Special Report: DHS' Double Duty

Homeland Security IT Budgets for FY2004'FY2006 (In billions)

FY2004 Actual: 4.76

FY2005 Estimate: 4.79

FY2006 Request: 5,98

Source: OMB, FY 2006 Budget of the U.S. Government (IT Spending Report), February 7, 2005

DHS record of accomplishment, or not

When the Homeland Security Department took shape in early 2002, the Bush administration issued an ambitious plan to secure the country with several specific IT goals [GCN, July 22, 2002, Page 9]. Many of the goals were optimistic from the start; others fell prey to the turbulence of merging 22 agencies. The results so far have, predictably, been poor to mixed. Here's how DHS has performed against the administration's original goals.

Goal: Build a dynamic homeland security architecture.

Performance: Largely achieved. The department has created two versions of its homeland security enterprise architecture so far. Though some critics point out that the existing enterprise architecture is 'a mile wide and an inch deep,' the department is on its way to making the plan more detailed.

Goal: Create smart borders by integrating databases used to track people entering and leaving the country.

Performance: Partly achieved. The department has accelerated the entry-exit system it inherited from the Immigration and Naturalization Service. DHS is still in the process of fielding systems at border checkpoints to record transits, and the exit phase of the program remains in a very early stage. But this flagship program has received high-level attention and hundreds of millions of dollars in funding.

Goal: Use the Critical Infrastructure Protection Board to develop and promote IT security.

Performance: Not achieved. The department is not using the Critical Infrastructure Protection Board as its main IT security organization, and the National Cyber Security Division and the Chief Information Security Office are far from achieving their goals.

Goal: Create a national incident management system to help respond to terrorist attacks and natural disasters.

Performance: Poor progress. The department generally has relied on existing institutions to cope with natural disasters and terrorist attacks. The Defense Department's Northern Command has developed detailed plans for coping with terrorist attacks, but the department itself lacks a strong planning office to prepare for attacks and disasters. The department's networks and IT infrastructure remain a work in progress.

Goal: Establish a national laboratory for homeland security.

Performance: Partly achieved. The department's Science and Technology Directorate has established some centers of excellence in specific technologies that have a bearing on homeland security needs. This year, according to department officials, the directorate has received orders to begin using its grant funds to provide technology that is closer to application than theoretical development. DHS appears to have chosen not to establish a full-fledged national laboratory for homeland security technology, but the strategy of planning and funding an array of projects at existing universities and other institutions could be a more efficient way to achieve the same goal.

Goal: Eliminate incompatibility among IT systems and remove legal and cultural barriers to data exchange.

Performance: Not achieved. Department officials themselves concede that DHS' internal organization has fostered infighting and turf clashes. IT officials are working to iron out incompatibilities among the department's own systems as well as those of the government agencies and other institutions with which it is supposed to be sharing data. However, vast cultural gaps and legal challenges remain.

Goal: Create systems to share information among government agencies and the private sector.

Performance: Not achieved. DHS' information-sharing capabilities have been limited to a circumscribed 'circle of trust' that excludes most companies and the public. DHS' systems do not extend to many organizations involved in homeland security, though the department is continuing to build them out.

Goal: Capture information once and use it many times.

Performance: Not achieved. The department operates many incompatible systems that don't share even basic information.

Goal: Develop metadata standards to help integrate databases.

Performance: Largely achieved. The department has worked with other agencies, especially those in the intelligence and law enforcement arenas, to develop metadata standards. However, many DHS systems do not comply with these standards.

Goal: Improve public safety and public health communications.

Performance: Not much has been achieved. Much of the work in public health remains a task for Health and Human Services Department agencies. Secretary Michael Chertoff's reorganization plan calls for the establishment of a chief medical officer organization that will, starting this fall, begin to provide expert senior leadership in the field. The poster child technology problem of the terrorism response field'incompatible first-responder radios'remains years from resolution. n

DHS secretary Michael Chertoff's reorganization plan in itself could delay projects, as officials seek to fill newly created positions and to learn new patterns of operation.

RFID: U.S. government employees Blanca Maristal (left) and Breanna Hackenberry display new visa cards with embedded RFID chips that they tested for the news media at the De Concini Port of Entry in Nogales, Ariz.

'The impetus for change may be IT, as long as IT isn't driving the process by itself.' ' CIS CIO Tarrazzia Martin

Nogales, Ariz., has been sweltering this summer with temperatures around 100 degrees. But the stifling weather doesn't slow the traffic flooding both ways across the border with Mexico. Each year, more than 5.4 million pedestrians and 3.9 million vehicles cross the border here.

The Mariposa border crossing at Nogales is Arizona's busiest, with a 96 percent increase in exports and imports since 1994. It is not unusual for trucks to wait at the border for two to three hours, according to the Government Accountability Office, while pedestrians sometimes wait for more than an hour.

The long lines are a daily reminder of the increasing heat on the Homeland Security Department to meet its dual challenge of confronting terrorism while providing improved services to vast numbers of the public. Faster, more secure border technology is needed, both to pinpoint terrorists and criminals, and to facilitate legitimate travel.

Earlier his month, the DHS' U.S. Visitor and Immigration Status Indicator Technology program launched a proof-of-concept project at Nogales' two crossing points and at three other land ports to evaluate a promising technology for improving border security and speeding travelers: radio frequency identification devices [GCN, Aug. 15, Page 10].

Program officials also are seeking advice from vendors about how to take border transit RFID technology to higher levels. Among the ideas they are exploring: developing methods by which RFID units would be able to provide information about as many as 55 travelers on a bus passing a border point at about 50 mph, according to a recently released request for information.

The U.S. Visit program's RFID project is one of many technologies the department is testing, and it touches on some of the department's other underlying challenges and responsibilities: carrying out its counterterrorism and public service tasks while observing privacy and civil-liberties laws, and as doing so while blending systems and corporate cultures from 22 legacy agencies. U.S. Visit also must respond to the need to share information more fluidly among federal, state, local and foreign agencies, and the private sector.

DHS technology officials long have recognized that the department's IT infrastructure is, at best, a work in progress.

Earlier this month, they launched a new array of projects to bring order to the department's IT infrastructure and its fragmented methods of purchasing technology.

CIO Scott Charbo and chief procurement officer Greg Rothwell conducted an industry day in downtown Washington, during which about 400 vendors learned about the Infrastructure Transformation Program as well as two departmentwide procurements for services and computer equipment [GCN, August 22, Page 7].

The two umbrella contracts'the Enterprise Acquisition Gateway for Leading Edge technology services, known as Eagle, and the FirstSource acquisition for hardware'ultimately will replace dozens of existing contracts DHS component agencies have for IT services and equipment.

Fall harvest

The department plans to release final requests for proposals for Eagle and FirstSource next month, and award several contracts under each of them by the end of the year, officials said.

Eagle and FirstSource offer the hope of bringing the massed purchasing power of DHS' 22 component agencies together to reduce costs. Department officials earlier attempted the same approach via the failed Spirit and Domain contract procurement projects [GCN, August 16, 2004, Page 5].

Charbo described the Infrastructure Transformation Program, an ambitious project to push the department's systems to a higher level.

The ITP project is intended to improve project performance, information sharing, IT security, project rollouts and shared services, Charbo said.

'We need this plan ready to go for the 2007 budget,' Charbo said of ITP, reflecting the slow pace of the federal budget cycle and the reality that ITP's ambitious goals are set to materialize over many months.

Meeting attendees peppered the DHS officials with questions, some about the effect Eagle and FirstSource would have on DHS' existing vendors.

'It is way too early to worry about that,' Rothwell replied.

But vendor sources, speaking on condition of anonymity, said DHS procurement officials hadn't fully evaluated steps needed to carry out Eagle and FirstSource.

They pointed to loose ends such as small vendors' prospective difficulties in quickly becoming resellers of the hundreds of products required by FirstSource and maintaining an accurate online catalog, which would be hundreds of pages long. FirstSource is restricted to small businesses.

ITP itself represents a changing of the guard at DHS. Charbo and his team will be working with what amounts to the second generation of DHS technology leaders, who are assembling to replace the cadre that brought the department into being [GCN, April 18, Page 1].

The department's continuing struggle to exploit technology played a key role in secretary Michael Chertoff's recently announced plan to reorganize the department.

Info sharing at the core

As he announced the plan to hundreds of DHS employees gathered July 19 at the Ronald Reagan Building in Washington, Chertoff stressed the importance of information sharing and the need for the department to manage IT effectively as two of his six imperatives for quick action.

Chertoff pledged to improve DHS' delivery of 'core information technology systems.'

He also announced a major change affecting IT for the U.S. Visit program: First-time visitors to the United States will be enrolled in the program by submitting 10 fingerprints. Subsequent entries require a two-print scan for verification.

With those two sentences, Chertoff sliced through the Gordian knot of the incompatibility between two separate fingerprint image systems, U.S. Visit's Automated Biometric Identification System, known as IDENT, and the FBI's Integrated Automated Fingerprint Identification System. Their conflicts have bedeviled DHS and other agencies for years.

Matching up

But technical conflicts between the IDENT and IAFIS systems are only part of the story, according to specialists in the field.

Federal officials are working to facilitate information exchange between the systems, and IDENT already includes some information from IAFIS that has been updated periodically.

But despite continued references in official documents to the integration of the two systems, they can never be fully merged.

Apart from the technology issues in merging IAFIS and IDENT, Congress has mandated that fingerprint information gathered for certain purposes, such as visa applications, not be fully intermingled with fingerprint images gathered under other legal auspices, such as after an arrest or from an employment application.

Moreover, parts of IAFIS contain information classified at a higher level than IDENT users are allowed to access, sources said.

Chertoff's reorganization plan won't take effect until at least October, according to DHS, and in itself could introduce delays as officials seek to fill newly created positions and learn new patterns of operation.

The reorganization itself is a tacit admission that DHS as it is presently constituted has not achieved its goals of aligning federal resources most effectively to confront terror and provide services.

Since the department came into being in March 2003, its operations, and especially its IT management activities, have attracted relentless criticism from Congress and outside analysts expressing frustration at the slow pace of consolidation (see related story, Page 50) and haphazard information sharing.

When DHS was established, a chorus of voices called for a new method to 'connect the dots' between various agencies' terrorist information. But DHS still hasn't succeeded in fully integrating its own networks for e-mail and other data, according to senior department officials.

'The department has put together a thin WAN that permits our various e-mail systems to interoperate,' said one senior DHS technology official. 'We have a WAN backbone and gateways into our own networks. Predictably, the mature agencies have mature e-mail systems.'

Keeping an accurate count of DHS' networks is a task in itself, as a Government Accountability Office report issued last fall showed.

In addition to its officially acknowledged classified networks, the federal government appears to have other classified networks it has not acknowledged.

Coast Guard to deliver e-mail

DHS has about half a dozen e-mail systems operating behind the dhs.gov domain name, officials said. The new ITP project is set to accelerate the pace of consolidating the department's e-mail systems by assigning the task to the Coast Guard, Charbo said during the industry day meeting earlier this month.

But e-mail integration is only part of the department's networking agenda.

'Just as you have e-mail systems at different levels, you are going to have networked systems that are more or less mature,' the senior official said. 'How are those networks going to really merge?'

Charbo has assigned the task of consolidating DHS' sensitive but unclassified networks to the Customs and Border Protection agency, which will build out the department's OneNet system.

DHS chief technology officer Lee Holcomb said department officials 'are still going through and killing off systems' as they move in the direction of building a consolidated network.

Another networking consolidation project that will fall under ITP is the Federal Emergency Management Agency's newly as-signed responsibility for providing sensitive but unclassified video links among DHS agencies and their counterparts in state and local government.

In the arena of information sharing, Holcomb said, 'I have to say from my observation there have been two challenges. One is the barriers to information sharing that are cultural and statutory or involve privacy laws.

'The second is generic [technical] interoperability with the state and local community. You have to incentivize information sharing. Even if you have the best system in the world, it won't work unless you have incentives,' Holcomb said.
Private-sector analysts have also chimed in. Dave Abel, a partner in IBM Corp.'s Business Consulting Services arm, said, 'They have made a start, but there is a lot of work yet to be done.

'There is work to be done in being able to share data inside the department, work to be done in sharing with other [federal, state and local] agencies, there is work to be done to share information internationally, and to share information with private entities that have to make risk-based decisions,' Abel said.

Charbo wants to energize the data-sharing function by consolidating several DHS data centers into two sites, as he did while he was CIO of the Agriculture Department [see interview, Page 36].

Abel said the department's first two years under former secretary Tom Ridge were a period of building muscle mass for the tasks of confronting terrorism and providing services, while Chertoff's mission will be to create the connective tissue to coordinate the department's strengths.

As DHS works to reach maturity in its IT systems, it faces two handicaps that have stalled development, according to department officials. One is the stinginess of the administration's IT funding in DHS' early days, and another is creating a fully functioning procurement operation.

'If you go back to the formation of the department,' Holcomb said, 'there were things that happened from the get-go that people forget. One was that the IT budget was reduced by more than $300 million in the first year.'

Administration budget planners sought to capture savings from the merger of DHS' agencies immediately rather than wait for the systems and organizations to be combined, officials said, a reversal of the practice used in private-sector mergers.

The senior department IT official volunteered the same analysis in a separate interview. 'The way the business of capturing savings from the department's IT integration was carried out was a violation of known business practices with mergers and acquisitions,' the official said.

'If you promise yourself you are going to save money and take the savings in advance, you have cut yourself off at the knees,' the official said.

According to the common business school model, an initial increase in IT expenses
after a merger is followed by a declining cost curve.

Congress and the White House have quietly acknowledged that DHS systems need a funding transfusion, as reflected in the department's IT budget increase from $4.8 billion in fiscal years 2004 and 2005 to an estimated $5.9 billion in 2006.

Meanwhile, the department's efforts to build major systems that cut across its agencies for functions such as financial management, under the Emerge2 project, and human resources management, under the MaxHR program, have been hampered by the slow development of its procurement operation.

DHS now has eight separate procurement shops, according to chief procurement officer Rothwell, who said all eight offices would continue to operate while increasingly coordinating their activities.

'The department has formed the Information Technology Acquisition Center,' Rothwell said in a recent interview. 'That center is, over time, going to be the central buying command for IT. This will take three or four years.'

Rewards for success

The ITAC will be responsible for the Eagle and FirstSource procurements, Rothwell said. He added that those contracts' total dollar value would be in proportion to their success, but that they ultimately could account for a substantial share of DHS' technology budget, which ranges above $4 billion.

In the meantime, the department's eight procurement offices coordinate via a Chief Acquisition Officer Council that meets at least monthly to hammer out policy decisions.

Rothwell said, 'We are working so we all behave as one department in terms of our interface with industry.'

Rothwell himself leads the central procurement office at headquarters. 'It is going to grow to a staff of 127,' Rothwell said. 'It currently has 85 employees.'

But the department's efforts to coordinate procurement operations have not met with complete success, in the opinion of IT vendors who frequently are frustrated in trying to determine what DHS policy is.

'From a procurement perspective, DHS has done very well with the limited team they have,' said one vendor executive, speaking on condition of anonymity.

'There is a need to increase the size of their procurement staff,' the executive said. 'When they use other agencies' contracts as acquisition vehicles, they're effective, but those are expensive and DHS loses control of the process.'

A different IT vendor executive, also speaking anonymously, noted that 'DHS wants to deal with large integrators, to take care of the handholding of the smaller vendors.

'That's a good and a bad thing for us as a small vendor, because it means we can multiply our presence by dealing with different integrators, but on the other hand, we don't get any visibility,' the executive said.

Despite the obstacles to mobilizing technology to combat terrorism and provide services, various DHS components are poised to roll out major IT programs.
For example, the troubled federal activity of processing applications for visa changes, such as permanent residency and nationalization, is on the cusp of a technology makeover.

Citizenship and Immigration Services, the department's agency for handling the requests, has announced plans for an acquisition that could lead to a managed-services contract to provide IT. The project is intended to digitize millions of paper records the agency has stored underground in Missouri as well as to eliminate barriers among more than 60 stovepiped CIS systems.

Tarrazzia Martin, CIS' CIO, told a vendor gathering recently that the agency is open to partnerships with vendors and to applying new technology to overhauling the agency's systems and procedures.

'Getting people to change their working methods is a process of cultural change management and business process im- provement,' Martin said. 'The impetus for change may be IT, as long as IT isn't driving the process by itself.'

Jack Hermansen, CEO of Language Analysis Systems Inc. of Herndon, Va., noted approvingly that Martin and other CIS technology officials had reviewed the problems the IRS and the FBI had experienced when trying to build major projects.

'That augurs well for this department,' Hermansen said. 'This is a very aggressive plan.'

Holcomb observed that the CIS project promises both to improve the department's provision of services and help combat terrorists' exploitation of the process.

'If we can transfer an entity like CIS from paper files to electronic files, we can make it more effective and seriously put a dent in that [visa application] backlog, and be more effective in catching security risks,' Holcomb said.

Holcomb said DHS technology leaders want to exploit the varying IT strengths of different department components and spread their benefits widely.

'Anchor tenants'

He compared DHS programs that have strong technology attributes to 'anchor tenants' in a shopping mall that would attract other shops.

'I think our approach is to have a good system engineering and IT expertise that can help us serve as a consultant to seek out these anchor-tenant capabilities and partner with those programs so they can serve more than just one project,' Holcomb said. 'We have started those dialogues and think there are some opportunities that can be used more extensively. There are parts of Emerge2 that will use service-oriented architecture, and we would like those parts built by Emerge2 to be used by others.'

The headquarters CIO office, where Holcomb works, also is engaging with the MaxHR program in its early stages and putting the programs before the department's enterprise architecture board.

'We will use technology that each of these programs put forward more widely,' Holcomb said. He added that headquarters IT leaders seek to reach out to emerging programs before they seek approval from the department's central IT authorities.

'We would rather work with them before they come to the table,' for project approval, Holcomb said. 'We have both carrot and stick.'

One DHS program that has felt the department's stick is Customs and Border Protection's $2.5 billion America's Shield program. Headquarters IT officials nixed the project to add technology at the border at an early phase of its development and directed Border Patrol officials to improve their plans.

Secretary Chertoff told the House Homeland Security Committee last month that the original plan consisted of deploying 'gadgets at the border' and that America's Shield likely would be reshaped [GCN, Aug. 1, Page 9].

Frontline Border Patrol officers themselves say much of the sensor technology they use dates back to the Vietnam War era and that patrol officers' desktops are woefully obsolete [GCN, Aug. 30, 2004, Page 9].

Back in Nogales, the RFID proof-of-concept project called Increment 2C, launched by U.S. Visit, will test the use of wireless chips embedded in I-94 forms carried by non-immigrant foreign travelers.

U.S. Visit program manager Jim Williams explained that travelers bearing the RFID-equipped I-94 forms would be enrolled in a database when they enter the country.

Tracking travelers

'We will have recorded the entry, and when they exit we will record the exit via RFID at the five points of exit,' Williams said.

The system will record the exit of travelers with the special forms who leave in vehicles or by pedestrian lanes. The program will run through next March, according to department plans.

But even as DHS hones the U.S. Visit system, officials concede that RFID technology can only record the exit of an I-94 document, and that it is not linked to a biometric measurement that could ensure that the person bearing the document at the port of entry actually left.

In that respect, the U.S. Visit RFID technology shares flaws of the existing RFID programs at the border, Sentri and Nexus.

Congressional staff members familiar with those programs and speaking on condition of anonymity note that the two existing RFID programs also fail to establish a biometric link between the border crossers. Nexus program participants, who use commuter lanes to cross the Canadian border, zip past the border checkpoints at speed.

U.S. Visit and its contractors are using RFID chip technology from Symbol Technologies Inc. of Holtsville, N.Y.

Even in its developmental stages, however, U.S. Visit has given impetus to information sharing and the connect-the-dots challenge the department faces.
The program's CIO, Scott Hastings, said, 'We have brought different data sources to the officer at the border. We now have data that is brought back from source databases, such as fingerprint identification information.'

The U.S. Visit program stands out as a systems integration effort that plays the dual role of providing services to the traveling public and confronting terrorism. Williams notes that the project is receiving more attention now than border technology ever has in the past.

'There is no question that 9/11 speeded it up,' Williams said.

Not only did the Immigration and Naturalization Services' predecessor Entry-Exit program not receive full funding from Congress, 'it didn't have the clear support of leadership at the secretary and undersecretary level,' Williams said.

Now U.S. Visit has been given more prominence, he said. 'That elevation has us reporting directly to the undersecretary.'

Williams reflected the view of many other DHS technology officials when he added, 'We're probably different from other agencies in that we have always had an urgency about our mission.'

The emerging esprit of DHS' technology team is a factor that likely will play an important role in meeting such challenges as integrating the 22 component agencies.
'The loss of the old cultures is something. People cling to their past. There is no switch to flip on this one,' the official said.

But over time, DHS technologists increasingly are banding together in a common effort to deploy systems to confront terrorism and provide services.

Williams pointed to one key unifying event: 'When secretary [Tom] Ridge had a recognition ceremony for all of DHS in January of this year,' it was a turning point that drove home the department's increasingly merged identity.'

'I always like to look at it from the officer at the border backwards,' Hastings said. 'The officer now is receiving better information.'

From that perspective, Homeland Security officials are spending less time on the aftermath of the department's massive merger and more time on the details of improving its infrastructure.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above