When D.C. government created a Homeland Security Commission in 2006, the goal was to pull together top experts from around the capital region to offer recommendations to make the District safer, but 12 years later, the News4 I-Team found that commission only produced two “annual” reports, the most recent of which was in 2015.
"It's not enough," said D.C. Auditor Kathy Patterson, who pushed through the 2006 legislation when she was a council member. "It is a huge concern. We are a high-threat, high-risk city."
Patterson believes the Homeland Security Commission could be successful if it functioned properly. But instead it's been plagued with long gaps of almost no activity.
The two reports it produced offered ways to better prepare for a pandemic or a cybersecurity incident, but the District government didn't implement many of those ideas. Patterson recently convened former members of the commission to ask their thoughts on that.
"I think the frustration was, 'We do this thoughtful work, and then what happens to those recommendations?'" Patterson said.
David Heyman, the new chairman of that commission, told the I-Team that was a concern of his before he agreed to serve. But since he took the helm last year, things have changed; he touts eight meetings with government departments since December.
The commission's seven positions still aren't filled; there are two vacancies. But it is now working — researching for a new report on the District's cybersecurity.
"We actually originally thought, ‘Well, we should just see if that  report's been implemented and what's going on," said Heyman. "But the threat has changed dramatically since five years ago."
So has the leadership at the District's Homeland Security and Emergency Management Agency (HSEMA.)
"Well, I've committed to reading and taking very seriously the reports and what it is they're recommending," said HSEMA Director Chris Rodriguez, who joined the District government in October.
Rodriguez said he's familiar with some of the commission members from his time working at the CIA.
"The team that's on there right now are world class," said Rodriguez, adding that that's important, since the threats D.C. faces are worldwide.
Following the 2015 terror attacks in and around the Bataclan theater in Paris, District leaders sent emergency responders to meet with their counterparts and learn from their mistakes.
"God forbid, if something like that happens here, we're ready," said Rodriguez. "We're prepared. We've trained. We've exercised on this."
Lessons from ramming attacks in Europe and New York helped prepare D.C. for last month's March for Our Lives, Rodriguez said.
"We did put heavy trucks around pedestrian areas to in order to counter anyone who might try to do an attack like that," said Rodriguez.
D.C. also fully activated its Emergency Operations Center during the event and used a text alert system to communicate with some of the public.
"We can actually tell people where to go where to stay away from right to their cell phones," said Rodriguez, "In a world where there are a lot of threats out there and some that can happen with little to no notice we need to be able to communicate with the public very quickly."
When the D.C. region recently tested its wireless emergency alert system, authentication codes from two different people helped avoid a false alarm like the nuclear warning mishap in Hawaii.
Learning from others' mistakes is critical, Rodriguez said. He's also working to increase intelligence-sharing among agencies throughout the capital region.
That's also important in the growing world of cyberthreats, Patterson said.
"I worry about staying current with everything," she said.
The auditor said when she first took office, she analyzed her hardware and software and was shocked to find the connections to D.C.'s email and Wi-Fi networks were out-of-date and should have been replaced years earlier.
"It was just a little red flag to me," she told the I-Team. "You know, no one let me know."
She said she also worries about leadership since the District's chief technology officer left in November followed by the chief information security officer in January. Both of those key positions are currently filled by interim staff.
"It is a concern. I mean, the chief technology officer has a principle responsibility for the security and for prevention and protection of the District's networks," said Heyman, adding that the commission will be looking at those needs in its cybersecurity study.
He said good cybersecurity experts, data analytics experts and technical workers are needed but are often hard for governments to find and keep.
"Retaining that talent and making sure we continue to have the resources to address the threats that are hitting the District daily is critically important," said Heyman.
A spokesman for Mayor Muriel Bowser told the I-Team the District interviewed several people for those positions but is waiting until after the primary in June to make those hires.