[House Hearing, 109 Congress] [From the U.S. Government Publishing Office] HELPING BUSINESS PROTECT THE HOMELAND: IS THE DEPARTMENT OF HOMELAND SECURITY EFFECTIVELY IMPLEMENTING THE SAFETY ACT? ======================================================================= JOINT HEARING before the SUBCOMMITTEE ON MANAGEMENT, INTEGRATION, AND OVERSIGHT joint with the SUBCOMMITTEE ON EMERGENCY PREPAREDNESS, SCIENCE AND TECHNOLOGY of the COMMITTEE ON HOMELAND SECURITY HOUSE OF REPRESENTATIVES ONE HUNDRED NINTH CONGRESS SECOND SESSION __________ SEPTEMBER 13, 2006 __________ Serial No. 109-100 __________ Printed for the use of the Committee on Homeland Security [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.gpoaccess.gov/congress/ index.html __________ U.S. GOVERNMENT PRINTING OFFICE 35-622 PDF WASHINGTON DC: 2007 --------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866)512-1800 DC area (202)512-1800 Fax: (202) 512-2250 Mail Stop SSOP, Washington, DC 20402-0001 COMMITTEE ON HOMELAND SECURITY Peter T. King, New York, Chairman Don Young, Alaska Bennie G. Thompson, Mississippi Lamar S. Smith, Texas Loretta Sanchez, California Curt Weldon, Pennsylvania Edward J. Markey, Massachusetts Christopher Shays, Connecticut Norman D. Dicks, Washington John Linder, Georgia Jane Harman, California Mark E. Souder, Indiana Peter A. DeFazio, Oregon Tom Davis, Virginia Nita M. Lowey, New York Daniel E. Lungren, California Eleanor Holmes Norton, District of Jim Gibbons, Nevada Columbia Rob Simmons, Connecticut Zoe Lofgren, California Mike Rogers, Alabama Sheila Jackson-Lee, Texas Stevan Pearce, New Mexico Bill Pascrell, Jr., New Jersey Katherine Harris, Florida Donna M. Christensen, U.S. Virgin Bobby Jindal, Louisiana Islands Dave G. Reichert, Washington Bob Etheridge, North Carolina Michael T. McCaul, Texas James R. Langevin, Rhode Island Charlie Dent, Pennsylvania Kendrick B. Meek, Florida Ginny Brown-Waite, Florida ______ SUBCOMMITTE ON EMERGENCY PREPAREDNESS, SCIENCE, AND TECHNOLOGY Dave G. Reichert, Washington, Chairman Lamar S. Smith, Texas Bill Pascrell, Jr., New Jersey Curt Weldon, Pennsylvania Loretta Sanchez, California Rob Simmons, Connecticut Norman D. Dicks, Washington Mike Rogers, Alabama Jane Harman, California Stevan Pearce, New Mexico Nita M. Lowey, New York Katherine Harris, Florida Eleanor Holmes Norton, District of Michael McCaul, Texas Columbia Charlie Dent, Pennsylvania Donna M. Christensen, U.S. Virgin Ginny Brown-Waite, Florida Islands Peter T. King, New York (Ex Bob Etheridge, North Carolina Officio) Bennie G. Thompson, Mississippi (Ex Officio) ______ Subcommittee on Management, Integration, and Oversight Mike Rogers, Alabama, Chairman John Linder, Georgia Kendrick B. Meek, Florida Tom Davis, Virginia Edward J. Markey, Massachusetts Katherine Harris, Florida Zoe Lofgren, California Dave G. Reichert, Washington Sheila Jackson-Lee, Texas Michael McCaul, Texas Bill Pascrell, Jr., New Jersey Charlie Dent, Pennsylvania Bennie G. Thompson, Mississippi Peter T. King, New York (Ex (Ex Officio) Officio) (II) C O N T E N T S ---------- Page STATEMENTS The Honorable Dave Reichert, a Representative in Congress From the State of Washington, and Chairman, Subcommittee on Emergency Preparedness, Science, and Technology: Oral Statement................................................. 25 Prepared Statement............................................. 26 The Honorable Bill Pascrell, Jr., a Representative in Congress From the State of New Jersey, and Ranking Member, Subcommittee on Emergency Preparedness, Science, and Technology............. 4 The Honorable Mike Rogers, a Representative in Congress From the State of Alabama, and Chairman, Subcommittee on Management, Integration, and Oversight: Oral Statement................................................. 1 Prepared Statement............................................. 2 The Honorable Kendrick Meek, a Representative in Congress From the State of Florida, and Ranking Member, Subcommittee on Management, Integration, and Oversight......................... 2 The Honorable Bennie G. Thompson, a Representative in Congress From the State of Mississippi, and Ranking Member, Committee on Homeland Security: Oral Statement................................................. 21 Prepared Statement............................................. 22 The Honorable Donna M. Christensen, a Delegate in Congress From the U.S. Virgin Islands........................................ 33 The Honorable Charlie Dent, a Representative in Congress From the State of Pennsylvania.......................................... 20 The Honorable Norman D. Dicks, a Representative in Congress From the State of Washington........................................ 28 The Honorable Sheila Jackson-Lee, a Representative in Congress From the State of Texas........................................ 29 Witnesses Panel I The Honorable Jay Cohen, Undersecretary for Science and Technology, U.S. Department of Homeland Security: Oral Statement................................................. 6 Prepared Statement............................................. 9 Accompanied by: Ms. Linda Vasta, Acting Director, Office of SAFETY ACT Implementation............................................... 29 Ms. Elaine C. Duke, Chief Procurement Officer, U.S. Department of Homeland Security: Oral Statement................................................. 12 Prepared Statement............................................. 14 Panel II David Z. Bodenheimer, Esq., Crowell & Moring LLP: Oral Statement................................................. 59 Prepared Statement............................................. 60 Mr Brian E. Finch, Esq., Dickstein Shapiro LLP: Oral Statement................................................. 52 Prepared Statement............................................. 54 Mr. Andrew Howell, Vice President, Homeland Security Policy Division, U.S. Chamber of Commerce: Oral Statement................................................. 34 Prepared Statement............................................. 35 Mr. Michael M. Meldon, Executive Director, Homeland Security and Defense Business Council: Oral Statement................................................. 39 Prepared Statement............................................. 42 Mr. Stan Z. Soloway, President, Professional Services Council: Oral Statement................................................. 45 Prepared Statement............................................. 48 Appendix Questions and Responses Ms. Elaine Duke Responses........................................ 75 HELPING BUSINESS PROTECT THE HOMELAND: IS THE DEPARTMENT OF HOMELAND SECURITYEFFECTIVELY IMPLEMENTING THE SAFETY ACT? ---------- Wednesday, September 13, 2006 U.S. House of Representatives, Committee on Homeland Security, Subcommittee on Management, Integration and Oversight, joint with the Subcommittee on Emergency Preparedness, Science and Technology, Washington, DC. The subcommittees met, pursuant to call, at 10:10 a.m., in Room 2175, Rayburn House Office Building, Hon. Mike Rogers [chairman of the Subcommittee on Management, Integration and Oversight] presiding. Present: Representatives Rogers, Reichert, Linder, Dent, Thompson, Pascrell, Meek, Dicks, Jackson-Lee, and Christensen. Mr. Rogers. [Presiding.] This joint hearing of the Homeland Security Subcommittee on Management, Integration and Oversight and the Subcommittee on Energy Preparedness, Science and Technology will come to order. I am pleased to join our colleagues on the other subcommittee in this joint subcommittee hearing on the implementation of the SAFETY Act. Let me first begin by welcoming our panelists of distinguished witnesses and thank them for taking time out of their busy schedules to be with us today. The SAFETY Act was enacted in November 2002 as a part of the Homeland Security Act. At that time, it was the intent of Congress to spur the development and deployment of innovative antiterrorism technologies. The bill does this in part by limiting the liability exposure of the companies that provide these technologies in the event of a terrorist attack. Since the law was enacted, however, the number of applications to DHS for SAFETY Act protection has fallen well below expectations. Critics have charged that this disappointing performance is due to a number of factors, including the department's slow evaluation and approval process, understaffing in key offices, and lingering questions about the act's ability to shield technology providers from liability. This summer DHS issued a final rule to implement the SAFETY Act as well as a revised application kit with a goal of addressing many of these private-sector concerns. The feedback we have received from industry about the revised process has been mostly positive. I look forward to hearing from our witnesses more about these recent changes and whether they address the key questions. First, is the application and review process swift, efficient and effective? Second, how can DHS more closely integrate the application and review process with the department's procurement of antiterrorism technologies and services? And third, is there sufficient awareness of and confidence in the protection provided by the SAFETY Act in the public and private sectors? I want to again thank the witnesses for joining us today, and I look forward to their testimony on this important subject. Prepared Opening Statement of the Honorable Mike Rogers I am pleased to join Chairman Reichert in holding this joint subcommittee hearing on the implementation of the SAFETY Act. Let me first begin by welcoming our two panels of distinguished witnesses, and thank them for taking time out of their busy schedules to be with us today. The SAFETY Act was enacted in November 2002 as part of the Homeland Security Act. At that time, it was the intent of Congress to spur the development and deployment of innovative anti-terrorism technologies. The bill does this, in part, by limiting the liability exposure of companies that provide those technologies in the event of a terrorist attack. Since the law was enacted, however, the number of applications to D-H-S for SAFETY Act protections has fallen well below expectations. Critics have charged that this disappointing performance is due a number of factors, including:the Department's slow evaluation and approval process; under-staffing in key offices; and lingering questions about the Act's ability to shield technology providers from liability. This summer, D-H-S issued its final rule to implement the SAFETY Act, as well as a revised Application Kit, with the goal of addressing many of the private sector's concerns. The feedback we've received from industry about the revised process has been mostly positive. I look forward to hearing from our witnesses more about these recent changes, and whether they address three key questions. First, is the application and review process swift, efficient, and effective? Second, how can D-H-S more closely integrate the application and review process with the Department's procurement of anti-terrorism technologies and services? And, third, is there sufficient awareness of--and confidence in-- the protections provided by the SAFETY Act in the public and private sectors? I want to again thank the witnesses for joining us today, and look forward to their testimony on this important subject. I now yield to the Ranking Member, Mr. Meek, for any statement he may have. I now yield to the ranking member, Mr. Meek, for any statement that he may have. Mr. Meek. Thank you, Mr. Chairman. I would like to welcome Secretary Cohen and also Chief Procurement Officer Duke back to the committee, along with the representative from the SAFETY Act office. And also, to the second panel, we want to also welcome you to the committee and look forward to your testimony. The idea behind the SAFETY Act was to encourage development and the deployment of cutting-edge homeland security technologies that would not otherwise have been procured. For the past 3 years, Homeland Security has not really had a system in place to administer the program. It has been frustrating to watch the lack of activity in the SAFETY Act office. That is why I was pleased to hear that the department has issued a new rule and application kit. Initial feedback on the new kit seems to be positive. I am told that the application kit looks easier to fill out, and the overall process appears to be less burdensome. At the same time, we don't want to come to the podium and go too far away from the original intent of the SAFETY Act. And I think that the application--the application states for the technology that has been inquired or utilized in the past on ongoing procurement would be significantly expended. I think also it is important that the testimony that we have here today would hopefully push us in the direction that we want the SAFETY Act to move in. Also, Mr. Cohen, I am looking forward to your testimony as it relates to the future of the SAFETY Act and the integrity of the SAFETY Act and making sure that it sets out to move in the direction that we need to move in of how the original act called for to be moved in. I want to say, because we have these committees, and sometimes it is very frustrating to come and spend time in these subcommittees, and we don't hear exactly what you need for us to know. I know that we have public-and private-sector members on the second panel. I would ask that panel to share with us what we need to know, not what you may think we want to hear, but what we need to know. Both of these subcommittees have been pulled together today to be able to make sure that the process move forward. As you know, Ranking Member Thompson and a number of other members of the subcommittee and the overall committee asked for some forward progress as it relates to the SAFETY Act implementation. So you can see the chart that is behind you that we really didn't have any action until this year, and many members of the private sector who want to assist us in our technology field also wanted to be covered by what the SAFETY Act provides, the blanket of not--of the whole liability issue. They had some level of frustration, but from what I am hearing now they feel that it is a new day. We want to make sure that the sun continues to shine. So, Mr. Chairman, I look forward to the testimony. And I know the chairman and I have two committees going on at the same time--two of us have a committee going at the same time, Armed Services, where they are going to be having some votes a little later on, and so we will be going in and out as those votes are called. But our staff will be here to be able to hear the kind of input that we need to hear to be able to allow us to continue to assist not only the department but the private sector in the technology field to help us protect Americans. Mr. Chairman, with that I yield back. Mr. Rogers. I thank the gentleman. The chair now recognizes the ranking member of the Subcommittee on Emergency Preparedness, Mr. Pascrell, for any statement he may have. Mr. Pascrell. Thank you, Mr. Chairman. I want to thank Mr. Reichert--he will be here with us shortly--as well as yourself and Ranking Member Meek for helping to convene this meeting. I want to welcome our witnesses. We have met several times, talked about things that are at hand. I believe that all of you appearing before us today are exemplary public officials. And I really appreciate the fact that you have been pretty straightforward. Please don't change. I think that this hearing is pretty critical. The Support for Antiterrorism by Fostering Effective Technologies Act of 2002 provides critical incentives for the development and deployment of antiterrorism technologies for homeland security. The success of this act, the SAFETY Act, is a vital component to our nation's homeland security efforts. The SAFETY Act limits the liability of providers of qualified antiterrorism technologies for claims arising out of, relating to or resulting from an act of terrorism. It was Congress's intent that the SAFETY Act would address businesses' liability concerns and pave the way for innovative development. We want to encourage that and foster it so that we could develop key antiterrorism technologies. Industry remains skeptical about the burdens imposed by this act--I can understand that--and the durability of the legal protection that the act provides. We have to be, I think, very definitive about this. Today's hearing will give us a good perspective as to what has been done and what further needs to be accomplished in order to make this act as effective as possible. To be sure, some recent success has indeed been instituted. I want to join many of us here by commending the department and the general counsel's office for putting out the final rule--it has only been 4 years--and the new application kit for the SAFETY Act certification. My understanding--correct me if I am wrong--is that the initial reaction from applicants is that this is a much- improved kit, it will be easier to fill out, to apply, to do what we want to do, to have innovation, to think, to use our imaginations, easier to understand--I mean, the last was a disaster--and require fewer burdens than the previous kit that we saw. The final rule also does a very good job of clarifying an array of key problems that arose from the earlier rules. However, as is often the case, there is still unfinished business. The SAFETY Act is intended to influence the production of technologies that otherwise would not have been produced. But the department states in the application kit that, ``It may be very important and could significantly expedite your application if your technology has been acquired or utilized or is subject to an ongoing procurement.'' This brings forward the concern of many of us here today, that the department may view the act as a blanket liability waiver for every technology. Additionally, the language as it is written makes me worry that the department wishes to encourage companies to invest their research dollars in antiterrorism technology ready to be fielded now rather than in breakthrough technologies that may offer a needed transformation in the way we combat the war against terror. Industry still seems to harbor some serious reservations and doubts about the ability of the department to keep and safeguard sensitive business concerns and confidentiality. I am puzzled about that area of confidentiality, to be very truthful with you. Many have expressed deep dissatisfaction with the department's stated policy with regard to safeguarding proprietary information submitted as part of the SAFETY Act application. And I want to hear, hopefully, how the department intends to assure applicants that their proprietary information will be, in fact, kept confidential. We have also heard that while there are dozens of contractors from the general counsel's office helping to move the SAFETY Act forward, there is only one full-time employee actually working at the SAFETY Act office. Am I correct in stating that? If true, that is unacceptable, as we intended the legislation. Either the Congress or the department needs to address the problem immediately. Lastly, it does appear that the link between the SAFETY Act office and the procurement office in DHS must be improved. If a product meets a test for procurement officials, there is no reason why the SAFETY Act office should have to run through an entirely new and an entirely superfluous process to test the effectiveness of the product. If I am wrong, teach me. I am educable, believe it or not. In the fight against terror, we must be quick and nimble. We can never forget that. If we can get the SAFETY Act to an optimal operating level, our nation will be well served. It is the austere responsibility of this committee and the witnesses before us to ensure that this happens. I want to thank the chairman. In this critical oversight hearing I look forward to a robust discussion. Thank you, Mr. Chairman. Mr. Rogers. I thank the gentlemen. The other members are reminded that opening statements may be submitted for the record. We are pleased to have with us two distinguished panels. And let me remind the panelists, all panelists, that your full opening statement will be submitted for the record, so if you would like to abbreviate it in your opening oral remarks, that would allow more time for questioning. Also, I would like to, before we empanel the first panel, ask for unanimous consent that the acting director of the Office of SAFETY Act Implementation, Ms. Linda Vasta, be empaneled along with Mr. Cohen to assist in answering questions. Without objection, welcome, Ms. Vasta. The chair now calls the first panel and recognizes the Honorable Jay Cohen, undersecretary for science and technology for the U.S. Department of Homeland Security. Welcome, Mr. Cohen. We look forward to your statement. STATEMENT OF HON. JAY COHEN, UNDERSECRETARY FOR SCIENCE AND TECHNOLOGY, DEPARTMENT OF HOMELAND SECURITY Mr. Cohen. Well, good morning, Chairman Rogers, Chairman Reichert, Congressman Meek and Congressman Pascrell and the other distinguished members of the subcommittees. It is a distinct pleasure for me to be here today to discuss the Department of Homeland Security Science and Technology Directorate and, in particular, our implementation of the SAFETY Act. Mr. Chairman, you have already indicated very kindly that my written testimony will be mad a part of the record. And thank you so much for accommodating having Ms. Linda Vasta at the table with me. As you know, I have been in the saddle now for about 1 month. I am not lawyer, and I am not an expert. And as Congressman Pascrell has already indicated, I try and use straight talk, and I am learning very quickly about the SAFETY Act, but I have much more to learn. And so with that, I will abbreviate my comments so that we provide more time for your very important questions in the time that is allotted. I always like to start off by reminding the people who are listening, because I know the members are very well aware of this, of why we are here, who we enable, what we are all about. And we just recognized--I don't want to say celebrated--the fifth anniversary of the tragic events of that terrible day, the 11th of September, 2001. We would not have the Department of Homeland Security if it were not for that event. As I testified previously, I thank the Congress and the administration so much for establishing that department. And now we need to make it more effective as each day goes on. I have already talked about Linda Vasta. I am also pleased to have sitting to my left Ms. Elaine Duke. She is our chief procurement officer at the Department of Homeland Security. We work very closely together. I must tell you, I feel a little bit like a thorn amongst the roses here. But I am honored to be sitting at the same table as them. I am pleased to discuss the progress that we have made on the implementation of the SAFETY Act. Congressman Meek has already addressed the histogram that I have to my right. Because I am the new kid on the block, I will not take credit for that, but I will give credit to Secretary Chertoff and Deputy Secretary Michael Jackson who have given this the attention that it has required and deserves. And sitting behind me is Mark Rosen, who is my general counsel, who likewise has been fully engaged in this. I will tell you, ladies and gentlemen, that barely a day goes by at the end of the day that Mark Rosen doesn't come in with a new SAFETY Act for my review and approval, and that is how we get this kind of progress. It was interesting and it was serendipitous that on the 11th of September, on Monday, we approved the 100th SAFETY Act technology since initiation of the SAFETY office. There are currently 40 cases undergoing technical review. So in the short time I have been on board with the pending case load--we have a responsibility, as you have indicated, to earn the trust of industry and the American people. We must ensure that the SAFETY Act is a credible program and that we are in this for the long haul. The new rule and the new application kit have already been addressed. Although I am not from Oklahoma, I do believe in ``show me,'' and so I went to Google, and I just typed in ``SAFETY Act'' to see what I would find. And lo and behold, number one on the list--and we don't pay Google; we are not one of the paid advertisers--is www.safetyact.gov. And then I went to that Web site, which is the new, improved Web site that you have already talked about. In the Navy, we always talk about the Major Smith test. I am not trying to be derogatory to the Army or the Air Force, but the Major Smith test is when we think we have a good idea, we give it to an uninitiated person to see does it really pass the common sense check. And that is what I was attempting to do. And so then I went to download the application. It is 93 pages on Adobe. I am not trying to give an ad here to them, but it came up very quickly, and I printed out the table of contents and then worked my way through as if I were an offerer. And I appreciate very much your comments. I would also like to say good morning to Congressman Thompson, and I apologize. We have not had the chance to meet personally before this, but I look forward to that very much, sir. So I have done the Major Smith test, and I am comfortable with the feedback that we have been receiving on that new application. One of the major provisions of the final rule is moving the time line from 150 days to 120 days. I see that as an outer limit. I believe that we can do better. And we will, I am sure, as part of answering questions, address the issue of staffing, manning, process and metrics. But all of the trends, all of the vectors, I believe, are in the right direction. I had a chance to testify before Chairman Reichert and Congressman Pascrell's committee last week on the realignment of the S&T Directorate, which was approved last Wednesday, by Secretary Chertoff, and I briefed all of my people yesterday, all hands, on that. It is now in place. We will be updating the Web site so people will know who to come to independent of the SAFETY Act with their technologies, et cetera. But as part of that brief, I indicated we would have six departments and three cross-cutting--three matrix directors, one for transition, one for innovation--that is HSARPA--and one for research. Those are the laboratories and the universities. Because my director of transition in an integrated process team will sit as a team member first with the customer, whether that is TSA, Customs and Border Protection or the directorates in Homeland Security, and sit across the table from Ms. Duke's acquisition professionals, I believe that the best alignment for the SAFETY Act Implementation Office is under my director of transition. That is a senior executive service person. He is very familiar not only with Homeland Security but also the entire output portfolio of my directorate. And so that is the direction in which I am proceeding. There has been discussion here of being nimble. I prefer to use the word agile. Our enemy is agile. Our enemy is devious. They stop at nothing to achieve their goals. And I believe we have to be as motivated, and I hope to bring that intensity and enthusiasm to my directorate. I will tell you that I am extremely honored to be here today representing those good men and women, government service, interagency personnel act, detailees from our laboratories, industry and our contract staff who make the S&T Directorate the organization it is today. I will work to make it a world-class S&T management organization that is both effective and agile and meets and exceeds the desires of the Congress and the administration and the implementation of the law. Having said that, as good as we think the final rule may be, and as good as we think the improvements in the new application kit are, we still have to listen, and we should listen, and I look forward to listening to our customer, and our customer, of course, are industry. They are the R&D and the S&T component of this incredible country. And so I look forward to staying and listening to the comments and the recommendations of the second panel. One of the things that I think you will hear from that panel, and I will conclude my remarks, are on the 10th of August, the day that I was sworn in by Secretary Chertoff, the liquid explosives plot against airlines flying from England to the United States broke. That sort of became the focus of my life around reorganizing, realigning the department and all the other things that we have accomplished in the last month. But it was clear to me that when you looked at the threat, you looked at the inconvenience to the traveling public, the economic impact, that we had to address, as I call it, the wolf that is closest to the door. Now, in the area of terrorism and technologies, there are many wolves on the porch. But our public expects us to respond, and so the very next day, on the 11th of August, I established the rapid response team for liquid explosives. We assigned a program manager. We assigned a scientist who understood the chemistry, had worked with the Israelis, with the Brits, and with our laboratories. And also, we brought the Transportation Security Laboratory of Atlantic City to the table. We had communications immediately with all of our Department of Energy laboratories, which you have so graciously given me access to, for their technology and their science and their innovation. And we brought in some of the representatives who will be on this second panel today, but we invited industry representatives. And we went out with a request for information. We have over 40 responses today. It closed yesterday. We are move forward very quickly, within 30 days, to test these technologies to detect the liquid explosives of concern. But in a proactive way, for the first time--and this was leadership direction at Homeland Security; it was not my idea, but I am very pleased to have implemented it--we used the SAFETY Act in a proactive way where we informed all the applicants that they would get SAFETY Act protection for their technologies. So with that, I will conclude my comments. Again, it is an honor to be here. I look forward to your questions. And I think that Ms. Duke may have a short statement also. [The statement of Mr. Cohen follows:] For the Record Prepared Statement of the Honorable Jay M. Cohen SAFETY Act Testimony Good Morning Chairman Rogers, Chairman Reichert, Ranking Members Meek and Pascrell, and distinguished Members of the Subcommittees, it is a pleasure to be with you today to discuss the Department of Homeland Security (DHS) Science and Technology Directorate (S&T Directorate) and in particular our implementation of the SAFETY Act program. I appreciate your invitation to discuss our programmatic accomplishments and my vision of how the Directorate can improve the use of the SAFETY Act to meet the mission needs of our customers--the DHS Components--and the technology providers that will make use of the SAFETY Act to enable them to field technologies that will make the Nation safer. I similarly appreciate the important role that the SAFETY will continue to make in eliminating barriers to full participation by the private sector in developing and fielding new types of anti- terrorism technologies. I am honored to have this opportunity and privilege to serve with the dedicated men and women, scientists, engineers, and professionals who are working to secure our homeland and defend our freedoms. While the SAFETY Act program is still a work in progress, I am very proud of what has been accomplished in a relatively short time. I have with me today Linda Vasta who is the Acting Director of the Office of SAFETY Act Implementation. I will look to Linda to help respond to any questions of the Committee that call for specific facts and figures about how the program is performing. The S&T Directorate has a significant role in bringing to bear solutions to the Department's homeland security challenges. During my tenure at the Office of Naval Research, especially after 9-11, I learned first hand the incredible value that a sustained, customer focused basic and applied research program adds to America's ability to bring advanced technology to our (and our allies) asymmetric advantage against the enemies of freedom. It can mean the difference between life and death, victory and defeat. DHS's enabling legislation, the Homeland Security Act of 2002, established a separate Science and Technology Directorate with a well-defined mission in recognition of the importance of robust science and technology programs in the War on Terrorism. I intend to move the S&T Directorate forward by instilling efficient processes, ensuring accountability and empowering people to conduct the important work of the Directorate. The SAFETY Act plays a key role in enabling the fullest possible participation of industry in this effort. The SAFETY Act (Support Anti-terrorism by Fostering Effective Technologies Act) was enacted as part of the Homeland Security Act of 2002. The mission of the SAFETY Act is to facilitate the development and deployment of qualified anti-terrorism technologies by creating a system of risk and litigation management. These protections apply to a company when the worst happens--an act of terrorism. The SAFETY Act is intended to ensure that the threat of liability does not deter potential manufacturers or sellers of anti-terrorism technologies from creating or providing products and services that could save lives. The last year has been a time of significant growth and improvement for the SAFETY Act program, building on the S&T Directorate's proactive efforts to develop the program since the Department was created in 2003. The increase in the number and types of technologies extended SAFETY Act protection has been impressive. Since September of 2005, DHS has issued 60 award decisions. As you can see from the chart, over last three years, the growth is strong and continues to climb. We currently have issued SAFETY Act Designations or Designation/Certifications to over 100 companies that are developing Qualified Anti-Terrorism Technologies. While I am encouraged with the trend indicated by these numbers, I believe we can more fully utilize what is an important homeland security tool. However, I wish to report several developments that (i) reveal the Department's commitment to improving upon efforts to date, (ii) indicate that progress is being made, and (iii) should with time greatly increase the number of companies applying for and receiving SAFETY Act protection. The first improvement is the promulgation and implementation of the SAFETY Act Final Rule, which became effective on July 10, 2006. The terms of the final rule reflect lessons learned and experience gained from our operational experience and provide for a more efficient and user-friendly application process. They also reflect the many comments and suggestions that were made by the private sector and industry experts while the program operated under the Interim Rule. Perhaps the most dramatic change in the Final Rule is the reduction of the evaluation cycle from 150 days to a maximum of 120 days, while maintaining the same quality level of analysis. Expediting this process is vital for the companies who cannot wait months for decisions to be made when their capital and intellectual property is on the line. Our hope is that our elimination of 30 days from the review cycle sends an important signal to the private sector that we are committed to their success and improves their overall experience with the application process. Moreover, I expect that decisions on certain applications will be made in time frames far shorter than 120 days, and assure you that, in any event, the 120 day regulatory cycle will be strictly adhered to. Since coming on board, I have learned that the Department's track record in processing applications within the SAFETY Act's regulatory deadlines is troubling. I have learned that, through the practice of issuing numerous ``requests for information,'' in some cases the Department might have caused unnecessary delay and imposed undue burdens on applicants. This is not consistent with my goals for a full service, efficient, and customer oriented organization. Going forward, the Department will strictly adhere to regulatory deadlines and will ensure that only information necessary to reach a decision on an application will be required. Time is of the essence. Furthermore, I will, while preserving the integrity of the technical review process, continue to look for ways to improve the program's level of efficiency and further reduce the SAFETY Act application evaluation cycle. Already, the Office of Safety Act Implementation (OSAI) and the Office of the Chief Procurement Officer are working together to align the SAFETY Act application review process more closely and effectively with the procurement processes within DHS and throughout the Federal Government. We have briefed members of the DHS acquisition community to facilitate the integration of these two processes. We are also streamlining our review processes and are working to eliminate duplicative technical reviews of candidate technologies that are the subject of government procurements. We take very seriously our responsibility to ensure that technologies receiving SAFETY Act protections are effective in helping to protect America; however, if a thorough evaluation of a technology has already been conducted as part of the government's RDT&E or acquisition process and particular technologies found to be effective, we are comfortable eliminating duplicate technical reviews and ``fast tracking'' applications for SAFETY Act protections to coincide with government acquisition schedules. We are doing this now with our current initiative to seek technologies to detect liquid explosives. The Department did this effectively last November with regard to the procurement by the Domestic Nuclear Detection Office (DNDO) of Advanced Spectroscopic Portal technology. Other examples include coordinating with the Transportation and Security Administration (TSA) on private airport screening services. We recently worked with procurement and other officials to integrate SAFETY Act into planning and acquisition activities associated with the Secure Border Initiative, US-VISIT, and the Registered Traveler program. The Final Rule also establishes that some of the protections of the SAFETY Act can be afforded to qualified anti-terrorism technologies that are undergoing developmental testing and evaluation. By creating ``Developmental Testing and Evaluation Designations,'' the Final Rule encourages investment in promising technologies that could serve as an important homeland security resource. Another major enhancement to the SAFETY Act program is the new Application Kit which was released on August 14, 2006. The SAFETY Act program is in its third year, and experience in administering the program has demonstrated that procedural processes built to administer the Act could be improved. The Department recognized that the initial SAFETY Act Application Kit was overly burdensome and the application process could be streamlined and made less bureaucratic. The Department has refined the SAFETY Act Application Kit and the application process more generally to reduce burdens and to focus more precisely on collecting the information necessary for the review of a particular anti-terrorism technology. The Department recognizes that each SAFETY Act application is different. Our aim is to have an interactive and flexible application process and to focus the SAFETY Act Application Kit on soliciting essential information that may be supplemented as necessary on a case by case basis. And as part of the new Application Kit, the Office of SAFETY Act Implementation will be proactively engaging applicants much earlier in the process. The new Application Kit is designed to be more ``user-friendly,'' and the Department, through a Notice in the Federal Register dated August 17, 2006, is inviting comments and suggestions for how we may further refine the kit to make the SAFETY Act application process even more effective. With the Final Rule and new Application Kit in place, the SAFETY Act Office will be redoubling their efforts to encourage an increasing number of SAFETY Act applications. To this end, continuing the proactive outreach that began with the S&T Directorate's first SAFETY Act presentations in five cities in the Fall of 2003, we are participating in or presenting at a number of homeland security-related conferences to spread the word to individual companies. We are also beginning a comprehensive system of outreach to high-tech trade associations, technology incubators, relevant members of the legal community, and leading business associations. Our outreach will involve one-on-one meetings, participation in industry events, articles in industry publications and greater information dissemination via the SAFETY Act website, www.safetyact.gov. For example, there are dozens of high tech trade associations in the DC area representing thousands of technology companies. By working with them to spread the word about the SAFETY Act, we can dramatically increase our number of applicants and thereby find valuable anti- terrorism technologies for use by DHS. Personal briefings with members, newsletter articles and targeted events as well us field visits and ``town hall'' meetings allow us to inform more companies about the protections available to them as we continue to fight the war on terror. This opportunity also exists across the country with state, county and city technology associations. Building a relationship with them will help facilitate our grassroots outreach. Successful utilization of the SAFETY Act program truly depends on effective public-private partnerships and we will work to make the most of this opportunity. I believe the best way to judge the progress we are making is by the statements of the companies that have received SAFETY Act awards. We have worked diligently to listen to the feedback from private industry and their comments speak volumes about the quality of the work we are doing. In the June 19th issue of Government Security News magazine, a number of companies issued statements about the benefits of the Act and how it has impacted their business. Wackenhut Chairman and CEO Gary Sanders stated, ``By granting these much sought-after awards, the DHS has validated these important processes and declared that Wackenhut's services are designed to envision and defend against possible terrorist scenarios; deny terrorists access to secure facilities; and, to respond to terrorist related security breaches.'' Mitigation Technologies Managing Member Craig Schwartz stated, ``Mitigation Technologies continues to develop and deploy innovative life-saving products while seeking added benefits like DHS' SAFETY Act coverage to provide safety, comfort and peace of mind for citizens worldwide.'' Smith Detection Americas President Cherif Rizkalla stated, ``SAFETY Act certification provides our customers with real assurance the Hi-SCAN 7555i and the Sentinel II are effective, reliable and safe anti-terrorism technologies. . . We plan to obtain SAFETY Act approval for additional Smiths products in the near future.'' Boeing's Vice President of Advanced Homeland Security, John Stammreich stated ``to us, the SAFETY Act is vital. . . .we're really encouraged how far the government has come in the last 18 months to two years. . . .Boeing is feeling very bullish about the SAFETY Act environment.'' In conclusion, the SAFETY Act is a vital tool for our government to remove barriers to full industry participation in finding new and unique technologies to combat an evolving enemy. Technological and scientific innovation continues to be a major factor in our Nation's success, and the SAFETY Act is one means by which we can help leverage that strength in our War on Terrorism. The SAFETY Act can, when used to its full potential, create market incentives for industry to increasingly invest in measures to enhance our homeland security capacity. While more needs to be done, I am pleased to report there are over 100 SAFETY Act protected technologies that we have enabled to be deployed around the country, and over 40 additional technologies under review. The fact that we have a growing number of applications in the pipeline is testament to the fact that this program is becoming increasingly credible and important to the business and government acquisition community. This fiscal year alone OSAI has processed and issued twice as many Designations and Certifications for Qualified Anti-terrorism Technologies as in previous years. Moreover, DHS has set the stage for even greater progress and accomplishment for implementation of the SAFETY Act. The SAFETY Act will continue to provide needed protection to the most dynamic creators of anti- terrorism technologies, while also safeguarding the American public. Thank you for your time and I look forward to your questions. Mr. Rogers. Thank you, Mr. Cohen. And the chair now recognizes Ms. Elaine Duke, chief procurement officer for the Department of Homeland Security. And we welcome you back and look forward to your statement. STATEMENT OF ELAINE DUKE, CHIEF PROCUREMENT OFFICE, U.S. DEPARTMENT OF HOMELAND SECURITY Ms. Duke. Thank you. Good to be back. Good morning. Chairman Rogers, Chairman Reichert, Ranking Member Meek, Ranking Member Pascrell and members of the committees, I am Elaine Duke, and I am the chief procurement officer for the Department of Homeland Security. Thank you for the opportunity to appear before you to discuss the Department of Homeland Security SAFETY Act implementation. The SAFETY Act of 2002 serves as a critical tool in expanding the creation, proliferation and use of antiterrorism technologies. While the Undersecretary for Science and Technology is responsible for executing the functions of the act, including the designation of technologies as qualified antiterrorism technologies, I am responsible for integrating the SAFETY Act into the DHS acquisition program. Because the SAFETY Act will apply to all federal agencies procuring antiterrorism technologies, federal-wide policy and guidance is needed to ensure the SAFETY Act protections are appropriately considered during the procurement process. Therefore, the SAFETY Act procurement regulations, like other federal-wide acquisition regulations, will be implemented through a change to the Federal Acquisition Regulation, or FAR. Since the issuance of procurement regulations was contingent upon publication of the program final rule, DHS initiated this change to the FAR in June 2006, just after the SAFETY Act final rule was published. In July, DHS Office of Chief Procurement Officer submitted a concept paper to the FAR law team case manager. And on August 16th, 2006, DHS presented a draft case to the FAR council, which is composed of representatives from the General Services Administration, NASA, Department of Defense and Office of Federal Procurement Policy. Since proper acquisition planning is critical to the success of the SAFETY Act implementation within the federal procurement system, DHS's proposed FAR language emphasizes the need for federal agencies to initiate early planning and coordination with the DHS Office of SAFETY Act Implementation for acquisitions involving potential antiterrorism technologies. The FAR council has accepted DHS's request to initiate the rulemaking case for the proposed rule to establish uniform federal procurement policy implementing the SAFETY Act. We are pleased that this is occurring, since the SAFETY Act has broad application to acquisitions throughout the federal government, and the FAR case is the bet method for increasing awareness of this important program. While S&T is responsible for the SAFETY Act program, including the approval of SAFETY Act application, evaluation and determination, the Office of the Chief Procurement Officer is responsible for ensuring DHS solicitations and contracts appropriately convey requirements and address all aspects of the process, including those associated with the application of SAFETY Act protections. DHS program officials and contracting officers will play a key role in facilitating the SAFETY Act process, and S&T will retain the responsibility for reviewing and approving the SAFETY Act applications. Therefore, to effectively integrate SAFETY Act into the procurement process, we have partnered with the Office of SAFETY Act Implementation in Science and Technology to facilitate open communication and align processes. Since release of the final rule, our office, in collaboration with Science and Technology, has issued a memorandum to the heads of all the DHS contracting activities, the component Office of General Counsel and the DHS Program Management Council discussing the implementation of SAFETY Act in DHS. We have trained our chief acquisition officers of each component in DHS so that they can implement SAFETY Act provisions in their procurements. We have briefed the DHS Procurement Management Council and initiated dialogue with industry to discuss our path forward. As the procurement rulemaking process continues to the FAR council, DHS remains dedicated to ensuring that consideration for SAFETY Act coverage is addressed in all applicable procurements. For example, in the advanced spectroscopic portal program, or the ASP program, the Undersecretary for Science and Technology predetermined that the products and services being acquired from successful offerers under ASP would be designated as qualified antiterrorism technologies. This effort allowed DHS to significantly fast-track the SAFETY Act process in the procurement of the ASP program last November. For the SBInet secure border initiatives acquisition, in addition to incorporating SAFETY Act language into the solicitation, DHS, in response to industry inquiries, sent a letter to all offerers clarifying the application of SAFETY Act under this procurement and offering to meet with each offerer one-on-one to address any additional guidance concerns they may have. Finally, recently in liquid explosives, as Undersecretary Cohen already discussed, we have addressed SAFETY Act in the requests for information. We continue to look for more opportunities to proactively use the SAFETY Act within the Department of Homeland Security. In closing, successfully implementing the SAFETY Act requires collaboration and strong working relationships, and we have built those and will continue to build those. I am committed to fostering those relationships. And I thank you for the opportunity for testifying before this committee about DHS contracting procedures, and I am glad to answer any questions that you may have. [The statement of Ms. Duke follows:] Prepared Statement of Elaine C. Duke Chairman Rogers, Chairman Reichert, Congressman Meek, Congressman Pascrell, and Members of the Committees, I am Elaine Duke and I am the Chief Procurement Officer for the Department of Homeland Security. I appreciate the opportunity to discuss the Department of Homeland Security's final rule on implementing the SAFETY Act. As the Chief Procurement Officer, my top four priorities are: First, to build the DHS acquisition workforce to enhance the Department's acquisition program. Second, to establish an acquisition system whereby each requirement has a well defined mission and a management team that includes professionals with the requisite skills to achieve mission results. Third, to ensure more effective buying across the eight contracting offices through the use of strategic sourcing and supplier management. Fourth, to strengthen contract administration to ensure that products and services purchased meet contract requirements and mission need. Effective implementation of the Safety Act is critical to the fourth priority. SAFETY Act Implementation The Support Anti-terrorism by Fostering Effective Technologies (SAFETY) Act of 2002 (Subtitle G of Title Vlll of the Homeland Security Act of 2002, Pub. L. No. 107-296, 116 Stat. 2135, 2238-2242 (6 U.S.C. Sec. Sec. 441-444)) creates incentives for companies to bring new anti- terrorism technology to the market place by limiting the seller's and other parties' potential liability if the technology is deployed in defense against, response to, or recovery from an act of terrorism. The SAFETY Act serves as a critical tool in expanding the creation, proliferation and use of anti-terrorism technologies (or services). The provisions of the SAFETY Act provide explicitly that the SAFETY Act's liability limitations apply whether approved technologies are sold to the government or by and between private parties. The Under Secretary for Science and Technology (S&T) is responsible for executing the functions of the Act including the designation of technologies as ``Qualified Anti Terrorism Technologies'' (``QATTS''). I am responsible for integrating the SAFETY Act into the DHS acquisition program. Federal Acquisition Regulation (FAR) Council Rulemaking On June 8, 2006 the Department published the SAFETY Act Program final rule, which went into effect July 10, 2006. Because the SAFETY Act will apply to any federal agency procuring anti terrorism technologies, federal wide policy and guidance is needed to ensure SAFETY Act protections are appropriately considered during the procurement process. However, the initiation of procurement regulations was contingent upon the publication of the final Program rule. On August 16, 2006, DHS requested that the FAR Council, composed of representatives from the General Services Administration (GSA), National Aeronautics and Space Administration (NASA), Department of Defense (DOD) and the Office of Federal Procurement Policy (OFPP), initiate a proposed FAR case to establish uniform federal procurement policy implementing the SAFETY Act. The FAR Council has accepted the DHS request to initiate the rulemaking case for the proposed rule. We are pleased that this is occurring since the SAFETY Act has broad application to acquisitions throughout the federal government and the FAR case is the best method of increasing awareness of this important program. Key to the success of SAFETY Act implementation within the federal procurement system is proper acquisition planning. Therefore, the proposed FAR language emphasizes the need for federal agencies to initiate early planning and coordination with the DHS Office of SAFETY Act Implementation (OSAI) for acquisitions involving anti terrorism technologies. In a parallel action, my staff is preparing a revision to our own Homeland Security Acquisition Regulation/Manual (HSARIHSAM), to complement and supplement the FAR change. Similarly, other agencies including the Department of Defense will determine whether to publish FAR supplementing language in their respective supplements. Implementing SAFETY Act Provisions in DHS Procurements While S&T is responsible for the SAFETY Act program, including the approval of SAFETY Act application evaluations or determinations, the Office of the Chief Procurement Officer (OCPO) is responsible for ensuring DHS solicitations and contracts appropriately convey requirements and address all aspects of the process, including those associated with application of SAFETY Act protections. DHS program officials and contracting officers will play a key role in facilitating the SAFETY Act process; however, S&T retains the responsibility for reviewing and approving SAFETY Act applications. Therefore, to effectively integrate SAFETY Act considerations into the procurement process, the Office of the Chief Procurement Officer (OCPO) has partnered with the OSAl and S&T to facilitate open communication and align processes. Since the release of the final rule, OCPO, in collaboration with S&T, has: Issued a memorandum on August 7, 2006 to the heads of the DHS contracting activities (HCA), the component Offices of General Counsel (OGC), and the DHS Program Management Council (PMC) discussing the implementation of the SAFETY Act in acquisition planning. Briefed the Chief Acquisition Officers (CAOs) of each Component at the monthly CAO Council meeting so that the CAOs can disseminate information concerning the SAFETY Act and its procedures to the acquisition workforce personnel within the Department of Homeland Security. Briefed the DHS Program Management Council on the SAFETY Act and related processes and procedures. The Program Management Council is a component of the Program Management Center of Excellence, which works to develop the policies, procedures and other tool sets needed for DHS Program Managers to succeed. Initiated dialog with industry to discuss the path forward with SAFETY Act implementation for affected DHS procurements, and will continue to engage industry during the Procurement rule making process by soliciting input and feedback through a public meeting. Although the Procurement rule making process continues, DHS remains dedicated to ensuring that consideration for SAFETY Act coverage is addressed in all appropriate procurements. For example, in the Advanced Spectroscopic Portal (ASP) program, the Under-Secretary for Science and Technology pre-determined that the products and services being acquired from successful offerors under ASP would be designated as QATT, as that term is defined by the SAFETY Act. This effort allowed DHS to significantly "fast track the SAFETY Act review process in the procurement of the ASP Program last November. For the SBlnet acquisition, for example, in addition to incorporating SAFETY Act language into the solicitation, DHS, in response to industry concerns, sent a letter to offerors clarifying the application of the SAFETY Act to the acquisition and offering to meet with companies one on one to provide any additional guidance. Finally, in the recently issued Request for Information (RFI) concerning Liquid Based Explosive Detection Technologies we announced, in coordination with the S&T Directorate, that technologies which were effective in detecting liquid-based explosives and capable of deployment would receive SAFETY Act protections. We will continue to look for more opportunities to proactively use the SAFETY Act to facilitate the widest possible industry participation in our procurements. The fact that the SAFETY Act limits the downstream liability of suppliers and subcontractors of the technology is an especially powerful tool in streamlining procurements in the public and private sector. To that end, OCPO will develop SAFETY Act training for contracting professionals so that application of the Act within DHS procurements will be effectively facilitated and coordinated from the procurement perspective. Furthermore, OCPO is currently working to modify the Department's current acquisition planning guide, which is contained in the Homeland Security Acquisition Manual (HSAM), and describes DHS internal policies and procedures. Conclusion In closing, successfully implementing the SAFETY Act requires collaboration and strong working relationships with all DHS stakeholders, to include private industry, other federal agencies, and members of Congress, to ensure DHS meets its mission as effectively as possible. I am committed to continuing with fostering those relationships. Thank you for the opportunity to testify before the Committees about DHS contracting procedures and I am glad to answer any questions you or the Members of the Committee may have. Mr. Rogers. I thank you. And I would like to start off with a couple of questions for Ms. Duke specifically. You heard Secretary Cohen make reference to how optimistic he was that you all had turned the corner in this application process, and it is going to be a much more rapid and simplified process. Do you share that perspective? Ms. Duke. I do. I think that from both the process and how it is integrating into procurement and the application itself-- the biggest step we have taken forward is that we have a prequalification designation, so early in the planning process of major acquisitions, we can go to science and technology from the acquisition world and ask them to predesignate the technology that would be proposed under this procurement. So that really gives us a parallel process. The second thing that the department has done is simplified the actual application process and shortened the review time. So in both aspects I do agree with that. Mr. Rogers. Was the 93-page form the simplified form? Ms. Duke. It is the simplified form, but there are many different types of applications. It is not 93 pages for one form. Mr. Rogers. Because 93 pages doesn't sound real simple to me. But a second question: As I understand it, the SBI procurement specifically states that proposals in which pricing or any other term or condition is contingent upon SAFETY Act protections of the proposed product or service--or it will not be considered for award. And how or when are you going to police this? Could you describe that? Ms. Duke. If an offer was contingent on SAFETY Act coverage, an offerer would have to have completed and have his designation and certification be for award. The way we are policing it is when we first got the offers we reviewed each offer to ensure that that contingency was not in the proposal. The reason we stated that affirmatively up front is we felt that it was important for industry to know that we would not accept offers that said they were contingent so that the offerers could appropriately price and submit their proposals. The other reason for doing that is because offerers do not have to wait until they are selected for a contract to apply for SAFETY Act coverage. And so that was an indicator to industry that because we are not going to accept contingent offers, they are not going to be able to say we won't accept a contract unless we have coverage, it allows them to--it indicates to them that if they want to apply for SAFETY Act coverage they should do that before waiting to be notified that they are a potential awardee. Mr. Rogers. Secretary, I wanted to ask you--I understand from your comments and Ms. Duke's comments that you all have established a good working relationship and have much better communication. Do you have similar channels of communication and relationships established with your customers, those folks in the private sector that you are going to be interacting with? If so, what are they, and how long have they been in place, and what do you see their prospects for enhancing the speed of this process, this application process? Mr. Cohen. Well, the short answer, Mr. Chairman, is that that is a work in progress. As I indicated on the 11th of August, not knowing what those processes were, thanks to some of the gentlemen sitting behind me, the Chamber of Commerce and other representatives, we do have a business office. There is an outreach at the department level as well as my directorate level. We went ahead and engaged directly with them. But we are in the process--and some of this has already occurred, but having--my words now--a road show, an outreach where we not only go to various conventions, various symposia, but just like I have done previously in Navy with the SBIR, the small business innovative research, where we go out to districts, to small groups of businesses. It is easier to touch, of course, the big businesses? Mr. Rogers. Right. Mr. Cohen. --than it is the small because they are so diverse. But we live in a Web-enabled world, and it is hearings like this that get covered in the press, that get out to the public to let them know that we have this program. But the short answer is this is a work in progress to ensure that we cover both geographically and economically large and small and technological risk from low to high how we do that. But that is more my responsibility than the SAFETY office's responsibility, because I see our outreach hand in glove with looking for the cutting-edge technologies that we need, and the SAFETY office merely provides the protections that the Congress intended. Mr. Rogers. Great. Thank you very much. That is all the questions I have. The chair now recognizes the ranking member, Mr. Meek. Mr. Meek. Thank you, Mr. Chairman. Secretary Cohen, I want to ask you--you said in your testimony that there is not a day that goes by that you don't get an application. Is there a waiting list or a logjam as it relates to the processing of the applications? And since you have one person on the SAFETY Act office--I know that it is supported by the legal office. Can you just enlighten us a little bit about the process? Are there any areas where we need improvement? Mr. Cohen. Well, the short answer is there have been logjams, and there continue to be smaller logjams. Right now I have a handful of applications. These are fairly detailed and difficult issues that have exceeded the 120-day window that I feel is very important for us to meet. And as I have indicated in my verbal comments earlier, while I may not want to change the rule, I do want to get the performance down, and we do that by metrics and feedback and resourcing. I have a total of about 16 people in the office. Ms. Vasta, of course, is the government service. This is inherently government service. This is not something that I want to contract out. But I have a very lean organization. And the Congress and the administration intentionally made the Department of Homeland Security lean. Mr. Meek. Mr. Secretary, if I can? Mr. Cohen. Yes, sir. Mr. Meek. --when you say a handful of applications, what are you talking about? When you say a handful, is that 16, 20? Mr. Cohen. Six or less. Mr. Meek. Six or less. Mr. Cohen. Six or less. Mr. Meek. Okay. Mr. Cohen. And I will take that for the record, so that I get you the exact number. Mr. Meek. Okay. I am going to tell you what my concern is, and I told you this subcommittee meeting was very frustrating for me because I was here when we had the select committee, and we had all of these technology companies come and sit at the table where you are sitting and saying, oh, we have technologies, we would like to share them, we would like to be a part of protecting America, but we are not going to stick our necks out there, only to find out, you know, 6 months ago that we are, you know, with under 30 applications approved, and we have technology companies and other companies that are saying we want to be a part of the solution? Mr. Cohen. Yes, sir. Mr. Meek. --but the department won't allow us to be a part of the solution. So that means those of us that are sitting up here and individuals over at the Department of Homeland Security, that now we are standing in the schoolhouse door not allowing safety and protection of Americans to happen. So if I sounded a little frustrated in my opening comments, I was. But I just want to say that I am glad that we are moving down the line, and I don't want us to go and start, you know, saying okay, let's start an assembly line here and let's start approving everything, because when you look at the SAFETY Act, it is written in a vague way to allow not only technology but support services. Well, support service, what is that? You know, is that a security guard at the door of the Department of Homeland Security? You know, so we have to really look at these things. We are not asking for an assembly line effect. We are asking for a process that would be user-friendly for those companies that are willing and support services that are willing to come forth to help protect Americans. But we do not want to hear--we just passed 9/11--oh, all of this is in place, here is a company that had the technology, they wanted to come, and their application has been stuck over at Department of Homeland Security because someone said we want to be lean and mean. I am going to tell you right now, when it comes down to protecting Americans, when we have technology that is out there, I don't want us to be the problem. That is what I am saying. So that is the reason why I am saying in a very blunt way, in very plain English, if there is something that we need to know, something that you need, then somebody needs to say it. If not this panel, the next panel. If not the next panel, somebody needs to send an e-mail, drop a letter off without a name on it, or whatever the case may be, and say this is where the logjam is taking place. We don't want folks to get frustrated. I don't want to pick up U.S. News & World Report and hear about how some other country is beating the United States, or some U.S. company has gone over there because they give them the coverage that they need under a similar act, you know, as the SAFETY Act. So I will leave it at that, Mr. Chairman. I just hope that this will bubble up through the process before we leave this room today. If not, the members and staff will be able to get that information. Ms. Duke, do you have anything that you want to add? Ms. Duke. No. I agree with you totally. This is important for businesses to be able to work effectively, both large and small, and we are jointly committed to continuing to improve that. Mr. Meek. Okay. Thank you. Mr. Cohen. Mr. Meek, I know you have other commitments, but I want to make sure that I clarify what I said. First of all, you are right to be frustrated. The department, as you can see, long before I got here has taken that aboard, has taken action, but that is not a production line. This is a due diligence process with all the reviews that-- again, I am not a lawyer--that I believe the Congress intended us to do. But you are also right to remain skeptical. And what is the right balance? While I believe in a lean organization, I also understand my statutory responsibility, and it is my signature that goes on each of those certificates and each of those approvals. And my father, may he rest in peace, said son, the only thing you have in this life is your good name, don't give it away. And so I believe you and I are very much aligned on this and that Congress has never denied me, in the years that I have dealt with them, those tools that I have needed to do the right thing. And I thank you so much. Mr. Meek. Well, Mr. Cohen--Mr. Chairman, if I can--you know, it wasn't meant as an individual holding the horse or holding the cart, you know, up from making it to the market. I just want to make sure that, like you are saying, you are clear. I want to make sure that you know that we are clear. Mr. Cohen. Yes, sir. Mr. Meek. The frustrating part on the oversight, again, especially for the subcommittee that I am the ranking member of, is the Monday morning quarterback theory. The game is on Sunday. We want to play it on Sunday. We want to win it on Sunday. We don't want to on Monday talk about well, you know, when we came before you last time, we really needed this but, you know, it didn't quite come out in that meeting, because at the Department of Homeland Security--revolving door of undersecretaries and executive directors. And so you really are dealing with a new person every time you sit down. Hopefully that will stop. I want you to stay in the position that you are in. But I just want to make sure that if we have companies that are out there--and I heard from some of them that are saying we have this technology, but we can't participate in the SAFETY Act program. So when people come to me and say that, what am I supposed to do? Article I, section 1 of the U.S. Constitution, as a member of Congress and a representative of the people of the United States of America, is to make sure the department, A, has what it needs to carry out the mission; B, make sure that they have the will and the desire even if they don't want to carry it out. So I am Mr. Johnson and Ms. Johnson who went to vote one day at 7 a.m. in the morning for representation. I am the body and the flesh of those individuals. So I just want to make sure that neither you nor the department takes my comments out of context to say that maybe I just didn't have my coffee yet. That is not the case. I just want to make sure that we break it down to the point that everyone understands what we need and how we need it and when we need it. And if you need it, you need to say it. Thank you, Mr. Chairman. Mr. Reichert. [Presiding.] Thank you, Mr. Meek. The chair recognizes Mr. Dent. Mr. Dent. Thank you, Mr. Chairman. Good morning. My question is this--I have a few questions, but we will start with this one. Why did the RFP for the SBI, the secure border initiative, specifically exempt contractors from the SAFETY Act liability protections? Either one of you. Ms. Duke. It actually told offerers that we would be providing SAFETY Act protection. It did have a statement that we would not accept offers that were contingent on SAFETY Act protection prior to award. And the reason for not accepting contingent offers is that the way that the SBInet procurement is worded, each offer is going to come in with a unique technology. We cannot accept--I am sorry. It was to put offerers on notice that they would have to seek SAFETY Act protection before award, which they always can do and should do, or they would have to accept the contract and continue to go through SAFETY Act coverage. So it is not really excluding them, but it is to put them on notice that if they say we will not accept a contract without SAFETY Act protection, and they don't get that SAFETY Act protection, that we would not award. Mr. Cohen. If I may follow up, I have received a full brief on the SBInet program, although I specifically asked not to know who the bidders or offerers were, and I am very comfortable in telling you that whoever the winning offerer may be that they will receive SAFETY Act protection. I think they understand that as the process has gone along. And that protection will be for the activities that they would perform under that contract. And I am very comfortable in doing that. We are spring-loaded to go forward on this. This is so important. But I am comfortable in having my office, to the maximum extent possible, endorse the work of Ms. Duke's source selection panel and their detailed technical review of those proposals so that we don't have to unnecessarily revisit that. And again, I think this is all part of the process improvement. But, Congressman, this is a big one, and we want to get this right. Mr. Dent. Thank you. And also, I just wanted to publicly thank Ms. Duke for your participation in the homeland security procurement center that we held up in my district at Lehigh University. It was well received, and I want to thank you for that publicly. Ms. Duke. Thank you. Mr. Dent. Your staff did a wonderful job. My next question deals with this: What specific steps can DHS undertake to reach out to small businesses which might have products of interest to the DHS and which might not know about the liability protections that you just went over that were offered by the SAFETY Act? Ms. Duke. Well, one of the best programs for small business is the small business innovative research program, and we do have many initial evolving technologies awarded under that program. In fact, we used it recently on liquid explosives through TSA. Another way is we are, as a standard, including SAFETY Act in our small business briefings. We do many events like the one held in your district, and we have gotten many inquiries, so that is now a standard part of our presentation. The other thing we are doing in the procurements coming forward, once the Federal Acquisition Regulation, FAR, case is done, we will be having standardized language, and we will clearly tell the businesses if they would have a predesignation notice or not. So we are going to continue the training. We are going to continue the outreach. And that is the biggest way that we can reach out to the small businesses. Mr. Dent. And finally, if you could do anything in DHS to streamline the application process in order to make the whole process more user-friendly, particularly for those smaller companies, that would be greatly appreciated, because, as you know, a lot of them don't have the manpower or the capacity to deal with all the bureaucratic issues that are required. Ms. Duke. S&T does offer a preapplication meeting, and I would encourage all small and large businesses to have those to help them before they actually get started in the application process. Mr. Dent. Thank you. I have no further questions. Mr. Reichert. Thank you, Mr. Dent. Mr. Thompson is recognized for 5 minutes. Mr. Thompson. Thank you very much, Mr. Chairman. I have testimony I would like to submit for the record that I was not here earlier to give personally. Welcome, Mr. Secretary. I am happy to get a chance to see you, although we will have our meeting in the future. Ms. Duke, always good to see you. And I guess I have a question I would like to give both of you. It speaks in reference to the application for services process for the SAFETY Act as proposed. I am sure you are familiar with the Wackenhut situation and the notion that they were one of the first contract service providers for security. And we know what happened at the situation at headquarters. But they also had received designation, basically, that we would defend them against terrorist scenarios, deny terrorists access to secured facilities and to respond to terrorist- related security breaches. And I guess I have two questions as it relates to that. When we give these kind of waivers to people, what happens when they provide less-than-adequate service in this procurement? I know sometimes you go out and rebid the contract, but what happens when they haven't trained the people for the service that they said they would? Do we then take that shield away, or just what? [Information follows:] For the Record BGT Talking Points SAFETY Act Hearing September 13, 2006 Congratulations to the Department and the General Counsel's office for putting out the final rule and the application kit. Though I am happy to see Under Secretary Cohen here, I would have liked to see a representative from the General Counsel's office who could testify to some of the changes to the rule and the application kit. I'm going to be meeting with Phil Perry, the General Counsel, in the upcoming days--I'd like him to explain why the Department did not want him--as its top lawyer--to be testifying here today. In the meantime, that means Mr.Cohen you are going to be on the hot seat today as we have a lot of questions about the Department's performance and decisions to date. As background, I first requested a hearing on this issue back in April. Since then, my staff and I have received a significant number of comments from applicants and other folks in the private sector who have had experience with the SAFETY Act. Not all of the comments were negative, but a significant number of people expressed some dismay in the Department's efforts in dealing with the SAFETY Act. One group told me that the SAFETY Act office was acting like a ``Mini-FDA'' in granting certifications and designations. I can assure you that this was not the intent of Congress. But after the Department issued its final rule, and after the Department issued its final kit, those complaints have become less frequent. And that's why I cautiously congratulate the Department's efforts here--it's not a perfect product, but you listened to folks here on the Hill and the applicants in the private sector and you put a better product forward. But not everything is perfect. Shortly, we'll be getting into some of unfinished business, particularly: The administration issues within the SAFETY Act Office; The confidentiality of the information that the Department retains; The certification of ``services''; The burden of the application kit; The duration of a SAFETY Act designation; The possibility of creating an appeals process; and The necessary linking of the procurement office with the SAFETY Act Office, and the efforts of the Department to promote the application of the SAFETY Act across different levels of government, particularly in the state and local procurement process. I look forward to working with the Under Secretary and the Department in resolving some of these issues. Above all, we have to remember what the SAFETY Act is supposed to be doing: putting technologies out in the field that otherwise may not have been developed. Clearly, this Act was not intended to be a blanket liability waiver for every anti-terrorism technology out there. But it is clear that the way the Department had been implementing the Act in the past has left something to be desired. I am confident that with the new kit, the new rule, and continued feedback from folks here and in the private sector, we can all work together to achieve the optimal result. Ms. Duke. Well, I can address the contract performance. A contractor getting SAFETY Act coverage does not relieve them of the responsibility for performing satisfactorily and performing well. So the SAFETY Act coverage looks at it in the plan. Is it antiterrorist technology? Does it show that they are going to perform as intended by that technology or that services? Once the contract is awarded, then we get into the performance issue. And in the case of Wackenhut, as you know, they are no longer performing services. So I would address that by taking contract action and either not renewing or terminating the contract as appropriate for not performing the service, whether or not they had SAFETY Act coverage. And I think that in the case of--so as planned, they might have met the requirements of the SAFETY Act to get coverage, but the execution has to be there, and that is a contracting issue. Mr. Thompson. So if the execution is not there, do they continue SAFETY Act coverage? Ms. Duke. That is probably a question better for you to answer. Mr. Cohen. Well, Congressman, I am not a lawyer, and I don't presume to be. We are very appreciative of the SAFETY Act and the intent to get technologies to protect the homeland. But this is an area of new law. And at some point, there will be a lawsuit or there will be an event--the very kinds of questions you are talking about in this case, performance. I have been a senior acquisition official in my time in naval research in the Navy, and I think the overriding fact here is the one of performance. And so if a provider or performer is not meeting the performance criteria to satisfy the contract, then as Ms. Duke indicated we have a variety of remedies from warnings, to termination, et cetera, all of which have been used in other instances. And I think this is an area that you have identified where Ms. Duke and I need to sit down along with the general counsel and in consultation with the Congress to find out at what level of action by the contract office do we say your performance is no longer adequate to meet the protection of the SAFETY Act certification that has been granted. Mr. Thompson. Well, before my time runs out, Mr. Chairman, I would like to get some explanation from the department to the committees here as to why the general counsel is not present for this hearing. This is clearly something in his bailiwick that he should have been here to respond to. It is a legal question, and he is the department's lawyer. And I think we would be better served if Mr. Perry was here to interpret that piece of legislation. Mr. Reichert. And we will certainly get the answer to that question. Thank you, Mr. Thompson. I think I will go to Mr. Pascrell. Mr. Pascrell. Mr. Chairman. I want to ask my first question to Ms. Duke. And in linking procurement with the SAFETY Act, the link between the act office and the procurement office, you know and I know, must be improved, and I think you are working toward that end, and both of you are. In preparing for this hearing, some in the private sector have characterized the SAFETY Act approval process as a mini- FDA, and we know that is not a very complimentary thing that we are saying there. The purpose of the SAFETY Act, as I understand it, is to get this country producing antiterrorism technologies, not to create an enormous bureaucratic regime. If a product meets a test for procurement officials, there is no reason why the SAFETY Act office should have to run through a new process to test the effectiveness of the product. How will the SAFETY Act office work with the office of procurement to achieve these results? And do you agree with my conclusion? Ms. Duke. This is something we have talked about very recently, and we are looking at ways where we can have the SAFETY Act office be in the proposal evaluation process so that we can run a parallel process. Whether they would need additional work would depend on the actual procurement on a case-by-case basis. But we do think that that is an area where we can reduce duplication by having the SAFETY Act application process integrated more completely with the proposal review process, yes. Mr. Pascrell. Would you add anything to that, Secretary Cohen? Mr. Cohen. I think as an example, you will see when SBInet, you know, goes to contract that we are taking the lead on this so that as part of the acquisition process, the due diligence and the complete review that has been done there, if that is adequate and satisfactory, then very quickly--very quickly; days, if not weeks--the SAFETY Act certification will follow. Mr. Pascrell. And that leads me to my second question to you, Mr. Secretary. You know, I don't want to get into the minutiae here. You folks know your jobs, and I think you are doing them very well. But you know, George Kennan a great architect of international affairs, said that democracy is like a huge dinosaur, and it needs its tail whacked many times. I don't, up until very recently--maybe I changed my mind a little bit. I have never sensed a sense of urgency in the Department of Homeland Security. And we are talking about American lives here. I think there is a lack of urgency. And you look at your chart to prove it in one way, and that is only just one slice since September 11th. And we talk a lot about this. We talk how important it is to protect America, and we are going to do this, and we are going to do that. But in the very nature, the very center, the very essence of attempting to do that, and something very specific of developing the science and then the technology to protect Americans, we have done a lousy job. I mean, you are going to have your hands full. You know it. We talk academically here, but you take the issue that you brought up here, the issue of liquid explosives. I mean, we talked about that right after 9/11. And here we are looking like we are reinventing the wheel 5 years later. And, you know, we are causing all kinds of havoc about what, for instance, women can carry on an airplane 5 years after 9/11. Now, we can have camaraderie here and congeniality, and we should, and be civic and civil to each other. But that is unacceptable. So when people say, you know, the question, is America safer now than it was 5 years ago, you know, I don't really have an answer for that. Maybe you do. And we can make it up politically. If you are a Democrat, you will say one thing. You are Republican, you say another thing. I can't answer that question, but I could tell you one thing. It is 5 years later and we do not have the technology to deal with liquid explosives. That is unacceptable. And I know it is unacceptable to you. So now what are you going to do about it? Let me ask you this question. On information sharing, the final regulations information state that DHS may use information that has been submitted to the department under the SAFETY Act. Who is the department planning on sharing this information with? What regulations have been established to guard this confidential information? Okay? I mean, we know that patents in certain industries are protected. This is more important, now. We are talking about life and death. And what efforts are under way to safeguard the interest of the applicants? Would you please address those three questions, sir? Mr. Cohen. I would like to take that for the record so I can give you a thorough answer, if I may. Mr. Pascrell. Yes. Mr. Cohen. Thank you. Mr. Pascrell. Thank you, Mr. Chairman. Mr. Reichert. Thank you, Mr. Pascrell. The chair will take a moment to ask a few questions. Good to see you again, Mr. Cohen. Mr. Cohen. Mr. Chairman. Mr. Reichert. We just held a hearing not too long ago, a couple of weeks ago, where you are the star witness at that hearing also. Welcome, Ms. Duke. Thank you for being here. I would like to ask unanimous consent to my opening statement also be entered into the record. I have just been listening to some of the comments and I want to cover some statements made by some of the other members of the committee and just have a brief question or two. Sometimes we look at the things that we haven't done. We have done a lot, I think. And I think most people in the country would agree that one of those indicators is that this country has not been attacked in the last 5 years, and that is a great accomplishment, I think, by the American people and its government and those who work hard to protect our country. One of the things that we often forget is that we are in a different world. We have to think about things like every container crossing the ocean headed for this country, every container on every ship, every day, and how we secure this nation and protect this country. We have to think about every airport, every airplane that lands at every airport coming from any part of this country or any part of this world. Railroads, light rail, bridges, critical infrastructure, viaducts, ferry systems, all of those things, now border patrol, and UAVs, and surveillance cameras and all of those things now. As I said in our last hearing, Mr. Cohen, you are on the hot seat and have been there for 1 month on the hot seat and understand fully what your job is. You laid out a well-thought- out organized plan to address the issues of science and technology and where we might be headed as a nation. But we can talk about method and level of communications and procurement officials and the office of SAFETY, the communication, whether it takes place or doesn't, is it formal, is it informal, is there a prequalification, is it simplified, expedited, and all those things. The bottom line is what Mr. Meek had to say. Where is the logjam? And specifically, if we can just take a look at it, if you could just go through one piece of this. We talked about interoperability, emergency communications in our last hearing. But the whole question of liquid-based explosive detection technology. Can you explain the process of that one piece of technology and where it is, and what has taken place, and kind of what the logjam has been, if there has been a logjam there? Prepared Opening Statement of the Honorable Dave Reichert I would like to thank our witnesses for joining us this morning. We greatly appreciate your appearance before us today for this joint hearing. Mr. Under Secretary--welcome--it is a pleasure to see you again. I know my staff will agree with me when I say we are grateful for all your time, outreach and diligence in only a month on the job. Although there's no doubt that you have your work cut out for you, I honestly think that the Science and Technology Directorate is in good hands moving forward. Looking back five years and two days to September 11, 2001, the world as we knew it changed forever that day. We began to realize then what we know to be true today, that victory over such single-minded killers requires every ounce of American might, commitment and know- how. As citizens and businesses alike come forward to help protect their neighbors, their children, and their grandchildren, nothing should stand in their way. In the years since 9/11, Congress has worked to remove barriers and give first responders the tools they need to be better prepared. For example, in the year following those tragic events, Congress passed the Homeland Security Act and the Maritime Transportation Security Act. During the last Congress, Congress passed the Intelligence Reform and Terrorism Prevention Act of 2004, which implemented many of the 9/11 Commission's recommendations. I am proud this Subcommittee continued this work by recently passing the 21st Century Emergency Communication Act of 2006, which will help our first responders have the communications equipment they need to effectively respond to a future terrorist attack. When it comes to emergency response, effective partnerships are of paramount importance. The federal government needs the private sector to serve as our partner in developing new technologies so that American citizens may benefit from them in the event of a disaster. Under Secretary Cohen, just last week you testified before my Subcommittee that government is not the innovator, but that you work with the private sector to ensure they are developing the next generation technologies that we need. This hearing focuses on keeping legal liability reasonably in check when a business sells a product to the government to protect our homeland--the Supporting Antiterrorism by Fostering Effective Technologies Act of 2002 or, ``the SAFETY Act.'' Congress enacted the SAFETY Act in 2002 as part of the Homeland Security Act for good reason--it is a necessary dimension of the homeland security mission. The SAFETY Act paves the way for businesses to quickly develop and deploy anti-terrorism technologies for homeland security. It accomplishes this by keeping a business' liability ``on a leash'' when it sells critical anti-terrorism technologies to the Federal government. To me it is common sense: when people or businesses want to help defend America, they should not have to worry about frivolous lawsuits. Almost four years after the Homeland Security Act of 2002, industry remains skeptical about the burdens imposed by the SAFETY Act application process and the durability of the legal protection the Act provides. Just last month, Prepared Response Incorporated, a company near my district in Seattle, Washington, earned SAFETY Act certification for its ``Rapid Responder'' crisis management system. The Rapid Responder system gives first responders a bird's-eye view of critical infrastructure with an on-the-ground accounting of key features and assets. This ``Rapid Responder'' system gives first responders instant access to a digital map and inventory of critical infrastructure including: tactical response plans, evacuation routes, satellite and geospatial imagery, exterior and interior photos, floor plans, and hazardous chemical inventories. I'm proud to say that the Rapid Responder system developed by Prepared Response now protects more than 1,500 sites nationwide, including 7,000 individual facilities. This company is proof positive that companies stand side by side with our first responders in defending our homeland. We are here today almost four years after it was enacted into law to ensure that Congress' vision for the SAFETY Act is being realized. We are here to ensure that companies like Prepared Response in Seattle can help protect their neighbors and their fellow Americans across the country, without fear of unrestricted lawsuits. I look forward to hearing from our witnesses about what we are doing to make certain that nothing keeps us from doing our utmost, day in and day out, to keep our families and our Nation, safe and secure. Mr. Cohen. Well, first of all, you know, after our last hearing I asked my people, I said, what do you think the headline will be, and they said, you are on the hot seat. So I want to assure you that I am not putting any of our resources into asbestos underwear research, sir. But on liquid explosives, there have been technologies in use for some period of time. Some of them are nascent. Some of them are mature. And some of them are direct and some of them are a spinoff of the other screening devices that we have. But the enemy is agile. The enemy is devious. The enemy is nefarious. And technology doesn't stand still just for us. It moves forward for those that would attack us. And whereas we may use technology for the good, there are people and groups that would use it for bad. And this will always be a measure, countermeasure, counter- countermeasure. That is how life goes. And so your question was where are we on the liquid explosives. Over a year ago, the Transportation Security Lab took onboard 10 COTS, commercial off-the-shelf, detectors. These are the kinds of things you see on headline news, where good people come forward and show on the T.V. what these devices can do. But we know that those don't always work as advertised, or may need product improvement, et cetera. And so those were undergoing evaluation over the last year at the Transportation Security Lab. Additionally, last April, an additional three under the SBIR program were brought on board for further evaluation. As it turns out, almost all of those were scheduled for testing at Socorro, New Mexico in August, September of this year. But then we had the events of 10 August, and I was not satisfied with the extent of the net that we had put out to find solutions for TSA, Kip Hawley, the throughput issues, the validity of the testing issues. Were there improvements we could make to screening devices by new algorithms, so that the existing sensors might have higher fidelity to see the liquids of interest without having to hold them up to handheld detectors and the time that takes? And so that is why I went forward with the request for information. I went forward immediately at the same time with the SAFETY Act proposal. And that RFI closed yesterday. We now have over 40 proposals. I am not going to tell the offerers what looks good, what looks bad. But there are a lot of very intriguing technology proposals and solutions that we are going to take within 30 days of receipt to Socorro or Tyndall Air Force Base, two different setups, and test them against full-scale, meaning 500 milliliter Gatorade-sized bottles, of the actual liquid explosives that we know are being used or proposed by the terrorists. And we will see which works. And that work we will put on a fast track into an acquisition program to enhance our screeners and our security in TSA. But as I said at my hearing previously, Mr. Chairman, I like the BSAF analogy. I don't make the device, S&T makes the device better. And so I am fast-tracking to make those devices better, to raise the level of confidence, to reduce the lines and improve the security. And I would tell you there are a lot of wolves on the porch, but this is the wolf closest to my door. Mr. Reichert. Well, just another quick follow up. Since you are on the hot seat and you are now on the fast track of this issue, in your short tenure did you identify and have you identified any logjam that may have existed prior to your taking the office in this specific area of detection technology? Mr. Cohen. I will tell you that in the dual-use world, it is the unintended use or the unintended consequences of technology that tends to give us the breakthrough. So there are many examples in drugs, and I won't, you know, detail those. But what we are finding is our DOE labs, industry and small laboratories who are working on technologies for other purposes, and when we went out and identified the need for liquid explosive detection, they had the eureka effect. They said wow, I didn't think about this, but this might be used for this purpose. And that is what we are seeing right now with these respondents. And I am excited about several of them. I think I would like to leave it at that. Mr. Reichert. Thank you. The chair recognizes Mr. Dicks. Mr. Dicks. Thank you, Mr. Chairman. And I want to thank Secretary Cohen for his great service at the Office of Navy Research over many years, and I enjoyed working with him. And I told him this morning, Mr. Chairman, that I thought it was great to have somebody at S&T who would be a leader. I mean, I think that is what the Congress basically is saying, is help us figure out a way to implement the SAFETY Act and do it expeditiously. Ninety-three pages, by the way, sounds a little bit long to me. You know, and I just have a couple questions I want to ask you. One is, some of the statements mentioned concerns about situations where we are going to use a technology, and it is going to be used overseas. I think of the container security initiative, for example. And how do you work out the liability issues there when, you know, the company that has the technology might be sued in a foreign court? What do we do about that problem? That is one that was mentioned in the panel, two people. What ideas do you have on that? Mr. Cohen. Congressman, you know it is not my style, but I will have to take that one for the record, because-- Mr. Dicks. Right. That is okay. I think we need an answer to that, though. Mr. Cohen. Yes, sir. Mr. Dicks. And we need to work with the industry on how we are going to deal with that situation. The other thing is I understand that this isn't just for federal procurements, SAFETY Act, that it is also for a situation where a company wants to, you know, protect itself and limit liability on something that he might be selling to the state and local governments or to the private sector for safety purposes. Is that correct? Mr. Cohen. That is absolutely correct, and-- Mr. Dicks. But I understand that we haven't had one single application approved for that purpose. Is there some reason that people aren't applying for that protection? Mr. Cohen. Linda? Mr. Dicks. What I am told by our learned staff back here is that all the applications so far have been for people who were trying to compete for federal procurements, that nobody has come in to try to get liability protection under the SAFETY Act for selling something either to the private sector or state and local governments. And I was just curious as to why that is. I mean, has there been adequate outreach to these companies? Why haven't they applied? Ms. Vasta. Sir, I will have to take that one for the record, but I will indicate that in the 7.5 months that I have been the acting director, I don't believe I have seen any applications that have come in under that. I can assure you that we have an aggressive outreach program planned for the SAFETY Act program which not? Mr. Dicks. Well, why don't you tell us about that? Ms. Vasta. Well, to further what Ms. Duke indicated, the outreach program will certainly reach out to the entire procurement community to educate more. We want to look at obviously not only the larger companies but also the smaller companies and those which not just the companies themselves serve but also to the government, state and local governments, and educate them on the protections that are afforded under the SAFETY Act. Mr. Reichert. Could I interrupt just for a second and ask you to state your name and title, please, for the record? Ms. Vasta. Pardon me, sir. My name is Linda Vasta. I am the acting director of the Office of SAFETY Act Implementation. I have been the acting director since mid February of this year. Mr. Reichert. Thank you. Mr. Dicks. Thank you, Mr. Chairman. I have no further questions. Mr. Reichert. Ms. Jackson-Lee? Ms. Jackson-Lee. Thank you very much to the chairman and the ranking member and ranking member of the full committee. And thank you to Mr. Cohen and to Ms. Duke and to the other presenter. I guess I want to start out with my frustration as well in terms of this whole process that has taken place and, as well, the lack of fulfillment of a commitment to you now leading the department in terms of being fully staffed. So I just want to go through a line of questioning to know whether we are real, whether the doors are open and lights are on, because it is interesting that as we approach the election, which those of you who serve us try to stay as far away as possible, I would assume, but it is, of course, in the backdrop of 9/11, a rising highlight. What are we doing about homeland security? And the SAFETY Act's good intentions were we are at the cutting edge of technology. That was in 2002. And we are now facing a situation where, one, the pipeline has been slow, and the staffing that would help streamline the pipeline along with the new changes is slow as well. So take me through your department right now. Tell me what kind of team do you have in existence and do you intend to put together to make this work. The other concern that I have is to the private sector. And there are no entities more creative than those who already have money. And that, of course, is the business sector who successfully are on the cutting edge and hopefully have a big sign and therefore they are being rewarded in the capitalistic system. My thought of this legislation was to ensure that we are seeking the cutting edge small guys and gals in the hinterlands, don't have access, but really have brainpower and have something that is really going to turn the corner of homeland security technology. So I want to know what you are doing to ensure that the large giants--and I have no angst with them--already getting ready to put Product A on the market 2 weeks from now, and they have got an application at your door, versus the Colorado mountain person who is in the mountains with their single lab, or the university labs, and they are on the verge of discovery and yet may not even be aware of the SAFETY Act, and certainly don't have the wherewithal in the midst of their research to get your attention. What kind of outreach will you have on that? And then I would be interested, as well, in--and I have looked through the bill, and I thought, well, this must be what I missed, but I am going to read it again in the minority and small business outreach. I know there is a general procurement element here, but I think, Secretary Cohen, we want to know what your mission and message is with respect to minority-serving institutions who have been the second-class citizens as relates to research and anyone knocking on their door to find out--either to encourage them to engage in this or to find out what they are doing, and specifically, of course, Hispanic-serving institutions and historically black colleges. With that, I will yield to you for a moment and hope maybe I will have a moment more to ask a question. Secretary Cohen, thank you for your service. Mr. Cohen. Thank you very much, Congresswoman Jackson-Lee. And, you know, this weekend I was down in Galveston, Texas, for the first time. Ms. Jackson-Lee. Excellent. You are in the right place, then. Mr. Cohen. And went down with my wife on my own nickel. We went down for the commissioning of the USS Texas-- Ms. Jackson-Lee. Yes. Mr. Cohen. --and it was a wonderful event. About 7,000 people showed up, and it didn't rain until 15 minutes after-- Ms. Jackson-Lee. It was outstanding. Mr. Cohen. --the event. And, you know, when people heard I was in Homeland Security, first they thanked me for my service, and then they came up to me with ideas. And this is what I find all around the country. And serendipitously, I sat next to the port director, and we have an experiment going on right now, one of three ports in Galveston, on container security, safety, et cetera, and we had a wonderful interchange. And I look forward to re-engaging with him. But your questions are right on the mark, and so let me take them one at a time. I think if we can go ahead and put up the existing organization, I think this goes to meet Mr. Meek's comments, because I think he and I are actually in violent agreement. It is not about process. It is about product. It is about the end result. It is about the security. It is about bringing, as Congressman Pascrell said, the cutting-edge technologies to the fight. And we have a long history in this country of doing that. It is not a pretty process. Science and technology, discovery, invention are not a pretty process. But where we are going, and we are going there very quickly, and it is part of my confirmation process. And also at Chairman Reichert's hearing last week I was asked about the morale of my directorate. I was asked about the turnover. I was asked about the understaffing, et cetera. And in the end, I believe in success-oriented organizations. I only served with volunteers. I expect them to work hard, to be rewarded and to achieve success, and that is mission success. And I had an all-hands yesterday with over 500 of my people, laid out the new organization, which Secretary Chertoff kindly approved last Wednesday, which was briefed to the Hill and all the staffers. I am so pleased with the bipartisan, non-partisan reception that I have received by the staff and the members. It is what I am used to from defense. And I think that is totally appropriate and heartwarming in the area of homeland security, as you have indicated. Ms. Jackson-Lee. So how many do you have on staff now? Mr. Cohen. Right now, we have 16. I have one government service employee. She has three assistants. And then we are using IDA, the Institute for Defense Analysis, on a contract basis to do the technical evaluation. Of course, those individuals must recuse themselves. They must not have holdings, all of the appropriate safeguards relative to the technologies and the companies that they are evaluating. Ms. Jackson-Lee. And how many more do you need? Mr. Cohen. We do need more, absolutely, we do need more. Ms. Jackson-Lee. How many? Mr. Cohen. This is the organization. I would like Ms. Vasta just to quickly walk through that, so that you see the rational approach that we are trying to take. I know time is short. She will make it very quick. Ms. Vasta. As the undersecretary alluded to, we currently have one federal employee. That, of course, is me. I have been acting in that position since mid-November of this year. The proposal is that we have a director for the office, which would be a federal employee; a deputy director, a program manager, and I am pleased to report that that acquisition is in process. Of course, that individual would be continuing to be supported by the contract support staff. In addition to the other federal employees that are proposed, we are looking at an economic director, as well as a technical director, as well as an outreach coordinator. These are all full-time federal employee positions. And at some point, we hope to seek funding for an on-site attorney in that office. Ms. Jackson-Lee. Right now those are all vacant? What you just listed are vacant? Mr. Cohen. I would like to say, again, this is the organization that I am going to--in 3 weeks, since coming on board the 10th of August, the secretary has approved a total reorganization which is now in place. This is a subset of that. I am used to, being a submariner, having very small groups of officers and crews, and we dual- hat. We have collateral duties. So as we put this new organization in effect over the next several weeks, and that is the time frame for this organization. I will not hesitate to reach down into the talent that I enjoy--my scientists, engineers and program managers-- and dual-hat them as necessary to ensure that we get this off to the right start, because you saw from the chart, the histogram, SAFETY Act is a growth industry, which is what we wanted all along. Ms. Jackson-Lee. Mr. Chairman, I ask unanimous consent for an additional 1 minute, because he did not finish the last two answers. And if you could quickly do that on the choice between big companies and small. I would only just answer my own question. I hear you, but right now these are vacant positions. And I will just-- Mr. Cohen. Yes, ma'am. Ms. Jackson-Lee. All right. But can you just answer the last two-- Mr. Reichert. The gentlelady's time has expired. Mr. Cohen, please answer the question that the chair-- Ms. Jackson-Lee. Thank you. An additional 1 minute-- Mr. Reichert. --because the chair has a reputation for being generous with his time, but we have a second panel with five witnesses, so if you could-- Ms. Jackson-Lee. Thank you. If you could quickly answer, I would appreciate it. Thank you. Mr. Cohen. My record at Naval Research is strong in outreach and with historically black and minority institutions. To me, the outreach should be an integrated outreach, as Ms. Duke has indicated. Everywhere we go, we need to talk about the SAFETY Act. We need to talk about the authorities that you have given me of the transaction, et cetera. That will kick-start people coming in. I am not going to share with you my own prejudices of big companies versus small companies of cutting-edge technology, but I think you had it exactly right. And Thomas Friedman, in ``The Earth is Flat''--and we addressed this last week--he had to revise his book because he was giving credit to Bangalore and China, and he was badmouthing American innovation, and he had it wrong. And he has admitted that now publicly, because it is about the innovation that we enjoy and the system of government that we have that allows protection of intellectual property and allows people to be the best that they can be. And we have not yet begun to tap all of those sources, and I commit to you the things that I did in Navy I will do in Homeland Security. That is what I have been asked to do. And we will have a very wide blanket. Ms. Jackson-Lee. Thank you. Mr. Reichert. The chair recognizes Ms. Christensen. Ms. Jackson-Lee. Thank you very much. Mrs. Christensen. Thank you, Mr. Chairman. I am going to just ask one question in the interest of time about the appeals process for the SAFETY Act application, because the rules do not allow any opportunity for an administrative or any kind of appeal. And I guess it is you that has the final word, and no question. No question can be asked. So that seems to send the wrong message, and I know that it comes up in at least one of the next panelists' testimony, and I wonder if you would respond to that. Why is it that there is no appeals process? Mr. Cohen. Well, Ms. Christensen, I am not omniscient. I have been known to make mistakes. people who work for me may make mistakes. And to the extent that we can do process improvement, I look forward to the thoughts of the next panel and working with industry, working with our customers, because you are right, I don't want to send any message that in any way limits participation. We live in a democracy, and I believe that should pervade all of our processes. Mr. Reichert. Thank you. I would like to thank the witnesses for your valuable testimony. This panel is excused. And I would ask that the second panel take their seats, please. Welcome. Thank you for being here today. We appreciate your taking time to be with us. We all have very busy schedules. And if I could just remind the witnesses to abbreviate your testimony and allow us time to ask questions. I know some of the other members have to move on to other appointments. First, I would like to recognize Mr. Howell, the vice president of the homeland security policy division for the U.S. Chamber of Commerce to testify. Mr. Howell? STATEMENT OF ANDREW HOWELL, VICE PRESIDENT, HOMELAND SECURITY POLICY DIVISION, U.S. CHAMBER OF COMMERCE Mr. Howell. Thank you. I would like to thank Chairman Rogers, Chairman Reichert, Representative Meek and Representative Pascrell and all members of the two subcommittees for the opportunity to testify here today. My name is Andrew Howell, and I am vice president of homeland security policy at the U.S. Chamber of Commerce. The chamber represents more than 3 million businesses through our federation, which includes direct corporate members of all types and sizes, trade and professional associations, state and local chambers of commerce and 104 American chambers of commerce around the world. I would like to express our appreciation to the subcommittees for holding this hearing on the SAFETY Act. The program is one of the few incentives to spur the development and deployment of cutting-edge technologies, services and systems to protect our homeland. Ensuring the security of our citizens should be America's top priority. The SAFETY Act is an important tool to realize that objective. The chamber applauds the Department of Homeland Security's efforts to ensure that the SAFETY Act provides the protections intended by Congress. The final regulations issued in June provide needed certainty in several areas: The definition of an act of terrorism, coordination of the timing of SAFETY Act awards with antiterrorism procurements, explanation of the relationship between the SAFETY Act and indemnification, and a process for SAFETY Act protections en masse through block designations and block certifications. Additionally, we were pleased to see a process for SAFETY Act awards when products are in the developmental test and evaluation phase. Let me now expand on each of these areas. Terrorism is a global issue that demands a global policy response. However, U.S. regulation does not easily reach foreign shores. Given this reality, how can we protect firms providing antiterrorism technologies abroad? In the final SAFETY Act regulation, DHS notes, ``The department does not interpret the language of the SAFETY Act to impose a geographical restriction for purposes of determining whether an act may be deemed an act of terrorism.'' Additionally, the regulation says that an act on foreign soil may indeed be deemed an act of terrorism for purposes of the SAFETY Act, provided that it causes harm in the United States. The department interprets harm in this context to include harm to financial interests. We agree with this approach, which protects vendors advancing U.S. homeland security policy interests by deploying technology abroad. At the same time, there may be areas where this definition is not sufficient. Therefore, in some cases, it will be necessary to combine SAFETY Act protections with indemnification offered by Public Law 85-804. We are pleased that DHS in the final regulation acknowledges this approach ``might appropriately be made available.'' We look forward to further guidance in this area. Regardless, however, of the location of antiterrorism technology deployments, DHS has struggled to coordinate acquisition and procurement with the SAFETY Act award determinations. We have heard a little bit about that. Recent DHS practice as well as the text of this final SAFETY Act rule demonstrate its progress. The advanced spectroscopic portal monitor and SBInet procurements which were mentioned earlier are steps in the right direction. However, consideration of SAFETY Act has consistently been left until after the release of DHS procurements. Acquisition professionals, in our view, should systematically consider the SAFETY Act early in the acquisition process, not at the end. Another area where DHS has made progress is in the block designations and block certifications, which would award SAFETY Act to vendors whose solutions or products meet a predetermined specification. We would like to see details on how this good idea will work. At the same time, the block designation section of the new SAFETY Act application is the only reference to a streamlined process, which is essential. We are eager to see specifics in this area. One more area I would like to cover is developmental test and evaluation designations. By providing coverage in this area, the new regulation embraces the spirit of the SAFETY Act, which was to spur the development of new technologies. We are keen to see how this process will function and will work with DHS to ensure that it works smoothly and effectively. Clearly, in our view, DHS has made great strides in this new regulation and new application kit. At the same time, DHS must implement several new and updated business processes for the SAFETY Act to reach its potential. The first is the new application kit now open for comment. This kit asks applicants for the information that DHS is actually now using to make decisions. Of course, there is still room for refinement. We also hope that DHS will soon publish a streamlined SAFETY Act kit. Last year, the chamber joined with the Professional Services Council and others to provide recommendations in this area. We are eager to see how DHS utilizes our suggestions. In conclusion, we congratulate DHS for all the work done to implement the SAFETY Act more effectively and efficiently. At the same time, government and industry must continue working in partnership for this program to realize its potential to protect the American public. Thank you for this opportunity to testify today, and I look forward to any questions or comments you might have. [The statement of Mr. Howell follows:] Prepared Statement of Andrew Howell Introduction I would like to thank Chairman Rogers, Chairman Reichert, Representative Meek and Representative Pascrell, and all Members of the Subcommittee on Management, Integration and Oversight, as well as the Subcommittee on Emergency Preparedness, Science and Technology, for giving me the opportunity to testify before you today. My name is Andrew Howell, and I am the Vice President for Homeland Security Policy at the U.S. Chamber of Commerce. The U.S. Chamber of Commerce (``the Chamber'') is the world's largest business federation, representing more than 3 million businesses through our federation, which includes direct corporate members of all types and sizes; trade and professional associations; state and local chambers through the United States; and 104 American Chambers of Commerce abroad (AmChams) in 91 countries. On behalf of the Chamber, I would like to express our appreciation to the two subcommittees for providing this opportunity to comment on the implementation of the ``Support Anti-Terrorism by Fostering Effective Technologies Act (SAFETY Act)''. We applaud your efforts to bring attention to this important program, which is one of the few incentives offered to spur the development and deployment of cutting- edge technologies, services and systems to protect our homeland. The Chamber believes that ensuring the security of our citizens should be America's top priority. The SAFETY Act is an important tool necessary to realize that objective, and one that helps to harness the creativity and innovation of the private sector. We look forward to working with members of this committee, and the appropriate subcommittees, as you conduct important oversight of this key DHS program. The Final SAFETY Act Implementing Regulation The Chamber applauds the Department of Homeland Security in its efforts to ensure that the SAFETY Act provides the full protections intended by Congress. The final regulations issued on June 8, 2006 provide much-needed certainty on this critical program in several key areas: The definition of an act of terrorism; Coordination of the timing of SAFETY Act awards with important federal anti-terrorism procurements; Explanation of the relationship between the SAFETY Act and indemnification under Public Law 85-804; and A concrete process for the use of SAFETY Act protections en masse through ``block designations and ``block certifications.'' Additionally, we were pleased to see an explicit process for SAFETY Act awards when products are in the developmental test and evaluation phase, which can either test a promising anti-terrorism technology or identify something that may form the basis for future anti-terrorism technologies. Let me now expand on each of these areas, which we consider to be among the most important parts of the new regulation. Definition of an act of terrorism As you know, terrorism is a global issue that demands a global policy response. For example, Homeland Security Presidential Decision Directive 13 notes that: The security of the Maritime Domain is a global issue. The United States, in cooperation with our allies and friends around the world and our state, local and private sector partners, will work to ensure that lawful private and public activities in the Maritime Domain are protected against attack and criminal and otherwise unlawful or hostile exploitation. Additionally, the Container Security Initiative, announced several years ago by former Customs and Border Protection Commissioner Robert Bonner, is based on the principal of ``pushing our border out'' by stationing U.S. Customs and Border Protection officers at foreign ports shipping goods to the United States. However, as we all know, U.S. regulation does not easily reach foreign shores. Given this reality, in the context of the SAFETY Act and the global nature of our homeland security policy, how can the government effectively protect firms providing anti-terrorism technologies abroad, where U.S. regulations have limited impact? Recognizing the need to think differently on the liability threat facing firms selling anti-terrorism technologies that would carry out U.S. policy objectives, our comments in August of 2003 on the proposed SAFETY Act regulation, pointed out the need to clarify the definition of an ``Act of Terrorism'' to provide clarity for vendors selling anti- terrorism technologies for deployment abroad. In the final SAFETY Act implementing regulation, DHS offers thoughtful language in this regard, noting that ``The Department does not interpret the language of the [SAFETY] Act to impose a geographical restriction for purposes of determining whether an act may be deemed an `Act of Terrorism' ''. Additionally, the regulation notes that ``an act on foreign soil may indeed be deemed an `Act of Terrorism' for purposes of the SAFETY Act provided that it causes harm in the United States. The Department interprets `harm' in this context to include harm to financial interests.'' In our view, this appropriately protects vendors with financial interests--including equity stakes, shareholders, plants, assets and the like--from an Act of Terrorism abroad if it affects the value of those financial interests in the United States. Relationship between the SAFETY Act and indemnification under Public Law 85-804 At the same time, there may be areas where this definition does not sufficiently protect a firm with an overseas deployment of technology-- particularly if a product liability lawsuit is brought in a court outside of the United States. Therefore, we believe it is necessary, in some cases, to combine SAFETY Act protections with the benefits of Public Law 85-804, which allows the Government to indemnify private parties acting on the Government's behalf. In our view, those deploying anti-terrorism technology abroad in support of U.S policy to push our borders out, are, in effect, acting on the government's behalf. Therefore, these technologies would be obvious candidates for a dual track SAFETY Act/ P.L. 85-804 approach. This is something we have been calling for since our comments of August 2003 on the Proposed Implementing Regulations for the SAFETY Act. We are pleased that the department, in this final regulation, acknowledges that a combined SAFETY Act/P.L. 85-804 approach ``might appropriately be made available.'' At the same time, we look forward to seeing further guidance from DHS in this area so that important programs with both domestic and international deployments--like perhaps SBINet--can benefit from a strong pool of bidders, undeterred by potential liability concerns. Coordination with anti-terrorism procurements Regardless of the location of the anti-terrorism technology deployment, however, one very basic element of a comprehensive SAFETY Act program implementation has been lacking--coordination between acquisition and procurement and SAFETY Act determinations. The Chamber, in collaboration with our members and several other trade associations, has been working hard with procurement officials and DHS leadership to build SAFETY Act provisions into important procurements. However, this approach has been haphazard and has too often been in reaction to a procurement that has already been issued. Recently, as well as in this final SAFETY Act rule, DHS has appropriately recognized the need to coordinate SAFETY Act benefit determinations with acquisition and procurement operating procedures. The establishment of a ``Pre-Qualification Designation Notice,'' is a good tool for federal buyers to use during the early stages of acquisition and would be accompanied by an ``expedited review of a streamlined application for SAFETY Act coverage. . .and, in most instances, establish the presumption that the technology under consideration constitutes a QATT'' (i.e. qualified anti-terrorism technology), according to the new regulation. We are also pleased to see this rule states that the Office of SAFETY Act Implementation (OSAI) may also expedite applications for vendors responding to an ongoing solicitation and that the Department may unilaterally decide that a procurement is eligible under the SAFETY Act. While there are still details to be worked out--for example, the timeline for an application being expedited--these are all steps in the right direction. However, all the process improvements in the world will not help unless DHS simultaneously strengthens its procurement and acquisition corps. We need to find a way to help DHS procurement officials better research markets; plan their procurements; develop meaningful performance metrics; and buy goods and services cost effectively. Incorporating the SAFETY Act into the process of planning an acquisition is essential, and because it is a new program, training will be absolutely essential. By taking the time to carefully consider performance metrics, liability concerns and the role of the SAFETY Act prior to developing and issuing a request for proposals (RFP), our government, our citizenry and the anti-terrorism technology vendor community can do a better job managing risk and protecting our homeland. Block designations and block certifications Another area where DHS has made significant progress in this final regulation is the strong statement made for block designations and block certifications. The department decides that all solutions or products that meet a certain specification can be deemed to have streamlined SAFETY Act reviews. From our perspective, there are several programs where this mechanism should be used in the near term. One that comes to mind is the Registered Traveler (RT) program. Vendors of RT solutions, as you may know, will all have to meet a certain specification set by the Transportation Security Administration. Therefore, it would make sense to designate or certify this group of services, which will be more widely deployed later this year. At the same time, it is worth noting that the block designations section of the new SAFETY Act kit is the only place in the entire document that makes mention of a ``streamlined'' process. We believe that there are many areas where DHS can and should streamline the technology evaluation process, and we are eager to understand how the Department intends to carry this out. Developmental test and evaluation efforts One final area in the final regulation that merits attention is the section on developmental testing and evaluation designations. The SAFETY Act is designed to spur the development of new technologies; this specific category of SAFETY Act application provides further details on exactly how DHS plans to work with industry partners to protect them from liability in the risky, early stages of a program. We all know that liability can, indeed, extend all the way back to the development phases of a technology. Therefore, awarding SAFETY Act benefits is entirely appropriate. Of course, once the benefits of the developmental test and evaluation segment of a SAFETY Act certification's benefits have expired--presumed to be 36 months in the regulation and kit--some applicants will, we hope, want to extend their coverage. How DHS handles the continuation of benefits--whether a firm has to fill out an entirely new kit, simply file a modification application, or exercise some other alternative--will need to be worked out. We are eager to see exactly how that process will work, and we will work with DHS to ensure that it functions smoothly and effectively for both the government and the applicant. Beyond the Implementing Regulations_Making the SAFETY Act Reach its Potential as an Anti-Terrorism Tool In order to make the SAFETY Act reach its true potential, DHS must implement several new and updated business processes. The first such process is a new application kit. Now open for public comment, we believe this new kit effectively asks applicants for the information the Department is now actually using to make evaluation decisions. At the same time, while the questions asked are more precise and better guide applicants to provide the right data, we believe the overall burden on the applicants does not, at this point, seem to be reduced. Therefore, we hope that DHS will continue to work with us and others to limit the amount of information that application evaluators seek, while also making the SAFETY Act process as effective as possible. We also hope that DHS will soon develop and publish a streamlined SAFETY Act kit. In September, the Chamber joined with a host of other organizations--including the Professional Services Council, the National Defense Industrial Association; the Information Technology Association of America and the Aerospace Industries Association--to develop our version of an effective, streamlined kit for use in specific circumstances. Attached for the record is a letter transmitting our vision of an effective streamlined kit, complete with instructions for DHS. In this document, we focused on gaining efficiencies and reducing redundancies across the Department. In our view, there is significant overlap between the SAFETY Act office's evaluation process and the review a procurement officer leads when assessing the efficacy of a product, service or integrated solution. As a result, we believe that for purposes of the SAFETY Act, deference can and should be given to the procurement evaluation--whether for an ongoing solicitation or for a prior procurement. Of course, with regard to procurement, we must congratulate DHS officials for the many strides they have made to more effectively link SAFETY Act determinations and procurement awards. DHS thoughtfully issued a revised Request for Proposal (RFP) for its Advanced Spectroscopic Portal monitor procurement that included SAFETY Act protection for the winning bidder after realizing the liability challenges vendors would face from deploying this bleeding-edge technology. On its SBINet procurement, DHS included language in the original document, and then supplemented it with subsequent modifications. However, in both of these cases, the SAFETY Act was omitted in the initial procurement process, leaving thoughtful DHS officials to address the liability issue once bidders began asking how their liability concerns would be addressed. As we all know, issuing a procurement is the end of a process which begins with market research and continues through the establishment of program requirements and metrics. To date, federal government acquisition professionals have not systematically included consideration of liability issues--and utilization of the SAFETY Act to mitigate those issues--early in the overall acquisition process. As a result, those of us working on this program from the outside are left at the very last moment--preparation of a request for proposals--to try and have the SAFETY Act integrated into the procurement. In order to achieve this, changes must be made to both the Department's acquisition regulations as well as the Federal Acquisition Regulation (FAR). We understand both are underway, and that is to be applauded. As soon as the Department and the FAR Council (which recommends changes to the federal purchasing rules) finish their work, the SAFETY Act can systematically be integrated into anti-terrorism procurements across the government Once these steps have been taken, of course we anticipate there would be aggressive training of acquisition and procurement staff across the government. DHS and other federal acquisition and procurement officials need to better understand the SAFETY Act and appreciate how it provides benefits to buyers and vendors. At the same time, guidance for state and local buyers--especially those receiving federal money to buy anti-terrorism equipment, services, technology and the like--is essential. Because federal tax dollars are being spent to secure our homeland at the local level, and because the SAFETY Act is not just for federal anti-terrorism procurements, DHS officials should find ways to educate the state and local homeland security community. By taking this step, state and local officials could either incorporate the Act into their acquisition process or buy technology that has already been certified or designated as a qualified anti-terrorism technology by DHS. Of course, since 85% of our critical infrastructure is in private sector hands, this is also an important community that needs to appreciate the SAFTEY Act's benefit. Important steps have been taken in this regard, most recently through the release of the National Infrastructure Protection Plan, which includes a section on the SAFETY Act and outlines its benefits for critical infrastructure owners and operators. Conclusion In conclusion, we congratulate DHS for drafting and issuing a final rule that sets the appropriate legal framework for the deployment of anti-terrorism technologies, services and systems by federal, state, local and commercial buyers. This regulation will help make us safer by providing needed protection for vendors and buyers. We also would note the excellent work that has been done drafting a new application kit that effectively implements this regulation. At the same time, more needs to be done to have this program realize its true potential. As I have just outlined, issuing a new application kit with streamlined review processes; building the SAFETY Act into the acquisition process early on; training procurement and acquisition officials at all levels of federal, state and local government; modifying internal DHS acquisition rules; and concluding the FAR Council's work to provide needed guidance for federal government buyers are all essential steps. Collectively, these steps will create a more robust homeland security environment where sellers of anti-terrorism technology innovate and deploy tools that most effectively protect the American public. We thank you for this opportunity to testify today, and hope that this Committee will continue to exercise appropriate oversight to ensure that this program works to enhance the security of our homeland. We stand ready to assist you as you move forward in this effort. Mr. Reichert. Thank you, Mr. Howell. The chair now recognizes Mr. Meldon. STATEMENT OF MICHAEL MELDON, EXECUTIVE DIRECTOR, HOMELAND SECURITY AND DEFENSE BUSINESS COUNCIL Mr. Meldon. Thank you, Mr. Chairman. Just before I start my remarks, may I say that I was one of the people that participated in the call that Undersecretary Cohen had with industry about liquid explosive detection. There was a sense of urgency in that call. He took action. When the call to action went out, industry responded, and that is evinced by the actions and the responses that he go back. So we applaud that action, and we want to commend him for that. Good afternoon, Chairman Rogers, and Chairman Reichert and distinguished members of the subcommittee. My name is Michael Meldon, and I am the executive director of the Homeland Security and Defense Business Council. I am testifying on behalf of our member companies. The Homeland Security and Defense Business Council is a non-profit, non-partisan organization that represents good governance and successful program outcomes. The council offers straight talk and honest assessments of programs, technology and processes that are integral to the mission of the Department of Homeland Security. The council's goal is to be a world-class private-sector component and partner to the public sector in all significant areas of homeland security, to include risk mitigation, mission effectiveness and management efficiency. The council appreciates the opportunity to present our industry perspective on the SAFETY Act final rule recently released by the department. There are a number of very positive changes that have occurred in the business processes and guidelines surrounding the SAFETY Act. To highlight some of these, the final rule makes these changes to the SAFETY Act. A, it provides that technology includes services as well as equipment and software. B, it removes the need for antiterrorism technology sellers to offer insurance coverage to third persons for acts of suppliers, vendors and subcontractors used to supply that technology. C, lets a seller of qualified antiterrorism technology make changes to the product that modify its capabilities without approval by or even notice to DHS, and without the loss of the liability protections provided by the SAFETY Act. D,, grants DHS the right to create so-called block designations and certifications for certain categories of antiterrorism technology. And finally, addresses DHS's policy on safeguarding proprietary information regarding applications for antiterrorism designation and certification. The new rule also addresses the application evaluation timeliness issues. We have seen from an industry perspective the information provided in the department's announcement of the final rule states that in the first 16 months following the passage of the SAFETY Act, six QATs, qualified antiterrorism technologies, were approved, and an additional 68 technologies were approved by March of 2005. What this does not address is the number of applications that have been received by the department for which no action has been taken, and we are hopeful that as a result of the changes these applications will be expeditiously adjudicated. Several issues remain in the SAFETY Act and its intended implementation, and I will focus the remainder of my time on those issues. Number one, anticipated changes in the insurance industry. Insurance companies and the federal government paid more than 90 percent of the $38.1 billion awarded to victims of the 9/11 terrorist attacks, according to a 2004 study by the RAND Corporation. Secondly, because of concerns about an avalanche of claims, Congress capped liability for airlines, airports, ports and cities and established the 9/11 Victim Compensation Fund of 2001. To use it, recipients had to waive the right to sue. Still, about 70 families eventually filed wrongful death suits against the airlines. Third, the potential liability exposure continues to be closely examined by the insurance industry as well as others, and the business considerations that resulted from that review are being implemented through new policy terms and conditions. And finally, thankfully the United States has not suffered a terrorist attack or resulting lawsuit since the fall of 2001, so the protections of the SAFETY Act haven't come into play. But industry's concern about liability is no less real. The government contractor defense. One, implementation and guidance regarding the government contractor defense is noted in the final rule as an area where DHS still owes industry specific direction and policies and procedures. Two, the presumption of the government contractor defense applies to all approved qualified antiterrorism technologies for all claims brought in any kind of lawsuit arising out of, relating to, resulting from an act of terrorism when qualified antiterrorism technologies have been deployed in defense against or response or recovery from such act, and such claims may result or may result in loss to the seller. While the government contractor defense is a judicially created doctrine requiring the contractor provider to provide essential elements in order to qualify for the defense, the SAFETY Act supplants the case law so that once the secretary approves the application for this additional protection, the government contractor defense applies. Three, the statutory government contractor defense available under the SAFETY Act provides immunity not only against all claims that might be brought by third parties relating to sales to the government, it also applies to purely private transactions. Fourth, under existing case law the government contractor defense is available only if the contractor manufactured the product in question in accordance with reasonably precise federal government specifications. And this is important. Under the SAFETY Act, this is not the case. In reviewing an application, the secretary will perform a comprehensive review of the designation of such technology and determine whether it will perform as intended, conforms to the seller's specifications and is safe for use as intended. The act also provides that the seller will conduct safety and hazard analysis and supply such information to the secretary. Next, this suggests that unlike the existing judicially crated government-- Mr. Reichert. Mr. Meldon, excuse me. Could I ask you shorten and be brief in your closing comments? I am going to lose two members here in the next few minutes, and we want to give them some time to ask a question or two. Mr. Meldon. Absolutely. Mr. Reichert. Sorry. Mr. Meldon. Not at all. Let me summarize, then. The proposed rule clearly adopts broad protections provided by the case law to the SAFETY Act version of the government contractor defense. Next is the secretary may designate a technology as qualified antiterrorism technology, and he must examine the amount of liability insurance that the seller intends to maintain for coverage of the technology and certify that that level is appropriate, so that the secretary predetermines the amount of secondary coverage that industry needs for qualified antiterrorism technology. Under accuracy and completeness, we note that that is also determined by the secretary in his review and is not against any particular federal standard that we are aware of at this time. Modifications to qualified antiterrorism technology may occur on an ongoing basis. This raises the issue, however, that deals with QAT that has undergone in-place upgrades and enhancements without specific DHS review. And finally, we want to reiterate the council's view that a number of very positive changes have occurred in the business processes and guidelines surrounding the SAFETY Act and that, in general, we are pleased with the modifications. And we want to congratulate and commend the secretary of the Department of Homeland Security for his personal involvement in the final rule and the new regulations. Thank you very much. [The statement of Mr. Meldon follows:] Prepared Statement of Michael M. Meldon Good afternoon, Chairman Rogers, Chairman Reichert, and distinguished members of the subcommittee. My name is Michael Meldon and I am the Executive Director of the Homeland Security and Business Council. I am testifying on behalf of our member companies. The Homeland Security & Defense Business Council is a non-profit, non- partisan organization that represents good governance and successful program outcomes. The Council offers ``straight talk'' and honest assessments of programs, technology, and processes that are integral to the mission of the Department of Homeland Security. The Council's goal is to be a world class private sector component and partner to the public sector in all significant areas of homeland security to include risk mitigation, mission effectiveness, and management efficiency. The Council appreciates the opportunity to present our industry perspective on the SAFETY Act Final Rule recently released by the Department of Homeland Security. There are a number of very positive changes that have occurred in the business processes and guidelines surrounding the SAFETY Act. To highlight some of these, the final rule makes these changes to the Safety Act: Provides that a technology includes services as well as equipment and software. This means maintenance contractors may be entitled to liability protection if they service equipment used for anti-terrorism purposes, or if they provide design, consulting, analysis or other professional services. Removes the need for anti-terrorism technology sellers to offer insurance coverage to third persons for acts of suppliers, vendors and subcontractors used to supply the technology. This expands the bargain struck in the Safety Act, which exchanged limitations on the seller's legal liability to the public for a requirement that the seller get liability insurance coverage. Lets a seller of a qualified anti-terrorism technology make changes to the product that modify its capabilities without approval by, or even notice to, DHS, and without loss of the liability projections provided by the Safety Act. Under the interim rule, a seller that made significant modifications to the technology that reduced its capabilities could lose its liability protection as of the time the change was made. Under the final rule, however, if the product modification is so significant that the product would no longer qualify for liability protection, and then the seller is required to give notice to DHS. The product retains the liability protections until DHS takes affirmative steps to terminate its qualification. Grants DHS the right to create so-called block designations and certifications for certain categories of anti- terrorism technologies. Sellers whose technologies fall within these will not have to demonstrate their technology's technical merits. They will be entitled to receive the liability protections simply by submitting an abbreviated application showing that the technology is covered by the pre-approved block determination. Addresses DHS' policy on safeguarding proprietary information regarding applications for anti-terrorism designation and certification. The new rule also addresses the application evaluation timeliness issues we have seen from an industry perspective. The information provided in the Department's announcement of the Final Rule (6 CFR Part 25, [USCG-2003-15425]/RIN 1601-AA15) states that in the first 16 months following the passage of the SAFETY Act, 6 QATT's were approved and an additional 68 technologies were approved by March 2005. What this does not address is the number of applications (thought to be in the hundreds) that have been received by the Department for which no action has been taken. Several issues remain in the SAFETY Act and its intended implementation and I will focus the remainder of my time on these issues. Anticipated changes in the insurance industry The SAFETY Act was designed to encourage firms to bring homeland security products to market by eliminating the ``bet-your-company'' risk that might turn some of them away. Insurance companies and the federal government paid more than 90 percent of the $38.1 billion awarded to victims of the Sept. 11 terrorist attacks, according to a 2004 study by the nonprofit RAND Corp. Because of concerns about an avalanche of claims, Congress capped liability for airlines, airports, ports and cities and established the Sept. 11 Victim Compensation Fund of 2001. To use it, recipients had to waive their right to sue. Still, about 70 families eventually filed wrongful death suits against airlines. Plaintiffs also sued the former Riggs Bank--alleging that lax oversight facilitated the financing of two hijackers--and 12 families of firefighters sued Motorola Inc. and New York City over faulty hand- held radios. That suit later was thrown out of court. The nature of these suits and the potential liability exposure was closely examined by the insurance industry as well as others and the business considerations that resulted from their review are being implemented through new policy terms and conditions. Thankfully, the United States has not suffered a terrorist attack, or resulting lawsuits, since the fall of 2001, so the protections of the SAFETY Act haven't come into play. But industry's concern about liability is no less real. Large contractors bolstering the blast- resistance of bridges, ports and other hard targets; system integrators designing buildings and technological systems; manufacturers of infrared cameras and motion detectors on the border; and biotech firms supplying vaccines all could face lawsuits after a terrorist attack. Government Contractor Defense Implementation and guidance regarding the Government Contractor Defense is noted in the Final Rule as an area that DHS still owes industry specific direction and policies/procedures. The presumption of the government contractor defense applies to all ``approved'' qualified anti-terrorism technologies for all claims brought in any kind of lawsuit ``arising out of, relating to, or resulting from an act of terrorism when qualified anti-terrorism technologies . . . have been deployed in defense against or response or recovery from such act and such claims result or may result in loss to the Seller.'' While the government contractor defense is a judicially created doctrine requiring the Contractor/Provider to prove essential elements in order to qualify for the defense, the SAFETY Act supplants the case law so that once the Secretary ``approves'' the application for this additional protection, the government contractor defense applies. Significantly, the statutory government contractor defense available under the SAFETY Act provides immunity not only against all claims that might be brought by third parties relating to sales to the government, it also applies to purely private transactions. Thus, once the Secretary ``approves'' a qualified anti-terrorism technology for this additional protection, the Contractor/Provider is immune from liability relating to sales of that technology in the commercial sector. Moreover, under the case law, the government contractor defense is available only if the contractor manufactured the product in question in accordance with reasonably precise federal government specifications. Under the SAFETY Act, that is not the case. In reviewing an application, the Secretary will perform a ``comprehensive review of the design of such technology and determine whether it will perform as intended, conforms to the Seller's specifications, and is safe for use as intended.'' The Act also provides that the Seller will ``conduct safety and hazard analyses'' and supply such information to the Secretary. Thus, unlike the existing judicially created government contractor defense, the DHS statutory government contractor defense will protect Contractor/Providers of technology in the commercial marketplace and will allow qualified anti-terrorism technologies to be approved for such treatment even if a federal specification is not involved. The proposed rule clearly adopts the broad protections provided by the case law to the SAFETY Act's version of the government contractor defense. The proposed rule recognizes that the scope of the defense is very broad, and expressly states that Sellers of ``approved'' qualified anti-terrorism technologies cannot be held liable under the SAFETY Act for design defects or failure to warn claims (unless the presumption is established through evidence that the Seller acted fraudulently or with willful misconduct in submitting information to the Secretary in connection with its application). As noted above, applications to gain this protection may be submitted simultaneously with the application for ``designation'' as a qualified anti-terrorism technology. The immunity provided by the statutory government contractor defense is a remarkable protection afforded to sellers of anti-terrorism technologies, and we expect most sellers of such technologies to submit applications. The court and case law test of DHS' interpretation will unfortunately be played out against another tragedy (hopefully averted) and the use of the DHS statutory rule which may come under pressure since it departs from the current PL 85-804. Exclusive Federal Jurisdiction and Scope of Insurance Coverage The Final Rule establishes that before the Secretary may designate a technology as a qualified anti-terrorism technology, he must examine the amount of liability insurance the Seller intends to maintain for coverage of the technology and certify that the coverage level is appropriate to satisfy otherwise compensable third-party claims that may be caused by an act of terrorism when qualified anti-terrorism technologies have been implemented. The SAFETY Act also provides that Contractor/Providers are not required to obtain insurance in excess of the maximum amount reasonably available that would not unreasonably distort the sales price of the anti-terrorism technology. The rule states that the Secretary does not intend to set a numerical ``one-size-fits-all'' level of insurance requirement for all technologies. Instead, the required level of insurance will be determined on an application-by-application basis and will be based upon the examination of several factors, including: ``the amount of insurance the Contractor/Provider has previously maintained; the amount of insurance maintained for other technologies or for the business as a whole; the amount of insurance typically maintained by sellers of comparable technologies; data and history regarding mass casualty losses; and the particular technology at issue.'' The rule also suggests that the Secretary might confer with the Contractor/Providers, and insurance carriers, to determine the appropriate level of insurance to require for a particular application. The proposed rule recognizes that over time the appropriate level of insurance may change based on the market for insurance, the predominance of a particular threat, and other factors. Accordingly, the Contractor/Provider is allowed to seek reconsideration of the insurance required. The impact for not maintaining the required level of insurance are also addressed in the rule. If a Contractor/Provider allows its insurance to fall below the required level of insurance, the protections of the SAFETY Act will still apply. However, the maximum liability of the Contractor/Provider remains at the required level of insurance so they may be subjecting itself to an uninsured liability. In addition, allowing the insurance to fall below the required level will be regarded as a negative factor by the Secretary for any future application for renewal of the SAFETY Act protections and might be considered as a negative factor for any other SAFETY Act applications submitted by the same Contractor/Provider. Confidentiality of Information Under the Freedom of Information Act, Trade Secrets Act and other federal statutes, trade secrets and other proprietary information submitted to DHS by an applicant remain confidential. In the final rule, however, DHS has taken the position that all information submitted by an applicant, whether or not proprietary or a trade secret and including the applicant's identity, will be withheld from disclosure. The breadth of the information that DHS may withhold is subject to debate, and DHS has staked out an aggressive position. Parties submitting applications for anti-terrorism technology designation or certification still should be careful because courts frequently have taken a more nuanced view of the proper balance between protecting commercially valuable information and the public's right to examine the decisions of its government agencies. Certifying ``accuracy and completeness'' The standard for performance of this final rule clause is almost impossible to determine--yet the industry case will rest heavily on the process that led them to seek the QATT in the first place. The parameters used for ``accuracy and completeness'' are also likely to be used in determining negligence or fraud. Since DHS is not dealing with a detailed federal government specification for defined products, services and support the method for certifying ``accuracy and completeness'' remains subjective. Significant Modification to a Qualified Anti-Terrorism Technology The final rule discusses the provisions of ongoing modification to QATT in service. The issue that this raises, however, deals with QATT that has undergone in place upgrades and enhancements without specific DHS review. The worst case scenario suggests that DHS could develop a finding that determines that a product thought to be on the QATT and covered with appropriate liability insurance, is not and a fraud has occurred. Third parties in this scenario then have additional options to recover from claims. However horrific it seems, the potential test of this rule could be in the aftermath of a significant terrorist attack on the US and the availability of 'clear and convincing evidence' to support claims against a Seller may not be possible. Scope of Insurance Coverage The final rule creates a single cause of action with exclusive jurisdiction in a federal district court. As a result, we might expect to see plaintiffs suing in foreign countries whenever possible to avoid the liability limitations of the Act. Industry will be carefully considering appropriate corporate structures necessary to ameliorate this possibility and to keep federal causes of action in the United States. Reconsideration of Designations The final rule also suggests that a designation as a qualified anti-terrorism technology will last for five to eight years and may be renewed, but seeks comment on this proposed duration. The SAFETY Act does not contain any time limit on the length of the ``designation.'' There appears to be no logical reason why there should be any time- based limitation on the designation as a QATT--a technology that meets the criteria today and is afforded the protections of the statute, should be eligible for the same protection so long as the technology is available and in service. Mr. Reichert. Thank you, Mr. Meldon. The chair recognizes Mr. Soloway, president of the Professional Services Council. STATEMENT OF STAN SOLOWAY, PRESIDENT, PROFESSIONAL SERVICES COUNCIL Mr. Soloway. Thank you, Chairman Reichert, distinguished members of the subcommittee. I appreciate the invitation to testify this morning. My name is Stan Soloway. I am president of the Professional Services Council, which is the leading national trade association of the government professional and technical services industry. Many of our member companies are currently actively supporting DHS's critical mission. Many have applied for coverage under the act or are planning to do so. Despite a slow start, significant progress on implementation of the SAFETY Act has been made in the last few months. And we certainly compliment and join the chorus of compliments to the Department of Homeland Security staff and particularly the leadership from the Office of the Chief Procurement Officer and the general counsel's office, Admiral Cohen and others for bringing us to this point. More work does remain to be done, however. And in the interest of time and not to be redundant with my colleagues, let me just focus on a few key issues. The department has been consistently clear and reasserted in this final rule that services are fully eligible for SAFETY Act coverage. The department in the final rule has restated its intent to assert appropriate exemptions to protect proprietary information submitted by companies during the application process. They have clarified the scope of SAFETY Act coverage by allowing for block designations and block certifications for groups of technologies and, as Mr. Howell and others have mentioned, creating a new category of coverage, developmental test and evaluation. All of these are excellent signs of progress, and we are fully supportive of this approach. But as the program continues to be a work in progress, so, too, are these final regulations. There are additional steps the department should take, such as issuing a streamlined application kit so that companies can take full advantage of the new flexibilities, provide more clarity in addressing the relationship to federal and other procurement opportunities, and more clarity as well to address the relationship between the SAFETY Act and the extraordinary contractual relief available for federal procurement opportunities under Public Law 85-804. Following the release of the final rule, the department issued in August an updated application kit, and by and large we are supportive of the new kit. It is consistent with the final rule and does include relevant application forms for the new block designation, block certification and DT&E designation. The kit addresses the concerns PSC and others raised at the department and the Office of Management and Budget's Office of Information and Regulatory Affairs in February of 2005, particularly with respect to the quantity of highly proprietary financial information required of applicants. Yet here, too, there are still some lingering concerns. The forms are indeed clearer and more logically arranged, and the amount of financial information that is required appears to be minimized. However, we do not believe that the total amount of information requested will be significantly less than previously required. In fact, new to this version of the application for designation is an instruction with regard to certain applications that instructs an applicant to, quote, attach a copy of any request for proposal or broad agency announcement that led to the award and a copy of your final proposal and statement of work. The workload to meet this requirement, even though it only applies in certain circumstances, could be extraordinary. In addition, while more information is given on how to properly and fully complete the application forms, the new kit actually establishes some tougher standards for the department to find an applicant complete. Furthermore, despite a reference to it in the rule, the streamlined application process does not yet exist. PSC and our partners such as the Chamber of Commerce and the SAFETY Act Coalition have provided DHS with a recommended streamlined application kit, and we are hopeful the department will move quickly to fill this significant gap. As Ms. Duke and others have also made clear, the final rule clearly recognizes the importance of aligning the SAFETY Act process with planned and ongoing federal procurement and the procurement processes of others. For example, the final rules establish a flexible approach for coordinating consideration of a SAFETY Act application with the procurement process by allowing a government agency to seek a preliminary prequalification designation notice with respect to a technology to be procured. That notice would state that the technology to be procured either affirmatively or presumptively satisfies the technical criteria necessary to qualify under the act. The regulations provide that vendors chosen to provide the technology will receive expedited review of their application for designation, be deemed to have satisfied the technical criteria for SAFETY Act designation with respect to that technology, and be authorized to submit a streamlined application as set forth in the prequalification designation notice. We strongly support this approach, but we must also recognize the great challenges inherent in the cross-agency and cross-governmental coordination needed to make this process work as intended. And we urge DHS to move quickly to clarify that vital element of the process. We have also long asserted that companion regulatory coverage must be included in the Federal Acquisition Regulation and, if necessary, the department's own regulations. To its credit, and as Ms. Duke mentioned, the Office of Procurement has initiated this rulemaking with the FAR council and developed an initial outline for the rule. With the final SAFETY Act rule now in place, it is essential that the acquisition rulemaking process move very quickly. Once the final acquisition regulations are in place, the next critical step is to provide the necessary training to the federal acquisition workforce and others involved in the process. The DHS staff recognizes the importance of such training and has indicated a commitment to initiate that training at the earliest opportunity. PSC and my colleagues at other associations would be more than happy to offer our assistance wherever appropriate. Mr. Chairman, it has been almost 4 years since Congress took the significant step to enact the SAFETY Act. The law is intended to be a gas pedal to accelerate the deployment of antiterrorism technologies. The procedural issues relating to the act should not be a break on the applicants. DHS has significantly moved the process forward and, to the department's credit, it has not waited for the final rule or for the acquisition regulations to apply the SAFETY Act protections to its own significant procurements. As Mr. Howell mentioned, the advanced spectroscopic program award the department made earlier this year includes SAFETY Act coverage. The SBInet procurement now under review by the department includes specific provisions to address the act. And finally, to address the emerging challenges of liquid- based explosives, the department issued an RFI for recommended technology approaches with SAFETY Act coverage addressed as part of that RFI. We expect the next few months will yield even more progress on the acquisition regulations, process clarity, aligning the SAFETY Act needs with other agency procurements, training, and this important streamlined application kit. We look forward to continuing to work with the DHS and the Congress in achieving these important objectives. Thank you for your time and attention today. And of course, I would be happy to answer any question you might have. [The statement of Mr. Soloway follows:] Prepared Statement of Stan Soloway Chairman Rogers and Chairman Reichert, members of the Subcommittees, thank you for the invitation to testify on the implementation of the ``Support Antiterrorism by Fostering Effective Technologies (SAFETY) Act, part of Title VIII of the Homeland Security Act of 2002 (P.L. 107-296). My name is Stan Soloway, president of the Professional Services Council (PSC). PSC is the leading national trade association of the government professional and technical services industry. PSC's more than 200 member companies represent small, medium, and large businesses that provide the full range of services to all federal agencies, including information technology, engineering, logistics, operations and maintenance, consulting, international development, scientific, environmental services, and more. Many of our member companies have applied for coverage under the Act or are planning to do so. As you know, the SAFETY Act provides incentives for the development and deployment of anti-terrorism technologies by creating a system of risk management and litigation management. PSC and our member companies were involved in the congressional action leading to the enactment of the SAFETY Act and we have been actively working on the implementation since then. Significant progress has been made in the last few months to bring the SAFETY Act forward and we compliment the Department of Homeland Security staff, in particular the leadership from the General Counsels' Office and the Office of the Chief Procurement Officer, particularly for bringing us to this point. More work remains to be done, however, and PSC plans to offer our expertise and support to build on the progress that has been made. I have divided my testimony into four parts: the regulatory foundation, the application kit, DHS staff support for the SAFETY Act, and addressing the procurement process. The Regulatory Foundation On June 8, 2006, the Department published the final rule implementing the Act,\1\ replacing an interim rule issued in October 2003.\2\ While PSC recognized the challenges facing the new Department in implementing the SAFETY Act, we were critical of many elements of the interim regulations. We commented extensively on those interim regulations,\3\ and urged the Department to address numerous issues as it developed their final regulations. We are very pleased that, in the final regulations, the Department addressed most of the concerns we raised. As the background statement accompanying the final regulation noted: --------------------------------------------------------------------------- \1\ 71 F.R. 33147, et seq. (June 8, 2006). \2\ 68 F.R. 59684, et. seq. (October 16, 2003). \3\ See PSC comments on the interim rule, available at: http:// www.pscouncil.org/pdfs/ITAA-PSC%20IFR%20Comments.pdf . --------------------------------------------------------------------------- The SAFETY Act program is now in its third year, and the Department has a substantial record of program performance to evaluate. While the Department concludes that the Department's core legal interpretation of the Act's provisions are fundamentally sound, experience in administering the program has demonstrated that certain of the procedural processes built to administer the Act can be improved.\4\ --------------------------------------------------------------------------- \4\ 71 F.R. 33148 (June 8, 2006), column 1. --------------------------------------------------------------------------- When the final regulations were issued, we said then and reiterate today that they were a critical step forward and give clear guidance to Department of Homeland Security officials, other government agencies and the companies that are encouraged to promote the development and deployment of anti-terrorism technologies. There are several provisions of the final rule that bear mention and we particularly support. The Department has been consistently clear, and reasserted in this final rule, that services are fully covered by the Act and are eligible for SAFETY Act coverage.'' \5\ The Department has restated its intent to assert ``appropriate exemptions'' to protect proprietary information submitted by companies during the application process,\6\ although we hope that the Department would be forthcoming with broad statistical information about the program, such as how many applications have been received and how many rejected, without disclosing applicant names or even technologies being addressed. The Department has clarified the scope of its SAFETY Act coverage by allowing for ``Block Designations'' and ``Block Certifications'' for groups of technologies,\7\ and creating a new category of coverage--Developmental Testing and Evaluation (DT&E)--with limited SAFETY Act coverage, that should facilitate the deployment of promising anti-terrorism technologies in the field either for test and evaluation purposes or in response to exigent circumstances.\8\ --------------------------------------------------------------------------- \5\ See 71 F.R. 33154 (June 8, 2006) column 2. \6\ See 71 F.R. 33151 (June 8, 2006) column 2 and Section 25.10 of the final regulations. \7\ See 71 F.R. 33156 (June 8, 2006) column 3 and Section 25.9(j) of the final regulations. \8\See 71 F.R. 33156 (June 8, 2006) column 2 and Section 25.4(f) of the final regulations. --------------------------------------------------------------------------- But as the program continues to be a work in progress, so too are these final regulations. In fact, as part of this final rule, the Department has specifically asked for comments on how the Department can and should address changes in insurance availability\9\ and on the operation of the new DT&E designations.\10\ PSC is developing comments on these two elements of the final regulations and anticipates submitting them to the Department in the near future. --------------------------------------------------------------------------- \9\ See 71 F.R. 33149 (June 8, 2006) column 2. \10\ See 71 F.R. 33156 (June 8, 2006) column 3. --------------------------------------------------------------------------- At the same time, there are additional steps for the Department to take, such as issuing the streamlined application kit, so that companies can take full advantage of the new flexibilities and address the relationship to federal and other procurement opportunities. Another issue that needs further discussion about implementation, but probably not more SAFETY Act regulations, is the relationship between the SAFETY Act and the extraordinary contractual relief available for federal procurement opportunities under P.L. 85-804.\11\ --------------------------------------------------------------------------- \11\ See 71 F.R. 33154 (June 8, 2006) column 3. The Application Kit On August 16, 2006, the Department issued the revised application kit to implement the final rule.\12\ Even though the Department has not yet received the necessary information collection approval from OMB for the new kit, the Department is directing new applicants to exclusively use the new application kit; applicants who registered with the Department prior to August 16 may continue to use the earlier version of the application kit. --------------------------------------------------------------------------- \12\ Available at: https://www.safetyact.gov/DHS/SActHome.nsf/ 23158AD7D420AEDB852571C70056BE33/$FILE/ Application%20Kit%20Version%202.pdf . --------------------------------------------------------------------------- We have reviewed this new application kit and intend to submit comments to both the Office of Management and Budget and the Department on the updated application kit by the October 16 deadline for the submission of comments. By and large, we support the new kit. In our view, it is consistent with the June 2006 final rule and includes relevant application forms for the new Block Designation, Block Certification, and DT&E designation. This kit is more user-friendly than the December 2004 version; \13\ it addresses further the concerns PSC raised to the Department and OMB's Office of Information and Regulatory Affairs on February 10, 2005 about that earlier version of the kit, particularly with respect to the quantity of highly proprietary financial information required of applicants.\14\ --------------------------------------------------------------------------- \13\ See 69 F.R. 72207 (December 13, 2004). \14\ See PSC February 10, 2005 letter to DHS and OIRA, available at: http://www.pscouncil.org/pdfs/SAFETYActApplication2-10-05.pdf . --------------------------------------------------------------------------- Yet there are still some lingering concerns even with this kit. To be sure the application forms are clearer and more logically arranged and this will be a benefit to applicants. The amount of financial information that is required with the initial application appears to be minimized. But we do not believe that the request for information under this kit will be significantly less than the amount of information previously required. In fact, new to this version of the application for Designation under Chapter 4 of the kit, is the instruction relating to past sales and ongoing procurements; it requires that an applicant ``attach a copy of any request for proposal or broad agency announcement that led to the award and a copy of the applicant's final proposal and statement of work.'' \15\ In addition, while there is more information on how to properly and fully complete the application forms, we believe that the new kit places tougher standards for the Department to find an applicant complete. --------------------------------------------------------------------------- \15\ See the Instructions for Designation D6.2 at page 34-35. --------------------------------------------------------------------------- Furthermore, we requested and expected a significantly streamlined application kit, particularly when seeking to match the application process with an on-going federal procurement. On September 6, 2005, PSC and four other associations jointly developed and submitted to DHS former Under Secretary McQueary, a proposed streamlined application kit and instructions.\16\ In this 2006 version of the application kit, the Department makes a reference to a streamlined application process in connection with Block Designations,\17\ but we do not view that single reference in one section as meeting our expectation. --------------------------------------------------------------------------- \16\ See September 6, 2005 Joint letter from PSC, Aerospace Industries Association, Information Technology Association of America, National Defense Industrial Association and U.S. Chamber, available at: http://www.pscouncil.org/pdfs/McQuearySAFETYActKitLetter.pdf . \17\ See the Chapter 7 Block Designation Application at page 67. --------------------------------------------------------------------------- We look forward to further discussions with the Department on our comments on this kit and moving toward a true streamlined application process. DHS staff support for the SAFETY Act On a related matter, we strongly recommend that the Department continue to provide the necessary infrastructure support for the Office of SAFETY Act Implementation (OSAI) and its activities. Our members have appreciated the responsiveness of the OSAI, Science and Technology (S&T) and General Counsels' offices to requests for information and to processing applications. We would hope that, in the near future, the OSAI would have a permanent director and be staffed with a sufficient number of federal employees to handle the expected increase in requests for information, growth in applications, and demands for being a resource to other federal agencies who need information on the Act and its processes, particularly in relationship to planned or on-going procurements. Addressing the Procurement Processes The SAFETY Act protections are relevant only when applied to a specific anti-terrorism technology. Thus, the relationship between the SAFETY Act and the procurement of those technologies is critical. Certain aspects of that relationship vest in the SAFETY Act regulations; other aspects must be addressed in the federal procurement regulations. Still other provisions must be covered in the procurement processes of other purchasers--state, local, or commercial. Through September 6, 2006, the Department has already issued 62 Certifications and 22 Designations.\18\ --------------------------------------------------------------------------- \18\ See SAFETY Act website: https://www.safetyact.gov/, last visited on September 6, 2006. --------------------------------------------------------------------------- To its credit, the June 2006 final SAFETY Act regulations recognize the importance of aligning the SAFETY Act process with planned and on- going federal procurement and the procurement processes of others.\19\ For example, these final rules establish a flexible approach for coordinating consideration of a SAFETY Act application with the procurement process by allowing a government agency to seek a preliminary ``Pre-Qualification Designation Notice'' with respect to a technology to be procured, stating that the technology to be procured either affirmatively or presumptively satisfies the technical criteria necessary to qualify under the Act.\20\ The regulations provide that selected vendors chosen to provide the technology will receive expedited review of their application for designation, be deemed to have satisfied the technical criteria for SAFETY Act Designation with respect to that technology, and be authorized to submit a streamlined application as set forth in the pre-qualification designation notice.\21\ We strongly support this approach. Even though the information required to be submitted would vary on a case-by-case basis, we strongly recommend that this Pre-Qualification Designation Notice be incorporated into the application kit instead of being totally outside it. --------------------------------------------------------------------------- \19\ See 71 F.R. 33156 (June 8, 2006) column 1. \20\ See 71 F.R. 33163 (June 8, 2006) column 3 and Section 25.6(g) of the final regulations. \21\ See the ``Pre-Qualification Designation Notice on www.safetyact.gov. Section 25.6(g)(4)(iii) of the regulations provides that the Pre-Qualification Designation Notice will provide a list of the portions of the application information in Section 25.6(a) that the selected vendor(s) must complete and submit in order to obtain Designation. --------------------------------------------------------------------------- In addition, the final regulations addressed the deference due to other federal or state regulatory or procurement officials.\22\ As the background information and the regulations provide, the level of deference due to other government officials will depend on the nature of such officials' review. --------------------------------------------------------------------------- \22\ See 71 F.R. 33157 (June 8, 2006) column 2 and Section 25.4(viii) of the final regulations. --------------------------------------------------------------------------- Beyond the SAFETY Act regulations, we have long asserted that companion regulatory coverage must be included in the Federal Acquisition Regulation and, if necessary, in the Department's own Homeland Security Acquisition Regulations. For example, when the Department published its interim acquisition regulation on December 4, 2003, PSC's written comments on that rule specifically noted the absence of any SAFETY Act coverage applicable to the Department's own procurement.\23\ In the Department's May 2, 2006 final acquisition regulations, the Department acknowledged that SAFETY Act coverage is appropriate and will be considered when the Federal Acquisition Regulation is issued.\24\ --------------------------------------------------------------------------- \23\ See PSC comment on the DHS interim procurement regulations, available at: http://www.pscouncil.org/pdfs/ITAA- PSC%20IFR%20Comments.pdf . \24\ See 71 F.R. 25759;65 (May 2, 2006).. --------------------------------------------------------------------------- We do not yet know the status or content of the Federal Acquisition Regulations (FAR). In 2003, PSC and other organizations wrote to the Office of Federal Procurement Policy urging the FAR Council to develop and publish for comment the necessary government-wide acquisition policy regulations. The FAR Council established a case number but took no action on the rule, awaiting the final SAFETY Act regulations. The FAR Council closed the prior case without action, but on August 23, 2006 opened a new case number (2006-023) based on the strawman draft submitted by the Department's Chief Procurement Officer.\25\ This is an important next step to fully effectuate the SAFETY Act. Once the FAR rule is in place (or even pending that final rule), it may be necessary or appropriate to supplement the FAR with coverage in the Department's own acquisition regulation. --------------------------------------------------------------------------- \25\ See FAR Council Status of Cases, available at http:// www.acq.osd.mil/dpap/dars/opencases/farcasenum/far.pdf, as of September 1, 2006. --------------------------------------------------------------------------- Once the final acquisition regulations are in place, the next critical step is to provide necessary training to the federal acquisition workforce and others. We believe both the DHS acquisition staff and the OSAI staff recognize the importance of such training and have indicated a willingness to initiate that training at the earliest opportunity. PSC, and I am sure my colleagues at the other associations that we have worked in partnership with over the years on the SAFETY Act, will offer our assistance wherever appropriate. Fortunately, the Department has not waited for the final rule or for the acquisition regulations to begin applying the SAFETY Act protections to its own significant procurements. For example, the three DNDO Advanced Spectroscopic Program (ASP) awards that the Department made earlier this year include SAFETY Act coverage. The significant SBI.net procurement now under review by the Department includes specific provisions to address SAFETY Act coverage. Finally, to address the emerging challenges of liquid-based explosives, the Department issued a Request for Information for recommended technology approaches, with SAFETY Act coverage addressed as part of it.\26\ --------------------------------------------------------------------------- \26\ See liquid explosive RFI available at: http://www.fbo.gov/spg/ DHS/OCPO/DHS-OCPO/HSHQDC%2DBAA%2D06%2D00063/SynopsisP.html, last visited September 7, 2006. --------------------------------------------------------------------------- Regrettably, we do not have any visibility into the application of SAFETY Act coverage in other federal agency procurements. Even less visibility exists on the extent to which the SAFETY Act has been used in state, local or commercial applications. However, since the Department makes significant grants to first responders and state and local governments for a wide range of homeland security matters, we can well envision that many of the products and services acquired with these grant funds would be interested in and eligible for SAFETY Act coverage. We encourage the Department to share with the Congress and the public the extent to which the SAFETY Act is being used in these circumstances. Conclusion Mr. Chairmen, it has been almost four years since the Congress took the significant step in the Homeland Security Act to enact the SAFETY Act. In our view, the law is intended to be a ``gas pedal'' that is designed to accelerate the deployment of anti-terrorism technologies; the procedural issues relating to the SAFETY Act should not be a ``brake'' on the applicant. Over the past three years, we have seen interim regulations, and now a final rule, preliminary and then an interim and now a final application kit, and other related implementation actions. Those early SAFETY Act applicants helped test the process and the information required to be submitted to assist the Department in deciding appropriate coverage. We have significantly advanced that process in the last few weeks with the final regulation and application kit. Hopefully, over the next few months, we will see the final Federal Acquisition Regulation and any related DHS acquisition regulation coverage. Simultaneously, critical procurements are taking place where the SAFETY Act coverage could be the difference in a successful procurement. PSC has been involved in the SAFETY Act process from the beginning and we intend to remain active in the future to make the process clear and its utilization as robust as possible. We particularly appreciate this Committee's bipartisan attention to the Act and to the Department's administration of the Act. Unquestionably your interest has helped to move this process forward. Thank you again for opportunity to testify. I would be pleased to respond to any questions you have. STATEMENT REQUIRED BY HOUSE RULES In compliance with House Rules and the request of the Subcommittee, in the current fiscal year or in the two previous fiscal years, neither I nor the professional Services Council, a non-profit 501(c)(6) corporation,has received any federal grant, sub-grant, contract or subcontract from any federal agency. Mr. Reichert. Thank you, Mr. Soloway. The chair recognizes Mr. Finch, who heads the homeland security practice for the law firm of Dickstein Shapiro LLP to testify. STATEMENT OF BRIAN FINCH, ESQ., DICKSTEIN SHAPIRO LLP Mr. Finch. Thank you, Mr. Chairman. Chairman Rogers, Chairman Reichert, Ranking Member Meek, Ranking Member Pascrell and other distinguished members of the subcommittees, it is an honor to appear before you today to discuss my experiences with the SAFETY Act. My name is Brian Finch, and I am the head of the homeland security practice group at the D.C. law firm Dickstein Shapiro. While I am here in my personal capacity, I am delighted to share with you my experiences over the past 3 years with the SAFETY Act. I have helped prepare dozens of applications, including many of those that were the first approved. I have seen pretty much every type of application submitted to DHS, and I have helped companies of all sizes file applications. While it has not always been an easy process, it is my firm belief that DHS has made great strides to make the SAFETY Act process easier and more efficient. Some of my SAFETY Act application experiences: As a starting point, this committee must understand that applicants must give DHS the sufficient information needed to make a determination that the technology at issue is, in fact, safe, effective and useful. In my experience, however, what constitutes sufficient information has varied significantly. For some, a few dozen pages of documentation is sufficient, while for others a blizzard of information is not enough. Also, there have been at times unnecessary additional requests for information that have often led to applications being held up for several months beyond the 150-day initial decision time frame. For example, in one application we stated to DHS that guard dogs could detect thousands of different smells. In response, DHS asked us to provide a list of those thousands of smells. That seems excessive. Applicant distress over the process has come about in part because at times there seems to be a significant disconnect between the senior management of DHS and the implementation staff. This disconnect can result in unnecessary delays and frustrations. While it does not represent the majority, my experiences-- and I do, in fact, applaud the work of the SAFETY Act office--I would be remiss if I did not mention these experiences. The final rule and revised application kit. Although it has been fairly well covered, I believe there are a few elements of the final rule and the new application kit that are especially noteworthy. Prequalification. The final rule spells out a prequalification designation process that should be warmly welcomed. Under the final rule, federal, state and local government customers are now armed with a way to ensure that potential vendors will, in fact, receive SAFETY Act coverage. Other changes to the application kit. The new kit is greatly simplified and adds useful new sections that recognize the importance of antiterror deployments to all governments as well as commercial entities. DHS has gone to great lengths to provide a better vehicle for requesting an expedited review. DHS has also reduced the potential review time from 150 days to 120 days. And I applaud the undersecretary's comments that he views 120 days as the outside limit. While there is always room for improvement, it should be perfectly clear that the final rule and the new application kit are, in fact, significant steps forward. Suggestions for improvement. As DHS is aiming to create a robust and user-friendly application process, I would suggest some of the following improvements: Increased oversight by the science and technology leadership. It is unrealistic to expect that Secretary Chertoff's senior staff can exert significant daily oversight over the SAFETY Act program. I would urge Undersecretary Admiral Cohen to assign a senior member of his staff with the responsibility of being a kind of SAFETY Act ombudsman. This should be someone who has access to DHS policy makers and has the ability to interact regularly with the SAFETY Act office to ensure that policy decisions are, in fact, translated into action. Better utilization of the SAFETY Act inside and outside of the federal government. Homeland security is not the sole responsibility of the Department of Homeland Security. Many other members of the federal family, including the Department of Defense, Health and Human Services, Department of Agriculture, all play a vital role in defending the nation. DHS should do its part to help ensure that other federal agencies understand the SAFETY Act and how it can be best utilized to our nation's advantage. DHS should also use the National Infrastructure Protection Plan, or the NIPP, as much as possible, as it itself explicitly encourages the use of SAFETY Act-approved products to help protect the nation's critical infrastructure and key resources. Given that the NIPP is the DHS blueprint for protecting the nation's critical infrastructure in partnership with the private sector, that encouragement makes plain sense. Allow for better-defined marketing of SAFETY Act approvals. Driven by concerns about the misuse of its seal, DHS has barred its use in conjunction with the promoting of SAFETY Act approval. I would ask the department to create a special logo that only SAFETY Act-approved technologies and services could use. There is ample precedent for such a logo--the USDA's national organic program comes to mind--and it would go a long way to resolve what has become an unnecessary impediment to allowing SAFETY Act-approved technologies to be better utilized. This is important to note, because SAFETY Act-approved technologies can, in fact, be used by any customer, including private-sector customers. And to Mr. Dicks's comments earlier, I have seen a number of applications that are intended to be used solely by the private sector and helped get those through the review process. Better-defined time frames. No one is still quite sure what it means to receive an expedited review. DHS needs to give applicants a better sense of what exactly an expedited review means so they can better plan in the application process. Despite the bumps in the road, from my perspective, the SAFETY Act program is one of the stars of the Department of Homeland Security. There are still improvements to be made, but I believe that we are now in the realm of fine-tuning and not major overhauls when it comes to the SAFETY Act. That concludes my prepared remarks, and I am delighted to answer any questions. [The statement of Mr. Finch follows:] Prepared Statement of Brian E. Finch Chairman Rogers, Chairman Reichert, Ranking Member Meek, Ranking Member Pascrell, and other distinguished members of the Subcomittees, it is an honor to appear before you today to discuss my experiences in assisting applicants in obtaining liability protections under the Support Anti-Terrorism By Fostering Effective Technology Act of 2002 (the SAFETY Act). My name is Brian Finch, and I am counsel at the law firm Dickstein Shapiro LLP, where I also serve as the head of the firm's Homeland Security Practice Group. While I am here in my personal capacity, I am delighted to share with you my many experiences over the past three years with the SAFETY Act. It has not always been an easy process, and there have been times of great frustration for both myself and the companies that I have represented. However, it is my firm belief that the SAFETY Act implementation process has been steadily improving and that the Department of Homeland Security has made some great strides over the past few years to make the process easier and more efficient. Given the many challenges that DHS faces on a daily basis, it is my opinion that DHS has given an extraordinary amount of attention to improving the SAFETY Act process, and that it should ultimately be commended for its efforts. I have been involved in the SAFETY Act process for the better part of the last three years. Over that time frame I have helped to draft dozens of SAFETY Act applications, including the very first two applications to receive Certification and Designation under the SAFETY Act. I have helped prepare a wide variety of applications. I have for instance helped draft applications for non-intrusive detection devices, explosive detection equipment, decision support software, maintenance services, systems integration services, vaccines, and vulnerability assessment methodologies to name but a few. The size of companies for which I have provided SAFETY Act assistance has ranged from the exceptionally large to small ventures generating just a few million dollars annually. I am currently working with well over a dozen companies that have applications in various stages of review, and those companies range from large defense conglomerates to smaller security contractors, as well as trade associations. Experiences With SAFETY Act Application Review Procedures With that wide range of clients and applications, I have encountered any number of scenarios in the SAFETY Act application process. My involvement typically starts with the decision making process on what applications to submit all the way through to counseling on ways to utilize the receipt of a SAFETY Act approval. I have handled some very straightforward applications that passed through review with relative ease, and I have been involved in some applications that entailed painstaking reviews and immense amounts of effort. This has allowed to me see both patterns and aberrations in the review process. In that vein, I would like to start with my basic views about the SAFETY Act application process. As I inform all potential applicants, the process will involve some significant thought and effort as we must present to the Department a thorough overview of the technology or service in question. Applicants have a responsibility to present evidence demonstrating that their technology is safe, effective, and has a usefulness as anti-terror technology. At the same time, they must be aware that the Department has a responsibility to conduct a fair and meaningful review. DHS must have at its disposal sufficient information to make a determination that technology or service at issue is in fact safe, effective, and useful. In my experience, what constitutes ``sufficient information'' has over the past three years varied significantly and been somewhat of a mystery. Some applications have moved swiftly through the review process with dozens of pages of documentation. Others have submitted literally thousands of pages of backup documentation, and yet applicants will receive numerous additional requests for information. These additional requests for information have often led to applications being held for several months beyond the 150 day decision timeframe. The applicants who have run into the continued requests for information or have had their applications under review for months beyond the prescribed timeline are the ones that typically talk about the SAFETY Act process being akin to a ``mini-FDA'' process. Based on my work, I can say that the application review process has at times been unnecessarily involved. While the majority of my application experiences have not been negative, there certainly have been occasions where the level of documentation requested and the delays in the process could be deemed excessive. For example, one application informed DHS that guard dogs--including those used by the applicant-- could detect over 20,000 different smells. In response, DHS asked us to provide proof of that statement, including a list of the 20,000 smells. That seemed excessive. Given the number of applications where I have been involved, I have grown accustomed to those types of information requests and can warn applicants about the level of detail that must be provided. Clients who are not used to that experience, however, are more than a little surprised and frankly disappointed by how much information must be provided. Applicants are always quite willing to provide the information needed as they are committed to successfully pursuing coverage, but at the same time they are baffled as to why DHS would demand so much information. That, if anything, has been the source of much consternation. Part of that distress has come about in part because at times there seems to be a significant disconnect between the senior management of DHS and the implementation staff. While DHS leadership has always seemed to have grasped the importance of a smooth running SAFETY Act application process, that message seems not to always flow down consistently to the implementers and the reviewers. Instead of a unified theme of quick and efficient reviews of applications one is left with the impression that review staff are more committed to microscopic reviews of applications, leading to reviews getting bogged by details of an application. This results in unnecessary delays and frustration at the process. Again, this does not represent the majority of my experiences. Indeed for most applications I have encountered personnel at all levels that are committed to the success of the SAFETY Act program and who would like to see applications succeed. I generally applaud the efforts of the DHS staff at all levels. However, I would be remiss if I did not mention that the heightened scrutiny of applications has occurred on more than one occasion and has led some applicants to express significant frustrations. Despite the less than perfect experiences, I have found that an ever increasing number of companies are willing to pursue SAFETY Act protections. While the pace of approvals was generally considered to be slow, the recent uptick in the number of approved technologies has galvanized a number of companies to start the process. Even more important is the fact that we are starting to see an increasing number of customers who have decided that potential vendors should have either obtained or be seeking SAFETY Act approval. The fact that customers have recognized that SAFETY Act coverage is a valuable tool and accordingly believe it that they should be using SAFETY Act approved products and/or services is a strong indicator that the process is working. If there were no value in it, no would even think twice about it--particularly on the customer side. I should also note that when the SAFETY Act was first brought online, a strong misperception existed that it would apply only to cutting edge ``widgets,'' and not existing solutions or services generally. This misperception, which existed despite the best efforts of DHS, in my opinion contributed to the relatively small number of applicants at the beginning of the process. To its credit, DHS has invested significant energy to dispel those myths. A significant number of approvals have been issued to service providers, and issuing those approvals has proven to be the best remedy for any concerns about the potential breadth of approvals that can be issued. And I would like to particularly note that DHS has gone out of its way to help ensure that applications encompassing less obvious but vitally important anti-terror services received a fair review. These applications, which include engineering services, security guidelines, and professional certification programs, may not have the visceral appeal of an explosive trace detection device or an anthrax detector, but they play just as an important part of the nation's anti- terror efforts as any other widget or service. DHS should be lauded for such approvals because it will make it easier to attract similar innovative applications. THE FINAL RULE AND REVISED APPLICATION KIT Ever since the Interim Final Rule and the initial Application Kit were released in the Fall of 2003, industry and commentators have been pointing out its flaws and asking when they would be supplemented or replaced. After years of questions and promises of ``imminent'' release, DHS finally released both the Final Rule and a Revised Application Kit this last summer. DHS itself admits these documents are not the final say on all things SAFETY Act, which is both appropriate and welcome. Yet before the inevitable discussion begins about how both the Final Rule and the new Kit go far enough, I would like to note to the Committees what I believe are several very welcome new developments. While both the Final Rule and the Kit contain many improvements, I believe the following are especially noteworthy: Pre-Qualification of Procurements: Since the SAFETY Act was enacted, potential applicants have been searching for ways to better ensure a guarantee that if they submitted a bid on a particular procurement they would obtain SAFETY Act coverage. Many procurement officials (particularly those outside of DHS), in light of the lack of an official vehicle for doing so, could do nothing more than offer to support an applicant's package to do DHS. While such support is always welcome, no one had the confidence that it would be sufficient to ensure a particular application's success. Under the Final Rule, customers are now armed with a way to help ensure that potential vendors will in fact receive SAFETY Act coverage. The Final Rule spells out a ``Pre-Qualification Designation Notice'' process that should be warmly welcomed. Agencies now have a method by which they can submit their potential procurement to DHS for review. If DHS finds that the potential procurement would merit SAFETY Act approval, vendors who are ultimately chosen to provide the specified technology will receive an expedited review, either affirmatively or presumptively be deemed to satisfy the criteria for a SAFETY Act Designation, and can submit a streamlined application. This is truly a step forward, as now procuring agencies are armed with a methodology that will allow them to guarantee SAFETY Act approval. That in turn should help bring forward more potential vendors, increasing choice and the potential that the proper technology will be deployed. Developmental Testing & Evaluation Designations: In the development phase of any technology, including those to be used to combat terrorism, it is quite normal for an unfinished or unproven product to be field tested or deployed in limited circumstances. Such preliminary deployments are necessary in order to finalize testing or verify the value of the technology. In the context of anti-terror technologies such deployments can be extremely problematic given that terrorist activity could realistically occur during the deployment. SAFETY Act protections would obviously be ideal to limit liability concerns, but the Interim Final Rule did not contemplate offering protections for such deployments. The Final Rule has significantly addressed those concerns, however, by creating a heretofore unavailable liability protection method. DHS has made available a limited set of SAFETY Act protections for technologies that are being developed, tested, evaluated, modified or are otherwise being prepared for deployment. The SAFETY Act protections offered under a Developmental Testing & Evaluation (or DT&E) Designation will last for no more than 36 months, shall apply only to limited deployments, and could have other restrictions imposed as determined by the Under Secretary for Science & Technology. While a DT&E Designation is far more limited than a full SAFETY Act Designation or Certification, it provides a measure of liability protection that otherwise was not available. Given that many technologies need an operational deployment in order to be finalized, this category of application will allow such deployments to proceed without fear of crushing liability. Changes to the Application Kit: One of the more regularly maligned facets of the process has been the SAFETY Act Application Kit. The initial version of the Kit was criticized by many as confusing, overly repetitive, and lacking guidance on what it would take to receive an ``expedited review''. The new Kit addresses many of those concerns. First and foremost, DHS has drastically toned down the ``Pre-Application'' section of the Kit. Applicants no longer have to fill out a confusing form that often resulted in grand misconceptions about a particular technology. DHS now makes clear that a Pre- Application consultation is strictly voluntary, and has gone to great lengths to make that process easier for potential applicants to undertake. DHS has also added a section asking directly what entities have been procuring the technology in question. Importantly included in that section are categories for commercial organizations and foreign governments. That inclusion recognizes the importance of anti-terror deployments not only to Federal, state and local governments but also to foreign governments and commercial entities, all of whom are vital partners in the fight against terrorism. DHS has also gone to great lengths to provide a better vehicle for requesting an expedited review. A specific section has been set up to address this issue, which should make it easier for an applicant to explain what pressing deadlines they are facing and why DHS should issue a decision in less time than typically required. In that vein DHS has also reduced the potential review time from 150 to 120 days. While there are many other changes in the Final Rule and Application Kit that could be discussed, it should be sufficient to note that the Department has gone a long way to address many of the concerns expressed by applicants. There will always be room for improvement, as discussed in part below, but one should be absolutely clear that the Final Rule and Kit represent significant steps forward and that the Department should be applauded for its actions. SUGGESTIONS FOR IMPROVEMENTS TO THE SAFETY ACT PROCESS Even in light of the great strides taken by the Department, there are other steps it could undertake in order to ensure that the SAFETY Act realizes its full potential. An overarching goal for the Department should be to create a robust and user friendly process that is well known inside and outside of the Department, and whose use is considered a high priority by all entities. To that end, I would suggest the following operational steps in order to better implement the SAFETY Act. Increased Oversight By Science & Technology Leadership From the moment he was sworn in, Secretary Chertoff has made clear that getting the SAFETY Act right was one of highest priorities. In numerous speeches the Secretary has underscored the importance of the Act and his commitment to improving the process. As a regular participant in the SAFETY Act process, his dedication to the success of the program has been plainly evident. This commitment has also been demonstrated by a number of other DHS offices, including most prominently the General Counsel's office. However, as we are all aware, the SAFETY Act is not the only priority for the Department. The very mission of the Department requires it to be focused on any number of emergencies or emerging threats at any given point. To a large extent that has resulted in an unfortunately reality where the Department operates ``out of the in- box,'' reacting to the crisis of the day. Because of that reality, it is unrealistic to expect that senior staff in the General Counsel's Office or in the Secretary's Office can exert significant oversight on the SAFETY Act program. A more appropriate level of oversight can be exerted however by the Science & Technology Directorate, which is entrusted with administering the SAFETY Act. The new S&T Under Secretary, Admiral Jay Cohen, is in a prime position to strike a balance between the high level of policy direction and operational supervision. Under Secretary Cohen has at his disposal the personnel necessary to ensure that the policy directives of the Department are properly implemented by the Office of SAFETY Act Implementation (OSAI), including any contractor who conducts a review. To date, no one person has been able to fill such a role, with the result being an unfortunate disconnect between policy directives and implementation. In order to bridge that gap, I would urge the Under Secretary to assign a senior member of his S&T staff the responsibility of being a kind of ``SAFETY Act Ombudsman,'' someone to who has access to and can regularly interact with policy makers within the Department, but at the same time has the ability to interact regularly with OSAI to ensure that policy decisions are translated into action. The creation of such a position, potentially within the Under Secretary's immediate office, will significantly reduce the communication disconnect that has, frankly, hindered progress for the SAFETY Act program. Better utilization of the SAFETY Act inside and outside of the Federal government Homeland security as a mission is not the sole responsibility of DHS. Numerous other members of the Federal family, ranging from the Department of Defense to the Department of Health and Human Services as well as the Department of Agriculture, all play a vital role in defending the nation from terrorist threats. Because of the shared responsibilities, each department procures its own anti-terror goods and services and also helps promote their use on a state and local level as well as in the private sector. For those and many other reasons, DHS should do its part to help ensure that other Federal agencies understand the SAFETY Act and how it can be best utilized. This can take many forms, including encouraging other Federal agencies to pre-qualify procurements for SAFETY Act approval. For example, it makes plain sense to have the Department of Defense utilize the SAFETY Act when procuring technologies to conduct force protection operations at its facilities. Similarly the Department of Health and Human Services should not be shy about promoting the use of the SAFETY Act when procuring technologies and services that will be used when a mass casualty event occurs. DHS should work with other Federal agencies to encourage the use of SAFETY Act approved products by private sector partners. This could take the form, for instance, of the Department of Agriculture encouraging companies to use SAFETY Act certified companies to perform security services in order to help reduce the risk of agro-terrorism. The bottom line is that DHS should work actively with other agencies involved in homeland security to increase their knowledge and utilization of the SAFETY Act. One vehicle in particular that DHS should use to promote the use of the SAFETY Act outside of the Department itself is the National Infrastructure Protection Plan (the ``NIPP''). The recently released final version of the NIPP explicitly encouraged the use of the SAFETY Act approved products to protect critical infrastructure and key resources. This was a very smart move by the Department and should be utilized as fully as possible. Given that the NIPP is the DHS blueprint for not only protecting the nation's critical infrastructure but also partnering with other Federal, state and local agencies as well as the private sector to do so, it only makes sense to use that vehicle to help promote the SAFETY Act. Protecting the nation's critical infrastructure is a daunting and extremely expensive task, and helping to ensure that SAFETY Act approved items are used will help mitigate costs and provide a measure of assurance that properly vetted items are being employed. Allow for better defined marketing of SAFETY Act approvals One question that companies constantly face when they receive SAFETY Act approval is how they advertise their hard won victory. Initially DHS encouraged as much marketing as possible, including not objecting to the use of the official DHS seal in materials promoting an applicants receipt of SAFETY Act approval. Over the past year DHS has altered that policy. Driven by major concerns about the misappropriation of the DHS seal generally, the Department has made clear that the official DHS seal may be used by non-Federal agencies only in very limited circumstances. This means that the use of the DHS seal in conjunction with promoting a SAFETY Act approval is no longer permissible. One can understand the Department's rationale in these circumstances. It wants to control the use of its seal and wants to avoid the appearance of endorsing a particular technology or service. Neither are unrealistic motivations, but successful applicants should be allowed some measure of latitude in promoting the receipt of SAFETY Act protections. Currently many applicants are without significant direction on how to appropriately market their SAFETY Act approval. Recognizing that a core purpose of the SAFETY Act is to promote the widespread deployment of anti-terror technologies, DHS should do what it can to help encourage that goal. In order to strike a balance between that objective and the Department's legitimate concern about the misappropriation of the official DHS seal, I would ask the Department to seriously consider the creation of a special logo that only SAFETY Act approved technologies and services could utilize. There is ample precedent for such a logo (including recently from the Department of Agriculture's National Organic Program), and its use would go a long way to resolve what has been an unnecessary impediment to successful applicants. Better define time frames for expedited reviews Even after all the progress that has been made, one issue that continues to be of concern for applicants relates to expedited reviews of SAFETY Act applications. More specifically, no one is quite sure what it means to receive an ``expedited'' review. For some time the Department has maintained that if an application is granted an expedited review, it means that it will be moved to the top of the review pile. However, knowing that the number of applications received is still fairly low, and given the tendency of reviews to get mired in details, that has offered little comfort to applicants. If, as the Department predicts, there will soon be a significant upswing the number of applications received, receiving a high priority review will likely be more meaningful. Similarly, the reduction by 30 days of the amount of time DHS is given to conduct a review (assuming the DHS does not grant itself numerous extensions, as it has been known to do) could be helpful here. However, there are still going to be times when parties could be significantly aided with a start to finish time frame that runs closer to 60 days than 120. DHS certainly needs and must be given time to conduct a meaningful review of an application, but it also needs to give applicants a better sense of what exactly an expedited application means. This could take the form of agreeing upon a target date for an decision to be issued or window in which an application should be returned. CONCLUSION Chairman Rogers, Chairman Reichert, Ranking Member Meek, Ranking Member Pascrell, and other distinguished Members of the Subcomittees, from my perspective the SAFETY Act program is one of the shining stars of the Department of Homeland Security. Its implementation has not always been the smoothest, and there are still improvements to be made, but on the whole I firmly believe that the Department should be applauded for the hard work it has put in to the program. I feel comfortable in stating that DHS has addressed many of the pressing concerns that legitimately faced applicants, and we are now in the realm of fine tuning and not major overhauls when it comes to the SAFETY Act. This concludes my prepared remarks. I am delighted to answer any questions. Mr. Reichert. Thank you, Mr. Finch. The chair recognizes our last witness today, Mr. David Bodenheimer, who is a partner at the law firm of Crowell & Moring here in Washington, D.C. STATEMENT OF DAVID BODENHEIMER, ESQ., CROWELL & MORING LLP Mr. Bodenheimer. Thank you. Mr. Chairman and members of the committee, I thank you for holding these hearings today on the SAFETY Act implementation on the fifth anniversary of September 11th. We all appreciate the vital role of the SAFETY Act in unleashing lifesaving technology to protect us against terrorism. I am David Bodenheimer, a partner in the law firm of Crowell & Moring here in Washington, D.C., where I specialize in government contracts and have a particular passion for homeland security and the SAFETY Act, about which I have been busy lecturing, writing, advising clients and co-chairing the American Bar Association homeland security committee. I appear today in my personal capacity, and my comments are my own. This year Secretary Chertoff and his team have made great strides in implementing the SAFETY Act. However, the terrorists are not resting, and neither can we. The SAFETY Act has a very clear congressional purpose, saving lives through antiterrorism technology. With the same urgency that we mobilized the industrial base for World War II, we need to supercharge the SAFETY Act so that we can build the world's greatest arsenal of technology against terrorism. I would like to summarize four points from my testimony. Number one, we must assure the confidentiality of SAFETY Act data. DHS agreed that successful implementation of the SAFETY Act depends upon protecting trade secrets. To do so, DHS must have a sound information security program. Industry concerns expressed during the 2003 hearings have been magnified by some hard knocks this year on DHS information security, including failing scores on the FISMA report, delays in appointing the assistant secretary for cybersecurity and continuing criticisms by OMB, GAO and the DHS inspector general. Quite simply, the capability and credibility of DHS commitments to protect SAFETY Act data hinge upon a robust information security program. In addition, DHS must issue confidentiality procedures promised in 2003, procedures addressing the who, what, when, where and how of data protection, who can see the SAFETY Act data, what controls protect that data, and how will DHS enforce the rules. As the focal point for the security of cyberspace, DHS should showcase its leadership role by establishing best practices for guarding the most valuable technologies and secrets of SAFETY Act applicants. Number two, we must encourage development of breakthrough technologies. The new rules recognize that new and developing technologies may indeed qualify for SAFETY Act coverage, but these items have been given second-class status, burdened with limitations on use and deployment, approvals terminable at will by DHS and restrictions on the duration of coverage generally to 36 months. These rules send the wrong message. We must encourage breakthrough technologies revolutionizing the war on terror. Just stopping terrorist attacks with conventional bombs does not make us safer when the terrorists have moved on to common household products to build bombs in midair. Thus, the DHS rules should welcome both developmental and breakthrough technologies so there will be no penalty to companies submitting breakthrough technologies for review and approval. Number three, we must assure the full duration of SAFETY Act protection. The DHS rule imposes a mandatory sunset period upon approved antiterrorism technology, thus requiring renewal every 5 years to 8 years. The DHS mandatory sunset period cannot be squared with the express terms or purpose of the SAFETY Act. Indeed, the SAFETY Act offers protections without any term limits, consistent with the statutory purpose of encouraging more technology more rapidly to our front line defenses. Number four, we must establish an appeals process. An appeals process is consistent with the legislative intent favoring liberal approval, not rejection, of liability protection for antiterrorism technology. In addition, an appeals process is the rule, not the exception, in the federal arena for everything from pharmaceuticals and pesticides to federal contract awards. The right time for an approvals process is now, not after a terrorist incident causes us to regret the unavailability of a technology. Thank you for your time. I welcome your questions. [The statement of Mr. Bodenheimer follows:] Prepared Statement of David Z. Bodenheimer Introduction Mr. Chairmen and Members of the Committee. Thank you for holding these hearings today on the Department of Homeland Security's implementation of the Support Anti-terrorism by Fostering Effective Technologies Act of 2002 (SAFETY Act). On the fifth anniversary of September 11th, we all understand and appreciate the vital role of the SAFETY Act in unleashing our technology to combat terrorism and protect the Homeland. I am David Bodenheimer, a partner in the law firm of Crowell & Moring LLP in Washington, DC where I specialize in Government Contracts and Homeland Security. As part of this practice, I have advised clients, published articles, and lectured extensively on Homeland Security and SAFETY Act matters. In addition, I serve as Co-Chair of the ABA Science and Technology Section's Special Committee on Homeland Security. However, I appear before your Committee today in my personal capacity and the views that I express are my own. This year, Secretary Chertoff and his team at the Department of Homeland Security (DHS) have made real progress in implementing the SAFETY Act by issuing final regulations in June, revising the application procedures in August, and approving SAFETY Act technologies at a more rapid pace. DHS deserves praise for these advances that bring the SAFETY Act closer to realizing its potential to expedite the development and deployment of anti-terrorism technology. However, the terrorists are not resting and neither can we. More remains to be done to better align the DHS implementation of the SAFETY Act with the Congressional intent to accelerate the availability of anti-terrorism technology by providing statutory protection from liability lawsuits arising out of terrorist acts. As discussed below, implementation of the SAFETY Act would benefit from the following enhancements: Assuring the Confidentiality of SAFETY Act Data Encouraging the Development of Breakthrough Technologies Synchronizing Procurements and SAFETY Act Approvals Extending the Duration of SAFETY Act Protection Establishing an Appeals Process The SAFETY Act's Purpose to Promote Anti-Terrorism Technology The DHS implementation of the SAFETY Act must be measured against the statutory purpose established by Congress. The SAFETY Act has a purpose that is both simple and clear--save lives through anti- terrorism technology. To clear the path for such technology to move from the drawing board to the ``Nation's front-line defense,'' Congress created protections against liability lawsuits: The Select Committee [on Homeland Security] believes that technological innovation is the Nation's front-line defense against the terrorist threat. Unfortunately, the Nation's products liability system threatens to keep important new technologies from the market where they could protect our citizens. In order to ensure that these important technologies are available, the Select Committee believes that it is important to adopt a narrow set of liability protections for manufacturers of these important technologies.\1\ * * * Briefly, the SAFETY Act ensures that U.S. companies will be able to develop and provide vital anti-terrorism technologies to help prevent or respond to terrorist attacks--without the threat of crippling lawsuits.\2\ This purpose rests upon a fundamental, Congressionally recognized premise--anti-terrorism technology is essential to Homeland defense.\3\ Quite simply, we cannot secure over 100,000 miles of land and sea borders--much less our cyber borders--merely with guns, guards, and gates.\4\ Only with technology can we tackle the gargantuan tasks of defending our vast borders and infrastructure against terrorism, while maintaining the flow of commerce, as mandated by the Homeland Security Act of 2002. Pub. L. No. 107-296, Sec. 402(8), 116 Stat. 2178. Consequently, the appropriate question is whether the DHS implementation of the SAFETY Act fully and effectively serves this objective of fostering more anti-terrorism technology, more quickly, and more efficiently for Homeland Security. In its final rule, DHS recognizes the purpose underlying the SAFETY Act: ``The purpose of this rule is to facilitate and promote the development and deployment of anti-terrorism technologies that will save lives.'' 71 FED. REG. 33147 (June 8, 2006). While both the DHS final rule and revised application kit represent considerable improvements over their predecessors, further revisions must be made to assure that neither the spectre of crippling liability lawsuits nor the hurdles of the DHS review process foreclose or delay our access to the most robust arsenal of anti-terrorism tools. DHS Enhancements for Opening the Anti-Terrorism Technology Pipeline The following enhancements would serve the SAFETY Act's purpose by encouraging more companies to accelerate the pace of bringing the widest array of technology to our battle against terrorism. Assuring the Confidentiality of SAFETY Act Applications & Data In its earliest proposed rules on the SAFETY Act, DHS acknowledged ``that successful implementation of the Act requires that applicants' intellectual property interests and trade secrets remain protected in the application process and beyond.'' 68 FED. REG. 41423 (July 11, 2003). In the latest rules, DHS has taken commendable steps to maintain the confidentiality of SAFETY Act application data by: (1) treating ``the entirety of the application'' as ``confidential under appropriate law''; (2) recognizing the applicability of various trade secret laws to the application information; and (3) committing to ``utilize all appropriate exemptions from the Freedom of Information Act.'' 71 FED. REG. 33151, Sec. N and 33168, Sec. 25.10 (2006). However, DHS needs to take additional steps to assure SAFETY Act applicants that their most valuable technologies and secrets will be secure. Two key steps are: (1) establish a sound information security program; and (2) provide transparency and controls for any sharing of SAFETY Act data. Information Security Program. A sound information security program is critical to avoid disincentives for companies to share SAFETY Act data about their most valuable technologies with DHS.\5\ The new rules encourage electronic applications, but still do not address the concerns raised during the 2003 hearings on SAFETY Act implementation: We are also concerned that the Department has not clearly identified how it specifically will protect this sensitive proprietary data from unauthorized disclosure or dissemination . . . . While ITAA will certainly be the first to support and embrace the power of the Internet to enhance and transform business processes, the Internet is still an open system and is vulnerable to breaches. We are concerned that there is no mention of a comprehensive management plan to secure the systems over which data will be transmitted, policies and procedures applicable to DHS personnel operating and having access to the system, or details on the technological approaches the Department will take to secure the data provided by applicants. We urge the Department to work with industry to develop and implement a comprehensive plan to secure the data and network over which this highly sensitive, proprietary information will flow.\6\ These concerns have been magnified by cybersecurity issues that continue to challenge DHS, including: (1) failing scores on information security for the past two years on the Federal Information Security Management Act (FISMA) report card; \7\ (2) continuing delays in filling the Assistant Secretary for Cybersecurity position; \8\ and (3) various information security concerns identified by the Office of Management and Budget (OMB), GAO and the DHS Inspector General.\9\ While the SAFETY Act regulations include DHS commitments to protect the confidentiality of applicant data, DHS needs to roll out a FISMA- compliant information security program built around the standards published by OMB and the National Institute of Standards and Technology (NIST).\10\ With sound information security, DHS can better achieve the SAFETY Act purpose of encouraging more applicants to offer a broader array of technology due to their confidence that DHS will protect their confidential data. Transparency & Controls for Information Sharing. In 2003, the interim SAFETY Act regulations stated that DHS ``shall establish confidentiality protocols for maintenance and use of information submitted to the Department under the SAFETY Act and this part.'' 68 FED. REG. 59703, Sec. 25.8 (2003). The final SAFETY Act regulations offer little more transparency or detail, stating that DHS ``shall establish confidentiality procedures for safeguarding, maintenance and use of information submitted to the Department under this part.'' 71 FED. REG. 33168, Sec. 25.10(a) (2006).\11\ These latest SAFETY Act regulations do not address industry concerns lingering from the 2003 SAFETY Act hearings regarding with whom DHS may share data, under what conditions, and with what controls in place. In both their testimony to Congress and comments to DHS, the major industry trade associations requested greater transparency and protection: The regulations should require DHS in every instance to provide advance notification to the submitter when considering whether to disclose SAFETY Act information to third parties, give the submitter the right to refuse to agree to disclosure of the information, and to seek judicial review of any decision to disclose the information before such disclosure is made.\12\ As the ``focal point for the security of cyberspace'' under Homeland Security Presidential Directive (HSPD) 7 (Dec. 7, 2003), DHS can demonstrate its leadership role in this area by establishing ``best practices'' for guarding the confidential information of SAFETY Act applicants. In particular, DHS should adopt SAFETY Act regulations that not only incorporate the industry requests above (notice, consent, and review), but should also include technical and management controls (e.g., digital audits and watermarks) capable of tracking who received the data, which recipients signed non-disclosure agreements, what copies have been made, and when audits and training have been conducted. By publishing and implementing such rules governing SAFETY Act data, DHS will greatly enhance both its capability and credibility to protect this confidential information. Encouraging Development of Breakthrough Technologies The new regulations properly recognize the eligibility of developmental technology (i.e., technology that is being developed, tested, evaluated, modified or is otherwise being prepared for deployment'') for SAFETY Act protection. 71 FED. REG. 33161, Sec. 25.4(f) and 33156, Sec. R (2006). However, these regulations and new Application Kit appear to establish an undue preference for existing technologies. At least six times, the Application Kit repeats the following statement emphasizing past or current sales as a critical factor in the approval process: ``It may be very important and could significantly expedite your application if your Technology has been acquired or utilized (or is subject to an ongoing procurement) by the military, a Federal agency, or a state, local or foreign government entity.'' Application Kit at 21, 23, 27, 34, 35, 40 (July 2006). More worrisome, the new regulations create a second-class status for developmental technologies, imposing ``limitations on the use and deployment'' of such items, making approval ``terminable at-will'' by DHS, and generally restricting the duration of the designation (``presumptively not longer than 36 months''). 71 FED. REG. 33156, Sec. R (2006). The new SAFETY Act regulations and Application Kit send the wrong message, and create the wrong incentives, for companies building the anti-terrorism arsenal. Due to the heightened uncertainties in the SAFETY Act approval process for such breakthroughs, companies have greater incentive to invest their research dollars in anti-terrorism technology ready to be fielded now, rather than in breakthrough technologies that may revolutionize the war against terror. We cannot afford to focus the SAFETY Act approvals solely upon today's technologies (i.e., detecting conventional explosives) when the terrorists have moved on to nail polish and peroxide to build bombs in mid-air.\13\ Furthermore, approvals burdened with ``limitations'' and ``terminable at-will'' conditions undermine the certainty needed to foster new anti-terrorism technologies, as the DHS rules acknowledge: ``The Department is aware of this concern and understands that undependable or uncertain liability protections would not have the desired effect of fostering the deployment of anti-terrorism technologies.'' 71 FED. REG. 33152, Sec. D (2006). As the purpose of the SAFETY Act is to provide ``critical incentives for the development and deployment of anti-terrorism technologies'' (71 FED. REG. 33147 (2006) (emphasis added)), development of such technologies should not be shortchanged. In any event, the effort to distinguish between developmental and existing technologies may be illusory, as most technologies have elements of both: For example, many solutions evolve and cannot be completely defined or fixed in advance. It is therefore important to provide coverage when systems design, for instance, is part of the contract performance.\14\ Indeed, nearly all of the major Homeland Security programs include ongoing, evolutionary design and development work in parallel with other program activities.15 As the president of one trade association explained, companies need to know during the design phase whether SAFETY Act protection is available: It is important that the regulations provide for QATT protection when systems design is part of the required contract performance. In the absence of such protection, Sellers may be unwilling to proceed.\16\ Thus, the DHS regulations and Application Kit should make clear that the SAFETY Act approval process will welcome both developmental and existing anti-terrorism technology and that companies will not be penalized in the application process for presenting breakthrough technologies for review and approval. Synchronizing Procurements and SAFETY Act Approvals In its latest regulations, DHS ``recognizes the need to align consideration of SAFETY Act applications and the government procurement process more closely.'' 71 FED. REG. 33156, Sec. P (2006). In addition, DHS has identified several procedures that should assist in accomplishing this objective, including (1) the option for agencies to seek ``a preliminary determination of SAFETY Act applicability,'' (2) the use of ``Block Designation or Block Certification,'' and (3) the potential that DHS ``may expedite SAFETY Act review for technologies subject to ongoing procurement processes.'' 71 FED. REG. 33156, Sec. P (2006). These procedures represent positive steps towards the critical objective of synchronizing procurements and SAFETY Act approvals. However, more needs to be done, as discussed below. For companies selling anti-terrorism technology, the parallel track of procurements and SAFETY approvals presents substantial risks and uncertainties: Disqualification: Company is disqualified because it conditioned its bid upon receiving timely SAFETY Act approval; Delay: Company receives award prior to SAFETY Act approval, thus ``betting the company'' during the interim; or Default: Company receives contract award--but not SAFETY Act approval--forcing company either to default or to perform at risk. According to an NDIA survey, ``25 percent of the respondents had `no bid' over 50 procurements because the company would be unable to obtain SAFETY Act protection in time for the procurement.'' \17\ While such ``no bid'' actions may be less common with the accelerated pace of SAFETY Act approvals, the risk of losing opportunities for major technological advancements and breakthroughs must be carefully weighed in light of the purpose of the SAFETY Act. In particular, DHS can foster the development and deployment of anti-terrorism technology by accepting the risk of delayed SAFETY Act approval. For example, DHS could offer indemnification under Public Law No. 85-804 or authorize bids contingent upon SAFETY Act approval.\18\ By shouldering approval risks that fall almost entirely within its control, DHS would expand the field of competition and the array of anti-terrorism technologies available to both DHS and the public. In addition, the approval process should benefit from a new position for a SAFETY Act technology advocate tasked with breaking bottlenecks, resolving impasses, and expediting critical applications. Such a technology advocate would reduce the risk of approval delays that plagued a similar process in the 1960's and 1970's when a small part of the Food & Drug Administration (FDA) review staff occasionally delayed life-saving drugs with excessive information demands.\19\ In addition, a SAFETY Act technology advocate would help DHS to avoid the type of pitfalls encountered by the pharmaceutical industry when the FDA review staff found it easier to deny, than approve, applications.\20\ With this technology advocate, the DHS objective would be directly aligned with Congressional intent that the SAFETY Act ``Support'' and ``Foster'' anti-terrorism technologies to save lives. Extending the Duration of SAFETY Act Protection Without identifying any support in the statute itself, the DHS final rule imposes a mandatory sunset period upon approved anti- terrorism technology, thus requiring renewal every ``five to eight years'' to maintain protection. 6 C.F.R. 25.6(f), (h); 71 FED. REG. 33163-4 (2006). Since the time that DHS initially proposed this ``five to eight year'' period in 2003, industry consistently opposed it.\21\ DHS seeks to justify this rule based upon the assumption that the approval depends upon factors such as ``a specific threat environment, the nature and cost of available insurance, and other factors all of which are subject to change.'' 71 FED. REG. 33155, Sec. N (2006). However, the factual basis for this assumption is unclear, as some technologies--like blast-proof glass and bomb-sniffing dogs--will change at glacial paces, if at all. If either the technology or the insurance requirements change, the DHS rules already impose reporting requirements that assure continued DHS supervision. 6 C.F.R. Sec. Sec. 25.5(g), (h), 25.6(l), 71 FED. REG. 33162, 33165 (2006). If the threat environment changes, new technologies will replace the old. Thus, this agency-imposed restriction on the statute appears neither justified nor necessary. In any event, the DHS mandatory sunset period cannot be squared with the express terms or purpose of the SAFETY Act. First, the SAFETY Act establishes statutory protections without any term limits. For example, the Act states that ``No punitive damages . . . may be awarded,'' rather than that ``No punitive damages . . . may be awarded for five to eight years.'' 6 U.S.C. Sec. 442(b)(1). If Congress intended to limit the duration of statutory protections, the SAFETY Act surely would have said so. Second, the limited shelf-life for approved technologies will create a bow wave of renewals in five to eight years, burdening industry and DHS alike with paperwork and distracting both from the more important task of seeking and approving new technologies. Unless the review is a mere formality (in which case it is unnecessary), the additional burden and risk undermine the incentives for technology investments. Accordingly, the DHS renewal requirement runs counter to the statutory purpose of encouraging and facilitating the development and deployment of more technology more quickly. Establishing an Appeals Process Even for an arbitrary or unreasonable denial of a SAFETY Act application, the DHS rules cut off any opportunity for an administrative or judicial appeal. 6 C.F.R. Sec. 25.9(c)(2), 71 FED. REG. 33167 (2006) (``Under Secretary's decision shall be final and not subject to review''). Instead, DHS suggests that an ``interactive process'' in which an applicant may ``provide supplemental information and address issues'' is ``sufficient recourse.'' 71 FED. REG. 33155 Sec. O (2006). Since 2003 when DHS proposed an ``interactive process'' without any appeal, the major trade associations expressed the need for an appeals process.\22\ This DHS policy of unreviewable denials is contrary to legislative intent favoring liberal approval, not rejection, of liability protection for anti-terrorism technology: ``it is Congress' hope and intent that the Secretary will use the necessary latitude to make this list as broad and inclusive as possible, so as to insure that the maximum amount of protective technology and services become available.'' 23 Furthermore, this ``no appeal'' policy sends the wrong message, shielding the DHS reviewers from scrutiny or accountability for denying applications and discouraging companies from pursuing applications that may be denied without recourse. Finally, while DHS has accelerated the pace of approvals in the past year under Secretary Chertoff's leadership, the DHS rules do not include any procedural safeguards that would prevent a return to the period when DHS approved just six technologies in sixteen months.\24\ Given the SAFETY Act's purpose to ``save lives'' through technology (71 FED. REG. 33147 (2006)), the right time for an appeals process is now, not after a terrorist incident causes us to regret the unavailability of a technology that could have protected us. In the federal realm of agency actions, administrative or judicial review is the rule, not the exception. More than 50 years ago, agencies contended that rejection of a contractor's bid was too discretionary for external review, but the Court of Claims disagreed, instead recognizing a disappointed bidder's right to judicial review for breach of an agency's implied duty ``to give fair and impartial consideration'' to bid and proposal submissions. Heyer Prods. Co. v. United States, 135 Ct. Cl. 63, 69 (1956). In addition, agencies themselves have acknowledged the need for administrative or judicial review by establishing procedures for appeals and protests for everything from pesticides and pharmaceuticals to radio frequency (RF) devices and federal contract awards.\25\ For SAFETY Act anti-terrorism technology designed to save lives, the case for a review or appeals process is at least equally compelling--if not more so. Conclusion Under Secretary Chertoff's leadership, DHS should be commended for bringing the SAFETY Act much closer to achieving its statutory purpose. With additional enhancements described above, the SAFETY Act can reach its full potential of facilitating the development and deployment of technologies essential to our fight against terrorism. I am available to answer your questions. Endnotes \1\ H.R. REP. NO. 107-609, Pt. 1, at 118 (July 24, 2002). \2\ 148 CONG. REC. E2079 (daily ed. Nov. 15, 2002) (statement of Rep. Armey). \3\ Border Technology: Keeping Terrorists Out of the United States: Hearing Before the Senate Subcomm. on Terrorism, Technology & Homeland Security and Subcomm. on Immigration, Border Security and Citizenship of the Comm. on the Judiciary, 108th Cong., 1st Sess. 1-8 (Mar. 12, 2003) (statement of Sen. Kyl: ``people can't possibly patrol the entire area, and therefore we are going to have to continue to enhance the application of technology'') (statement of Sen. Feinstein: ``technology is not the sole answer . . . but it is an essential element''); (statement of Sen. Kennedy: ``We know that a great deal more has to be done in this area not only in getting the best technology, but also having it interoperable''). \4\ ``The old security paradigm in this country of guns, gates, and guards is changing fast. And technology is going to replace it all.'' Fiscal Year 2004 Homeland Security Appropriations: Hearings Before House Subcomm. on Homeland Security of Comm. on Appropriations, 108th Cong., 1st Sess. (Mar. 20, 2003) (statement of Rep. Wamp). \5\ With respect to critical infrastructure information, the Government Accountability Office (GAO) has documented instances in which industry does not share information with DHS due to concerns about ``potential release of sensitive information'' and uncertainty about how such information ``will be used or protected from disclosure.'' GAO, Critical Infrastructure Protection: Challenges in Addressing Cybersecurity 14 (July 19, 2005) (GAO-05-827T). \6\ Implementing the SAFETY Act: Advancing New Technologies for Homeland Security: Hearings before House Comm. on Government Reform, 108th Cong., 1st Sess. 44 (statement of Mr. Miller) (hereinafter the ``2003 House SAFETY Act Hearings''). \7\ Rep. Davis, ``No Computer System Left Behind: A Review of the 2005 Federal Computer Security Scorecards,'' House Comm. on Government Reform (Mar. 16, 2006) (http://reform.house.gov/UploadedFiles/ TMD%20FISMA%2006%20Opener.pdf). \8\ Krebs, ``A Year Later, Cybersecurity Post Still Vacant,'' Washington Post p. A21 (July 13, 2006); ``Democratic Senators, Industry Coalitions Urge DHS to Fill Still Vacant Cyber-Chief Slot,'' BNA Privacy Law Watch (July 14, 2006). \9\ OMB, FY 2005 Report to Congress on Implementation of the Federal Information Security Management Act of 2002 at 39 (Mar. 1, 2006) (43% of DHS systems certified and accredited; 52% of security controls tested); id at 40 (DHS IG gave rating of ``Poor'' to DHS) (http://www.whitehouse.gov/omb/inforeg/reports/ 2005_fisma_report_to_congress.pdf); GAO, Critical Infrastructure Protection: Challenges in Addressing Cybersecurity 9-10 (July 19, 2005) (GAO-05-827T) (identification of DHS cybersecurity responsibilities and problem areas). \10\ OMB Circular No. A-130; OMB News Release, ``OMB Reinforces Strict Adherence to Safeguard Standards'' (June 26, 2006); OMB Memo to Department and Agency Heads, ``Protection of Sensitive Agency Information'' (June 23, 2006) (M-06-16) (www.whitehouse.gov/omb/ memoranda/fy2006/m06-16.pdf); NIST Special Publication 800-53A (2nd Public Draft) (Apr. 2006) (http://csrc.nist.gov/publications/ drafts.html#sp800-53-Rev1). \11\ The DHS commitments to require non-disclosure agreements and to check for potential conflicts of interest are not new, as both the interim regulations in 2003 and the final regulations in 2006 address these issues. 68 FED. REG. 59687 (2003); 71 FED. REG. 33151 (2006). \12\ 2003 SAFETY Act Hearings 54 (statement of Mr. Miller); id. at 150 (comments of Information Technology Association of America (ITAA), the Professional Services Council (PSC), the Aerospace Industries Association (AIA), and National Association of Manufacturers (NAM). \13\ ``Technology isn't available to detect potentially lethal liquids hidden in sports drink bottles or other containers. The foiled airline attack from the U.K. highlighted the merits of good intelligence, which stopped the liquid bomb scheme before it reached a critical point.'' Alva, ``Billions of Dollars Buy Tighter Security But Work Remains,'' Investor's Business Daily A1 (Sept. 11, 2006). \14\ 2003 House SAFETY Act Hearings 58 (statement of Mr. Soloway). \15\ GAO, Homeland Security: Progress Continues, but Challenges Remain on Department's Management of Information Technology 30-31 (Mar. 29, 2006) (GAO-06-598T) (discussing challenges relating to requirements definition and development for major Homeland Security programs). \16\ 2003 House SAFETY Act Hearings 65 (statement of Mr. Soloway). \17\ NDIA and PSC letter to DHS Under Secretaries Hale and McQueary dated Feb. 3, 2005. \18\ For the Secure Border Initiative (SBI) Net program, the DHS Request for Proposals specifically recognizes that the procurement should be covered by the SAFETY Act, but warns offerors that ``Proposals in which pricing or any other term or condition is contingent upon SAFETY Act protections of the proposed product(s) or service(s) will not be considered for award.'' In a number of other procurements, contractors have been disqualified for conditioning their proposals upon SAFETY Act approval. \19\ For example, in 1969, one FDA reviewing officer repeatedly demanded more data on the efficacy of aspirin in preventing heart attacks (including submission of all prior literature on aspirin), ultimately forcing E. R. Squibb & Sons, Inc. to abandon the research initiative. Wardell, ``Rx: More Regulation or Better Therapies?'' Regulation at 25-6 (Sept.-Oct. 1979). Five years later, studies by the National Institute of Health (NIH) confirmed substantial reductions in heart attacks attributable to aspirin, thus demonstrating the costs of unnecessary delays in the drug approval process. Id.; see also Elwood & Sweetnam, ``Aspirin and Secondary Mortality After Myocardial Infarction,'' The Lancet 1313 (1979). \20\ The former FDA Commissioner described the incentives for FDA staff to take ``negative action on new drug applications'' as ``intense'' during the late 1960's. Grabowski, Drug Regulation and Innovation 76 (quoting speech by former FDA Commissioner Schmidt before the National Press Club in Washington, DC on Oct. 29, 1974). \21\ DHS does not explain why ``five to eight years'' represents an appropriate period of time. During hearings in 2003, the president of the ITAA objected to the ``arbitrary timeframe for designation,'' adding alternatively that ``we also believe that the timeframe should be extended to a minimum of 10 years--if not substantially longer-- which is more consistent with the effective dates of long-term services agreements and more realistically reflects the length of time necessary to develop and implement complex systems and services.'' 2003 House SAFETY Act Hearings 48 (statement of Mr. Miller). Similarly, the PSC president testified that ``there is no public policy reason to impose any fixed period of time on the useful life of the Designation period of a QATT [qualified anti-terrorism technology]. Indeed, in some cases, a contract performance period can extend beyond five or eight years.'' Id. at 65 (statement of Mr. Soloway). \22\ 2003 House SAFETY Act Hearings 55 (statement of Mr. Miller). In comments on the DHS proposed regulations in 2003, the ITAA, PSC, AIA, and NAM all requested an appeals process. Id. at 149. \23\ 148 CONG. REC. E2080 (daily ed. Nov. 15, 2002) (statement of Rep. Armey). \24\ ``Shortly after being sworn in, Secretary of Homeland Security Michael Chertoff stated: `There is more opportunity, much more opportunity, to take advantage of this important law, and we are going to do that.' '' 71 FED. REG. 33148 (2006). During the earlier phase of SAFETY Act implementation ``from October 2003 to February 2005, six technologies were designated Qualified Anti-Terrorism Technologies under the SAFETY Act.'' Id. \25\ C.F.R. Sec. 152.118(e) (2006) (right to hearing for denial of application for insecticide, fungicide or rodenticide); 47 C.F.R. Sec. Sec. 1.106, 1.115 (2006) (petition for reconsideration by Federal Communications Commission (FCC) staff or for review by the FCC Commissioners for denial of RF equipment authorization); 21 C.F.R. Sec. Sec. 201,235 (2006) (hearing or judicial review for denial of a new drug application); Federal Acquisition Regulation (FAR) Sec. 33.103 (agency review and alternative dispute procedures for disappointed bidders for federal contracts). Mr. Reichert. Thank you, Mr. Bodenheimer. I will first go to Ms. Jackson-Lee for her questions. Ms. Jackson-Lee. Thank you very much. And I do appreciate the witnesses and thank you for your understanding of our schedule. I want to raise a concern that looms over the heads of the traveling public. Obviously, the recent finds or discoveries, if you will, law enforcement--a combination of intelligence authorities just the past couple of weeks with the British busting of a potential terrorist act. That then sent, of course, the summer travel schedule spinning, as well as the thoughts and minds of travelers, and then, of course, the determination decisions that have to be made by the industry. You have a traveling public that now is forbidden from taking toothpaste onto their carriers on the basis of safety. But certainly, as Americans and many times as travelers, we are used to convenience. That is an element, if you will, for technology, either how you detect it, how you use the sophistication of the screening system to ensure that you are able to secure but also that you are able to provide the traveling public with the conveniences that they understand and expect, not deflecting the importance of homeland security. So let me ask Mr. Bodenheimer, because you mentioned the words best practices, you mentioned breakthrough, developmental, et cetera, which are words that are music to me, what is thwarting this new department and the SAFETY Act to do meaningful technology and research? That is something that we need. We are being delayed and detained. So let me just pose that question to you, and I don't know if you reviewed the department structure, but you have heard Secretary Cohen. What more do we need to do? And this is urgent. And I would imagine that the traveling public--but America believes that homeland security and technology is urgent. What do we need to do? I yield to the gentleman. Mr. Bodenheimer. I fully agree with you that this, in fact, is urgent. We are talking about not only lifesaving technology but, as you point out, technology which will provide the flow of commerce so that we don't choke our economy through lacking the type of technologies to keep us not only safe but also economically viable. I think DHS needs to put the resources in here as a top priority. I believe that in terms of staffing they need not only additional staffing but, in addition, a lack of turnover. One of the comments that I have heard is when an application goes in, you never know whether you are going to be dealing with the same person today that you deal with tomorrow and next time. I believe that they need to bring in the necessary expertise to be able to push the applications through rapidly. I think they also need to take the steps of assuring confidentiality of the information, of encouraging the breakthrough technologies so that the message gets out to industry that they know that they are welcome and they are protected when they provide their information. Ms. Jackson-Lee. Let me yield back to the distinguished-- unless there is someone desiring to--I will take a quick response. Mr. Howell. I think that one of the most interesting parts of the reorganization plan that Vice Admiral Cohen has put together is he has reoriented the Science and Technology Directorate so that it serve the needs of its customers, its customers as he has defined them in his reorganization plan as being the directorates within DHS. Therefore, he will be more responsive and directly responsive to the needs of TSA and what it sees as the threats, and therefore put science and technology research dollars toward those threats. That was not the case prior to his reorganization plan. We think that is critically important. We also have or would argue that his additional set of customers is the owners and operators of the critical infrastructures and finding a way to integrate their needs, their desires, their views on threats and research and development priorities based on those threats is absolutely essential. And then once you have an understanding of the priorities of both the public-and private-sector customers that he responds to, have a SAFETY Act process that prioritizes and expedites those is appropriate in our view. Ms. Jackson-Lee. Thank you. Mr. Soloway, I think you had--it looks like I am getting a lot of--if I can get Mr. Soloway and if you can do yours in seconds, and then Mr. Meldon. Thank you. Mr. Soloway? Mr. Soloway. Thank you, Ms. Jackson-Lee. I would just suggest that in this discussion we can't divorce the discussion of the S&T organization with sort of the broader procurement regime of the federal government, which does involve Congress. It does involve the Office of the Chief Procurement Officer. And two quick analogies. In the Clinton administration I served in the Defense Department in a senior acquisition position, and one of our great challenges was opening up our acquisition processes to cutting-edge technologies, be they very small firms out in the hinterlands or very large firms who would not do business with the government because of so many of the unique rules and requirements that we layered on them. More recently, in the aftermath of Katrina, I traveled to Mississippi with Mr. Thompson to talk to four or five dozen small businesses in his district that wanted to participate in the cleanup process. And we spent a whole half day with them walking through all of the requirements associated with doing government contracting. So part of this is an organizational challenge for S&T. Part of it, I think, is a broader discussion of do we have the right procurement regime in place to attract those firms in a way that they can afford to do business with the U.S. government. And that would involve the Congress as well as the department. Ms. Jackson-Lee. Thank you, Mr. Soloway. Mr. Meldon? Mr. Meldon. I would add the following, Ms. Jackson-Lee. Number one, I think that what needed to be done was done. I.e., once the problem was identified, there was a sense of urgency and industry responded. Remember, industry is also part of this equation, as is the Department of Homeland Security. Number two is that in Undersecretary Cohen's remarks, he mentioned dual-use technology. We can't assume that we know what the next terrorist's use of some technology for a benign purpose is going to be for the wrong purpose. Therefore, what industry is looking for from the department is prioritization of future R&D development for dollars to be spent on what the next threat is going to be. Who would have imagined that a Coca-Cola or Gatorade could be used to blow up an airplane, okay? Well, now we know. Now we are responding. The government and industry is responding. But how do you prioritize that? That is something that I think needs to be considered. Ms. Jackson-Lee. It is a good question to leave on, Chairman Reichert. Thank you very much for your indulgence. And on our side, let me simply say the word ``urgent'' should be the word resounding out of this room. And I think there is some good instruction from these individuals on small businesses, on cutting-edge technology, on industry. And, Mr. Chairman, maybe we can work on getting this, I guess, infant sector of the Homeland Security Department-- Secretary Cohen; we are glad he is there--to give priorities, because I think that is going to be key. We can't be constantly in the back side of the issue. We have got to be in the front side. Now we are trying to find out about Gatorade and Coca-Cola and everything else. I know all of us would have hoped that maybe intelligence and otherwise could have gotten us 6 months out at least. And how do we counter these? So I hope maybe this committee can help focus on that priority. Thank you, Mr. Chairman. Mr. Reichert. Thank you, Ms. Jackson-Lee. I want to maybe just make a couple of comments first before I ask my questions. Maybe some of you know I was sheriff in Seattle for a number of years, 33 years in law enforcement. My last 8 years, I was the sheriff of King County in Seattle, Washington. Part of my duties, of course, was to come before the county council--it was a 13-member committee--and testify. And every now and then I would show up and there would be one or two people sitting in the chair. And I would be a little bit offended, because I thought what I had to say was important. I just want to remind you that because you have two members sitting here does not mean your testimony is not important. This is critical for us to hear. Your testimony is critical. The number of people sitting on the dais here doesn't apply to the importance of your input. One of the things that we have done in our subcommittee is we have taken every statement by every witness, since I took the chair of Science, and Technology, Emergency Preparedness back in October of last year, and evaluated each one of those statements as if I were investigating a murder case, looking for commonalities positive, looking for commonalities negative. And then you base your legislation upon the information that you provide in your statements. So I don't want you to leave here today thinking that your presence here was not appreciated and is not important, because your testimony, your statements, will all be reviewed and thoroughly examined so that we can begin to work with you. This isn't a job, as someone said in their testimony, just for Homeland Security, but for a number of other departments, and for businesses that you represent across this country and for members of Congress. So all of us are in this together. And since there are only two of us, I will take just a little bit more time to say that I really understand this progression of science, not because I have any real background in science, but because in my experience in investigating one of the most horrendous crimes ever committed in this country, a series of murders in Seattle where 80 people were killed, and we were able to convict someone for 50 of these murders. The science was the key. The science will be the key in homeland security. And I know that the undersecretary is keenly aware of that and has presented a plan. But in 1982, having a Rolodex file, no computers, no AFPIS--automated fingerprint identification system--no idea that DNA was on the horizon, but only a blood type is what we were looking for. And years later, DNA arrives and a fingerprint identifying the man responsible for the death of at least 80 people. So we know where this is headed, and we know that we have the right man in charge of this effort, and we know that we have a great dedicated group of people like yourselves representing businesses across this country involved in this process. So my first question is what is the most common criticism you hear from businesses about the SAFETY Act. And anyone on the panel can--what is the most common criticism? Is it the process, the application process, or what is the most common criticism? Mr. Finch? Mr. Finch. Mr. Chairman, I would say in my experience, among the most normal criticisms that we get is that the application process to date has been overly involved and has required too much detail in terms of the amount of information that must be provided. Everybody understands the responsibility of the Department of Homeland Security to conduct a meaningful review and to have faith in its determination that the technology at issue is, in fact, safe, effective and useful. But over the past years, as I mention in my testimony, what constitutes sufficient information has fluctuated up and down. It has varied from application to application. If you submit enough applications, you can see patterns. But if you are relatively new to the process, it can catch you a little bit by surprise. And I think the department has taken that to heart, and I believe Secretary Chertoff, from the moment he assumed his position, understood that improvement needed to be made to the process and that it had to be a quicker, leaner and more efficient process. Not to say that it would be a rubber stamp; nobody would ever expect that. Nobody would ever agree to that. However, they do understand that it may not necessarily require drilling down to the subatomic level on some of these applications. Applicants sign their name to this application saying that everything is truthful that is included. And if they don't do that, then they suffer consequences at a later date. Mr. Reichert. Thank you. Mr. Soloway? Mr. Soloway. Yes, if I could just add on to that, and I second Mr. Finch's comments, I think first of all the emergence of the final rule has eliminated some of the more common comments that we have had over the last several years. But a number of us made reference in our comments to a streamlined application kit. And I want to be clear--and I think Mr. Finch made the point that no one is suggesting a rubber stamp here, but leaving aside for a moment the amount of information the department determines it needs, there is also a staggering of timing of information. How much does the department need at various stages of this process? And to load it front end all the way oftentimes requires levels and degrees of information that either you can't even get at that moment, are not necessarily relevant to that moment in time. So part of the point of the application kit that this coalition of groups created was really to define a staggering so that you are not staggered at the very front end by this total volume that you don't really need to get through that level of process at that time. So there is also a timing issue for the volume of information as well as a definition of the total volume that you need. Mr. Reichert. Mr. Meldon? Mr. Meldon. In keeping with your question about commonality of themes, Mr. Reichert, I would say that as Undersecretary Cohen mentioned in his remarks, there is a supposed 120-day to 150-day period by which these applications are to be reviewed and passed on. And the problem with that is that if the department comes back with questions for the seller of the technology within 90 days or 100 days, the clock starts all over again, so it is not a flat 120 days. It is a flat 120 days after the final submission of all of the information that has been requested by the department relative to the certification and designation of the technology. Mr. Reichert. Any other comments? Mr. Bodenheimer? Mr. Bodenheimer. It depends in part upon the size of the business. One of the things that I have found is that the small-and medium-sized businesses have been completely terrified by the process of going through the application, trying to comply with the regulation. I still have heard from even the large businesses that the new application demands a very large amount of information, and they anticipate that the burden will not be substantially lessened. The most common complaint I hear from the large companies is this issue of synchronizing the procurement process with the SAFETY Act approval process that several of the panel members have identified. There are a number of companies who simply will not bid on government procurements out of fear that they will not get the SAFETY Act approval in time. Mr. Reichert. Because of the length of the process and the complications of the process, there is a cost involved to the companies that are looking at completing the paperwork and going through this process, besides the time of the employees involved in trying to research and fill out the paperwork, is that-- Mr. Bodenheimer. Yes. There is a huge burden in filling out the applications. I believe Mr. Soloway in 2003 identified a burden of about 1,000 hours to fill out the applications, and some of the large businesses are telling me that still they anticipate the burden will be in the same range. Mr. Reichert. Mr. Finch? Mr. Finch. I would like to comment on that a little bit, again, given my experience in working with companies both large, small and in between. Your experience depends on the company you are dealing with. I would say, actually, in a number of instances where I have dealt with smaller companies, the process has actually been somewhat easier for them, if for no reason other than they are a little bit more nimble than the larger companies. There is less people who retain the information that is necessary for the SAFETY Act review process. So it can vary from time to time and from company to company. And you know, on a related note, when we were talking about the marriage of procurement and the SAFETY Act, again, I think it cannot be overstated that one of the great successes of the new rule and the new application kit is this prequalification process. You talk about, you know, companies not willing to bid upon a particular procurement because they are concerned they won't get SAFETY Act approval. The department has heard that criticism, heard it from some of the largest municipalities in the country, who said we need these technologies, but we need to also guarantee that they will receive SAFETY Act approval. By virtue of the prequalification, there is now a process in place to assure that whoever wins that particular procurement--and it doesn't have to be a particular company; it can be whoever wins, one of five companies, 10 companies, 15 companies that bids--they will be assured by virtue of the prequalification process they will ultimately receive SAFETY Act approval. And that is an important aspect that I think cannot be understated. And the department should, frankly, again, be applauded for that. Mr. Reichert. Thank you. Any other comments? Mr. Howell, in your testimony you remarked that DHS needs to strengthen its procurement and acquisition process in order to achieve coordination with antiterrorism procurements and the SAFETY Act. Do you have some performance metrics in mind? Mr. Howell. Candidly, I think it comes down to the issue of performance metrics. One of the largest challenges that I think Ms. Duke and others in the DHS procurement office have identified is coming up with effective performance metrics for antiterrorism procurements. One of the biggest challenges in measuring things like responses to SBInet proposals is the lack of performance metrics in that request for proposal. It is designed to be a very open-ended process where vendors come forward with unique solutions, yet at the same time that creates a challenge. How does one define the efficacy of a technology and therefore determine its efficacy in a SAFETY Act review and as part of the procurement process? And you know, a lot of it gets to the challenges that DHS procurement officials face, and I would defer part of this to Mr. Soloway, because he is much more expert in this area than I am. But the procurement staff, as we all know--the sense of urgency has been discussed here repeatedly. There is an extraordinary sense of urgency in the DHS procurement staff, in that they must perform probably under compressed time frames from what they might otherwise be used to in going through an orderly process of conducting market research, planning a procurement strategically, building out their performance metrics, and then actually putting their procurement on the street. All of those time frames are extraordinarily compressed, and finding a way to incorporate liability issues and SAFETY Act concerns in that process, I would argue, has been a tremendous challenge, as has been the whole issue of identifying performance metrics. And I would invite Mr. Soloway to add some additional meat onto those bones. Mr. Soloway. I would just make two very quick comments. Number one, I think performance metrics are critical, but I don't think we can hold people accountable for performance metrics until we give them the tools to meet the performance we expect and are asking. And that is really a training and education challenge for the department, and I think the Congress can be very helpful here. Our office has worked with Mr. King and Mr. Thompson on prospective legislation to help essentially close off or closet off some funds to ensure that the office of procurement has adequate funds to train its workforce, because, as you know, in tight budgets, some of the first things to get cut are training and travel. So we have to give the people the tools first before we hold them accountable, though I agree fully with Mr. Howell. I think the second thing is to have a lot more engagement between DHS and this committee and others so that as people are trying to do things innovatively, particularly in a compressed time frame, particularly when a new threat emerges and we need action quickly, that we don't have a lot of after-the-fact second-guessing when people have acted in good faith, whether or not they have done everything absolutely right. There can be mistakes made, and try to separate that out, and so the workforce knows that it is supported both in their department and on the Hill and elsewhere to be innovative and go out and react quickly to challenges as they emerge. Mr. Reichert. Well, I want to thank all of you for your testimony today and your patience. And we have a short month of work here, so everyone is running off to other hearings here and there. But I recognized a few things that I want to mention very quickly. One, we are, I think, very encouraged that communication that we talked about here today is in existence, and people are working on that, and it is absolutely the key to our success. The undersecretary recognized that. As soon as he took office, he opened communication with our staff on both sides and personally sat down and had discussions with them. And I know that he will be doing that with you if he hasn't done that already, and he has been seated behind you the entire time listening to your testimony. So I think there is a lot of encouraging things happening in our efforts. The three things I hear that need to be improved upon, though, certainly is the application process. We need to really make sure that we encourage new technology and break through those bureaucratic rules and regulations that hinder the development of new technologies. And, of course, the last thing we just talked about was the acquisition process. And I know all of you are working hard on that. I certainly appreciate, again, you taking time to be here today. Thank you all for your testimony. And this hearing stands adjourned. Thank you. [Whereupon, at 12:35 p.m., the subcommittees were adjourned.] A P P E N D I X Questions from Representative Peter King for Elaine Duke Responses Insurance Related Questions 1. The Department's August 15, 2006 revised Application, the question is presented if insurance purchased for SAFETY Act claims can be paid for non-Safety Act claims. Would the Department approve an insurance program where the full liability limits could be exhausted by non-SAFETY Act claims? If so, what insurance funds will be used for the SAFETY Act claims? Response: The issue of erosion of available insurance proceeds was taken into consideration when an applicant's insurance program was considered. It depended on the amount of insurance that was available relative to the likelihood of claims associated with the deployment of that technology. The Under Secretary of Science and Technology would not allow erosion in which there is a small insurance policy associated with the particular technology. If large corporate general liability policies are pledged by the sellers, the tendency had been to allow erosion of those large policies for non-SAFETY Act related claims. It is our intention to move away from erosion to single non-erodable limit. 2. In cases where the Department allows a company to self-insure for certain technologies or services, will the amount of self-insurance required be equal to the amount of insurance required? How will the Department ensure that an applicant has the financial solvency to fulfill its self-insurance commitment? Response: In the event of self-insurance, the Department of Homeland Security weighs a number of factors, including, non-transfer of risk to an insurance company, cost of capital, financial health of the company, company assets, management, etc. We also conduct a benchmark analysis to determine the amount of insurance normally carried by similar companies selling similar products or services. Furthermore, we have subject matter experts conduct a `risk based' analysis based upon the characteristics of the product or service utilizing a standard template developed with the assistance of the world's largest insurance broker. All of these factors are considered in setting the appropriate amount of insurance. However, the use of self-insurance is rare and never mandated. The Department may require any company permitted to self-insure to either obtain a financial instrument to guarantee coverage (e.g., letter of credit from a bank) a pledge of assets, or a certification from the seller that it possesses sufficient assets to satisfy the insurable amount. Because of the small number of cases in which there has been self-insurance, it would be inappropriate to make broad generalizations about the methods employed to ensure that the seller is solvent. Each seller's situation is examined on a case by case basis. The Department keeps abreast of available and affordable commercial insurance products for the smaller applicants with low revenue, but effective, anti-terrorism technologies. In these instances, the Department will also require periodic reports from the applicant concerning revenues from their SAFETY Act technology, so the Department will be able to re-visit the insurance affordability issue over time. 3. Does the Department support ``self-insurance'' even if there is SAFETY Act insurance available in the world market at prices that would not unreasonably distort the sales price of the approved technology? In what cases does the Department support such self-insurance? Response: The Department will generally require applicants to acquire (or maintain in force) a contract of insurance to satisfy the insurance requirement, although the Department will entertain requests to self-insure and allow self insurance on an exceptional basis. In the event of self-insurance, the Department weighs a number of factors, including, non-transfer of risk to an insurance company, cost of capital, financial health of the company, company assets, management, etc. We also conducted a benchmark analysis to determine the amount of insurance normally carried by similar companies selling similar products or services. Furthermore, we have subject matter experts conduct a `risk based' analysis based upon the characteristics of the product or service utilizing a standard template developed with the assistance of the world's largest insurance broker. All of these factors are considered in setting the appropriate amount of insurance. 4. If an insurance policy only provides terrorism coverage for acts deemed to be a terrorist attack under the Terrorism Risk Insurance Act (TRIA), does that policy qualify as ``sAFETY Act insurance'' under the Department's interpretation of the Act; especially since the definition of an Act of Terrorism is very different between the two laws? Response: The Department of Homeland Security's practice has been to accept a Terrorism Risk Insurance Act (TRIA)/Terrorism Risk Insurance Extension Act (TRIEA) endorsement for acts of terrorism without requiring a company to purchase additional insurance since that requirement would most likely unreasonably distort the price of the anti-terrorism technology. We are also sensitive to not require insurance coverage that is not reasonably available on the worldwide insurance markets. The Department keeps abreast of sources of available insurance that are affordable and which will provide an adequate level of protection in the event a SAFETY Act technology is involved in a loss caused by an act of terrorism. Questions from Representative Mike Rogers (AL) 1. Can you please describe the training that procurement officials receive about the SAFETY Act? Are there plans to revise such training to reflect the recent changes? Response: The procurement community has received and will continue to receive SAFETY Act training and guidance through multiple venues, including formal briefings/training, workshops, and on-line training. Training accomplished thus far has included: In 2005, Science and Technology (S&T) and the Office of the Chief Procurement Officer (OCPO) prepared and posted to the Defense Acquisition University (DAU) virtual campus web site training material that provides an overview of the SAFETY Act, including the vendor application process. In June 2006, in collaboration with S&T, the OCPO briefed the heads for each of the eight DHS contracting activities (HCA) on the SAFETY Act and the procedures for implementing SAFETY Act considerations into DHS procurements. In August 2006, S&T and OCPO issued a joint memorandum to the heads of the DHS HCAs, the component Offices of General Counsel (OGC), and the DHS Program Management Council (PMC) discussing the implementation of the SAFETY Act in acquisition planning. In September 2006, S&T and OCPO also briefed the DHS Program Management Council on the SAFETY Act and related processes and procedures. The Program Management Council is a component of the Program Management Center of Excellence, which works to develop the policies, procedures and other tool sets needed for DHS Program Managers to succeed. With the final publication of the SAFETY Act program rule, and the development of a federal government-wide procurement regulation on the SAFETY Act, future training plans include: Familiarization training to acquaint DHS contracting professionals on the SAFETY Act in general and how and when it applies to DHS procurements. Development and delivery of a workshop for the purpose of developing a subject matter expert within each of the contracting Components on the SAFETY Act and its application to DHS procurements. The subject matter expert would then assist contracting professionals within each Component on evaluating the need for SAFETY Act coverage on applicable procurements and the procedures for implanting coverage. Development of an on-line training course that provides just-in-time training to contracting professionals as needed. In addition to training, OCPO is currently working to further revise the Department's current acquisition planning guide, which is contained in the Homeland Security Acquisition Manual (HSAM) (a document describing DHS' internal procurement policies and procedures) to incorporate guidance and procedures on how to apply and implement the SAFETY Act to applicable procurements. Last, OCPO is preparing a source selection guide, which will also include information on the SAFETY Act. 2. What specific procurement process changes has your office made to ensure greater coordination between the SAFETY Act approval process and the procurement process? Response: To effectively integrate SAFETY Act considerations in the procurement process, the OCPO works closely with S&T to facilitate open communication and align processes. OCPO and S&T personnel collaborated in developing a proposed FAR case to implement the SAFETY Act. They are also developing a case for revising the Homeland Security Acquisition Regulation (HSAR) to include DHS-specific policy related to SAFETY Act implementation. OCPO personnel revised the Homeland Security Acquisition Manual (HSAM) to alert both requirements and contracting personnel of the need to address SAFETY Act applicability early on in the acquisition process and document the consideration in the acquisition plan. OCPO is currently preparing an additional revision to the acquisition planning guide to provide additional procedures on how to apply and implement the SAFETY Act to applicable procurements. 3. At what point in the procurement process does the SAFETY Act become a factor? Is it at the outset of the procurement or at some other point? Response: For those requirements potentially involving anti- terrorism technologies, SAFETY Act concerns should be addressed as soon as possible after identifying the mission need. However, absent the ability to make that identification, the requirement for SAFETY Act protections may be identified later in the process (e.g. at the solicitation or proposal phases). In order to preclude impacting the acquisition cycle time, early identification is crucial. 4. Ms. Duke, in your testimony you discuss how you will expedite the SAFETY Act process with certain procurements such as with Radiation Portal Monitors (ASP) and the Liquid Based Explosives Detection Technologies. However, the industry is concerned about all procurements, specifically if they are not particularly high profile. What steps can your office take to expedite the process and eliminate duplicative paperwork for all procurements? Response: DHS remains dedicated to ensuring that consideration for SAFETY Act coverage is addressed in all appropriate procurement actions. In addition to the various educational formats envisioned, the final program rule provided a number of tools that will be used to expedite SAFETY Act processes. Among these are block designations, block certifications and the prequalification designation notice (PQDN). Use of these instruments allows contractors to submit streamlined SAFETY Act applications. Use of the streamlined SAFETY Act application results in expedited processing by the OSAI. Additionally, DHS maintains the SAFETY Act website at https://www.safetyact.gov/, which includes a list of technologies that have been granted ``Designations'' and another list of approved SAFETY Act products. These two resources can be helpful to potential offerors in developing proposals for requirements that could employ those technologies. 5. What is the method and level of communication that occurs between the procurement officials and the Office of SAFETY Act Implementation? For instance, is the communication formal such as weekly meetings or less formal? Does communication only occur at the upper management level of each component or can a procurement officer pick up the phone and have a discussion with Science and Technology about a specific technology? Response: Project managers/requirements personnel and contracting officers are encouraged to discuss requirements for potential anti- terrorism technologies with OSAI representatives as early as possible in the acquisition process. OSAI personnel are available to assist anyone involved in the acquisition, from upper-level management to working-level requirements development personnel. There is regular interaction between the Chief Procurement Officer and the Acting Director of the Office of SAFETY Act Implementation. Additionally, strong relationships are being built by the senior management of the Directorate. As part of assigned duties, the Director of Transition has been actively reaching out to other agencies to inform and educate them about the SAFETY Act and its possible role in their procurements. 6. What actions are being taken to develop and pursue the companion Federal Acquisition Regulation and any necessary DHS acquisition regulation or instructions? When can we expect that such regulations will be issued? Response: As mentioned in September 2006, DHS requested that the FAR Council, composed of representatives from the General Services Administration (GSA), National Aeronautics and Space Administration (NASA), Department of Defense (DOD) and the Office of Federal Procurement Policy (OFPP), initiate a proposed Federal Acquisition Regulation (FAR) case to establish uniform federal procurement policy implementing the SAFETY Act. The FAR Council accepted the DHS request to initiate the rulemaking case. Both OCPO and S&T personnel participated with the FAR law team in drafting a FAR case. The proposed case was sent to both FAR councils, i.e. the Defense Acquisition Regulations Council (DARC) and the Civilian Agency Acquisition Council (CAAC), for consideration on November 1, 2006. OCPO and S&T continue to be involved as the case progresses through the DARC and CAAC, by attending meetings where the case is discussed. The timeframe for taking a case from its beginning to publication depends on such factors as complexity, urgency, and whether the case is determined by OMB to be a significant case. Every effort is being made to expedite the process as much as possible. Agency-specific policy and guidance will be included in revisions to the DHS acquisition regulation and manual as appropriate. 7. The final program regulations say that all information on the program, including who has applied, will be kept confidential. While that makes sense for an individual applicant, there is no information on overall SAFETY Act activity except final actions. While protecting proprietary information, what plans does the Department have for providing some transparency to the process? Would DHS commit to publicly reporting on a regular basis information such as the number of registrations filed and the status of such applications? Response: The Office of SAFETY Act Implementation (OSAI) seeks to have the process as transparent as possible to both applicants and the public. However, one of the key components in ensuring that the number of applications continues to rise is protecting applicants and their technologies. Revealing which companies have applied and the exact status of their applications would result in revealing SAFETY Act confidential information without their permission. OSAI will continue to provide program updates on the number of applicants and awards issued as the SAFETY Act program continues to grow. OSAI is committed to ensuring the confidentiality of SAFETY Act matters. To ensure that applicant confidentiality is maintained, we have recently had the Department of Homeland Security's Office of the Inspector General (IG) perform an inspection of our computer systems used for the storage and transmission of proprietary information. The system was certified and accredited. 8. There are several references in the final rule and the revised application kit to a ``streamlined'' application kit, but there is no other information in the material. What is the DHS plan for a ``streamlined'' application process? Response: The Department of Homeland Security has refined the SAFETY Act application kit and the application process more generally to reduce burdens and to focus more precisely on collecting the information necessary for the review of a particular anti-terrorism technology. The revised kit was posted on the SAFETY Act website (www.safetyact.gov) on August 21, 2006. The Department had recognized that the initial SAFETY Act application kit was overly burdensome and the application process could be streamlined and made less bureaucratic. Utilizing an intensive internal and external `lessons learned' process, as well as all public comments, we implemented improvements in the application kit to make it more applicant friendly; we have received positive feedback on the improvements. For example, the amount of information required has been significantly modified to remove unnecessary burdens on the applicants without compromising the needed data required by our staff and reviewers. In terms of streamlining the application kit, the Department has dramatically decreased the number of financial questions. In particular, since the program is forward looking, we have eliminated questions concerning past sales and insurance history. To better protect company confidentiality, we have removed questions that delve into cost of production and unit costs. The revised kit requests significantly less technical information from the applicants. In addition, the workflow software has been modified to make it easier to track and respond to applicant questions. The Office of SAFETY Act Implementation will continually work to improve the process. 9. What is the status of current discussions within the Federal government about whether other sellers of Anti Terrorism Technology throughout the Federal government will be eligible to apply for SAFETY Act designation and certification? Are products and services procured through DHS grants being considered for SAFETY Act coverage? Response: All sellers of anti-terrorism technologies are eligible to apply for SAFETY Act protection. The Office of SAFETY Act Implementation (OSAI) is reaching out to other agencies, monitoring fedbizopps.gov and working with the procurement and grant officers to inform them about the benefits of SAFETY Act protection. It should be emphasized that there are no limitations on availability of SAFETY Act protections to the sellers of anti-terrorism technologies that might be associated with any government funding agreement, including grants. The Department of Homeland Security has issued internal guidance and has initiated a Federal Acquisition Regulation (FAR) case to address whether sellers of various technologies are eligible for SAFETY Act designation or certification. Q04420: 10. Testimony from Panel II experts includes the suggestion that the duration of SAFETY Act protection once a technology receives designation or certification should be extended beyond the five to eight year time period. Is the Department currently reviewing the duration of protection and if so, what modifications to the current policy are under consideration? Response: The qualification for SAFETY Act coverage depends on a combination of the ability of the technology to be effective in a specific threat environment, the nature and cost of available insurance, and other factors, all of which are subject to change. Since the expiration of SAFETY Act Designation and Certification would impact only future sales of the subject qualified anti-terrorism technologies (QATT), the Department of Homeland Security believes that mandatory reconsideration of technologies after five to eight years provides a fair balancing of public and private interests while providing the certainty required by Sellers. Sellers may apply for renewal up to two years prior to the expiration of their SAFETY Act Designation to provide for continuity of coverage. The Department is cognizant of the need for a sufficient period of protection for successful SAFETY Act applicants to achieve the main goal of the Act, which is to facilitate the deployment of the needed technologies. Therefore, the Office of SAFETY Act Implementation looks for opportunities to maximize the length the awards are given, consistent with the range set forth in the Final Rule 11. Under Secretary Cohen, in September 2006 you unveiled your plan to restructure the Directorate of Science and Technology. Where does the Office of SAFETY Act Implementation fit into the proposed restructuring to ensure it receives the appropriate attention and stature? Response: The Office of SAFETY Act Implementation has been placed under the authority of the Director of Transition, who reports directly to the Under Secretary. This has been done because the Director of Transition is responsible for the deployment of all advanced technologies. This structure provides increased visibility for the SAFETY Act. Additionally, all proposed awards are examined for consistency with the ongoing development of DHS standards by senior staff assigned to the technology testing and evaluation office. 12. The Committee has some concerns about whether the Office of SAFETY Act Implementation has sufficient resources to ensure successful implementation of the recent changes-to the rule and application kit- that will increase the efficiency and timeliness of the process. When will a permanent director for the Office of Safety Act Implementation be appointed beyond the current Acting Director? Response: We are currently searching for a permanent director for the Office of SAFETY Act Implementation and believe we will have a person placed in that position in the near future. How many additional Full Time DHS Employees do you plan to add in order to meet the expected increased demand for applications and other actions? Response: The Science and Technology (S&T) Directorate will continue to monitor the Office of SAFETY Act Implementation (OSAI) to ensure proper Federal oversight. We intend to meet expected demand by bringing on contract staff and Federal personnel as appropriate. To that end, the Department has hired a Deputy Director for the OSAI and expects to hire an Outreach Coordinator and a permanent Director in the near term. 13. One of the overriding concerns that industry has expressed to the committee is that the SAFETY Act process has lost its focus and gotten bogged down in government bureaucracy. How will the changes made in the final rule and the revised application kit support the vision of congress that the SAFETY Act protections for industry would help bring innovative homeland security technologies very quickly to the field? Response: The Final Rule and the new application kit are vital to improving how the SAFETY Act process works and increasing the number of technologies that are granted SAFETY Act awards. The Department of Homeland Security has done analysis of the entire process and has eliminated, consolidated, and improved the Office of SAFETY Act Implementation (OSAI) to make the process more efficient with no loss in the quality of the application reviews. OSAI has also developed consistent policies and procedures. The Final Rule reflects the many comments and suggestions that were made while the program operated under the Interim Rule. Significant progress has been made over the last several years and the Final Rule will allow the program to be more efficient and hospitable. Of the many changes made, there are a number of key provisions that will help applicants. For example, the Final Rule establishes a program to extend certain liability SAFETY Act protections to certain anti-terrorism technologies that are still in the process of undergoing developmental testing and evaluation to validate their safety and efficacy. The Final Rule also incorporates provisions that establish a flexible approach to align consideration of SAFETY Act applications and government procurement processes more closely. The Department will, on an on-going basis, provide guidance for effectively coordinating government procurements and consideration of SAFETY Act Applications. In addition, the preamble to the SAFETY Act Final Rule stated that the Department would soon publish a new SAFETY Act application kit which would account for the changes contained in the Final Rule and which would state with greater specificity the information required to properly evaluate a SAFETY Act application. The Department had recognized that the initial SAFETY Act application kit was overly burdensome and the application process could be streamlined and made less bureaucratic. The Department has refined the SAFETY Act application kit and the application process more generally to reduce burdens and to focus more precisely on collecting the information necessary for the review of a particular anti-terrorism technology. The revised kit was posted on the SAFETY Act website (www.safetyact.gov) on August 21, 2006. Finally, the Department recognizes that each SAFETY Act application is different. Our aim is to have an interactive and flexible application process and to focus the SAFETY Act application kit on soliciting essential information that may be supplemented as necessary with individual applicants on a case by case basis. With the Final Rule and the new application kit in place, we are confident that the number of applicants will continue to increase along with the technologies being given liability protection. Questions from Representative Bennie Thompson 1. According to the rule, the Department ``may expedite SAFETY Act review for technologies subject to ongoing procurement processes.'' This applies to procurements on any level--Federal, state, or local. As part of the Committee's recent authorization, we required the Secretary ``to ensure coordination of the Department's efforts to promote awareness and utilization of the litigation and risk management provisions of the SAFETY Act in the procurement of qualified anti- terrorism technologies at the Federal, State, and local levels. What kind of outreach is currently underway at the Department to inform procurement officials on the state and local levels on the significance of the SAFETY Act as they consider technologies to purchase? Response: The DHS public website includes links to the Office of SAFETY Act Implementation (OSAI) where state and local procurement officials can obtain information related to the SAFETY Act. The OSAI web page includes links to a large amount of information describing SAFETY Act procedures as well as lists of products and services that have received SAFETY Act designation or certification. The OSAI attended many targeted conferences to let state and local officials know about the SAFETY Act. The OSAI has given workshops and presented on panels so more state and local officials can be aware of the program and work to integrate it into their own practices and procurements. 2. In this Committee's recent authorization, we required the Secretary to issue a Departmental management directive requiring appropriate coordination between Department procurement officials and the Department officials responsible for implementing the SAFETY Act in advance of any Department procurement involving a qualified anti- terrorism technology. Though this legislation may not go to the floor, what efforts are underway to write and deliver such a directive? Response: Both OCPO and S&T are dedicated to promoting awareness and utilization of SAFETY Act protections in contracting for qualified anti-terrorism technologies. While this relationship has not been formalized in a Departmental management directive, we have developed a collegial liaison though our combined efforts in delivering briefings/ training and in preparing the strawman FAR case for the FAR Council. 3. In this Committee's recent authorization, we required the Secretary to include SAFETY Act instruction for all acquisition employees and their representatives. What kind of SAFETY Act procurement training is underway at the present, and what are your efforts to include such instruction in the future? Response: The Defense Acquisition University (DAU) virtual campus web site provides an overview of the SAFETY Act, including the vendor application process. In June 2006, in collaboration with Science and Technology (S&T), the Office of the Chief Procurement Officer (OCPO) briefed the component HCAs on the SAFETY Act and procedures for implementing SAFETY Act considerations into DHS procurements. In August 2006, S&T and OCPO issued a joint memorandum to the component HCAs, the component Offices of General Counsel (OGC), and the DHS Program Management Council (PMC) discussing the implementation of the SAFETY Act in acquisition planning. The Program Management Council is an element of the Program Management Center of Excellence, which works to develop the policies, procedures and other tool sets needed for DHS Program Managers to succeed. In September 2005 S&T and OCPO briefed the DHS Program Management Council on the SAFETY Act and related processes and procedures. With the final publication of the SAFETY Act program rule, and the development of a federal- wide procurement regulation on the SAFETY Act, OCPO's future training plans include: general SAFETY Act training for DHS contracting professionals to acquaint them with how and when it applies to DHS procurements; workshops to develop Component SAFETY Act subject matter experts to assist contracting professionals in evaluating the need for SAFETY Act coverage; development of an on-line training course to provide just-in-time training to contracting professionals. In addition, to training, OCPO is currently working to revise the Department's current acquisition planning guide, which is contained in the Homeland Security Acquisition Manual (HSAM) (a document describing DHS' internal procurement policies and procedures) to incorporate guidance and procedures on how to apply and implement the SAFETY Act to applicable procurements. A source selection guide is also in process that will include a discussion of the SAFETY Act. 4. In 2005, the security company Wackenhut was granted SAFETY coverage, which at the time was the first and only such Designation and Certification for a contract security service provider. This coverage would allow Wackenhut--if its protective service plan failed during a terrorist attack--to assert affirmative defenses to liability for third-party claims. According to Wackenhut, the services it received SAFETY Act coverage for ``are designed to envision and defend against possible terrorist scenarios, deny terrorists access to secured facilities, and to respond to terrorist related security breaches.'' Unfortunately, as you're no doubt aware, Wackenhut fell out of favor with the Department, which recently solicited a new contract for security personnel. This stemmed in part from a poorly handled situation in which Wackenhut employees failed to properly handle an anthrax-type situation. One Wackenhut guard told the press ``I had never previously been given training . . . describing how to respond to a possible chemical attack.'' Many news outlets have reported Wackenhut's failings in securing energy plants. How can the Department comfortably issue liability waivers for services that apparently are providing less than adequate coverage? Under your recent rule, applicants must notify the Department when they make modifications to technologies that would go outside the scope of the designation or certification. How will this work for services? Response: The rules and procedures are the same for technology producers and service providers. Like technology producers, service providers have a continuing obligation under the Final Rule to notify the Department of Homeland Security of any significant modification of a qualified anti-terrorism technology (QATT) that causes the QATT to no longer to be within the scope of the original Designation or Certification (See Sec. 25.6(l) of the final rule). Also, if there is a significant change that negatively impacts the seller or the QATT, this might affect insurance coverage (i.e. insurance company may withdraw or significantly reduce coverage). As part of the seller's continuing obligations, it must report any material change in insurance coverage required by the Designation. This will also be taken into account when the applicant submits its request for renewal of the QATT's Designation/Certification. 5. In July 2006, this Committee passed as part of its authorization bill a section on the SAFETY Act. Included were provisions to add additional FTEs to the SAFETY Act Office, which we understood to be lacking an adequate number of staffers. Can you provide us with update numbers--how many contractors and FTEs are currently employed at the SAFETY Act office? Would the authorization recommendations be sufficient to achieve your goals for SAFETY Act implementation in 2007 and beyond? Response: Currently, there are two full-time equivalents (FTE) working as the Acting Director and the Deputy Director for the Office of SAFETY Act (OSAI). There are four contractors supporting the Federal oversight personnel. In addition, there are three senior personnel providing technical, legal, and administrative oversight. This staffing has been sufficient; however the Department of Homeland Security will continue to evaluate the need for additional staff. 6. The final regulations for information sharing state that DHS ``may use information that has been submitted to the Department under the SAFETY Act.'' Who is the Department planning on sharing this information with? What regulations have been established to guard this confidential information? What efforts are underway to safeguard the interests of applicants? Response: Protecting the privacy of sensitive applicant data is one of the Department of Homeland Security's top concerns. There is no plan to share any SAFETY Act information. The Department is committed to taking all appropriate steps to protect the proprietary information of applicants consistent with applicable Freedom of Information Act (FOIA) exemptions, the Trade Secrets Act (18 U.S.G. 1905), the Privacy Act of 1974 (5 U.S.C. Sec. 552a), and other applicable law. As an example of this commitment, those engaged in evaluating applications are required to enter into appropriate nondisclosure agreements. In addition, prior to being granted access to any proprietary information associated with an application or its evaluation, each potential evaluator is examined for potential conflict of interest. Finally, the Department's conflict of interest and confidentiality policies apply to everyone associated with SAFETY Act implementation. In addition, the SAFETY Act IT System-- Technical Evaluation System for SAFETY Act (TESSA)) has been certified and accredited. Additional IT security elements have been deployed to add a greater level of protection to all applicant materials. 7. According to the recently published rule, ``the Department shall establish confidentiality procedures for safeguarding, maintenance and use of information submitted to the Department under this part.'' When will the Department publish these rules and/or management directives? Response: On August 22, 2006, the Office of SAFETY Act Implementation (OSAI) published applicable rules and procedures to implement the requirements of Department of Homeland Security, 6 CFR 25 (the Final Rule) in an OSAI Memorandum entitled: ``Office of SAFETY Act Implementation Procedures for Marking, Storing and Destroying SAFETY Act Confidential Information Documents and Electronic Media''. The document supplements the requirements and procedures contained in Department of Homeland Security Management Directive 11042.1 ``Safeguarding Sensitive but Unclassified (For Official Use Only) Information,'' dated January 6, 2005. The Department will continue to assess whether additional guidance is necessary. 8. According to the Department, an appeals process to challenge Safety Act determinations is unnecessary because ``the interactive process [between evaluators and applicants during the application process] will provide sufficient recourse to applicants.'' But while the Department has accelerated the pace of approvals in the past year, the Department's rules do not include any procedural safeguards to prevent a return to a time when the Department approved only 6 technologies in sixteen months. Has there been any consideration given to the establishment of an administrative review process for the SAFETY Act similar to the kinds available to applicants that received denials from the EPA, FCC, or the FAR bidding process? Response: Yes, the Office of SAFETY Act Implementation (OSAI) has developed a strict administrative review process to ensure timely consideration of all cases by the Under Secretary. 9. The final rule mentions a ``rapid system for prospectively reviewing significant modifications.'' What efforts are underway to create this system? Response: There is currently an expedited process in place to evaluate modifications that do not fundamentally alter the approved technology. The goal of this process is to reduce the response time by 50 percent.