Mission gap: A special report on the Homeland Security Department

 

Connecting state and local government leaders

Two years after coming into being, the Homeland Security Department is still under construction, a loose collection of agencies not bound by a common infrastructure. GCN focuses this report on the gaps in Homeland's bridge to domestic security, and its successes to date as well.

Two years after coming into being, the Homeland Security Department is still a vast construction site, a loose amalgamation of 22 extant and newly created agencies strewn across the landscape with no common infrastructure.No one said it would be easy.From the outset, assembling DHS represented a massive, next-to-impossible undertaking.'This reorganization of government has presented the biggest 'change management' challenge of all time,' DHS deputy secretary James Loy acknowledged last month in testimony before the House Select Committee on Homeland Security.'Never before have we witnessed a full-scale government divestiture, merger, acquisition and startup all coming together at once'certainly not on this scale,' he told the committee. 'Neither have we seen a consolidation of this size occur with national importance and urgency and in such a short amount of time.'The General Accounting Office said much the same thing in a report last year: 'The creation of DHS represents one of the largest and most complex restructurings in the federal government. The size, complexity and importance of the effort make the challenge especially daunting and incomparably critical to the nation's security.'In this special report, GCN takes a look at the gaps between the promise and the reality of DHS' systems, focusing on five key areas: border and transportation security, information sharing, back-office operations, enterprise architecture and consolidation, and initiatives with state and local organizations.By all accounts, IT and efficient management are critical to transforming a variety of programs and missions into a high-performance, focused organization.IT will provide a consolidated and integrated framework for that transformation.But the hurdles ahead for streamlining the department's IT operations are formidable.'The challenge facing the IT function of DHS is very complex,' Loy said. 'Rationalizing disparate technologies with conflicting business rules, consolidating data centers and networks, getting the right information to border agents, preventing cyberattacks against our mission-critical systems, or even having a common e-mail system must be achieved to help detect and deter future terrorist attacks.'In a recent status report, the DHS inspector general agreed: 'IT remains a major management challenge for the department. IT systems and tools are fundamental to the programs and activities across the department used to accomplish its wide-ranging missions.'Steve Cooper, Homeland Security's CIO, knows what obstacles lie ahead.[IMGCAP(2)]'We inherited a hodgepodge of 22 component agencies, some of which had very robust IT teams, personnel and assets, and others that were brand-new and brought no IT capability,' he said. 'We have to transform what we inherited into a smoothly functioning, well-oiled machine.'Cooper has outlined eight IT priorities for the CIO's office through the end of fiscal 2005:In many ways, these priorities are interconnected. The department's enterprise architecture, for example, will guide the information-sharing and mission-rationalization efforts, Cooper said.'We are going to use the enterprise architecture to identify where and how it makes the most sense to share information,' he said.In the same way, 'the enterprise architecture work has identified multiple applications that support the same business area,' Cooper said. 'For example, we've identified 14 major applications that do alerting and warning within DHS. We don't know that one is the proper answer. We do know that 14 is probably more than we need.'Cooper stressed that mission-rationalization, though one of his priorities, is not an IT initiative per se. 'It's a business initiative that CIOs can all support and participate in,' he said.Among the other priorities, moving the department to a single, integrated IT infrastructure by December 2005 will likely be the most difficult.To lay the groundwork for this task, Cooper is overhauling the department's IT governance configuration so that infrastructure personnel from across DHS will report directly to his office (see sidebar, this page).But some observers find the prospect of integrating and consolidating DHS' IT infrastructures into a single infrastructure more than a little scary.'The biggest worry for me is the scope issue,' said Patrick Schambach, who last month left the CIO job at the Transportation Security Administration to become general manager of PEC Solutions Inc. of Fairfax, Va.'We've seen that the [establishment of an IT infrastructure] of TSA was a big fish to swallow,' he said. 'So trying to do one infrastructure for all of DHS just magnifies the problem in my mind. It's a challenging notion.'Is December 2005 a realistic goal? 'It's hard to tell where's the beginning and where's the end of an exercise like this,' he said. 'We could be sitting here 10 years from now and still trying to pull the final pieces together.'Another tough assignment will be improving the department's information-security posture.The department received an F on the House Government Reform Committee's most recent IT security report card.The report card puts significant weight on the asset inventory, and certification and accreditation requirements under FISMA.'We have a very large number of apps and only about 35 percent are accredited,' Cooper said. 'So guess what? Last time I was in school 35 percent was not a passing grade, and that's it. There is part and parcel why we got an F.'Cooper said his office has instituted an aggressive information security program to improve the department's security posture and meet FISMA requirements.'It's one of the things I look at almost every day with [DHS chief information security officer] Bob West,' he said. 'Hopefully, if we get the right number of people to assist us'and that's dependent on some funding, obviously, because we need contract resources in addition to our own'we're going to try to upgrade our letter grade and get to the right [certification and accreditation] numbers that will get us a D, then a C.'But I can't move the numbers fast enough to jump from an F to an A. It's not going to happen.'To improve its FISMA compliance, the department has deployed Trusted Agent FISMA, a commercial application for reporting security data, finding security weaknesses, monitoring patches and managing self-assessments.Officials said the department will be heavily dependent on partnerships with industry and on private-sector innovation to meet its IT goals.But DHS' relationship with the IT industry is a disappointment for many on the vendor side.Industry sources say vendors are frustrated with the department's bureaucracy, which makes it difficult to communicate with DHS about their products.'There are lots of exciting new technologies that could have a play in the Homeland Security environment, but the agency seems to have trouble processing all those requests,' said Ray Bjorklund, vice president for market intelligence and chief knowledge officer of Federal Sources Inc. of McLean, Va.For DHS' part, officials say it's been tough to cope with all the industry queries.'As you can imagine from our side, we've just been swamped from Day One with well-intentioned and well-meaning offers of assistance and silver bullets,' Schambach said. 'It becomes difficult to sift through and find the nuggets.''We have to figure out for ourselves what's most important, where we are going to start and assemble the resources to get started and then engage industry,' he said.The department recently launched a Web site, at , for collecting information on IT products and services from vendors.'It's good that DHS now has a more coherent process for accepting nominations of technologies, but I'm very skeptical as to whether it's really going to accelerate the process and make everything go much more smoothly,' Bjorklund said.DHS also has trouble communicating with other stakeholders outside the department, sources said.For instance, local security agencies are often in the dark about interoperability issues and projects, said an official.'I know there's a lot of activity going on, but it hasn't yet filtered down to us,' said Mark Penn, emergency management coordinator for the city of Alexandria, Va. 'We're hearing from vendors about projects but we're not hearing about them from Homeland Security. It would be fair to say we just don't know all of what's going on.'Penn agreed that it's all part of DHS' growing pains.'It's just such a big organization and it's trying to serve so many things,' he said. 'First, they have to get their organizational structure together and then they have IT challenges. I don't think Homeland Security [officials] have got their arms around all of it yet.'Penn said his primary concern is that there is little information from DHS about interoperability issues and technologies.'I can go out and buy IT stuff today but it may not be interoperable with what DHS is getting,' he said. 'We know we have to operate with DHS. But we don't get good, solid point-to-point communications about [DHS IT initiatives].'He added: 'If Homeland Security went away tomorrow, we could still operate, and that's the bottom line. But it would make it a lot easier if we were all better connected, knew what the projects were, knew what their thinking was and knew where they were headed.'There is no question that there will be plenty of barriers to overcome as DHS moves toward meeting Cooper's vision of the department as a piece of well-oiled machinery.Indeed, DHS still hasn't reached its final organizational shape. Yet more structural changes are afoot. Rep. Christopher Cox (R-Calif.), chairman of the House Select Committee on Homeland Security, said last month that Congress would press DHS officials to overhaul the department's management structure and improve its procurement processes.

Mark Penn, emergency management coordinator for the city of Alexandria, Va., wants better communication from DHS. 'I know there's a lot of activity going on, but it hasn't yet filtered down to us.'

J. Adam Fenster

A boat passes thousands of shipping containers stacked near the Vincent Thomas Bridge at the Port of Los Angeles, one of three locations involved in a pilot program to study container security.

David McNew/Getty Images

Systems work underscores how far DHS is from fulfilling its promise





























IT priorities


  • Improving the ability of DHS agencies to share information with each other and with state and local agencies

  • Mission rationalization: consolidating multiple applications that support the same business processes

  • Streamlining IT governance across the DHS directorates

  • Continuing to develop an enterprise architecture

  • Improving information security and meeting Federal Information Security Management Act requirements

  • Creating a single, integrated network and IT infrastructure

  • Cultivating a portfolio management approach to IT

  • Developing strategies for enhancing IT human capital, such as planning for CIO departures and successions.









Toughest task










































vendors.dhs.gov



In the dark





















X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.