By Jerry Williams, Chief Security Officer; and Gregory Marshall, Deputy Chief Security Officer, U.S. Department of Homeland Security, Washington, D.C.
he mission of the U.S. Department of Homeland Security (DHS) Office of Security (OS) is to secure the department so the department can secure the United States. The security challenges facing DHS require more than just the efforts of the department’s security professionals—they require collaborative multidisciplinary security initiatives that the OS leads. Across the department, security professionals are integrated within all components and operational activities to ensure the success of the DHS mission. However, departmental efforts alone are not enough to ensure success. To address the full range of security challenges facing the department and the nation, the support of state, local, tribal, and private sector (SLTPS) security partners is essential.
DHS Security Structure
A fundamental objective of OS within DHS is to foster the “One Office of Security—One Mission” mind-set. The office’s program areas are designed to reinforce one another and, in doing so, more effectively meet future challenges. OS is structured so that its operating divisions are constantly examining where the department is, where it wants to be, and what it needs to do to get there as one cohesive unit. The result is a coherent strategic plan with a corresponding road map that lays out what activities are necessary to pursue and ensures that established goals and objectives are met. The plan also provides a mechanism by which OS can enhance its work with DHS and SLTPS customers by responding quickly and effectively to requests for assistance and/or guidance.
To serve both DHS and SLTPS partners, OS is divided into seven operational divisions:
- Physical Security implements force protection programs to protect DHS personnel, controls access to DHS headquarters facilities, and safeguards against damage to property and theft of information or resources.
- Personnel Security prevents employment of individuals who are a threat to the department, thus ensuring the highest levels of confidence in DHS employee and contractor trustworthiness, loyalty, integrity, and reliability.
- Administrative Security implements programs for the protection of both classified and sensitive but unclassified information within the department and for the department’s SLTPS partners.
- Training and Operations Security (OPSEC) ensures employee awareness of security by creating a culture of security throughout the department, ensuring that the DHS workforce is trained to recognize and defend against threats to the department’s personnel, information, and property.
- Counterintelligence and Investigations operationally prevents the compromise of DHS personnel, information, and property by foreign intelligence services, terrorists, and criminals.
- Special Security Programs ensures the integrity of special access programs and DHS sensitive compartmented information (SCI) facilities, where the country’s most sensitive information is analyzed and processed.
- Operations ensures efficient management of the office’s budget (classified and nonclassified) and administers the credentialing program for headquarters personnel.
To further leverage security efficiencies across DHS, OS established the DHS Chief Security Officer (CSO) Council. The council, which is composed of representatives from the major DHS operating components, serves as a functional advisory body that advises and assists the DHS CSO in evaluating and determining the best course of action for security functions. Providing an open forum for DHS component security officers, the council ensures that security practices are consistent with policies established by OS. At monthly meetings, component representatives are able to raise any concerns they may have and discuss them among their peers. It is not unusual to discover that officers are experiencing common issues; invariably, sound solutions are developed through these interactions.
Working with SLTPS Partners
DHS security professionals know that fostering effective security exchanges across organizational boundaries yields tremendous benefits. In 2008, to further DHS outreach to its SLTPS partners, Congress approved the hiring of additional multidisciplinary security personnel, called field security coordinators (FSCs), to assist, expand, and coordinate DHS security services and to build effective SLTPS partnerships. One objective of the expanded outreach initiative designed to facilitate information sharing is to ensure that the SLTPS community is knowledgeable of, and integrated into, federal security protocols. The OS is committed to providing support from all the security disciplines and expertise available to SLTPS partners so that they are able to meet federal security requirements for protecting sensitive and classified national security information. A second OS outreach objective is to ensure that SLTPS organizations have an interface and a liaison with DHS operating components such as the U.S. Citizenship and Immigration Services, the U.S. Coast Guard, the U.S. Customs and Border Protection, the Federal Emergency Management Agency (FEMA), the U.S. Immigration and Customs Enforcement, the U.S. Secret Service, and the Transportation Security Administration.
Inherent in the department’s mission is the responsibility and obligation to provide, wherever national security information is shared, the security services and support necessary to SLTPS communities to protect that information. To that end, OS has been an advocate for removing security barriers that might impede the flow of information and has instituted policies and processes that, among other things, provide security clearances to SLTPS officials, certify areas for the deployment of classified systems and secure equipment, and educate SLTPS partners on federal standards and procedures for safeguarding classified national security and sensitive information.
The FSC program consists of a cadre of security professionals dedicated to providing broad support and oversight of SLTPS security programs. Through this program, DHS SLTPS partners enjoy a single point of access to the expertise and depth of experience within all the OS divisions. The FSC can help partner organizations with such issues as obtaining multidiscipline security support, guidance, and assistance regarding administrative security, counterintelligence awareness, operation security, and physical and personnel security; generating familiarity and rapport between parties through assignment of geographic areas of responsibility to individual FSCs; and providing for a proactive security outreach program based on regularly scheduled visits and ongoing communication.
Each FSC is assigned a portfolio consisting of a specific geographic area that is consistent with the structure employed by the State and Local Fusion Center Program Management Office (SLFC PMO) of the DHS Office of Intelligence and Analysis. The FSC is then responsible, in coordination with the SLFC PMO and other DHS components, for providing security support and services within their respective geographic areas of responsibility to all SLTPS entities provided with access to national security information by DHS.
Managed by the OS Administrative Security Division, the FSC program serves as another step toward integrating DHS SLTPS partners into the information-sharing environment and providing them with the appropriate knowledge and tools to function under federal security guidelines for the protection of classified and sensitive information. The range of security services provided by OS to SLTPS organizations includes the following:
- Coordination with DHS operating components and offices that have sponsored SLTPS organizations for a classified information capability
- Personnel security support (including liaison with the SLFC PMO) to address issues related to security clearances and reinvestigations
- Physical security support, including guidance on physical security equipment, intrusion detection systems, construction requirements, sound attenuation, and conducting security assessments and surveys for areas processing or storing classified material
- Administrative security guidance for safeguarding classified information to prevent compromise or unauthorized disclosure
- Compliance reviews to evaluate security programs’ effectiveness and to conduct security inquiries and investigations into the alleged mishandling or possible loss or compromise of classified information
- Counterintelligence support services to include counterintelligence awareness training, defensive travel briefings, counterintelligence threat and vulnerability assessments, and consultative support
- Training on security education, training, and awareness (SETA) concepts, to include initial clearance indoctrination, annual refresher security training, and security debriefings
- Specialized security training, such as computer security, courier security, communications security (COMSEC), and OPSEC
To support SLTPS outreach, OS has also validated and enhanced its ongoing relationships with DHS operating components that have deployed classified information systems and secure equipment to SLTPS organizations. OS works closely with the DHS Office of Intelligence and Analysis, FEMA, the National Protection and Program Directorate, the Office of Operations Coordination, and the chief information officer to coordinate SLTPS issues of mutual concern.
One of the major points of interaction between OS and its SLTPS partners involves the issuance and maintenance of security clearances for access to national security information. DHS policy is to grant security clearances at the secret level to SLTPS personnel who meet access eligibility and sponsoring criteria. Typically, the minimum sponsoring criterion is that security clearances will be issued only to SLTPS personnel with whom a DHS organization has a mission requirement to share classified information directly. Accordingly, if the mission requirement is satisfied, access eligibility may be granted to elected officials; homeland security, public health, and emergency management personnel; law enforcement personnel; and personnel participating in DHS-sponsored or DHS-endorsed boards, committees, working groups, or operations centers where access to classified information is required.
Although DHS does grant security clearances, it attempts to minimize the need for clearances by employing a “write-to-release” method. This technique allows for the sanitization of classified information to the sensitive but unclassified level. The information can then be more widely shared with those who have a need to know.
Partnering with Information Technology Security Professionals
The U.S. government, like many businesses, has become increasingly dependent on information technology (IT) and therefore increasingly concerned about IT-related vulnerabilities. To address these concerns, the DHS chief information security officer (CISO) and the CSO work closely together in a number of areas, to include developing procedures and processes vital to countering successfully the growing number of cyber attacks on departmental IT systems.
To better address the issues that affect both the OS and the CISO, and to reach out to SLTPS partners, the two offices sponsor an annual security conference and workshop. The conference provides security professionals involved in the secure operation of data communication networks, facilities, information assurance, personnel and physical security, and other facets of an integrated DHS security program the opportunity to review requirements and receive hands-on training in such products as the Trusted Agent FISMA and Risk Management System tools. Other conference sessions address security assessments, safe foreign travel, cyber threats, privacy, identity management, and many other topics. Open forums hosted by subject matter experts (such as chief security officers, personnel and physical security officers, and state and local representatives) are also offered in addition to guest speakers from government agencies and private industry. The conference is held each year in August.
By enabling both federal and SLTPS security professionals to work together, DHS can successfully provide a secure environment in which each respective organization can perform its core missions. Building strong collaborative relationships is the best way to address current and future security challenges effectively. Involving DHS SLTPS partners in the security of both the department and the United States serves and protects all the residents of the United States.
Information on the topics presented in this article may be obtained by contacting OS via e-mail at OfficeofSecurity@dhs.gov. OS publications for SLTPS organizations are available for downloading from the DHS Web site at www.dhs.gov/xinfoshare/publications/gc_1187293559825.shtm. ■