Report details TSA information technology management problems

The Transportation Security Administration must strengthen its management of information technology to effectively meet mission goals, a recent report from the Homeland Security Department inspector general found.

According to IG Richard Skinner, the agency's IT infrastructure and management evolved too rapidly to meet congressional deadlines and public demands for increased security after Sept. 11. TSA also developed decentralized technological systems and management practices, which now are causing administrative problems, economic waste and inefficiency.

While TSA has made some strides, the agency still is plagued by a lack of integration, excessive manual processes and the challenge of balancing its technological goals with the objectives of stakeholders such as airport owners and airlines, according to the IG.

TSA's efforts led to what Skinner called stovepiped systems -- technical systems were put together by individual offices, making it difficult to share information and standards across the agency.

Skinner wrote that these inefficiencies have caused TSA to incur increased operational and maintenance costs, and it "remains unable to provide its staff with the necessary tools to complete their jobs efficiently, or to realize economies of scale through consolidation of hardware or software."

A lack of systems integration agencywide impedes information sharing and standardization on everything from human resources management to the no-fly list. Skinner expressed concern that the manual procedures for TSA's watch list could pose a security risk. The agency currently receives data from the Terrorist Screening Center, standardizes this information and enters it into a Microsoft Excel spreadsheet, which is posted on a TSA Web site daily. Airlines can then download or print out the spreadsheet.

Skinner believes this system leaves room for problems to occur at many stages. For example, the watch list can be downloaded or printed out by unauthorized parties. Also, there are no standard guidelines for how airlines should use the information; some check multiple spellings of names while others use only exact spellings. Some smaller airlines manually check the names against the spreadsheet, which Skinner says can lead to human error.

A lack of management coordination complicates system integration issues as well. TSA officials told the inspector general that many IT programs were not managed or funded under the Office of the Chief Information Officer and therefore, "the CIO's ability to monitor program progress or coordinate with business units is sporadic and often 'too little, too late.' " Without an official with comprehensive IT oversight, TSA has struggled to formulate strategic goals, policies and guidance on linking IT programs to mission objectives.

The IG issued several recommendations to TSA Administrator Kip Hawley: empowering the CIO with agencywide IT budget and investment review authority, developing a strategic planning approach, implementing enterprise architecture, establishing guidelines for acquiring, developing and managing IT solutions, and strengthening IT staffing.

Hawley reviewed a draft copy of the report and responded in writing to Skinner. The administrator said TSA generally concurs with the IG's recommendations and noted areas where the agency is making progress. He added TSA is updating its IT Strategic Plan and has awarded a contract to provide support for improving enterprise architecture management. The agency also is working to transform business processes under the CIO's office to improve IT administration.