Last updated 1 week ago. Our resources are updated regularly but please keep in mind that links, programs, policies, and contact information do change.
- Congress Sets the Assignment
- First Attempt: Defining the Subject (2010)
- Second Attempt: Refining the Method (2014)
- The Missing Report (2018)
- Return to Class: The 2023 Report
- The Report Card: Consistent Pattern of Failure
- Expert Views: What the QHSR Should Be
- The Fundamental Challenge
- What Works and What Doesn’t
After the September 11, 2001 attacks, the United States undertook its most significant government reorganization in over half a century. The new Department of Homeland Security merged all or part of 22 different federal departments and agencies into a unified cabinet department with one mission: securing the nation.
To ensure this sprawling enterprise – the third-largest in the federal government – would remain focused, strategic, and accountable, Congress mandated a recurring, comprehensive self-assessment.
This requirement became the Quadrennial Homeland Security Review, the department’s capstone strategy document. It was designed to set the course for DHS and the entire nation’s homeland security efforts every four years.
More than two decades later, the QHSR has become a case study in how government agencies can repeatedly fail to meet their most basic legal obligations while avoiding meaningful consequences.
Congress Sets the Assignment
To properly evaluate the QHSR, it’s essential to understand the assignment Congress gave DHS. This wasn’t an optional internal exercise but a legal obligation with detailed required deliverables.
The mandate originated in the Implementing Recommendations of the 9/11 Commission Act of 2007, which amended the original Homeland Security Act of 2002. This origin directly links the review to the nation’s foundational post-9/11 security reforms.
The law, codified in 6 U.S.C. § 347, requires the Secretary of Homeland Security to conduct a “comprehensive examination of the homeland security of the Nation” every four years, beginning in fiscal year 2009.
The statute lays out specific “test questions” that each QHSR must answer:
Delineate and update a national homeland security strategy: The review must articulate a coherent, overarching strategy for the entire nation.
Outline and prioritize critical mission areas: It’s not enough to list what the department does – the QHSR must establish clear priorities among its vast responsibilities.
Identify a budget plan: The strategy must connect to resources, identifying the budget required to successfully execute missions.
Describe interagency cooperation: The report must detail how DHS will work with other federal agencies and assess the state of federal asset preparedness.
Assess organizational alignment: The review must evaluate whether DHS’s own structure properly aligns to execute the national strategy.
Conduct broad consultation: The process must include consultation with other federal agency heads, state and local officials, members of Congress, and private sector representatives.
The Structural Problem
From its inception, this mandate created a profound institutional challenge. The law tasks a single department, DHS, with creating a strategy for the “homeland security of the Nation.”
This strategy must encompass the entire “homeland security enterprise” – a vast network of federal, state, local, and private-sector partners. However, the Secretary of Homeland Security has no authority to dictate strategy, priorities, or budgets to other cabinet departments like Justice or Defense, let alone to state governors or private company CEOs.
This structural mismatch between the sweeping scope of the required strategy and the limited authority of its author almost guarantees that the QHSR will be more descriptive and persuasive than directive. This tension helps explain the persistent vagueness and lack of hard choices for which the QHSR has been consistently criticized.
The QHSR was explicitly modeled on the Department of Defense’s Quadrennial Defense Review, which established a powerful but ultimately problematic benchmark for success.
The Defense Department’s review benefits from DoD’s relatively monolithic structure and clear primary mission of warfighting. This allows for more direct, coherent links between strategy, programs, and budgets.
DHS, in stark contrast, is a sprawling conglomerate of 22 legacy agencies with wildly disparate missions, from maritime law enforcement and disaster response to financial protection and immigration services. Expecting the QHSR to achieve the Defense review’s level of strategic and budgetary clarity ignores these fundamental structural differences.
First Attempt: Defining the Subject (2010)
The inaugural Quadrennial Homeland Security Review, delivered to Congress in February 2010 under Secretary Janet Napolitano, faced a monumental task: answering the deceptively simple question, “What is homeland security?”
Its greatest achievement was creating a common language and conceptual framework for a vast and diverse national enterprise. However, in its ambitious effort to define the entire subject, it failed to complete the core strategic parts of the assignment.
Successes in Definition and Process
The 2010 QHSR succeeded in establishing five enduring missions that would guide homeland security efforts for the next decade:
- Preventing Terrorism and Enhancing Security
- Securing and Managing Our Borders
- Enforcing and Administering Our Immigration Laws
- Safeguarding and Securing Cyberspace
- Ensuring Resilience to Disasters
The report broadened the definition of homeland security beyond counterterrorism. It correctly identified that threats were multifaceted, citing Hurricane Katrina, widespread cyberattacks, transnational criminal activities, and the H1N1 influenza pandemic as examples of hazards central to the mission.
The report emphasized that security must balance American values, stating that a “safe and secure homeland must also ensure that the liberties of all Americans are assured, privacy is protected, and the means by which we interchange with the world are secured.”
Perhaps its most lauded achievement was its innovative process. Rather than setting policy internally, DHS pioneered a “National Dialogue” that engaged tens of thousands of stakeholders through web-based discussions. This allowed partners across the homeland security enterprise to review materials, submit ideas, and rate feedback.
Strategic Shortcomings
Despite these successes, the final product fell short of its legal mandate. A Government Accountability Office review concluded that of the nine specific reporting elements required by the 9/11 Commission Act, the 2010 QHSR fully addressed only three. It only partially addressed the other six, most notably failing to include a prioritized list of missions or a corresponding budget plan.
This outcome reveals a critical dynamic: the 2010 QHSR’s process was a strategic success, but its product was a strategic failure. The groundbreaking “National Dialogue” was laudable for gathering input from diverse stakeholders.
However, the purpose of such a process is to inform a strategy that must ultimately make difficult choices. The final report, in its effort to be inclusive and reflect input from so many diverse partners, became a broad narrative with vague goals.
To satisfy everyone, the document avoided the hard work of prioritizing one mission area over another. The process of consultation became an end in itself. The desire to build consensus across the sprawling homeland security enterprise overrode the congressional mandate to produce a sharp, prioritized, actionable national strategy.
Second Attempt: Refining the Method (2014)
The second Quadrennial Homeland Security Review, released in June 2014, represented significant maturation in the department’s strategic planning capabilities. It was a clear attempt to correct the overly broad nature of the 2010 report by adopting a more analytical, “risk-informed” approach.
This iteration demonstrated more focused and collaborative departmental effort, yet it was ultimately undermined by familiar flaws: lack of transparency in its methodology and continued failure to provide clear, prioritized, resource-linked guidance.
Improvements in Risk Analysis
The 2014 QHSR was explicitly designed to be a “more focused, collaborative Departmental strategy, planning, and analytic capability.” It moved beyond simply listing missions to identifying key strategic challenges based on risk assessment.
The report highlighted several prevailing risk drivers that would shape the security environment for the next five years:
An evolving terrorist threat: The report noted a shift toward more decentralized attack planning, as exemplified by the 2013 Boston Marathon bombing.
Growing cyber threats: The document recognized significantly increasing risk to critical infrastructure and the U.S. economy from malicious cyber activity.
Biological concerns: Bioterrorism, pandemics, and agricultural diseases were identified as top risks due to their potential likelihood and catastrophic impacts.
Transnational criminal organizations: The report acknowledged growing strength and capability of organizations driving risk in human trafficking, illicit drugs, and counterfeit goods.
Costlier natural hazards: The review noted that natural disasters were becoming more expensive to address, with consequences amplified by climate change and aging infrastructure.
Based on this analysis, the 2014 QHSR introduced more sophisticated strategic concepts, such as “risk segmentation” for managing flows of people and goods, which aimed to expedite legal trade and travel while targeting illicit traffic more efficiently.
Persistent Flaws
Despite these analytical advances, the 2014 QHSR drew sharp criticism, most comprehensively in a 2016 GAO report. The GAO found that while DHS conducted a risk assessment, it failed to document how its various analyses were synthesized to generate conclusions.
This lack of documentation made results neither reproducible nor defensible, preventing them from being validated or improved upon in the future. The report described a range of homeland security hazards but, crucially, did not rank or prioritize them.
This failure represented a significant missed opportunity to guide resource allocation and efficiently mitigate risk.
The stakeholder consultation process, though expanded with online forums reaching 2,000 representatives, was also found wanting. Many federal and non-federal partners reported that collaboration felt like “one-way” communication.
A DHS after-action report noted that tools were used to validate pre-existing study findings rather than genuinely inform them from the outset.
The Black Box Problem
The failures of the 2014 QHSR point to a “black box” problem at the heart of DHS’s strategic planning. The department publicly promoted the review as sophisticated, risk-informed analysis. However, the process behind this analysis was opaque, with undocumented assumptions and undisclosed methods for synthesizing data.
This created a significant credibility gap. Officials from DHS’s own operational components reported to the GAO that the QHSR’s risk results were too generalized to be useful for their own strategic planning, operational decisions, or resource allocation.
When a department’s own frontline agencies don’t trust or use its central strategic guidance because they can’t see how conclusions were reached, that guidance fails as an effective management tool.
The Missing Report (2018)
The single greatest failure in QHSR history was not a flawed report, but the complete absence of one. The Trump administration’s decision not to produce the legally mandated 2018 review constituted direct violation of federal law and created a dangerous strategic vacuum that lasted nearly a decade.
The law is unambiguous: a “quadrennial homeland security review” is required to be conducted “in fiscal year 2009, and every 4 years thereafter.” Despite this clear statutory command, DHS did not submit a QHSR for 2018, creating a nine-year gap between the 2014 report and its eventual successor in 2023.
Consequences of Non-Compliance
The consequences were significant. The GAO explicitly noted in its review of the 2023 report that because of the 2018 absence, “DHS drafted a new strategic plan during that time without affirming the homeland security priority missions through the review.”
This severed the critical, intended link between the QHSR – the nation’s comprehensive strategic assessment – and the DHS Strategic Plan, which translates that strategy into departmental goals and objectives.
The department was effectively flying blind, developing internal plans without the benefit of the holistic, enterprise-wide review Congress had deemed essential for national security.
Congressional Response
In response to this and other ongoing compliance issues, Congress attempted to pass legislation like the Quadrennial Homeland Security Review Technical Corrections Act. These bills sought to strengthen statutory requirements, increase stakeholder consultation, and specify deadlines to ensure future compliance.
The failure to produce the 2018 report fundamentally changed the QHSR’s nature. The 2010 and 2014 reviews, while heavily criticized for their content, were good-faith attempts to comply with the law. The 2018 absence was an act of non-compliance.
This transformed the QHSR from a flawed strategic exercise into a symbol of institutional breakdown and a flashpoint in executive-legislative relations. The conversation shifted from whether the report was good to whether the executive branch would obey the law.
Return to Class: The 2023 Report
The release of the third Quadrennial Homeland Security Review in April 2023 marked a welcome return to the legally required process after a long and damaging hiatus.
The 2023 report provided valuable and clear-eyed assessment of a profoundly changed threat landscape and laudably elevated the fight against crimes of exploitation. Yet it repeated the core shortcomings of its predecessors.
By once again failing to prioritize missions or provide a corresponding budget plan, the 2023 QHSR suggested that these fundamental flaws are now deeply embedded in the review’s institutional DNA.
Accomplishments in a Changed World
As the first QHSR in nearly a decade, the 2023 report had the crucial task of updating the nation’s strategic understanding of homeland security. It succeeded in providing a strong summary of the modern threat landscape, which had evolved dramatically since 2014.
The review addressed the rise of domestic violent extremism as the most significant terrorism threat, the devastating impact of fentanyl smuggled by transnational criminal organizations, and multifaceted challenges posed by nation-state adversaries.
Its most significant and widely praised contribution was adding a sixth homeland security mission: Combat Crimes of Exploitation and Protect Victims. This new mission formally recognized the department’s growing and critical role in fighting human trafficking, child exploitation, and forced labor.
Analysts at the Atlantic Council praised the report for its distinctiveness in showing the changed landscape, highlighting the importance of partnerships, and making it difficult for future administrations to backslide on protecting exploited victims.
Recurring Failures
Despite these improvements, the 2023 QHSR failed to break the cycle of non-compliance on core statutory requirements. The Congressional Research Service bluntly stated that the report “appears not to address” the long-standing shortcomings of previous reviews, particularly the continued “absence of prioritized national homeland security missions” and lack of “an acquisition, budget, or fiscal plan.”
The GAO’s most recent audit confirmed this assessment in detail, finding that DHS did not fully meet 10 of 21 statutory requirements. Key failures included lack of mission prioritization, absence of a budget plan, and failure to issue the report in a timely manner.
This consistent pattern reveals that the QHSR has evolved into a fundamentally different type of document than the one Congress mandated. The law calls for a forward-looking, prescriptive strategic plan that makes hard choices about priorities and resources.
Instead, DHS has consistently produced a high-quality, descriptive, and largely backward-looking summary of activities and threats. While this is useful for public and congressional awareness, it avoids the politically difficult but strategically essential work of public prioritization and resource justification that defines true strategy.
Over three iterations, DHS appears to have redefined the assignment to fit what it is willing, or able, to produce.
The Report Card: Consistent Pattern of Failure
When measured directly against statutory requirements over more than a decade, the Quadrennial Homeland Security Review has consistently failed to make the grade on its most critical assignments. The recurring deficiencies are not isolated incidents but point to systemic issues within DHS’s strategic planning culture.
| Statutory Requirement | 2010 Grade & Comments | 2014 Grade & Comments | 2023 Grade & Comments |
|---|---|---|---|
| Timeliness | Fail. Due Dec. 2009, delivered Feb. 2010. | Fail. Due Dec. 2013, delivered June 2014. | Fail. Skipped 2018 cycle entirely. 2022 report delivered in April 2023 after 9-year gap. |
| National Strategy Delineation | Passable. Successfully defined “homeland security” and established five core missions. | Passable. Refined the five missions and introduced more focused, risk-based strategic framework. | Passable. Reaffirmed missions and added a sixth, providing strong overview of current threat landscape. |
| Mission Prioritization | Fail. GAO found the report did not include a prioritized list of missions, a key statutory requirement. | Fail. GAO and CRS noted continued absence of prioritized missions, instead describing cross-cutting priorities. | Fail. GAO and CRS again found the report did not prioritize missions, repeating a core failure of all previous reviews. |
| Budget Plan / Resource ID | Fail. The 2010 report did not include the required budget plan to execute its strategy. | Fail. The 2014 review did not provide the statutorily required expenditure plan. | Fail. The 2023 report continued the pattern of failing to provide a budget or fiscal plan to support its missions. |
| Risk Assessment | Incomplete. A study group developed a methodology, but risk information was not used to prioritize initiatives. | Incomplete. A risk assessment was conducted, but GAO found the methodology was undocumented and opaque, limiting its utility. | Fail. GAO found DHS did not fully meet requirements for its risk assessment. |
| Stakeholder Consultation | Passable. Pioneered an innovative and broad web-based consultation process, though some stakeholders requested more time. | Passable. Expanded outreach, but stakeholders criticized the process as “one-way” and used for validation rather than input. | Fail. GAO found that stakeholders it contacted generally do not use the report and were not meaningfully consulted. |
| Organizational Alignment | Fail. GAO found this element was only partially addressed. | Fail. The review did not provide detailed assessment of DHS’s organizational alignment with the national strategy. | Fail. GAO found this requirement was not fully met. |
The consistent pattern of failure, particularly on core strategic requirements of prioritization and budgeting, suggests a deeper truth about the QHSR’s actual role in Washington.
The document was intended to be a primary driver of internal DHS strategy and a guide for the entire homeland security enterprise. However, evidence indicates that its primary audience and users are not who they were meant to be.
DHS’s own component agencies have reported that the QHSR is too general to inform their specific planning, and external stakeholders told the GAO they generally do not use the report.
Instead, the most consistent and detailed engagement with the QHSR comes from the GAO. The legislative branch’s chief auditor uses the legal mandate as a fixed framework to conduct rigorous audits of DHS’s performance.
This has created an ironic reality: the QHSR’s most significant real-world effect is not shaping future strategy but creating a predictable, quadrennial opportunity for congressional oversight. It has unintentionally become a document that serves accountability far more than strategy.
Expert Views: What the QHSR Should Be
Beyond official grades from government auditors, policy experts at think tanks and academic institutions view the QHSR through different analytical lenses. Their commentary reveals a deeper debate about what the QHSR should be: a clear strategic blueprint, a catalyst for institutional reform, or a more accurate reflection of the nation’s evolving security priorities.
The Strategist Perspective
Policy experts focused on national security strategy, such as those at the Center for Strategic and International Studies and the Atlantic Council, evaluate the QHSR on its merits as a high-level strategic document.
They see it as a “capstone strategy document” and critical long-term planning effort that should be comparable to the Pentagon’s influential National Defense Strategy.
From this perspective, QHSRs generally earn praise for their comprehensive descriptions of the complex and evolving threat landscape. However, they are consistently criticized for strategic shortcomings.
Analysts point to vague goals, lack of clearly defined end-states against which success can be measured, and, most importantly, persistent failure to quantify resource needs. This final point is seen as a critical flaw because it prevents serious, strategy-driven debate over whether the United States is spending enough on homeland security to meet the challenges the QHSR itself identifies.
The Reform Perspective
Analysts at The Heritage Foundation view the QHSR not just as a strategy document but as a critical, and consistently missed, opportunity to drive much-needed institutional reform within what they see as a dysfunctional department.
This perspective argues that DHS often functions as a “weak institution” or “holding company” where the central office has little effective authority over its powerful and independent component agencies.
According to this view, the QHSR should be the primary tool used by the Secretary to force hard choices and set clear priorities for fixing deep-seated, long-term problems. These include recapitalizing the Coast Guard’s dangerously aging fleet, refocusing FEMA on preparing for truly catastrophic events rather than routine disasters, and strengthening DHS’s fragmented intelligence and information-sharing capabilities.
The chronic failure to produce timely, substantive, and prioritized reports is seen not as a mere paperwork problem, but as a symptom of deeper institutional malaise and lack of will to overcome the status quo.
The Accountability Perspective
Academic researchers such as those at Brown University’s Costs of War Project move beyond the document’s structure to critique the substance of the strategy itself.
This analysis argues that the QHSR’s strategic guidance has dangerously failed to keep pace with the actual evolution of threats facing the nation, creating significant “blind spots” in U.S. security policy.
Research shows that while DHS and its QHSRs consistently stated that counterterrorism is the “cornerstone” of the homeland security mission, the department’s operational focus and strategic rhetoric remained fixed on international terrorism long after the primary threat had shifted to domestic violent extremism.
For example, the 2014 QHSR still identified al-Qaeda and its affiliates as the most significant threat, even while acknowledging the rise of lone offenders motivated by other beliefs.
This analysis concludes that the department’s slow response and lack of focus on the domestic terror threat helped create an environment that produced numerous deadly attacks, including the assault on the U.S. Capitol on January 6, 2021.
The Fundamental Challenge
The QHSR’s repeated failures highlight a fundamental challenge in American governance: how to create effective strategic planning processes in a system designed with competing powers and overlapping jurisdictions.
Authority vs. Responsibility Gap
The core problem remains the mismatch between what Congress has asked DHS to do and what DHS actually has the authority to accomplish. The law requires the Secretary to develop a national strategy, but gives that official no authority to compel other departments, states, or private actors to follow it.
This creates an inherent tension that no amount of improved process or analysis can fully resolve. The QHSR is asked to be a national strategy while being written by an agency with primarily federal, and specifically DHS-focused, authority.
Political vs. Bureaucratic Logic
The QHSR also reflects the tension between political and bureaucratic logic in government. The statutory requirements for prioritization and budget planning reflect political logic – the need to make hard choices about competing priorities and limited resources.
The actual documents produced reflect bureaucratic logic – the need to maintain stakeholder support, avoid controversy, and preserve organizational flexibility.
This tension helps explain why the QHSR has consistently succeeded at describing what DHS does while failing to prescribe what it should prioritize.
The Measurement Problem
The QHSR’s struggles also reflect broader challenges in measuring homeland security effectiveness. Unlike military strategy, where success can be measured in terms of deterring or defeating specific adversaries, homeland security success is often measured by negative outcomes – attacks that don’t happen, disasters that are managed effectively, borders that remain secure.
This makes it difficult to create the kind of clear metrics and resource justifications that would satisfy the QHSR’s strategic requirements.
What Works and What Doesn’t
Despite its consistent failures to meet statutory requirements, the QHSR process has produced some valuable outcomes while consistently falling short on others.
What Has Worked
Threat Assessment: Each QHSR has provided valuable, comprehensive assessments of the evolving threat environment. These descriptions have helped shape broader understanding of homeland security challenges.
Mission Definition: The 2010 QHSR successfully established a common framework for understanding homeland security missions that has endured across multiple administrations.
Stakeholder Engagement: The process has created opportunities for federal, state, local, and private sector partners to engage with DHS leadership on strategic issues, even if that engagement hasn’t always been as meaningful as intended.
Congressional Oversight: The QHSR has created a regular, predictable opportunity for GAO and Congress to conduct comprehensive reviews of DHS performance and strategy.
What Hasn’t Worked
Prioritization: No QHSR has successfully prioritized among competing homeland security missions in a way that would guide resource allocation or operational focus.
Resource Planning: No QHSR has included the budget analysis required by law, preventing serious discussion of whether current funding levels match strategic ambitions.
Institutional Reform: The QHSR has not served as a catalyst for addressing DHS’s well-documented organizational and management challenges.
Strategic Influence: The QHSR has not become the influential strategic document that Congress envisioned, comparable to the Defense Department’s strategic reviews.
The pattern suggests that the QHSR works best as a descriptive, analytical document but fails when asked to be prescriptive or decisive. This may reflect the inherent limitations of the process given DHS’s structure and authorities, or it may indicate that the department has chosen to avoid the difficult political work that true strategic planning requires.
The QHSR represents an ongoing experiment in democratic governance: Can a complex, federal system produce coherent national strategy? After more than a decade, the evidence suggests that while such processes can enhance understanding and accountability, they may not be able to produce the kind of clear strategic direction that their creators envisioned.
Our articles make government information more accessible. Please consult a qualified professional for financial, legal, or health advice specific to your circumstances.