Far from the “boondoggle” that some have called it, the Department of Homeland Security has made significant progress integrating 22 separate agencies and nearly 200,000 employees since its creation in 2003. But that continued upward trajectory of progress seems anything but certain if senior managers remain unable to conduct a strategic pause amid ongoing threats and security events to ensure major acquisition programs and department-wide policies are executed properly.
That’s the underlying conclusion of the most recent study released September 7 of the DHS by the Government Accountability Office (GAO), the investigative arm of Congress.
In an interview with Breaking Gov, Cathleen Berrick, the author of the report and the GAO’s managing director of Homeland Security and Justice issues, said that while the DHS will never be able to stop reacting and responding to emerging threats and events, much more attention is needed on long-term, strategic planning, IT management and workforce issues.
“They do a lot of risk assessment but they’re not always using that information to inform decisions and resource allocation,” said Berrick. Furthermore, the department “has pretty good policies in place for IT management and acquisition, but the issue is they are just not executing on those policies,” said Berrick.
For example, like other federal agencies, the DHS has a major acquisition review board that is supposed to oversee major program and system acquisitions, such as the failed $1 billion Secure Border Initiative, “but it’s not reviewing all of the programs that it should be,” said Berrick.
She added that the GAO’s latest review of DHS, which drew upon more than 1,000 other audits, revealed the department has in some cases ignored its own process for defining requirements for major systems acquisitions, allowed some of those programs to move forward without pre-defined operational requirements or testing.
“The bottom line on management,” said Berrick, “is that some people may not see this as important, but management has a direct impact on DHS’s ability to do its missions.” Berrick added that she knows of at least 7 major acquisition programs that were deemed department-wide priorities that had to be canceled because of mismanagement, undefined requirements, and lack of executive-level oversight.
The one area that remains a roadblock to the DHS’ ability to fully integrate all of the 22 component agencies that became part of the department is financial management, said Berrick.
“The components still have separate financial management systems,” she said. “There’s not one integrated system” for the department — an enterprise of 200,000 employees and an annual budget of more than $55 billion.
In testimony on Capitol Hill the same day the GAO report was published, DHS Deputy Secretary Jane Holl Lute, outlined what she called “significant steps” to created a more unified and integrated DHS capable of taking the leadership reigns of a massive, nationwide homeland security enterprise. In her prepared statement to Congress, Lute highlighted the DHS’ plans to establish an “Investment Review Board to oversee the status of all acquisition investments” as well as efforts to streamline financial management.
For Berrick, DHS is where any reasonable analyst would think the agency should be at this stage in its development in terms of integration and management maturity. But its future ability to accomplish its missions effectively is anything but certain, she said. There are three cross-cutting issues that Berrick says, if not addressed, could change her assessment of DHS three years from now:
- Planning and managing risk and assessing programs.
- Implementing and integrating management functions.
- Leading and coordinating the homeland security enterprise.
Two key areas where management, oversight and acquisition deficiencies led to technology and operational failures are port and aviation security. In one case, the failure by DHS management to clearly define system requirements and work with end-users on those requirements led to the fielding of a system to detect nuclear materials in vehicles and shipping containers that had to be canceled because it did not fit in the existing inspection lanes at U.S. ports.
On the same day the GAO issued its report, the TSA announced an additional $45 million plan to purchase additional advanced imaging technologies at airports. But the GAO’s study raises serious questions about the decision making behind such acquisitions in the aviation security arena, stating the TSA’s strategic plan for these systems “was not risk based, and did not reflect some key risk management principles.”
Christopher Hinn is the former Deputy Administrator at TSA for International Programs and eventually became the Senior Advisor to DHS Secretary Michael Chertoff for Middle Eastern Affairs. Now the CEO of C7 International, Hinn told Breaking Gov that the TSA’s passenger screening process and technology strategy was never risk-based until very recently.
“This is a new phrase they are using now since John Pistole took over [as administrator],” said Hinn, who credits Pistole as being the first TSA administrator with the right operational security background.
“Risk-based security is about knowing who you are, where you come from, where you are going, and what intelligence we have about you,” said Hinn. And while the DHS is heading in the right direction with its intent to move airport security staffing, technology and processes to a risk-based methodology, “all we are still doing is reacting to the next threat and the next event,” Hinn said.
“Are we going to prohibit all diapers because of the 2009 diaper bomber?” asked Hinn. “We prohibited shoes because of the shoe bomber. We prohibited liquids because of the liquid threat. What’s next? We have to change that methodology.”