Watchdog: Inadequate staffing has hampered oversight of DHS technology procurement

The Homeland Security Department's ability to fully integrate its new IT procurement practices has been hindered by insufficient staffing in the Office of the Chief Information Officer and fragmented management practices, an agency watchdog testified on Tuesday.

Deputy Inspector General James Taylor told a House Oversight and Government Reform subcommittee that DHS has made significant progress in managing and overseeing its annual $6 billion budget for IT systems and infrastructure. But those efforts, he said, frequently have been thwarted by a lack of sound business processes, outdated or stovepiped systems, and an overreliance on contractors for core functions.

"Planning to modernize IT has been unfocused, often with inadequate requirements identification, analysis, and testing to support acquisition and deployment of the systems and other technologies needed to improve operations," Taylor said.

One of the most significant problems is staffing, he said. In 2004, roughly 75 percent of the positions within Homeland Security's CIO office were filled. By 2007, that figure had dipped to 64 percent.

The lack of full-time employees has had a tangible effect on IT procurement oversight, Taylor said. In 2007, only 57 percent of the technology budget was evaluated through the department's IT acquisition review process.

Unable to find and maintain staffing, the CIO's office turned to the private sector and the number of contractors increased from 121 in 2004 to 550 in 2007, Taylor testified.

"A combination of factors have contributed to the low staffing numbers, including the complex and lengthy hiring process that involves background checks for security clearances," Taylor said. "Once OCIO positions are filled, employees become 'burned out' from working long hours and end up leaving for positions in the private sector."

But DHS officials said they are beefing up their technology shops. The CIO's office now has 94 full-time employees -- up from 4 in 2004 -- and that figure is expected to rise to 122 by the end of fiscal 2009, according to Elaine Duke, DHS deputy undersecretary for management. In fact, Duke said DHS has submitted a plan to increase staffing in the office to 366 full-time employees during the next two years.

Homeland Security also has granted greater authority over component-level IT budgets to new CIO Richard Spires, according to Duke.

Departmentwide, DHS is looking at converting about 200 positions this year from contractors to federal employees and at least 100 more by 2011, she said.

"We are looking at the balance of our workforce," Duke told the subcommittee. But she acknowledged that "it will be a challenge to hire all these people."

DHS also has taken significant steps to address redundancies and inefficiencies among their internal communications systems, Duke said. For example, in March 2003, the department's IT infrastructure included 24 data systems, multiple independently operating e-mail and sign-on systems, but no secure data transmission policies.

Many of those disintegrated systems now are being consolidated through OneNet, an initiative aimed at blending existing IT infrastructures into a wide area network. DHS began work on OneNet in 2005, and envisions that the system eventually will provide components with secure data, voice, video, tactical radio and satellite communications through two combined DHS enterprise centers.

"After full consolidation, we will have the ability to continuously synchronize applications based upon mission requirements, so either facility can seamlessly take over in the event of a disaster," Duke said.

But the IG's office said DHS is experiencing delays in meeting its scheduled completion date for OneNet because some department components insist on maintaining their own Internet gateways.

"As a result, DHS may not be able to reach its ultimate goal of consolidating and modernizing its existing infrastructures and achieve cost savings," Taylor said.

Recent reviews by the Government Accountability Office have found that major acquisition programs at DHS have failed to employ reliable cost and schedule estimates, meaningful performance measurements and proactive identification of program risks.

As a result of these weaknesses, major IT programs such as Rescue 21, the Coast Guard's maritime search and rescue and advanced communications system, and the SBInet virtual border fence, have been burdened with considerable implementation delays, said Randolph Hite, GAO's director of information technology architecture and systems issues. Other fledgling IT programs got off the ground too quickly, leading to cost overruns and failed applications, the watchdog said.

To reverse this trend, Hite said, "programs need to be grounded in clear expectations," and subject to rigorous performance measurements.