DHS performs an uneasy balancing act

The Homeland Security Department isn't the only government agency with a dual mission. But the scope and complexity of DHS' organization'combining 22 agencies'and job of blending security and services puts in in a unique position.'The Department of Homeland Security, in a way, is in a no-win situation,' said T. Jeff Vining, vice president and public sector analyst at the Gartner Inc. research firm. 'They have to secure an entire country that was built without security in mind. They're under so much pressure and scrutiny.'The strain is perhaps greatest in the conflict between security and constituent services, between the challenge of catching the next Mohammed Atta and helping legitimate visitors traverse borders, between somehow preparing for the next unthinkable disaster and airlifting blankets and money to a tornado-ravaged town.'It's not a unique thing to Homeland Security,' said Randolph Hite, the Government Accountability Office's director of Information Technology Architecture and Systems Issues, which frequently scrutinizes DHS operations. 'The IRS, for example, has always had dual enforcement and service roles. The struggle is, how do you balance those competing areas?'To DHS observers, the department hasn't yet pulled off the dual management roles. Experts suggested the solution will come not only from elevating IT management within DHS, but also from taking better advantage of constituent-facing technologies.Early success stories seem to have one thing in common: DHS involved all levels of government throughout the planning, implementation and management stages, while making a special effort to reach out to local officials.Some problems have arisen from the normal growing pains of any large bureaucracy.'You have 22 agencies that were essentially operating independently,' Vining said.Many would argue the agencies still are not working together, partly because components of DHS' central management directorate'notably its CIO office'do not have clear authority over their counterparts in individual agencies, according to July report issued by the minority staff of the House Homeland Security Committee.The initial disorganization might also have caused performance standards to lag, as some citizen services were initiated without proper controls.One example: immigration call centers contracted out to a private developer. In another July report, GAO criticized DHS for its handling of the contract.'The incentive processes weren't finalized before the contract was awarded, so their hands were kind of tied,' said Paul Jones, director of GAO's Homeland Security and Justice team.The GAO report said DHS nonetheless extended the contract through next year and promised to adopt its recommendations for performance standards.Lack of focus was another early DHS problem. 'The criticism I've heard from practitioners in the field was DHS had become all things to all people,' Vining said, adding that the appointment of DHS Secretary Michael Chertoff in February is widely seen as a step in the right direction.DHS also must implement the business-alignment methods of mandates such as the President's Management Agenda and the Federal Enterprise Architecture, which promote a common IT infrastructure that can ease integration.'When you initiate an IT project, one of the questions is, 'Is this program going to produce results consistent with the strategic goals of my department?' ' Hite said. 'Has there been this linkage between the two?'DHS CIO Scott Charbo said the agency needs to have a robust enough network to increase the services provided to citizens. He pointed to the Infrastructure Transformation Program as the key to providing 24-hour service to more citizens.The ITP includes two large procurements for IT services and for IT products, which DHS will release in September.'[Through ITP] [w]e are putting a lot on that foundation to deliver services, whether it is a terrorism watch list or whether it is somebody getting a visa, or a passport, or getting through an airport line,' Charbo said. 'That's the infrastructure to support it. Meaning the systems are up and running, they are redundant, the networks are robust and they are flowing, there's no bottlenecks in your network, you're secured so we are preventing intrusions, etc. That's our focus with the ITP.'Chertoff proposed returning the Federal Emergency Management Agency to its original disaster-relief mission, devolving its preparedness functions to a new directorate. Vining predicted the change will be a wash from the standpoint of FEMA's effectiveness.'FEMA had a great relationship pre- and post-9/11 with the state and locals,' he said.Others gave FEMA high marks for outreach, especially in its Project Safecom wireless communication initiative.'We have been extremely impressed,' said David Aylward, director of the ComCARE Alliance, a national nonprofit representing emergency responders developing an Emergency Responders Access Directory, or EPAD.'In the first two years, it was hard to engage with people over there,' Aylward said, in part due to DHS turnover. 'Safecom has gone out of its way to define its mission with state and locals.'Aylward expressed little concern about FEMA losing some of its preparedness functions, saying ComCARE only works directly with one or two federal employees.At the same time, he lauded FEMA's IT preparedness work.'The fact that FEMA took this on to begin with is interesting, because traditionally you don't have FEMA focused on data interoperability,' Aylward said. 'They're the only ones doing anything on messaging standards. They've been really good at facilitating resources for us to do this.'Still, advocates for local first responders said DHS could do more to support nationwide 911 call links. The opportunity is clear, but tradition and bureaucratic lethargy get in the way.'If there's a major event, 911's going to be ringing off the hook,' said Patrick Halley, government affairs director of the National Emergency Number Association in Arlington, Va.Intergovernmental disconnect is not necessarily DHS' fault but is partly a legacy of 911's unusual funding source: a dedicated telecommunications surcharge.'They're not failing in that,' Halley said, but he adds the department hasn't paid enough attention to state level 911 coordinators, tending to bypass them for local authorities.'One of the problems is that most 911 centers are physically housed in police or fire departments,' Halley said.It's not as if DHS doesn't fund 911-related services at all, but it prefers projects to bring nontraditional calls into the system, from cellular and voice over IP phones. 'I think DHS and Congress could do a better job of including 911 in their funding discussions,' Halley said.The lack of national 911 interoperability and data sharing is likely due, in part, to DHS' lagging behind older agencies in implementing a consistent architecture.'The thing that seems to get lost in all of this is that you can use one architecture,' said Judith Woodhall, ComCARE's managing director.Woodhall and Aylward agreed that DHS should be more involved in interoperability efforts such as EPAD, but not own them. Instead, the department should provide direction and leadership by, for example, developing a rights management policy for accessing the EPAD database.'There's nobody in authority thinking through a lot of that and pulling people together,' Aylward said.Some DHS IT initiatives embody the department's conflicting mandates. A prominent example is U.S. Visit, which applies biometrics to enhance border security while speeding legitimate travel.'You do have an example of a pre-9/11 idea being applied in a post-9/11 world with ... antiquated technology,' said Joanna Hedvall, an immigration attorney and business immigration associate at the American Immigration Lawyers Association in Washington. 'It is imperative going forward with U.S. Visit that we take an honest look at the actual benefit we're going to get from the program and make sure we have databases that are interoperable, timely and accurate.'U.S. Visit has already been criticized for inconveniencing legitimate travelers and immigrants.'Things have gotten better,' said Greg Boos, an immigration attorney and AILA member in Bellevue, Wash., near the Canadian border. 'Maybe a year ago, things were pretty bad at the border. A number of people who came through felt they were abused.'Racial profiling wasn't the problem.'Lots of plain old, white, garden-variety Canadians felt that officers went out of the way to not be very courteous,' Boos said.He said he worries about a new pilot program begun this summer to employ radio frequency identification to smooth entry through a special lane at his local checkpoint, among several nationwide.'So far, they're making people register, and they're installing the technology, but they still don't have the underlying scheme,' Boos said. 'They don't have all the databases ready. Somebody who's in the Buffalo [N.Y.] program can't use the lanes here because they haven't got the databases going across the country.'Similar data incompatibilities caused a suspension in processing green cards immediately after Sept. 11, Boos recalled.U.S. Visit biometrics also is coming under criticism for potentially violating privacy and slowing commerce. 'Chertoff is trying to do more to target bad guys and let good guys go through,' Vining said.To achieve that goal, Vining said, Chertoff decided to upgrade U.S. Visit's biometric fingerprinting system from its relatively lax two-finger sampling to a much more reliable 10-digit standard used by the FBI.Such reliability could come at an unacceptable cost, however.'There's no way they can do 10-finger fingerprints and not cause enormous lines at the border,' Boos said.