response: The TSC agrees with this recommendation and has taken steps to address it. In November and December 2004, the TSC hired five Watch Commanders to oversee operations in the TSC Call Center. In order to better coordinate TSC operations with its partner agencies, the TSC Watch Commanders took the initiative to arrange monthly meetings with the NTC and TSOU. The first Watch Commanders meeting was held on February 2, 2005, at the TSC with Watch Commanders representing the FBI TSOU, the NTC, and a representative from the TSA’s Transportation Security Intelligence Section (TSIS). Subsequent to the first meeting, TSIS Watch Commanders were invited to attend the meetings and participate in the discussion of issues. Watch Commander’s meetings are held on the first Wednesday of each month at the TSC, NTC, TSIS, and TSOU on a rotating basis. The agenda for the meetings includes discussions regarding the integrity of the information contained in the TSDB, Secure Flight, and downgrading NOFLY/Selectees, and policy and protocols to enhance the effectiveness and efficiency of the screening process. The TSC, through the FAMs liaison to the TSC, visited the TSA Headquarters (TSAHQ) Mission Operations Center (MOC) and met with FAMs executive management. The result of these liaison efforts was a new screening process with the FAMs, and TSC Watch Commanders being provided access to the FAMs Tactical Information Sharing System (TISS). The new screening process notifies FAMs when Selectees board airplanes (Selectee flights), information that was not previously shared with the FAMs. The TSA notifies the TSC about a traveling Selectee, and the TSC notifies the FAM MOC. The MOC notifies the FAMs of these Selectee flights, who monitor the Selectee's activities and provide a report. The Watch Commanders have access to FAMs reports through the TISS. The FAMs attend weekly meetings at the TSC, and the monthly Watch Commanders meetings. (TSCRE #’s 44, 45, & 46) The TSC also initiated liaison with the Office of Transportation Vetting and Credentialing (OTVC) – formerly the Office of National Risk Assessment (ONRA) in the DHS. These efforts resulted in an MOU being signed that initiated testing of domestic airline Passenger Name Records (PNR) against the consolidated terrorist watchlist provided by TSC. All issues relating to the security posture of OTVC, non-disclosure agreements, computer hardware and software, audit trails, and post-test cleanups of data have been resolved. The TSC provided input regarding an additional MOU that is being drafted to address policies and protocols relative to the Secure Flight Program. Recommendation #35 Strengthen procedures for handling misidentifications and articulate in a formal written document the protocol supporting such procedures, as well as provide training to staff on the proper way to manage misidentifications. Response: The TSC agrees with this recommendation, and has taken steps to produce a formal written document setting forth protocols for handling misidentifications. From the earliest days of TSC’s operation, TSC Call Center screeners have been using data about known misidentified persons from the TSC encounter database to quickly identify and clear those individuals during the screening process. In January 2005, the TSC developed a high-level concept for a redress process, a very important component of which was a more sophisticated and efficient procedure to help misidentified persons. Since the beginning of 2005, TSC has worked with screening agencies to develop program-specific solutions to the misidentified persons problem. Ultimately, however, TSC envisions a comprehensive, government-wide solution that would use information technology to develop a consolidated "misidentified persons list" that would be used both by TSC and the screening agencies to prevent repeated misidentifications in the terrorist screening processes. TSC has recently established a formal internal process for receipt and processing of redress inquiries it receives from screening agencies and is currently working to finalize an SOP to document that process, which will include procedures for handling known misidentified persons (TSCRE #47). Once the SOP is finalized, TSC will provide internal training on how to manage misidentified persons. Recommendation #36: Develop a formal process for evaluating the effectiveness of the TSC. Response: The TSC agrees with this recommendation, but has operated according to this recommendation since its inception. The TSC has used formalized performance metrics as part of its process for evaluating effectiveness since its inception. As early as January of 2004, the TSC was producing weekly reports to capture statistical accomplishments associated with the TSC Call Center, however statistical tracking which allows the TSC to evaluate its effectiveness dates back to December 1, 2003, the first day of TSC operation. The most current report for the week ending April 21, 2005 captures statistics and has been provided as an attachment. These performance metrics assist the TSC in judging the effectiveness of its operation as trends and patterns are developed and analyzed. Furthermore, the TSC will be developing a much more structured performance metric process in association with its strategic plan. Recommendation #37: Develop a formal, comprehensive strategic plan to establish the framework necessary for accomplishing the mission, goals and objectives of the organization. Response: The TSC agrees with this recommendation, but notes that it has had a formal Strategic Plan since its inception. Under the supervision of TSC Director Donna A. Bucella, the TSC began the process of preparing for the establishment of the TSC’s IOC in late October of 2003. During the course of that preparation, an initial planning document and a manual of Process Flows was developed. Simultaneously, work was initiated on the TSC Strategic Plan. By December of 2003, a graphical representation of the TSC Strategic Plan was produced, and has been updated periodically in accordance with the mission, goals and objectives of the organization (TSCRE #48). In January of 2005, a secondary effort was initiated to translate the graphical Strategic Plan into a formal narrative document. That effort was spearheaded by a Federal Funded Research and Development Center contract company under TSC direction. Those efforts have been completed and passed to the TSC staff for review and revision. It is estimated that the TSC will have a formal narrative version of its longstanding Strategic Plan by May 2005. Recommendation #38: Enhance the COOP and EAP to: a) include preparations for access to the consolidated terrorist information database at the established back-up site, b) identify a location for the storage of database backup disks in preparation for the loss of database information should a power surge or disaster occur, c) establish an off-site system that is equipped to run the TSDB software as well as connect to the end-user databases for data export, and d) ensure that proper safeguards are in place for the security and temperature control of the TSC. Response: The TSC agrees with this recommendation and has taken steps to address it. a) The TSC, as of April 16, 2005, has established a disaster recovery site at the [SENSITIVE INFORMATION REDACTED], and exercised the capability to respond to a disaster requiring the movement of personnel and resources to an alternate site for continuous operations of the TSC. This was a successful operation (TSCRE #49). The TSC now has the ability to respond to the disaster recovery location with full access to data, networks and systems necessary to keep continuous operation of the TSC during a disaster. In addition, a second disaster recovery site is being implemented at the [SENSITIVE INFORMATION REDACTED], and should be operational by the end of May, 2005. This will give the TSC two alternatives in the event of any type of disaster. The TSC Emergency Action Plan (EAP) is in the process of being updated to reflect these new protocols. b) The TSC is now storing back-up data disks at [SENSITIVE INFORMATION REDACTED] as its primary disaster recovery site. A redundancy of this capability is being implemented at the [SENSITIVE INFORMATION REDACTED] as its secondary disaster recovery site. This action should be completed by the end of May, 2005. c) As of April 16, 2005, the TSC now has the capability at [SENSITIVE INFORMATION REDACTED] to run all TSDB software as well as connect to end-user databases for data export. Redundancy of this capability will be implemented at [SENSITIVE INFORMATION REDACTED] by the end of May, 2005. d) The TSC was previously co-located with the Foreign Terrorist Tracking Task Force (FTTTF). The FTTTF has established the security controls and heating, ventilation and air conditioning (HVAC) protocols that affected the TSC. The FTTTF began the process of relocating from September of 2004 through March 15, 2005. Through this transition, as the TSC began to assume responsibility for the security and HVAC, several longstanding issues with the facility were identified and corrected where possible. [SENSITIVE INFORMATION REDACTED] Recommendation #39: Ensure that the COOP and EAP are fully implemented including employee training, equipment testing, and plan exercising. Response: The TSC agrees with this recommendation and has taken steps to address it. Per the responses to recommendation #38, the TSC has a primary back-up location for disaster recovery at the [SENSITIVE INFORMATION REDACTED]. Furthermore, the TSC will have a secondary location established for disaster recovery at TSOU by the end of May, 2005. The first operational test of this capability with full system use was on April 16, 2005, which was successful. The April 16, 2005 test was the first of quarterly training that will be the normal course of business for the TSC. With regard to Continuity of Operations (COOP), the TSC is cooperating fully with the FBI, and the FBI Office of the Chief Information Officer (OCIO). The FBI OCIO is charged with the responsibility of coordinating the entire COOP programs under the administrative purview of the FBI for the purpose of effectiveness, efficiency and cost saving to the US Government and the American people. The TSC has developed a COOP plan under the FBI guidelines and tendered it to the OCIO for evaluation and integration with the FBI COOP program. The TSC has also been conducting exploratory missions with the [SENSITIVE INFORMATION REDACTED] to determine the viability of utilizing one of these sites or a similar one as the TSC COOP location. The TSC will continue to coordinate the execution of a COOP site and the budget implications from such an operation with the FBI, the DOJ and the Office of Management and Budget. Recommendation #40: Consider the transfer of the Encounter Management database to a classified network capable of maintaining the database at the various classification levels. Response: The TSC agrees with this recommendation and has completed it. The TSC transferred the Encounter Management Application to classified network on February 2, 2005 (TSCRE# 39). Footnotes
|
|||||||||