[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]

ASSESSING DHS'S PERFORMANCE: WATCHDOG RECOMMENDATIONS TO IMPROVE
HOMELAND SECURITY

=======================================================================

HEARING

before the

SUBCOMMITTEE ON

OVERSIGHT AND

MANAGEMENT EFFICIENCY

of the

COMMITTEE ON HOMELAND SECURITY

HOUSE OF REPRESENTATIVES

ONE HUNDRED FOURTEENTH CONGRESS

FIRST SESSION

__________

FEBRUARY 26, 2015

__________

Serial No. 114-5

__________

Printed for the use of the Committee on Homeland Security

[GRAPHIC] [TIFF OMITTED]

Available via the World Wide Web: http://www.gpo.gov/fdsys/

__________

U.S. GOVERNMENT PUBLISHING OFFICE

94-109 PDF WASHINGTON : 2015
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001

COMMITTEE ON HOMELAND SECURITY

Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Peter T. King, New York Loretta Sanchez, California
Mike Rogers, Alabama Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice James R. Langevin, Rhode Island
Chair Brian Higgins, New York
Jeff Duncan, South Carolina Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania William R. Keating, Massachusetts
Steven M. Palazzo, Mississippi Donald M. Payne, Jr., New Jersey
Lou Barletta, Pennsylvania Filemon Vela, Texas
Scott Perry, Pennsylvania Bonnie Watson Coleman, New Jersey
Curt Clawson, Florida Kathleen M. Rice, New York
John Katko, New York Norma J. Torres, California
Will Hurd, Texas
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
Brendan P. Shields, Staff Director
Joan V. O'Hara, General Counsel
Michael S. Twinchek, Chief Clerk
I. Lanier Avant, Minority Staff Director
------

SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY

Scott Perry, Pennsylvania, Chairman
Jeff Duncan, South Carolina Bonnie Watson Coleman, New Jersey
Curt Clawson, Florida Cedric L. Richmond, Louisiana
Earl L. ``Buddy'' Carter, Georgia Norma J. Torres, California
Barry Loudermilk, Georgia Bennie G. Thompson, Mississippi
Michael T. McCaul, Texas (ex (ex officio)
officio)
Ryan Consaul, Subcommittee Staff Director
Dennis Terry, Subcommittee Clerk
Brian B. Turbyfill, Minority Subcommittee Staff Director

C O N T E N T S

----------
Page

Statements

The Honorable Scott Perry, a Representative in Congress From the
State of Pennsylvania, and Chairman, Subcommittee on Oversight
and Management Efficiency:
Oral Statement................................................. 1
Prepared Statement............................................. 3
The Honorable Bonnie Watson Coleman, a Representative in Congress
From the State of New Jersey, and Ranking Member, Subcommittee
on Oversight and Management Efficiency:
Oral Statement................................................. 3
Prepared Statement............................................. 5
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Prepared Statement............................................. 5

Witnesses

Mr. John Roth, Inspector General, U.S. Department of Homeland
Security:
Oral Statement................................................. 7
Prepared Statement............................................. 8
Ms. Rebecca Gambler, Director, Homeland Security and Justice
Issues, U.S. Government Accountability Office:
Oral Statement................................................. 16
Prepared Statement............................................. 17
Mr. Daniel M. Gerstein, Senior Policy Researcher, The Rand
Corporation:
Oral Statement................................................. 27
Prepared Statement............................................. 28

ASSESSING DHS'S PERFORMANCE: WATCHDOG RECOMMENDATIONS TO IMPROVE
HOMELAND SECURITY

----------

Thursday, February 26, 2015

U.S. House of Representatives,
Subcommittee on Oversight and
Management Efficiency,
Committee on Homeland Security,
Washington, DC.
The subcommittee met, pursuant to call, at 10:03 a.m., in
Room 311, Cannon House Office Building, Hon. Scott Perry
[Chairman of the subcommittee] presiding.
Present: Representatives Perry, Clawson, Loudermilk, Watson
Coleman, Richmond, and Torres.
Mr. Perry. Good morning. The Committee on Homeland Security
Subcommittee on Oversight and Management Efficiency will come
to order.
The purpose of this hearing is to receive testimony
regarding the recommendations from the Government
Accountability Office and DHS inspector general to improve the
Department of Homeland Security.
Before I begin, I would like to welcome the new Members of
the subcommittee. Unfortunately, I am sure there is a lot going
on this morning. I literally have three places to be at one
time, and I think most of us are the same way. Just the same,
to officially welcome them to the subcommittee. The other
Members bring with them tremendous private-sector, military,
and other experience which will be helpful in our oversight of
the Department of Homeland Security. I also look forward to
working with all of our colleagues on both sides of the aisle.
Ranking Member Watson Coleman and I met recently to discuss
the subcommittee's priorities, and I look forward to working
with her on areas of mutual interest.
I now recognize myself for an opening statement.
Last month the Secretary of Homeland Security Jeh Johnson,
in a speech before the Wilson Center, said that regarding how
his Department conducts business and protects the homeland, we
are still finding our way, but we are headed in the right
direction. While I certainly give Secretary Johnson credit for
trying to improve relations with Congress, his statement and
acknowledgement of mediocrity is very disappointing.
The Secretary also made discouraging statements about
recent border security legislation passed by this committee as
unworkable and impossible to achieve. As the Oversight and
Management Efficiency Subcommittee, we must hold the Department
accountable to the highest standards given that our National
debt is over $18 trillion and we face numerous threats. Whether
from radical jihadi terrorists intent on attacking us, to
porous borders with a steady flow through the illegal
immigrants and drugs coming into our communities, DHS simply
must secure the homeland efficiently and effectively.
Folks back home in Pennsylvania didn't send me to
Washington to watch their tax dollars wasted on ineffective
programs.
Testimony from our witnesses today is, then, so important.
Watchdogs from the Government Accountability Office, the GAO,
and DHS Office of Inspector General, the OIG, safeguard
taxpayer dollars from waste, fraud, and abuse.
Earlier this month, GAO released its high-risk list of
areas in the Federal Government most susceptible to
mismanagement. Despite DHS's hope that it will get off the list
soon, areas related to DHS management functions, terrorism-
related information sharing, and cybersecurity continue to
remain at high risk to fraud, waste, and abuse according to
GAO's 2015 report.
In addition, OIG releases an annual report on major
management challenges facing DHS. The 2014 report identified
nine broad areas where the Department faces serious management
and performance challenges. OIG also identified hundreds of
millions of dollars in questionable costs and funds that could
be put to better use. Hundreds of recommendations by these
watchdogs remain open and unimplemented by DHS at this time.
A recent GAO and OIG report also highlighted specific
dysfunctional programs where management failures continue at
DHS, to include the following: Ineffective use of unmanned
aerial systems at the border; a lack of a cybersecurity
strategy for Federal facility, physical facility, and access
control systems; failure to adequately manage DHS's
headquarters consolidation project at St. Elizabeths;
mismanagement in processing Freedom of Information Act or FOIA
requests; and a lack of rigorous covert testing program for
nuclear smuggling at our borders. These reports show serious
deficiencies in how DHS secures the border, protects Federal
buildings from cyber attacks, and manages billions of taxpayer
dollars. DHS must act on these and other recommendations to
improve our homeland security.
Finally, I need to hear more from the inspector general on
a recent report where in his opinion TSA attempted to cover up
embarrassing findings using its authority to classify
information as Sensitive. I am concerned that TSA failed to
provide a timely explanation to the IG's report's findings
regarding Sensitive security markings. Although DHS has a
responsibility to protect information that if released could
harm our National security, DHS has absolutely no excuse to
hide information from the American people simply to avoid
embarrassment. Secretary Johnson said that management reform
itself is a homeland security imperative. However, DHS has a
long way to go to reach its full potential.
I look forward to hearing from today's witnesses on their
recommendations to improve the efficiency and effectiveness of
DHS and what the Department is doing to address these concerns.
[The statement of Chairman Perry follows:]
Statement of Chairman Scott Perry
February 26, 2015
Last month, the Secretary of Homeland Security, Jeh Johnson, in a
speech before the Wilson Center, said that regarding how his Department
conducts business and protects the homeland, ``we are still finding our
way, but we are headed in the right direction.'' While I give Secretary
Johnson credit for trying to improve relations with Congress, his
statement and acceptance of mediocrity is very disappointing. The
Secretary also made discouraging statements about recent border
security legislation passed by this committee as ``unworkable'' and
``impossible to achieve.''
As the Oversight and Management Efficiency Subcommittee, we must
hold the Department of Homeland Security (DHS) accountable to the
highest standards. Given that our National debt is over $18 trillion
and we face numerous threats--whether from radical jihadi terrorists
intent on attacking us, to porous borders with a steady flow of illegal
immigrants and drugs coming in to our communities--DHS must secure the
homeland efficiently and effectively. Folks back home in Pennsylvania
didn't send me to Washington to watch their tax dollars be wasted on
ineffective programs.
Testimony from our witnesses today is, then, so important.
Watchdogs from the Government Accountability Office (GAO) and DHS
Office of Inspector General (OIG) safeguard taxpayer dollars from
waste, fraud, and abuse. Earlier this month, GAO released its ``High-
Risk List'' of areas in the Federal Government most susceptible to
mismanagement. Despite DHS's hope that it will get off the list soon,
areas related to DHS management functions, terrorism-related
information sharing and cybersecurity continue to remain at high risk
to fraud, waste, and abuse according to GAO's 2015 report.
In addition, OIG releases an annual report on major management
challenges facing DHS. The 2014 report identified nine broad areas
where the Department faces serious management and performance
challenges. OIG also identified hundreds of millions of dollars in
questionable costs and funds that could be put to better use. Hundreds
of recommendations by these watchdogs remain open and unimplemented by
DHS.
Recent GAO and OIG reports also highlight specific dysfunctional
programs where management failures continue at DHS, to include:
Ineffective use of unmanned aerial systems at the border;
Lack of a cybersecurity strategy for Federal facility
physical and access control systems;
Failure to adequately manage DHS's headquarters
consolidation project at St. Elizabeths;
Mismanagement in processing Freedom of Information Act
(FOIA) requests; and
Lack of a rigorous covert testing program for nuclear
smuggling at the border.
These reports show serious deficiencies in how DHS secures the
border, protects Federal buildings from cyber attacks, and manages
billions of taxpayer dollars. DHS must act on these and other
recommendations to improve our homeland security.
Finally, I need to hear more from the Inspector General on a recent
report where, in his opinion, TSA attempted to cover up embarrassing
findings using its authority to classify information as Sensitive. I'm
concerned that TSA failed to provide a timely explanation to the IG
report's findings regarding Sensitive security markings. Although DHS
has a responsibility to protect information that, if released, could
harm our National security, DHS has no excuse to hide information from
the American people simply to avoid embarrassment.
Secretary Johnson said that, ``management reform is itself a
homeland security imperative,'' however, DHS has a long way to go to
reach its full potential. I look forward to hearing from today's
witnesses on their recommendations to improve the efficiency and
effectiveness of DHS and what the Department is doing to address these
concerns.

Mr. Perry. The Chairman now recognizes the Ranking Minority
Member of the subcommittee, the gentlelady from New Jersey,
Mrs. Watson Coleman, for a statement she may have.
Mrs. Watson Coleman. Thank you very much, Mr. Chairman, and
thank you for holding this important hearing. I look forward to
working with you during the 114th Congress to ensure that the
Department of Homeland Security has the direction and resources
it needs to perform its critical mission as efficiently and
effectively as possible.
I also extend my gratitude to our distinguished panel of
witnesses that are appearing before the subcommittee this
morning. During the hearing I will be especially interested to
hear the witnesses' perspectives on the impact of a lapse in
funding for the Department of Homeland Security; what it would
have on the DHS's ability to implement the recommendations that
we will be discussing today.
Given that the Department endured the challenges of a lapse
in funding less than 2 years ago and the dangers another
shutdown of DHS would pose to our Nation's security, I
sincerely hope that my Republican colleagues will realize the
error of their ways and pass a full funding measure for the
Department without strings attached. The women and men who so
ably work for the Department deserve guarantees that they will
continue to be compensated for their service on behalf of our
Nation.
To that end, I am eager to hear from Inspector General Roth
regarding what happens to his audit staff that produce the
recommendations that result in the savings for the taxpayer in
the event of a lapse in funding in the Department.
Regarding recommendations in DHS's progress, I also look
forward to hearing from Inspector General Roth regarding how
the number of open unresolved recommendations decreased from
691 to 94 between 2011 and 2014, and how the improvement
corresponds to the Department's proactive interactions with the
Office of Inspector General.
I look forward to hearing from Ms. Gambler regarding GAO's
assessment of the Department's improvement in the areas of
greater commitment by its leadership, senior leadership, and
the implementation of a corrective action plan to address these
long-standing management issues.
I, as I know my colleagues on the committee are, I am
committed to seeing that DHS's management functions are removed
from GAO's high-risk list. Ms. Gambler and her team have
provided the road map for DHS to be removed from the high-risk
list. It is now up to the Department to implement the reforms
and policies we know are needed. It is also up to Congress to
provide the Department the funds and support necessary to stay
on track.
Given Dr. Gerstein's recent opinion piece in Politico, I am
eager to hear him share his views on how the Department can
build on the success of its response to Superstorm Sandy in
2012. I am also interested in hearing Dr. Gerstein's
perspective on the Secretary's Unity of Effort initiative and
what he believes Congress can do to aid the Department in its
mission.
With that, Mr. Chairman, I thank you again for holding this
hearing today and for not letting a little bit of snow delay
our work.
With that, I yield back the balance of my time. Thank you.
[The statement of Ranking Member Watson Coleman follows:]
Statement of Ranking Member Bonnie Watson Coleman
February 26, 2015
Thank you Mr. Chairman for holding this important hearing today. I
look forward to working with you during the 114th Congress to ensure
that the Department of Homeland Security has the direction and
resources it needs to perform its critical mission as efficiently and
effectively as possible.
I also extend my gratitude to our distinguished panel of witnesses
for appearing before the subcommittee today.
During the hearing, I will be especially interested to hear the
witnesses' perspectives on the impact a lapse in funding for Department
of Homeland Security would have on DHS' ability to implement the
recommendations we will be discussing.
Given that the Department endured the challenges of a lapse in
funding less than 2 years ago and the dangers another shutdown of DHS
would pose to our Nation's security, I sincerely hope that my
Republican colleagues will realize the error of their ways and pass a
full year funding measure for the Department without strings attached.
The women and men who so ably work for the Department deserve
guarantees that they will continue to be compensated for their service
on behalf of our Nation.
To that end, I am eager to hear from Inspector General Roth
regarding what happens to his audit staff that produce recommendations
that result in savings for the taxpayer in the event of a lapse in
funding for the Department.
Regarding recommendations and DHS' progress, I also look forward to
hearing from Inspector General Roth regarding how the number of open,
unresolved recommendations, decreased from 691 to 94 between 2011 and
2014, and how the improvement corresponds to the Department's proactive
interactions with the Office of the Inspector General.
I look forward to hearing from Ms. Gambler regarding GAO's
assessment of the Department's improvement in the areas of greater
commitment by its senior leadership, and the implementation of a
corrective action plan to address its longstanding management issues.
I, as I know my colleagues on the committee are, am committed to
seeing that DHS' management functions are removed from GAO's high-risk
list. Ms. Gambler and her team have provided the road map for DHS to be
removed from the high-risk list. It is now up to the Department to
implement the reforms and policies we know are needed.
It is also up to Congress to provide the Department the funds and
support necessary to stay on track. Given Dr. Gerstein's recent opinion
piece in Politico, I am eager to hear him share his views on how the
Department can build on the success of its response to Superstorm Sandy
in 2012.
I am also interested in hearing Dr. Gerstein's perspective on the
Secretary's Unity of Effort initiative and what he believes Congress
can do to aid the Department in its mission.
With that Mr. Chairman, I thank you again for holding this hearing
today and for not letting a little bit of snow delay our work.

Mr. Perry. Other Members of the subcommittee are reminded
that opening statements may be submitted for the record.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
February 26, 2015
Thank you, Mr. Chairman.
And thank you for holding the Subcommittee on Oversight and
Management Efficiency's first hearing of the 114th Congress.
I look forward to seeing this subcommittee, with you and Ranking
Member Watson Coleman at the helm, conduct vigilant and bipartisan
oversight of the Department of Homeland Security.
I would also like to thank the panel of witnesses for appearing
today.
I look forward to hearing from each of you about your
recommendations for how the Department of Homeland Security can become
more efficient and effective in its mission of securing the homeland.
Unfortunately, as we meet today to discuss recommendations for DHS,
Republicans in the House continue to put partisan politics and
pandering to their fringe ahead of funding the Department responsible
for keeping the homeland secure.
They are doing so at a time of increased security concerns both at
home and abroad.
This week, rather than focusing on implementing recommendations
issued by GAO and the Inspector General, among their other important
duties, DHS employees are being forced to prepare for furloughs and the
stress that accompanies working without knowing when your next paycheck
may come.
With that in mind, I have a recommendation for my Republican
colleagues regarding homeland security--fully fund the Department
without strings attached so that DHS and its dedicated employees can
focus on their mission.
Regrettably, damage has already been done by the Republican
brinksmanship regarding funding for DHS.
As Dr. Gerstein points out in his written testimony, even just the
specter of a lapse in funding for the Department of Homeland Security
has costs and is a signification distraction.
While I remain hopeful that my Republican colleagues will recognize
the error of their ways on this issue, any confidence I had in their
ability to govern responsibly has been further eroded.
Turning to recommendations for DHS, I look forward to hearing from
Inspector General Roth regarding his new initiative for verification
reviews to ensure recommendations are fully implemented by the
Department and that the actions taken had the intended effect.
While we are pleased when DHS concurs with a recommendation, the
real benefit is found in the implementation, not the mere
acknowledgement that there is a problem.
I am also eager to hear from the Inspector General regarding his
concerns with the Transportation Security Administration's use, and
what he believes to be misuse, of the Sensitive Security Information
designation.
Regarding TSA, I have questions for Ms. Gambler of GAO about the
agency's expedited passenger screening program and continued use of
behavior detection as a method for screening passengers.
Given Dr. Gerstein's time in senior positions within DHS, I look
forward to hearing his insider's perspective on how he believes the
Department can become more effective and efficient.
Before yielding back, I would like to acknowledge the good work of
Stephen Caldwell who recently retired after more than 30 years of
service with GAO.
His work on security issues was invaluable to both this committee
and the Department of Homeland Security.
With that Mr. Chairman, I yield back the balance of my time.

Mr. Perry. We are pleased to have a distinguished panel of
witnesses before us today, and this important topic.
Let me remind the witnesses that their entire written
statement will appear in the record, and that I will introduce
each of you first and then recognize you individually for your
testimony.
The Honorable John Roth assumed the post of inspector
general for the Department of Homeland Security in March 2014.
Previously, Mr. Roth served as the director of the Office of
Criminal Investigations at the Food and Drug Administration,
and as an assistant U.S. attorney for the Eastern District of
Michigan.
Ms. Rebecca Gambler is a director of homeland security and
justice issues with the Government Accountability Office, the
GAO. Ms. Gambler leads GAO's work related to border security
and immigration, as well as DHS's management issues.
Dr. Daniel Gerstein is a senior policy researcher with the
RAND Corporation. Prior to joining RAND, Dr. Gerstein was the
acting under secretary and deputy under secretary for DHS's
Science and Technology Directorate, where he managed efforts
related to cybersecurity, biodefense, and other issues. Dr.
Gerstein also served in several positions in the Defense
Department.
Thank you all for being here today.
The Chairman now recognizes Mr. Roth for your testimony.

STATEMENT OF JOHN ROTH, INSPECTOR GENERAL, U.S. DEPARTMENT OF
HOMELAND SECURITY

Mr. Roth. Thank you.
Chairman Perry, Ranking Member Watson Coleman, and Members
of the subcommittee, thank you for the invitation here to
discuss our recommendations to improve Homeland Security.
I have submitted a more detailed written statement for the
record, but for my oral statement I would like to focus on the
Department's continued challenges in the area of acquisition
and program management.
Acquisition and program management at DHS is inherently
complex and high-risk. It is further challenged by the
magnitude and diversity of the Department's procurements. DHS
acquires more than $25 billion worth of goods and services
every year. Although DHS has improved its acquisition process,
many major acquisition programs lack the management controls
necessary to manage risk and measure performance. Components do
not always follow Department acquisition guidance, which leads
to cost overruns, missed schedules, and mediocre acquisition
performance. All of these have an effect on budget, security,
and the efficient use of resources.
I will give three examples today. First, we conducted an
audit on the acquisition of housing units in Ajo, Arizona, in
which DHS spent about $680,000 for each of the houses that they
built. This is in an area where the average home price was
about $86,000. We identified about $4.6 million that CBP spent
on the project that could have been put to better use.
A second example, in a recent management advisory we
brought to the Department's attention an issue related to CBP's
National aviation maintenance contract. In 2009, CBP awarded a
$938 million contract to an outside vendor to maintain about
265 aircraft which were to fly approximately 100,000 hours per
year. During the course of the contract, the number of CBP
aircraft maintained, the annual flight hours, and the average
age of the aircraft fleet all decreased. As a result, we would
have expected that the maintenance costs would decrease as
well. In fact, the contract costs actually increased at a rate
of about 9 percent per year.
We did an audit, and we attempted to compare the labor-hour
data being used by the contractor to that being kept by CBP, in
an attempt to understand whether we were being charged for work
that was actually performed. Unfortunately, because of
inconsistent and unreliable data kept by both CBP and the
contractor, we were unable to do so. This means we don't know
whether we received what we paid for. It is a pretty
fundamental thing to understand in a billion-dollar maintenance
contract.
Third, as a third example, we recently reported that
although CBP's unmanned drone program contributes to border
security, after 8 years CBP cannot prove that the program is
effective because it has not developed performance measures.
The program has also not achieved the results they had
established when they started the program. The aircraft are not
meeting flight-hour goals, and we found little or no evidence
that CBP met its program expectations.
CBP anticipated using the unmanned aircraft to patrol more
than 23,000 hours per year, but in fact the aircraft logged
only a combined total of about 5,100 hours per year, about 80
percent less than what was anticipated. As a result, CBP has
invested significant funds, about $360 million over the course
of 8 years, in a program that has not achieved the expected
results and it cannot demonstrate how much the program has
improved border security.
The $443 million CBP plans to spend on program expansion
could be put to better use by investing in alternatives such as
manned aircraft and ground surveillance assets.
As we conduct our work for fiscal 2015, we began with two
priorities, to aid the Department in achieving its critical
missions and priorities, and to ensure that they engaged in
proper stewardship and integrity of taxpayer dollars.
We also conduct, of course, legislatively mandated work and
make an earnest effort to address the concerns of Congress and
the Department along with our other stakeholders. We attempt to
be transparent in our work. Our annual performance plan and our
current list of on-going projects are published on our website
to better inform the Congress and the public regarding our
work.
Mr. Chairman, this concludes my remarks. I welcome any
questions you or any other Members of the committee have.
[The prepared statement of Mr. Roth follows:]
Prepared Statement of John Roth
February 26, 2015
Chairman Perry, Ranking Member Watson Coleman, and Members of the
subcommittee: Thank you for inviting me here today to discuss our
recommendations to improve homeland security. I am pleased to have the
opportunity to share our efforts to improve DHS through our independent
audits and inspections, as well as our efforts to ensure the integrity
of the DHS workforce and its operations.
I would like to focus on some of DHS' challenges, many of which we
highlighted in our fiscal year 2014 report on major management
challenges, and some of which at times hamper our efforts to improve
the Department's programs and operations. My testimony today will focus
on recent and upcoming audits in four areas: Unity of Effort,
acquisition management, IT management, and financial management.
recent and upcoming work
Unity of Effort
Given its history as a group of very diverse agencies and its
complex, multi-faceted mission, it is not surprising that the
Department continues to face challenges transforming itself into a
cohesive single agency. To accomplish its mission, DHS must have a
strong, yet flexible, central authority that is able to ensure the
components collaborate for maximum effectiveness and cost efficiency. A
unified culture within DHS is necessary for better homeland security,
as well as deriving efficiencies from the integration of operations.
The Secretary's April 2014 Unity of Effort initiative is a positive
step towards achieving that change. In addition, DHS must strengthen
its efforts to integrate management operations under an authoritative
governing structure capable of effectively overseeing and managing
programs that cross component lines.
We have observed that the components often have similar
responsibilities and challenges, but many times operate independently
and do not unify their efforts, cooperate, or share information. This
situation is sometimes exacerbated by components' disregard for DHS'
policies. Together, these problems hamper operations and lead to
wasteful spending; for instance,
Last year, we found that DHS did not adequately manage or
have the enforcement authority over its components' vehicle
fleet operations to ensure right-sizing, that is, to make
certain the motor vehicle fleet includes the correct number and
type of vehicles. Without a centralized fleet management
information system, the Department has to rely on multiple
systems that contain inaccurate and incomplete vehicle data.
Additionally, each component manages its own vehicle fleet,
making it difficult for the DHS Fleet Manager to provide
adequate oversight and ensure the components comply with
Federal laws, regulations, policies, and directives. We found
that the components were operating underused vehicles, which in
fiscal year 2012, cost DHS from $35 to $49 million. (DHS Does
Not Adequately Mange or Have Enforcement Authority Over its
Component's Vehicle Fleet Operations, OIG 14-126)
The Department's failure to adequately plan and manage
programs and ensure compliance was also evident in our audit of
DHS' preparedness for a pandemic. We found that the Department
did not develop and implement stockpile replenishment plans,
sufficient inventory controls to monitor stockpiles, or have
adequate contract oversight processes; DHS also did not ensure
compliance with its guidelines. Thus, DHS was not effectively
managing its stockpile of pandemic equipment and antiviral
medications, and components were maintaining inaccurate
inventories of pandemic preparedness supplies. Consequently,
the Department cannot be certain it has sufficient equipment
and medical countermeasures to respond to a pandemic. (DHS Has
Not Effectively Managed Pandemic Personal Protective Equipment
and Antiviral Medical Countermeasures, OIG 14-129)
In fiscal year 2015, we will continue to monitor the Department's
efforts toward achieving Unity of Effort; for example,
DHS operates a number of training centers to meet the demand
for specialized skills across the Department. We have just
begun an audit to determine whether DHS' oversight of its
training centers ensures the most cost-effective use of
resources. Although the Department has made great strides in
improving both the quality and availability of training, we
believe there may be opportunities to reduce overall cost by
identifying redundant capacity.
Another forthcoming audit focuses on whether DHS has the
information it needs to effectively manage its warehouses.
Until recently, the components managed their own warehouse
needs with little or no joint effort. We expect to publish the
final report by June 2015.
Acquisition Management
Acquisition management at DHS is inherently complex and high-risk.
It is further challenged by the magnitude and diversity of the
Department's procurements. DHS acquires more than $25 billion \1\ worth
of goods and services each year. Although DHS has improved its
acquisition processes, many major acquisition programs lack the
foundational documents and management controls necessary to manage
risks and measure performance. Components do not always follow
Departmental acquisition guidance, which leads to cost overruns, missed
schedules, and mediocre acquisition performance. All of these have an
effect on budget, security, and efficient use of resources; for
example,
---------------------------------------------------------------------------
\1\ According to DHS' Fiscal Year 2014 Agency Financial Report, the
Department's fiscal year 2014 obligations for ``Contractual Services
and Supplies'' were about $22.6 billion and its obligations for
``Acquisition of Assets'' were about $3.1 billion.
---------------------------------------------------------------------------
U.S. Customs and Border Protection (CBP) did not effectively
plan and manage employee housing in Ajo, Arizona, and made
decisions that resulted in additional costs to the Federal
Government, spending about $680,000 for each house that was
built, which was significantly more than the Ajo average home
price of $86,500. We identified about $4.6 million CBP spent on
the project that could have been put to better use. (CBP Did
Not Effectively Plan and Manage Employee Housing in Ajo,
Arizona (Revised), OIG-14-131)
We recently reported that although CBP's Unmanned Aircraft
System program contributes to border security, after 8 years,
CBP cannot prove that the program is effective because it has
not developed performance measures. The program has also not
achieved the expected results--the aircraft are not meeting
flight-hour goals, and we found little or no evidence CBP has
met its program expectations. CBP anticipated using the
unmanned aircraft to patrol more than 23,000 hours per year,
but the aircraft logged only a combined total of 5,102 hours,
or about 80 percent less than what was anticipated. As a
result, CBP has invested significant funds in a program that
has not achieved the expected results, and it cannot
demonstrate how much the program has improved border security.
The $443 million CBP plans to spend on program expansion could
be put to better use by investing in alternatives, such as
manned aircraft and ground surveillance assets. (U.S. Customs
and Border Protection's Unmanned Aircraft System Program Does
Not Achieve Intended Results or Recognize All Costs of
Operations, OIG-15-17)
In a recent management advisory, we brought to the
Department's attention an issue related to CBP's National
Aviation Maintenance contract. In 2009, CBP awarded a $938
million contract to Defense Support Services, LLC to maintain
about 265 aircraft to fly approximately 100,000 hours per year.
Since the contract was awarded, however, the number of CBP
aircraft maintained, annual flight hours, and the average age
of the aircraft fleet have decreased, while contract costs
increased. We were not able to reconcile maintenance labor
hours with the hours the contractor charged CBP because of
inconsistent and unreliable data. (U.S. Customs and Border
Protection's Management of National Aviation Maintenance
Activities, Management Advisory)
Given the magnitude and risks of the Department's acquisitions, we
will continue to invest resources in this critical area; for instance,
In fiscal year 2015, we plan to audit CBP's acquisition of
an integrated fixed tower (IFT) system. IFT systems are
intended to assist agents in detecting, tracking, identifying,
and classifying items of interest along our borders through a
series of fixed-sensor towers. In February 2014, CBP awarded
$145 million to begin work on the IFT acquisition program, a
spin-off of CBP's $1 billion SBInet acquisition. The
acquisition is currently in schedule breach. An audit at this
point in the program's life cycle will be useful in identifying
program challenges and may help prevent further schedule
breaches.
We are also planning an audit to determine whether the USCG
is effectively managing the acquisition of eight Legend-class
National Security Cutters, which will replace its 1960s-era
High-Endurance Cutters. In 2012, GAO reported that the cost of
the USCG's plan to acquire the final two cutters is not covered
by the USCG's current 5-year budget plan. Thus, there may be a
significant mismatch between expected capital investment
funding and the estimated life-cycle costs for the project.
As these examples illustrate, we are moving towards a more
proactive approach by performing audits throughout the acquisition
process. This approach would allow for course corrections early in the
acquisition life cycle before full investment in a program occurs--
addressing cost, schedule, and performance problems as they occur, thus
protecting a long-term investment.
Cybersecurity and IT Management
DHS continues to face challenges in protecting its IT
infrastructure, as well as ensuring that its infrastructure supports
its mission needs and operates efficiently. Recent audits highlight
some of these challenges:
As we reported in December 2014, the Department made
progress in improving its information security program.
Although it has transitioned to a risk-based approach for
managing IT security, the components' lack of compliance with
existing security policies and weaknesses in DHS' oversight and
enforcement of these policies undermines the Department's
efforts. Additionally, DHS and its components continued to
operate information systems without the proper authority,
hindering protection of sensitive information. There are some
indications that DHS may not be properly inventorying its
systems or that components may be procuring or developing new
systems independently. Components also did not mitigate
security vulnerabilities in a timely manner. (Evaluation of
DHS' Information Security Program for Fiscal Year 2014, OIG-15-
16)
In July 2014, the National Protection and Programs
Directorate (NPPD) made progress expanding its Enhanced
Cybersecurity program to share cyber threat information with
qualified Commercial Service Providers and ultimately to 16
critical infrastructure sectors. But NPPD's limited outreach
and resources slowed the expansion. NPPD also relied on manual
reviews and analyses to share cyber threat information, which
led to inconsistent quality in cyber threat indicators.
(Implementation Status of Enhanced Cybersecurity Services
Program, OIG-14-119)
We reported on problems with the Electronic Immigration
System (ELIS), which U.S. Citizenship and Immigration Services
(USCIS) uses in its adjudication process. The system's 29
commercial software products make it difficult to make changes
in the system. Although ELIS was designed to improve
efficiency, time studies showed that adjudicating using paper-
based processes was faster than using the complex computer
system. USCIS staff also said it takes longer to process
adjudications using the Enterprise Document Management System
(EDMS), which they use to view and search electronic copies of
paper-based immigration case files. Although digitizing files
reduces document delivery time, staff said using EDMS is
burdensome. (U.S. Citizenship and Immigration Services
Information Technology Management Progress and Challenges, OIG-
14-112)
In March 2014, we reported on EINSTEIN 3 Accelerated
(E\3\A), an automated process for collecting network security
information from participating Federal agencies. NPPD has begun
deploying E\3\A and expects to reach full operating capability
by the end of fiscal year 2015. However, we concluded that NPPD
needs to strengthen its monitoring of E\3\A's implementation
and improve its ability to handle personally identifiable
information as the program matures. (Implementation Status of
EINSTEIN 3 Accelerated, OIG-14-52)
Financial Management
Financial statement audits
Congress and the public must be confident that DHS is properly
managing its finances to make informed decisions, manage Government
programs, and implement its policies. In fiscal year 2014, DHS obtained
an unmodified (clean) opinion on all financial statements for the first
time in its history. This was a significant achievement that built on
previous years' successes; yet, it required considerable manual effort
to overcome deficiencies in internal control and a lack of financial IT
systems functionality.
Many key DHS financial systems do not comply with Federal financial
management system requirements. Limitations in financial systems
functionality add substantially to the Department's challenge in
addressing systemic internal control weaknesses and limit its ability
to leverage IT systems to process and report financial data efficiently
and effectively. In fiscal year 2015 and beyond, DHS will need to
sustain its progress in achieving an unmodified opinion on its
financial statements and work toward building a solid financial
management internal control structure.
Grant Management (FEMA)
FEMA continues to experience challenges managing the immense and
risky disaster assistance program. Currently, every State and most of
the U.S. possessions have open disasters that include more than 100,000
grant applicants spending more than $50 billion on more than 600,000
disaster assistance projects. Last year, we issued Capping Report: FY
2013 FEMA Public Assistance and Hazard Mitigation Grant and Subgrant
Audits (OIG-14-102-D), which summarized the results of our disaster
assistance audits for the last 5 years. Of the $5.9 billion we audited,
disaster assistance recipients did not properly spend $1.36 billion, or
an average of 23 percent, of the disaster assistance grants.
The Department also provides Homeland Security Grant Program (HSGP)
funds to State, territory, local, and Tribal governments to enhance
their ability to respond to terrorist attacks and other disasters.
Since 2005, we have conducted 74 separate audits covering more than $7
billion in HSGP funds awarded to all 50 States, 6 urban areas, 5 U.S.
territories, and the District of Columbia. Although we determined that
in most instances the States complied with applicable laws and
regulations, we issued more than 600 recommendations for improvement to
FEMA, almost 90 percent of which have been resolved. Most of the
recommendations were related to strategic homeland security planning,
timely obligation of grant funds, financial management and reporting,
and sub-grantee compliance monitoring.
We will continue to look for ways to help FEMA improve grant
management in fiscal year 2015. For instance, we are currently
undertaking a capstone review to measure the impact of FEMA's
corrective actions as they specifically address these recurring
challenges. We anticipate that our assessment will further strengthen
the level of National preparedness by helping to better inform the
agency's future administration and investment of taxpayer dollars.
We are also conducting an audit of approximately $2 billion awarded
through FEMA's Assistance to Firefighters Grant and Staffing for
Adequate Fire and Emergency Response Grants programs. These grants are
awarded directly to fire departments (volunteer, combination, and
career), unaffiliated Emergency Medical Service (EMS) organizations, or
volunteer firefighter interest organizations. The audit will determine
if FEMA ensures that these grant funds are expended appropriately.
challenges
Meeting the Risk
We must focus our limited resources on issues that make a
difference, especially those that may have a significant impact on the
Department's ability to fulfill its strategic missions. At the
beginning of each year, we initiate a risk-based planning process by
identifying high-impact programs and operations that are critical to
the Department's mission or integrity. Once we identify the high-impact
areas, we evaluate all the projects that have been proposed throughout
the previous year.
As we planned our work for fiscal year 2015, we began with two
priorities: To aid the Department in achieving its critical missions
and priorities and to ensure the proper stewardship and integrity of
Department programs and resources. We also conduct legislatively-
mandated work and make an earnest effort to address the concerns of
Congress and the Department, along with our other stakeholders. In
fiscal year 2015, our work will focus on determining the effectiveness
of the Department's efforts to: (1) Prevent terrorism and enhance
security; (2) enforce and administer our immigration laws; (3) secure
and manage our borders; (4) strengthen National preparedness and
resilience to disasters; and (5) safeguard and secure the Nation's
cyber space. We will also continue our efforts to promote management
stewardship and ensure program integrity.
Our Annual Performance Plan and our current list of Ongoing
Projects are published on our website to better inform the Congress and
the public regarding our work.
Audit Follow-up
Audit follow-up is an integral part of good management; it is a
shared responsibility of both auditors and agency management officials.
The Department has made great strides in closing recommendations. For
example, as shown in the following chart and attachment 1, DHS reduced
the number of unresolved, open recommendations more than 6 months old
from a high of 691 in fiscal year 2011 to 94 in fiscal year 2014. In
parallel, the number of recommendations categorized as ``resolved-
open'' (recommendations that the Department agreed to but has not yet
implemented) steadily declined from a high of 1,663 in fiscal year 2011
to 736 in fiscal year 2014. DHS's goal is to have zero financial
statement-related recommendations categorized as ``open-unresolved'' by
March 30, 2015. This progress largely results from increased focus by
the Department through the audit liaisons and increased communication
with our office; we sincerely appreciate the personnel and resources
the Department has dedicated to this effort. In addition, we recently
began publishing a quarterly report of open recommendations over 6
months old on our public website in an effort to make this process more
transparent to Congress and the public.

We need to do more to ensure that Department and component
management fully implements corrective actions. To that end, we are
initiating ``verification reviews.'' These limited-scope reviews will
focus on our most crucial recommendations, examining whether the
recommendations were implemented and whether the actions taken had the
intended effect; for example,
One of our verification reviews will determine if USCG
implemented recommendations from our 2012 audit on the USCG's
Sentinel Class Fast Response Cutter (FRC). In September 2008,
the USCG awarded an $88.2 million fixed-price contract for the
detailed design and construction of the lead FRC. The estimated
$1.5 billion contract contains 6 options to build a maximum of
34 cutters. We found that USCG's schedule-driven strategy
allowed construction of the FRCs to start before operational,
design, and technical risks were resolved. Consequently, six
FRCs under construction needed modification, which increased
the total cost of the acquisition by $6.9 million and caused
schedule delays of at least 270 days for each cutter. This
aggressive acquisition strategy also allowed the USCG to
procure 12 FRCs before testing in actual operations. We made
four recommendations designed to eliminate this risk in future
acquisitions and one recommendation to address the current FRC
acquisition. (U.S. Coast Guard's Acquisition of the Sentinel
Class--Fast Response Cutter, OIG-12-68)
We will also follow up on the recommendations from our
report on DHS' oversight of interoperable communications.
During the audit, we tested DHS radios to determine whether DHS
components could talk to each other in the event of an
emergency. They could not. Only 1 of 479 radio users we
tested--or less than 1 percent--could access and use the
specified common channel to communicate. Further, of the 382
radios tested, only 20 percent (78) contained all the correct
program settings for the common channel. In our verification
review, we will determine whether the Department created a
structure with the necessary authority to ensure that the
components achieve interoperability, as well as policies and
procedures to standardize Department-wide radio activities.
(DHS' Oversight of Interoperable Communications, OIG-13-06)
We believe verification reviews such as these will result in
increased commitment by the components to enact change.
Transparency of Reports
The Inspector General Act contemplates that my reports, to the
greatest possible extent, be available to the public. Openness and
transparency are critical to good government, and the Act allows me to
publish my reports except in three narrow circumstances: First, where
disclosure of the information is specifically prohibited by law;
second, where specifically prohibited from disclosure by Executive
Order in the interest of National defense, National security, or in the
conduct of foreign affairs; and third, where part of an on-going
criminal investigation.
The Department often raises objections to the publication of
certain information in our reports, often marking parts of our reports
as ``For Official Use Only'' or ``Law Enforcement Sensitive.'' These
designations are not recognized in the law, and in my experience they
risk being used to attempt to avoid revealing information that is
embarrassing to the agency involved. However, sometimes such
information, if disclosed, could cause harm to DHS programs and
operations.
In those situations, I use my discretion to redact information in
our public report. However, in order to properly exercise my discretion
in an informed and responsible manner, I require such requests to come
from the component or agency head, coupled with an articulation of the
actual, specific harm that would result from disclosure. Too often, the
fear of harm is highly speculative, and fails to balance the need for
transparency against the risks of disclosure.
Recently, we have had issues with the Transportation Security
Administration (TSA) designating certain material as ``Sensitive
Security Information'' (SSI) within an audit report concerning the
information technology operations at John F. Kennedy airport in New
York. The designation of SSI is in the absolute and unreviewable
discretion of the administrator of TSA and improper disclosure of it
carries with it civil and administrative penalties. What was especially
troubling about this episode, in my view, was the length of time it
took--nearly 6 months--to get a resolution of the issue, the fact that
my security experts who wrote the report were confident that the
general and non-specific manner in which they wrote the report would
not compromise TSA's computer security, and that the similar
information had been published in previous audit reports without
objection.
The SSI designation is a useful tool to protect sensitive
transportation security information in a manner that gives some
flexibility to TSA. However, I am worried that SSI can be misused, as I
believe it has been here, to prevent embarrassment. We intend to
conduct a formal review of TSA's administration of the SSI program, and
report those results to the Secretary and the Congressional committees
with oversight over the program.
Resources
The budget for our office is relatively tiny--we represent just
0.23 percent of the DHS budget, yet we have an outsize impact on the
operation of the Department.
For every dollar given to the OIG, we return more than $7 in
savings, as reflected by the statutory performance measures set forth
in the Inspector General Act. This vastly understates our performance,
because much of our best work--audit and inspections reports that shed
light on problematic aspects of programs, for example--don't carry with
it a cost savings, but the value to the American taxpayer is
incalculable.
Notwithstanding the demonstrated contributions of our office, our
budget has actually shrunk by about 1 percent since fiscal year 2012.
As a result, our on-board strength from fiscal year 2012 to this year
has decreased by about 15 percent. We have been forced to cut training
to less than a third of what we have determined to be appropriate,
reducing our ability to do our job and decreasing morale. This includes
training for our auditors necessary under the Inspector General Act, as
well as training for our Special Agents to keep them safe.
Yet, during this same time, DHS' authorized workforce grew by about
5,000, representing a 2.3 percent increase. The Department continues to
grow, but the Inspector General's office--the one entity within the
Department designed to save money and create efficiency--shrinks.
This, I believe, represents a false economy.
working with congress
We are proud of our work and the success we have had pointing out
challenges the Department needs to overcome and recommending ways to
resolve issues and improve programs and operations. However, it is your
legislative efforts that enhance the significance of our work and
create an even greater impact on the Department. By introducing and
passing legislation, you show that you trust in us and have faith in
our work. This validation spurs those who need to act to ensure we
protect this Nation and use taxpayer dollars effectively; for example,
S. 159, which was referred to the Senate Committee on
Homeland Security and Government Affairs on January 13, 2015,
resulted from our recent report on CBP's Unmanned Aircraft
System (UAS) Program. The bill requires DHS to use its UAS for
surveillance of the entire Southern Border and report
performance indicators such as flight hours, detections,
apprehensions, and seizures. It also prevents DHS from
procuring additional UAS until it operates its current fleet
for at least 23,000 hours annually. (U.S. Customs and Border
Protection's Unmanned Aircraft System Program Does Not Achieve
Intended Results or Recognize All Costs of Operations, OIG-15-
17)
H.R. 719, the TSA Office of Inspection Accountability Act of
2015, which passed the House on February 10, 2015, resulted
from our report on TSA's Office of Inspection. It requires TSA
to reclassify criminal investigators if less than 50 percent of
their time is spent performing criminal investigative duties.
The bill also requires the assistant secretary to estimate the
cost savings to the Federal Government resulting from such
reclassification. (Transportation Security Administration
Office of Inspection's Efforts To Enhance Transportation
Security, OIG-13-123)
H.R. 615, which passed the House on February 2, 2015,
resulted from our report on DHS's Oversight of Interoperable
Communications. This bill would amend the Homeland Security Act
of 2002 to require the Department to take administrative action
to achieve and maintain interoperable communications
capabilities among its components. (DHS' Oversight of
Interoperable Communications, OIG-13-06)
We appreciate your efforts and hope that we can continue to count
on you in the future. For our part, we intend to continue accomplishing
our mission to the best of our ability.
Mr. Chairman, this concludes my prepared statement. I welcome any
questions you or other Members of the subcommittee may have.
attachment 1.--status of oig recommendations

* Includes performance, financial statement, and grant-related disaster
assistance.
attachment 2.--oig reports referenced in this testimony
DHS Does Not Adequately Manage or Have Enforcement Authority Over its
Component's Vehicle Fleet Operations, OIG 14-126, August 2014
DHS Has Not Effectively Managed Pandemic Personal Protective Equipment
and Antiviral Medical Countermeasures, OIG 14-129, August 2014
CBP Did Not Effectively Plan and Manage Employee Housing in Ajo,
Arizona (Revised), OIG-14-131, September 2014
U.S. Customs and Border Protection's Unmanned Aircraft System Program
Does Not Achieve Intended Results or Recognize All Costs of Operations,
OIG-15-17, December 2014
U.S. Customs and Border Protection's Management of National Aviation
Maintenance Activities, CBP Management Advisory, January 2015
Evaluation of DHS' Information Security Program for Fiscal Year 2014,
OIG-15-16, December 2014
Implementation Status of Enhanced Cybersecurity Services Program, OIG-
14-119, July 2014
U.S. Citizenship and Immigration Services Information Technology
Management Progress and Challenges, OIG-14-112, July 2014
Implementation Status of EINSTEIN 3 Accelerated, OIG-14-52, March 2014
Capping Report: FY 2013 FEMA Public Assistance and Hazard Mitigation
Grant and Subgrant Audits, OIG-14-102-D, June 2014
U.S. Coast Guard's Acquisition of the Sentinel Class--Fast Response
Cutter, OIG-12-68, August 2012
DHS' Oversight of Interoperable Communications, OIG-13-06, November
2012
Transportation Security Administration Office of Inspection's Efforts
To Enhance Transportation Security, OIG-13-123, September 2013

Mr. Perry. Thank you, Mr. Roth.
Chairman now recognizes Ms. Gambler for your testimony.

STATEMENT OF REBECCA GAMBLER, DIRECTOR, HOMELAND SECURITY AND
JUSTICE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

Ms. Gambler. Good morning, Chairman Perry, Ranking Member
Watson Coleman, and Members of the subcommittee. I appreciate
the opportunity to testify at today's hearing to discuss GAO's
work on DHS's efforts to strengthen and integrate its
management functions.
Since 2003, GAO has issued hundreds of reports addressing
the range of DHS's mission and management functions, and we
have made about 2,200 recommendations to strengthen the
Department's management and performance measurement, among
other things. DHS has implemented more than 69 percent of these
recommendations, and has actions under way to address others.
GAO also regularly reports to Congress on Government
operations that we have identified as high-risk because of
their greater vulnerability to fraud, waste, abuse, and
mismanagement or the need for transformation. In 2003, we
designated implementing and transforming DHS as high-risk
because the Department had to transform 22 agencies into one
Department, and the failure to address associated risks could
have serious consequences for U.S., National, and economic
security.
With DHS's maturation and evolution, in our 2013 high-risk
update, we narrowed the scope of the high-risk area to focus on
strengthening DHS management functions. These functions include
human capital, acquisition, information technology, and
financial management. We also changed the name of the area to
strengthening DHS management functions.
My remarks today will focus on two areas, DHS's progress
and remaining actions to strengthen its management functions
and cross-cutting issues or themes that have affected DHS's
efforts to implement its missions.
First, DHS has made progress in meeting our criteria for
removal from the high-risk list. Specifically in our 2015 high-
risk update, which we issued earlier this month, we found that
DHS has met two of our criteria, demonstrating leadership
commitment and having a corrective action plan. DHS has
partially met the other three criteria, having the capacity to
resolve the risks, a framework to monitor progress, and
demonstrated sustained progress.
GAO and DHS have agreed to 30 actions and outcomes across
DHS's management functions that the Department must meet to
address the high-risk designation. DHS has fully or mostly
addressed just less than half of these actions and outcomes and
has partially addressed or initiated activities to address the
others.
For example, within acquisition management, the Department
has taken action to establish effective component-level
acquisition capability, but more work is needed to demonstrate
that major acquisition programs are on track to achieve cost,
schedule, and capability goals.
Further, within human capital management, DHS has developed
and made progress in implementing a strategic human capital
plan. However, DHS has considerable work ahead to improve
employee morale.
Overall, while DHS has made progress in addressing those
issues that contribute to its designation as high-risk, DHS
needs to continue to demonstrate measurable and sustainable
progress in implementing corrective actions and achieving those
actions and outcomes that we and the Department have
identified.
Second, we have identified various themes that have
impacted DHS's progress in implementing its mission functions.
Those themes include leading and coordinating the Homeland
Security Enterprise, and strategically managing risks and
assessing Homeland Security efforts.
While DHS has made important progress in these themes, they
continue to affect the Department's implementation efforts. For
example, while DHS has made important strides in coordinating
efforts with Homeland Security partners in various mission
areas, our work has shown that DHS could further improve its
coordination and outreach with Federal, State, local, and other
partners, and with the public, such as in how DHS handles and
processes FOIA requests.
Further, DHS and its components have strengthened their
risk and performance assessments of various programs and
initiatives. However, opportunities exist for the Department
and its components to improve their risk assessment efforts in
such areas as covert testing along the border and to strengthen
their planning efforts in such areas as St. Elizabeths
headquarters consolidation project.
GAO has made recommendations to the Department in all of
these areas and others, and as DHS continues to implement
actions in response to these recommendations, we will monitor
the Department's progress.
This concludes my prepared statement, and I would be happy
to answer any questions that Members may have.
[The prepared statement of Ms. Gambler follows:]
Prepared Statement of Rebecca Gambler
February 26, 2015
Chairman Perry, Ranking Member Watson Coleman, and Members of the
subcommittee: Thank you for the opportunity to discuss the Department
of Homeland Security's (DHS) on-going efforts to strengthen and
integrate its management functions. In the 12 years since the
Department's creation, DHS has implemented key homeland security
operations, achieved important goals and milestones, and grown to more
than 240,000 employees and approximately $60 billion in budget
authority. We have issued hundreds of reports addressing the range of
DHS's missions and management functions, and our work has identified
gaps and weaknesses in the Department's operational and implementation
efforts, as well as opportunities to strengthen their efficiency and
effectiveness. Since 2003, we have made approximately 2,200
recommendations to DHS to strengthen program management, performance
measurement efforts, and management processes, among other things. DHS
has implemented more than 69 percent of these recommendations and has
actions under way to address others.
We also report regularly to Congress on Government operations that
we identified as high-risk because of their increased vulnerability to
fraud, waste, abuse, and mismanagement, or the need for transformation
to address economy, efficiency, or effectiveness challenges. In 2003,
we designated implementing and transforming DHS as high-risk because
DHS had to transform 22 agencies--several with major management
challenges--into one department, and failure to address associated
risks could have serious consequences for U.S. National and economic
security.\1\ Given the significant effort required to build and
integrate a department as large and complex as DHS, our initial high-
risk designation addressed the Department's initial transformation and
subsequent implementation efforts, to include associated management and
programmatic challenges.\2\
---------------------------------------------------------------------------
\1\ GAO, High-Risk Series: An Update, GAO-03-119 (Washington, DC:
January 2003).
\2\ DHS also has responsibility for other areas we have designated
as high-risk. Specifically, in 2005, we designated establishing
effective mechanisms for sharing and managing terrorism-related
information to protect the homeland as high-risk, involving a number of
Federal departments, to include DHS. In 2006, we identified the
National Flood Insurance Program as high-risk. Further, in 2003, we
expanded the scope of the high-risk area involving Federal information
security, which was initially designated as high-risk in 1997, to
include the protection of the Nation's computer-reliant critical
infrastructure. See GAO, High-Risk Series: An Update, GAO-09-271
(Washington, DC: January 2009); High-Risk Series: An Update, GAO-07-310
(Washington, DC: January 2007); and High-Risk Series: An Update, GAO-
05-207 (Washington, DC: January 2005).
---------------------------------------------------------------------------
Since 2003, the focus of the Implementing and Transforming DHS
high-risk area has evolved in tandem with DHS's maturation and
evolution. In September 2011, we reported in our assessment of DHS's
progress and challenges 10 years after the terrorist attacks of
September 11, 2001, (9/11) that the Department had implemented key
homeland security operations and achieved important goals in many areas
to create and strengthen a foundation to reach its potential.\3\
However, we also reported that continuing weaknesses in DHS's
management functions had been a key theme impacting the Department's
implementation efforts. While challenges remain for DHS across its
range of missions, the Department has made considerable progress in
transforming its original component agencies into a single Cabinet-
level department and positioning itself to achieve its full potential.
As a result, in our 2013 high-risk update, we narrowed the scope of the
high-risk area to focus on strengthening DHS management functions
(human capital, acquisition, financial management, and information
technology [IT]), and changed the name from Implementing and
Transforming DHS to Strengthening DHS Management Functions to reflect
this focus. We also reported in our 2013 update that the Department
needs to demonstrate continued progress in implementing and
strengthening key management initiatives and addressing corrective
actions and outcomes in order to mitigate the risks that management
weaknesses pose to mission accomplishment and the efficient and
effective use of the Department's resources.\4\
---------------------------------------------------------------------------
\3\ GAO, Department of Homeland Security: Progress Made and Work
Remaining in Implementing Homeland Security Missions 10 Years after 9/
11, GAO-11-881 (Washington, DC: Sept. 7, 2011).
\4\ GAO, High-Risk Series: An Update, GAO-13-283 (Washington, DC:
February 2013).
---------------------------------------------------------------------------
In November 2000, we published our criteria for removing areas from
the high-risk list.\5\ Specifically, agencies must have: (1) A
demonstrated strong commitment and top leadership support to address
the risks; (2) a corrective action plan that identifies the root
causes, identifies effective solutions, and provides for substantially
completing corrective measures in the near term, including but not
limited to steps necessary to implement solutions we recommended; (3)
the capacity (that is, the people and other resources) to resolve the
risks; (4) a program instituted to monitor and independently validate
the effectiveness and sustainability of corrective measures; and (5)
the ability to demonstrate progress in implementing corrective
measures.
---------------------------------------------------------------------------
\5\ GAO, Determining Performance and Accountability Challenges and
High Risks, GAO-01-159SP (Washington, DC: November 2000).
---------------------------------------------------------------------------
As requested, my statement discusses:
DHS's progress and actions remaining in strengthening and
integrating its management functions, and
cross-cutting issues that have affected DHS's progress in
implementing its mission functions.
This statement is based on GAO's 2015 high-risk update report as
well as reports and testimonies we issued from September 2011 through
February 2015.\6\ For the past products, among other things, we
analyzed DHS strategies and other documents related to the Department's
efforts to address its high-risk areas, reviewed our past reports
issued since DHS began its operations in March 2003, and interviewed
DHS officials. More detailed information on the scope and methodology
of our prior work can be found within each specific report. We
conducted the work on which this statement is based in accordance with
generally-accepted Government auditing standards. Those standards
require that we plan and perform the audit to obtain sufficient,
appropriate evidence to provide a reasonable basis for our findings and
conclusions based on our audit objectives. We believe that the evidence
obtained provides a reasonable basis for our findings and conclusions
based on our audit objectives.
---------------------------------------------------------------------------
\6\ GAO, High-Risk Series: An Update, GAO-15-290 (Washington, DC:
February 2015). See also the related GAO products list at the end of
this statement.
---------------------------------------------------------------------------
dhs has made progress in strengthening its management functions, but
considerable work remains
DHS Progress in Meeting Criteria for Removal From the High-Risk List
DHS's efforts to strengthen and integrate its management functions
have resulted in progress addressing our criteria for removal from the
high-risk list. In particular, in our 2015 high-risk update report,
which we released earlier this month, we found that DHS has met two
criteria and partially met the remaining three criteria, as shown in
table 1.

TABLE 1.--ASSESSMENT OF DEPARTMENT OF HOMELAND SECURITY (DHS) PROGRESS
IN ADDRESSING THE STRENGTHENING DHS MANAGEMENT FUNCTIONS HIGH-RISK AREA,
AS OF FEBRUARY 2015
------------------------------------------------------------------------
Criterion For Removal From High-Risk Partially Not met
List Met * met ** ***
------------------------------------------------------------------------
Leadership commitment............... X .......... ..........
Corrective action plan.............. X .......... ..........
Capacity............................ .......... X ..........
Framework to monitor progress....... .......... X ..........
Demonstrated, sustained progress.... .......... X ..........
-----------------------------------
Total......................... 2 3 0
------------------------------------------------------------------------
Source.--GAO analysis of DHS documents, interviews, and prior GAO
reports. GAO 15-388T
* ``Met''.--There are no significant actions that need to be taken to
further address this criterion.
** ``Partially met''.--Some but not all actions necessary to generally
meet the criterion have been taken.
*** ``Not met''.--Few, if any, actions toward meeting the criterion have
been taken.

Leadership commitment (met).--In our 2015 report, we found that the
Secretary and deputy secretary of Homeland Security, the under
secretary for management at DHS, and other senior officials have
continued to demonstrate commitment and top leadership support for
addressing the Department's management challenges. We also found that
they have taken actions to institutionalize this commitment to help
ensure the long-term success of the Department's efforts. For example,
in April 2014, the Secretary of Homeland Security issued a memorandum
entitled Strengthening Departmental Unity of Effort, committing to,
among other things, improving DHS's planning, programming, budgeting,
and execution processes through strengthened Departmental structures
and increased capability.\7\ Senior DHS officials, including the deputy
secretary and under secretary for management, have also routinely met
with us over the past 6 years to discuss the Department's plans and
progress in addressing this high-risk area. During this time, we
provided specific feedback on the Department's efforts. We concluded
that it will be important for DHS to maintain its current level of top
leadership support and commitment to ensure continued progress in
successfully executing its corrective actions through completion.
---------------------------------------------------------------------------
\7\ DHS, Secretary of Homeland Security, Strengthening Departmental
Unity of Effort, Memorandum for DHS Leadership (Washington, DC: Apr.
22, 2014).
---------------------------------------------------------------------------
Corrective action plan (met).--We found that DHS has established a
plan for addressing this high-risk area. Specifically, in a September
2010 letter to DHS, we identified and DHS agreed to achieve 31 actions
and outcomes that are critical to addressing the challenges within the
Department's management areas and in integrating those functions across
the Department. In March 2014, we updated the actions and outcomes in
collaboration with DHS to reduce overlap and ensure their continued
relevance and appropriateness. These updates resulted in a reduction
from 31 to 30 total actions and outcomes. Toward achieving the actions
and outcomes, DHS issued its initial Integrated Strategy for High-Risk
Management in January 2011 and has since provided updates to its
strategy in seven later versions, most recently in October 2014. The
integrated strategy includes key management initiatives and related
corrective actions plans for addressing DHS's management challenges and
the actions and outcomes we identified. For example, the October 2014
strategy update includes an initiative focused on financial systems
improvement and modernization and an initiative focused on IT human
capital management. These initiatives support various actions and
outcomes, such as modernizing the U.S. Coast Guard's financial
management system and implementing an IT human capital strategic plan,
respectively. We concluded in our 2015 report that DHS's strategy and
approach to continuously refining actionable steps to implementing the
outcomes, if implemented effectively and sustained, should provide a
path for DHS to be removed from our high-risk list.
Capacity (partially met).--In October 2014, DHS identified that it
had resources needed to implement 7 of the 11 initiatives the
Department had under way to achieve the actions and outcomes, but did
not identify sufficient resources for the 4 remaining initiatives. In
addition, our prior work has identified specific capacity gaps that
could undermine achievement of management outcomes. For example, in
April 2014, we reported that DHS needed to increase its cost-estimating
capacity and that the Department had not approved baselines for 21 of
46 major acquisition programs.\8\ These baselines--which establish
cost, schedule, and capability parameters--are necessary to accurately
assess program performance. Thus, in our 2015 report, we concluded that
DHS needs to continue to identify resources for the remaining
initiatives; work to mitigate shortfalls and prioritize initiatives, as
needed; and communicate to senior leadership critical resource gaps.
---------------------------------------------------------------------------
\8\ GAO, Homeland Security Acquisitions: DHS Could Better Manage
Its Portfolio to Address Funding Gaps and Improve Communications with
Congress, GAO-14-332 (Washington, DC: Apr. 17, 2014).
---------------------------------------------------------------------------
Framework to monitor progress (partially met).--In our 2015 report
we found that DHS established a framework for monitoring its progress
in implementing the integrated strategy it identified for addressing
the 30 actions and outcomes. In the June 2012 update to the Integrated
Strategy for High-Risk Management, DHS included, for the first time,
performance measures to track its progress in implementing all of its
key management initiatives. DHS continued to include performance
measures in its October 2014 update. However, we also found that the
Department can strengthen this framework for monitoring a certain area.
In particular, according to DHS officials, as of November 2014, they
were establishing a monitoring program that will include assessing
whether financial management systems modernization projects for key
components that DHS plans to complete in 2019 are following industry
best practices and meet users' needs. Effective implementation of these
modernization projects is important because, until they are complete,
the Department's current systems will not effectively support financial
management operations. As we concluded in our 2015 report, moving
forward, DHS will need to closely track and independently validate the
effectiveness and sustainability of its corrective actions and make
mid-course adjustments, as needed.
Demonstrated, sustained progress (partially met).--We found in our
2015 report that DHS has made important progress in strengthening its
management functions, but needs to demonstrate sustainable, measurable
progress in addressing key challenges that remain within and across
these functions. In particular, we found that DHS has implemented a
number of actions demonstrating the Department's progress in
strengthening its management functions. For example, DHS has
strengthened its enterprise architecture program (or blueprint) to
guide and constrain IT acquisitions and obtained a clean opinion on its
financial statements for 2 consecutive years, fiscal years 2013 and
2014. However, we also found that DHS continues to face significant
management challenges that hinder the Department's ability to
accomplish its missions. For example, DHS does not have the acquisition
management tools in place to consistently demonstrate whether its major
acquisition programs are on track to achieve their cost, schedule, and
capability goals. In addition, DHS does not have modernized financial
management systems. This affects its ability to have ready access to
reliable information for informed decision making. As we concluded in
our 2015 report, addressing these and other management challenges will
be a significant undertaking that will likely require several years,
but will be critical for the Department to mitigate the risks that
management weaknesses pose to mission accomplishment.
DHS Progress in Achieving Key High-Risk Actions and Outcomes
Key to addressing the Department's management challenges is DHS
demonstrating the ability to achieve sustained progress across the 30
actions and outcomes we identified and DHS agreed were needed to
address the high-risk area. In our 2015 report, we found that DHS has
fully implemented 9 of these actions and outcomes, with additional work
remaining to fully address the remaining 21. Achieving sustained
progress across the actions and outcomes, in turn, requires leadership
commitment, effective corrective action planning, adequate capacity
(that is, the people and other resources), and monitoring the
effectiveness and sustainability of supporting initiatives. The 30 key
actions and outcomes include, among others, validating required
acquisition documents in accordance with a Department-approved,
knowledge-based acquisition process, and sustaining clean audit
opinions for at least 2 consecutive years on Department-wide financial
statements and internal controls.
We further found that DHS has made important progress across all of
its management functions and significant progress in the area of
management integration. In particular, DHS has made important progress
in several areas to fully address 9 actions and outcomes, 5 of which it
has sustained as fully implemented for at least 2 years. For instance,
DHS fully met 1 outcome for the first time by obtaining a clean opinion
on its financial statements for 2 consecutive years and fully met
another outcome by establishing sufficient component-level acquisition
capability. It also sustained full implementation of another outcome by
continuing to use performance measures to assess progress made in
achieving Department-wide management integration. DHS has also mostly
addressed an additional 5 actions and outcomes, meaning that a small
amount of work remains to fully address them.
We also found that considerable work remains, however, in several
areas for DHS to fully achieve the remaining actions and outcomes and
thereby strengthen its management functions. Specifically, DHS has
partially addressed 12 and initiated 4 of the actions and outcomes. As
previously mentioned, addressing some of these actions and outcomes,
such as modernizing the Department's financial management systems and
improving employee morale, are significant undertakings that will
likely require multi-year efforts. Table 2 summarizes DHS's progress in
addressing the 30 actions and outcomes and is followed by selected
examples.

TABLE 2.--GAO ASSESSMENT OF DEPARTMENT OF HOMELAND SECURITY (DHS) PROGRESS IN ADDRESSING KEY ACTIONS AND
OUTCOMES, AS OF FEBRUARY 2015
----------------------------------------------------------------------------------------------------------------
Partially
Fully Mostly Initiated
Key Outcome addressed addressed addressed **** Total
* ** ***
----------------------------------------------------------------------------------------------------------------
Acquisition management................................... 1 ......... 3 1 5
Information technology management........................ 2 3 1 ......... 6
Financial management *****............................... 2 ......... 3 3 8
Human capital management................................. 1 2 4 ......... 7
Management integration................................... 3 ......... 1 ......... 4
------------------------------------------------------
Total.............................................. 9 5 12 4 30
----------------------------------------------------------------------------------------------------------------
Source.--GAO analysis of DHS documents, interviews, and prior GAO reports. GAO 15-388T
* ``Fully addressed''.--Outcome is fully addressed.
** ``Mostly addressed''.--Progress is significant and a small amount of work remains.
*** ``Partially addressed''.--Progress is measurable, but significant work remains.
**** ``Initiated''.--Activities have been initiated to address the outcome, but it is too early to report
progress.
***** Although March 2014 updates to most functional areas were minor, there were more significant revisions to
the financial management actions and outcomes, with some outcomes revised or dropped and others added. These
revisions prevent the financial management actions and outcomes from being comparable on a one-for-one basis
with those of prior years. Accordingly, our ratings of DHS's progress in addressing financial management
actions and outcomes are not an indication of a downgrade to the Department's progress.

Acquisition management.--In our 2015 report, we found that DHS has
fully addressed 1 of the 5 acquisition management outcomes, partially
addressed 3 outcomes, and initiated actions to address the remaining
outcome. For example, DHS has recently taken a number of actions to
fully address establishing effective component-level acquisition
capability. These actions include initiating: (1) Monthly Component
Acquisition Executive staff forums in March 2014 to provide guidance
and share best practices and (2) assessments of component policies and
processes for managing acquisitions. DHS has also initiated efforts to
validate required acquisition documents in accordance with a knowledge-
based acquisition process, but this remains a major challenge for the
Department. A knowledge-based approach provides developers with
information needed to make sound investment decisions, and it would
help DHS address significant challenges we have identified across its
acquisition programs.\9\ DHS's acquisition policy largely reflects key
acquisition management practices, but the Department has not
implemented it consistently. For example, in March 2014, we found that
U.S. Customs and Border Protection (CBP) had not fully followed DHS
policy regarding testing for the integrated fixed towers being deployed
on the Arizona border. As a result, DHS does not have complete
information on how the towers will operate once they are fully
deployed.\10\
---------------------------------------------------------------------------
\9\ In our past work examining weapon acquisition issues and best
practices for product development, we have found that leading
commercial firms pursue an acquisition approach that is anchored in
knowledge, whereby high levels of product knowledge are demonstrated by
critical points in the acquisition process. See GAO, Defense
Acquisitions: Assessments of Selected Weapon Programs, GAO-11-233SP
(Washington, DC: March 29, 2011).
\10\ GAO, Arizona Border Surveillance Technology Plan: Additional
Actions Needed to Strengthen Management and Assess Effectiveness, GAO-
14-368 (Washington, DC: Mar. 3, 2014).
---------------------------------------------------------------------------
In addition, in our 2015 report we found that DHS continues to
assess and address whether appropriate numbers of trained acquisition
personnel are in place at the Department and component levels, an
outcome it has partially addressed. Further, while DHS has initiated
efforts to demonstrate that major acquisition programs are on track to
achieve their cost, schedule, and capability goals, DHS officials have
acknowledged it will be years before this outcome has been fully
addressed. Much of the necessary program information is not yet
consistently available or up-to-date.
IT management.--In our 2015 report, we found that DHS has fully
addressed 2 of the 6 IT management outcomes, mostly addressed another
3, and partially addressed the remaining 1. For example, DHS has
finalized a directive to establish its tiered governance and portfolio
management structure for overseeing and managing its IT investments,
and annually reviews each of its portfolios and the associated
investments to determine the most efficient allocation of resources
within each of the portfolios. DHS has also implemented its IT
Strategic Human Capital Plan at the enterprise level. This includes
developing an IT specialist leadership competency gap workforce
analysis and a DHS IT career path pilot. However, as DHS has not yet
determined the extent to which the component chief information officers
have implemented the enterprise human capital plan's objectives and
goals, DHS's capacity to achieve this outcome is unclear. Additionally,
we found that DHS continues to take steps to enhance its information
security program. However, while the Department obtained a clean
opinion on its financial statements, in November 2014, the Department's
financial statement auditor reported that continued flaws in security
controls such as those for access controls, configuration management,
and segregation of duties were a material weakness for fiscal year 2014
financial reporting.\11\ Thus, the Department needs to remediate the
material weakness in information security controls reported by its
financial statement auditor.
---------------------------------------------------------------------------
\11\ A material weakness is a deficiency, or a combination of
deficiencies, in internal control such that there is a reasonable
possibility that a material misstatement of the entity's financial
statements will not be prevented, or detected and corrected, on a
timely basis. A significant deficiency is a deficiency, or combination
of deficiencies, in internal control that is less severe than a
material weakness, but is important enough to merit attention by those
charged with governance.
---------------------------------------------------------------------------
Financial management.--In our 2015 report, we found that DHS has
fully addressed 2 financial management outcomes, partially addressed 3,
and initiated 3.\12\ Most notably, DHS received a clean audit opinion
on its financial statements for 2 consecutive years, fiscal years 2013
and 2014, fully addressing 2 outcomes. As of November 2014, DHS was
working toward addressing a third outcome--establishing effective
internal control over financial reporting. We reported in September
2013 that DHS needs to eliminate all material weaknesses at the
Department level, including weaknesses related to financial management
systems, before its financial auditor can affirm that controls are
effective.\13\ However, as we reported in our 2015 report, DHS has yet
to identify and commit the resources needed for remediating the
remaining material weaknesses. As we reported in September 2013,
according to DHS's auditors, the existence of these material weaknesses
limits DHS's ability to process, store, and report financial data in a
manner that ensures accuracy, confidentiality, integrity, and
availability of data without substantial manual intervention. This, in
turn, increases the risk that human error may cause material
misstatements in the financial statements.\14\
---------------------------------------------------------------------------
\12\ As previously discussed, in March 2014, we updated the actions
and outcomes in collaboration with DHS to reduce overlap and ensure
their continued relevance and appropriateness. These updates resulted
in a reduction from 9 to 8 total financial management actions and
outcomes.
\13\ GAO, DHS Financial Management: Additional Efforts Needed to
Resolve Deficiencies in Internal Controls and Financial Management
Systems, GAO-13-561 (Washington, DC: Sept. 30, 2013).
\14\ GAO-13-561.
---------------------------------------------------------------------------
We also found in our 2015 report that DHS needs to modernize key
components' financial management systems and comply with financial
management system requirements. The components' financial management
system modernization efforts are at various stages due, in part, to a
bid protest and the need to resolve critical stability issues with a
legacy financial system before moving forward with system modernization
efforts. For fiscal year 2014, auditors reported that persistent and
pervasive financial system functionality conditions exist at multiple
components and that DHS continues to rely on compensating controls and
complex manual work-arounds due to serious legacy financial system
issues.\15\ We concluded that without sound controls and systems, DHS
faces long-term challenges in obtaining and sustaining a clean audit
opinion on internal control over financial reporting, and ensuring its
financial management systems generate reliable, useful, and timely
information for day-to-day decision making.
---------------------------------------------------------------------------
\15\ Department of Homeland Security, Office of Inspector General,
Independent Auditors' Report on DHS' FY 2014 Financial Statements and
Internal Control Over Financial Reporting, OIG-15-10 (Washington, DC:
Nov. 14, 2014).
---------------------------------------------------------------------------
Human capital management.--In our 2015 report, we found that DHS
has fully addressed 1 human capital management outcome, mostly
addressed 2, and partially addressed the remaining 4. For example, the
Secretary of Homeland Security signed a human capital strategic plan in
2011 that DHS has since made sustained progress in implementing, fully
addressing this outcome. We also found that DHS has actions under way
to identify current and future human capital needs. However, DHS has
considerable work ahead to improve employee morale. For example, the
Office of Personnel Management's 2014 Federal Employee Viewpoint Survey
data showed that DHS's scores continued to decrease in all four
dimensions of the survey's index for human capital accountability and
assessment--job satisfaction, talent management, leadership and
knowledge management, and results-oriented performance culture. DHS has
taken steps to identify where it has the most significant employee
satisfaction problems and developed plans to address those problems. In
September 2012, we recommended, among other things, that DHS improve
its root-cause analysis efforts related to these plans.\16\ In December
2014, DHS reported actions under way to address our recommendations but
had not fully implemented them. Given the sustained decrease in DHS
employee morale indicated by Federal Employee Viewpoint Survey data, as
we concluded in our 2015 report, it is particularly important that DHS
implement these recommendations and thereby help identify appropriate
actions to take to improve morale within its components and Department-
wide.
---------------------------------------------------------------------------
\16\ GAO, Department of Homeland Security: Taking Further Action to
Better Determine Causes of Morale Problems Would Assist in Targeting
Action Plans, GAO-12-940 (Washington, DC: Sept. 28, 2012).
---------------------------------------------------------------------------
We have also found that DHS has developed and implemented
mechanisms to assess training programs but could take additional
actions. For example, in September 2014, we found that DHS had
implemented component-specific and Department-wide training
programs.\17\ We also found that the five DHS components in our review
all had documented processes to evaluate their training programs. For
example, we found that DHS had established a five-tier, Department-wide
Leader Development Framework to build leadership skills across all
staff levels and implemented programs in support of two of the tiers.
Nonetheless, we found that various actions could better position the
Department to maximize the impact of its training efforts. For
instance, we found that while component officials generally identified
the Leader Development Framework as beneficial, DHS management could
benefit from improved information for identifying the need for and
making program improvements. In support of the Leader Development
Framework, we recommended, among other things, that DHS clearly
identify Leader Development Program goals and ensure program
performance measures reflect key attributes. DHS agreed and implemented
this recommendation in December 2014. However, to fully achieve this
outcome, DHS also needs to develop and make sustained progress in
implementing a formal training strategy, as well as issue Department-
wide policies on training and development, among other things.
---------------------------------------------------------------------------
\17\ GAO, DHS Training: Improved Documentation, Resource Tracking,
and Performance Measurement Could Strengthen Efforts, GAO-14-688
(Washington, DC: Sept. 10, 2014).
---------------------------------------------------------------------------
Management integration.--In our 2015 report, we found that DHS has
sustained its progress in fully addressing 3 of 4 outcomes we
identified and agreed they are key to the Department's management
integration efforts. For example, in January 2011, DHS issued an
initial action plan to guide its management integration efforts--the
Integrated Strategy for High-Risk Management. Since then, DHS has
generally made improvements to the strategy with each update based on
feedback we provided. DHS has also shown important progress in
addressing the last and most significant management integration
outcome--to implement actions and outcomes in each management area to
develop consistent or consolidated processes and systems within and
across its management functional areas--but we found that considerable
work remains. For example, the Secretary's April 2014 Strengthening
Departmental Unity of Effort memorandum highlighted a number of
initiatives designed to allow the Department to operate in a more
integrated fashion, such as the Integrated Investment Life-Cycle
Management initiative, to manage investments across the Department's
components and management functions. DHS completed its pilot for a
portion of this initiative in March 2014 and, according to DHS's
Executive Director for Management Integration, has begun expanding its
application to new portfolios, such as border security and information
sharing, among others. However, given that these main management
integration initiatives are in the early stages of implementation and
contingent upon DHS following through with its plans, it is too early
to assess their impact. To achieve this outcome, we concluded that DHS
needs to continue to demonstrate sustainable progress integrating its
management functions within and across the Department and its
components.
In our 2015 report, we further concluded that in the coming years,
DHS needs to continue implementing its Integrated Strategy for High-
Risk Management and show measurable, sustainable progress in
implementing its key management initiatives and corrective actions and
achieving outcomes. In doing so, it will be important for DHS to:
maintain its current level of top leadership support and
sustained commitment to ensure continued progress in executing
its corrective actions through completion;
continue to implement its plan for addressing this high-risk
area and periodically report its progress to us and Congress;
identify and work to mitigate any resource gaps, and
prioritize initiatives as needed to ensure it can implement and
sustain its corrective actions;
closely track and independently validate the effectiveness
and sustainability of its corrective actions and make mid-
course adjustments as needed; and
make continued progress in achieving the 21 actions and
outcomes it has not fully addressed and demonstrate that
systems, personnel, and policies are in place to ensure that
progress can be sustained over time.
We will continue to monitor DHS's efforts in this high-risk area to
determine if the actions and outcomes are achieved and sustained over
the long term.
key themes continue to impact dhs's progress in implementing its
mission functions
In September 2011, we reported that our work had identified three
key themes that had impacted DHS's progress in implementing its mission
functions since it began operations: (1) Executing and integrating its
management functions for results, (2) leading and coordinating the
homeland security enterprise, and (3) strategically managing risks and
assessing homeland security efforts.\18\ As previously discussed, DHS
has made important progress with respect to the first theme by
strengthening and integrating its management functions, but
considerable work remains. Our recent work indicates that DHS has
similarly made progress related to the other two themes of leading and
coordinating the Homeland Security Enterprise and strategically
managing risk and assessing homeland security efforts, but that these
two themes continue to impact the Department's progress in implementing
its mission functions.
---------------------------------------------------------------------------
\18\ GAO-11-881.
---------------------------------------------------------------------------
Leading and coordinating the homeland security enterprise.--As we
reported in September 2011, while DHS is one of a number of entities
with a role in securing the homeland, it has significant leadership and
coordination responsibilities for managing efforts across the homeland
security enterprise.\19\ To satisfy these responsibilities, it is
critically important that DHS develop, maintain, and leverage effective
partnerships with its stakeholders while at the same time addressing
DHS-specific responsibilities in satisfying its missions. Before DHS
began operations, we reported that to secure the Nation, DHS must form
effective and sustained partnerships among components and also with a
range of other entities, including Federal agencies, State and local
governments, the private and nonprofit sectors, and international
partners.\20\ DHS has made important strides in providing leadership
and coordinating efforts. For example, in June 2014, we reported on DHS
efforts to enhance border security by using collaborative mechanisms
such as the Alliance to Combat Transnational Threats to coordinate
border security efforts. Specifically, we reported that DHS and CBP had
coordinated border security efforts in: (1) Information sharing, (2)
resource targeting and prioritization, and (3) leveraging of assets.
For example, through the Alliance to Combat Transnational Threats,
interagency partners--including CBP, the Arizona Department of Public
Safety, and the Bureau of Land Management, among others--worked jointly
to target individuals and criminal organizations involved in illegal
cross-border activity.\21\
---------------------------------------------------------------------------
\19\ GAO-11-881.
\20\ GAO, Department of Homeland Security: Progress Report on
Implementation of Mission and Management Functions, GAO-07-454
(Washington, DC: Aug. 17, 2007).
\21\ GAO, Border Security: Opportunities Exist to Strengthen
Collaborative Mechanisms Along the Southwest Border, GAO-14-494
(Washington, DC: June 27, 2014).
---------------------------------------------------------------------------
However, our recent work has also identified opportunities for DHS
to improve its partnerships. For example, with respect to DHS's efforts
to enhance border security using collaborative mechanisms, in June
2014, we found that DHS had established performance measures and
reporting processes for the mechanisms, but opportunities existed to
strengthen the mechanisms. For instance, we found that establishing
written agreements with its Federal, State, local, and Tribal partners
could help DHS address coordination challenges, such as limited
resource commitments and lack of common objectives, and recommended
that DHS establish such agreements. DHS concurred and stated that it
planned to develop memoranda of understanding to better facilitate its
partnerships. Further, in November 2014, we reported on DHS's
processing of Freedom of Information Act requests.\22\ We found, among
other things, that DHS lacked an important mechanism for effectively
facilitating public interaction with the Department on the handling of
Freedom of Information Act requests because the Department did not have
an updated regulation reflecting changes in how it processes these
requests.\23\ We recommended that DHS finalize and issue an updated DHS
Freedom of Information Act regulation. DHS concurred and reported
planned actions to implement this recommendation by April 2015.
---------------------------------------------------------------------------
\22\ GAO, Freedom of Information Act: DHS Should Take Steps to
Improve Cost Reporting and Eliminate Duplicate Processing, GAO-15-82
(Washington, DC: Nov. 19, 2014). In general, the Freedom of Information
Act requires Federal agencies to provide the public with access to
Government information on the basis of the principles of openness and
accountability in Government. 5 U.S.C. 552.
\23\ Pursuant to the Freedom of Information Act, DHS issued an
interim final rule in January 2003 establishing its procedures for
implementing the act. See generally 6 C.F.R. pt. 5. However, as we
reported in November 2014, important changes have occurred in how DHS
processes Freedom of Information Act requests since the Department
issued its regulation in 2003, and the regulation has not been updated
to reflect those changes.
---------------------------------------------------------------------------
Strategically managing risks and assessing homeland security
efforts.--As we reported in September 2011, risk management has been
widely supported by Congress and DHS as a management approach for
homeland security, enhancing the Department's ability to make informed
decisions and prioritize resource investments.\24\ Since DHS does not
have unlimited resources and cannot protect the Nation from every
conceivable threat, it must make risk-informed decisions regarding its
homeland security approaches and strategies. As we have previously
reported, DHS issued the National Infrastructure Protection Plan in
2006 to provide the overarching approach for integrating the Nation's
critical infrastructure security and resilience activities into a
single National effort. This plan, which DHS updated in 2009 and 2013,
sets forth a risk management framework and outlines the roles and
responsibilities of DHS with regard to critical infrastructure security
and resilience.\25\ Our recent work has further found that DHS offices
and components have continued to engage in risk management activities.
For example, in September 2014, we reported that during fiscal years
2011 to 2013, DHS offices and components conducted or required
thousands of vulnerability assessments of critical infrastructure.
These assessments can identify factors that render an asset or facility
susceptible to threats and hazards. However, we also found that DHS is
not well-positioned to integrate relevant assessments to, among other
things, support Nation-wide comparative risk assessments, because the
assessment tools and methods used vary in length, detail, and areas
assessed.\26\ In addition, our recent work has identified opportunities
for components to better strategically manage risks in various
programs. For example, in September 2014, we reported that CBP had a $1
million budget for covert operations of various activities--including
nuclear and radiological testing--covering fiscal years 2009 through
2013.\27\ We found that DHS had established a policy that requires that
components with limited resources make risk-informed decisions, but
that CBP testing did not inform capabilities across all border
locations, and CBP had not conducted a risk assessment that could
inform and prioritize the locations, materials, and technologies to be
tested through covert operations. We recommended that--to help ensure
that resources for covert operations provide reasonable assurance that
efforts to detect and interdict nuclear and radiological material
smuggled across the border are working as intended and appropriately
targeted--DHS conduct or use a risk assessment to inform the
Department's priorities for covert operations. DHS concurred and
reported that it plans to implement this recommendation in July 2015.
---------------------------------------------------------------------------
\24\ GAO-11-881.
\25\ GAO, Critical Infrastructure Protection: DHS Action Needed to
Enhance Integration and Coordination of Vulnerability Assessment
Efforts, GAO-14-507 (Washington, DC: Sept. 15, 2014).
\26\ GAO-14-507.
\27\ GAO, Combating Nuclear Smuggling: Risk-Informed Covert
Assessments and Oversight of Corrective Actions Could Strengthen
Capabilities at the Border, GAO-14-826 (Washington, DC: Sept. 22,
2014).
---------------------------------------------------------------------------
In September 2011, we reported that limited strategic and program
planning, as well as assessment and evaluation to inform approaches and
investment decisions, had contributed to DHS programs not meeting
strategic needs or doing so effectively and efficiently.\28\ Our recent
work has indicated that strategic and program planning challenges
continue to affect implementation of some DHS programs. For example, in
September 2014, we reported on DHS headquarters consolidation efforts
and their management by DHS and the General Services Administration
(GSA).\29\ We found that DHS and GSA's planning for the consolidation
did not fully conform with leading capital decision-making practices
intended to help agencies effectively plan and procure assets. DHS and
GSA officials reported that they had taken some initial actions that
may facilitate consolidation planning in a manner consistent with
leading practices, but consolidation plans, which were finalized
between 2006 and 2009, had not been updated to reflect these changes.
According to DHS and GSA officials, the funding gap between what was
requested and what was received from fiscal years 2009 through 2014 was
over $1.6 billion. According to these officials, this gap had escalated
estimated costs by over $1 billion--from $3.3 billion to $4.5 billion--
and delayed scheduled completion by over 10 years, from an original
completion date of 2015 to the current estimate of 2026. However, DHS
and GSA had not conducted a comprehensive assessment of current needs,
identified capability gaps, or evaluated and prioritized alternatives
to help them adapt consolidation plans to changing conditions and
address funding issues as reflected in leading practices. We
recommended that DHS and GSA work jointly to assess these needs. DHS
and GSA concurred, and DHS reported in February 2015 that the agencies
had drafted an enhanced consolidation plan. We will assess this plan
when it and any additional supporting analyses are made available to
us.
---------------------------------------------------------------------------
\28\ GAO-11-881.
\29\ GAO, Federal Real Property: DHS and GSA Need to Strengthen the
Management of DHS Headquarters Consolidation, GAO-14-648 (Washington,
DC: Sept. 19, 2014).
---------------------------------------------------------------------------
We also recently found that DHS had taken preliminary steps to
begin to understand the cyber risk to building and access controls
systems in Federal facilities, but that significant work remained, such
as developing a strategy to guide these efforts. In particular, in
December 2014, we found that DHS lacked a strategy that: (1) Defines
the problem, (2) identifies roles and responsibilities, (3) analyzes
the resources needed, and (4) identifies a methodology for assessing
cyber risk to building and access controls systems in Federal
facilities.\30\ We concluded that the absence of a strategy that
clearly defines the roles and responsibilities of key components within
DHS had contributed to a lack of action within the Department. For
example, we found that no one within DHS was assessing or addressing
cyber risk to building and access control systems particularly at the
nearly 9,000 Federal facilities protected by the Federal Protective
Service as of October 2014. We recommended that DHS, in consultation
with GSA, develop and implement a strategy to address cyber risk to
building and access control systems. DHS concurred and identified steps
it plans to take to develop a strategy by May 2015.
---------------------------------------------------------------------------
\24\ GAO, Federal Facility Cybersecurity: DHS and GSA Should
Address Cyber Risk to Building and Access Control Systems, GAO-15-6
(Washington, DC: Dec. 12, 2014).
---------------------------------------------------------------------------
Chairman Perry, Ranking Member Watson Coleman, and Members of the
subcommittee, this completes my prepared statement. I would be happy to
respond to any questions you may have at this time.

Mr. Perry. Thank you, Ms. Gambler.
The Chairman now recognizes Dr. Gerstein for your
testimony, sir.

STATEMENT OF DANIEL M. GERSTEIN, SENIOR POLICY RESEARCHER, THE
RAND CORPORATION

Mr. Gerstein. Thank you, Mr. Chairman, Ranking Member
Watson Coleman, and distinguished Members of the subcommittee.
I thank you for the opportunity to testify today on the
Department of Homeland Security, specifically on
recommendations to improve the Department and the Homeland
Security enterprise.
In the aftermath of terrorist attacks of 9/11, the
Department of Homeland Security was formed. With the Homeland
Security Act of 2002, the third-largest Cabinet-level
Department, composed of 22 disparate agencies, was established.
The legislation provided rationale for the Department but left
many of the operational specifics for a later date. Some of the
decisions made in haste did not translate well into
implementation and should be reconsidered as part of a
comprehensive reform effort.
In considering the case for change, it is worth noting that
under the leadership of Secretary Johnson the Department has
committed to building the capacities and institutions that will
be required. To this end, the Department is undertaking a Unity
of Effort campaign to address many of the deficiencies noted
over the Department's short history. These efforts are vital
and should be encouraged and enthusiastically supported.
Now, in my written testimony I make five recommendations
across critical areas: Authorities and responsibilities;
legislation and oversight; strategy formulation, planning,
effectiveness operations, and resource allocation; personnel
management, DHS identity, and culture; and, finally, management
and administration.
I would like to highlight several of the recommendations
this morning. So let me make three main points.
First, a comprehensive review of the Department is in
order. I call it a roles, missions, and functions review that
would result in an overarching framework for authorizing
legislation for DHS. This is essential given that today many of
the Department's authorities and responsibilities are
overlapping, have gaps between them, or are unclear. This
roles, missions, and functions analysis must also consider the
Homeland Security Enterprise which is that umbrella term that
encompasses the Department, its components, State, local,
Tribal, territorial entities, first responders and law
enforcement communities, and the private-sector bodies
responsible for managing critical infrastructure.
Second, in moving forward with reform and building on the
Unity of Effort initiative, some of the necessary changes can
be made from within the Department of Homeland Security, but
others will require external support and direction from
Congress and the White House. Hard but necessary decisions will
need to be made. The Congressional oversight process must be
streamlined. Today, over 120 committees, subcommittees,
caucuses, and commissions claim some degree of jurisdiction
over DHS. Legislation in key areas such as privacy, immigration
reform, and cybersecurity must be provided.
Additionally, authorizing legislation for the Department
must be developed to institutionalize the change that is
currently under way. Failure to do so risks losing the momentum
for DHS reform with a change of administrations.
Finally, third: Several process reforms are also needed.
Additional emphasis must be made to link strategy, planning,
operations, and resources through the identification of key
mission areas and development of comprehensive strategies to
satisfy operational requirements. This requires developing a
systems approach to these mission areas, identifying seams and
gaps, and applying appropriate resources to close these gaps
and build necessary capabilities.
Establishing clearer links between strategy and resources
should also include the development and submission to Congress
of what I call a Future Year Homeland Security Plan, or FYHSP,
similar to the future year defense plan submitted by DOD. The
use of a FYHSP would ensure greater stability in DHS budgets
and programs. Acquisition reform will be important here as
well. Research, development, and acquisition within the
Department must be fully linked.
In making recommendations for comprehensive reform of DHS,
I remain mindful that change will be difficult but very
necessary to strengthen and mature the enterprise and allow the
dedicated men and women who serve within the Department and
within the Homeland Security Enterprise to reach their full
potential.
I appreciate the opportunity to discuss recommendations to
improve the Department, and thereby the homeland security of
our Nation, and I look forward to your questions.
Thank you.
[The prepared statement of Mr. Gerstein follows:]
Prepared Statement of Daniel M. Gerstein \1\ \2\
---------------------------------------------------------------------------
\1\ The opinions and conclusions expressed in this testimony are
the author's alone and should not be interpreted as representing those
of RAND or any of the sponsors of its research. This product is part of
the RAND Corporation testimony series. RAND testimonies record
testimony presented by RAND associates to Federal, State, or local
legislative committees; Government-appointed commissions and panels;
and private review and oversight bodies. The RAND Corporation is a non-
profit research organization providing objective analysis and effective
solutions that address the challenges facing the public and private
sectors around the world. RAND's publications do not necessarily
reflect the opinions of its research clients and sponsors.
\2\ This testimony is available for free download at http://
www.rand.org/pubs/testimonies/CT424.html.
---------------------------------------------------------------------------
February 2014
introduction
Good morning, Chairman Perry, Ranking Member Coleman, and
distinguished Members of the subcommittee. I thank you for the
opportunity to testify today about the Department of Homeland Security
(DHS), specifically about recommendations to improve the Department and
the Homeland Security Enterprise (HSE).
In the aftermath of the terrorist attacks of 9/11, the Department
of Homeland Security was formed. With the Homeland Security Act of
2002, the third-largest Cabinet-level Department, composed of 22
disparate agencies, was established. Given the rapidity with which the
Department was formed, it should be no surprise that the result was a
loose confederation of components--such as the Transportation Security
Administration, Secret Service, Federal Emergency Management Agency
(FEMA), and U.S. Coast Guard, to name a few--overseen by a relatively
small number of underresourced Departmental staff. The Homeland
Security Act of 2002 provided the rationale for the Department but left
the many of the operational specifics for later. Some of the decisions
made in haste did not translate well into implementation and should be
reconsidered as part of a comprehensive reform effort. These include
internal DHS and interagency conflicts with respect to several key
homeland security issues.
While the Nation developed significant preparedness and response
capabilities since the establishment of the Department, more can and
must be done. The largely smooth response to Superstorm Sandy in
November 2012 stands in stark contrast to the earlier preparedness and
response during Hurricane Katrina. The successful management of the
surge in the flow of illegal aliens--especially unaccompanied minors--
across the Southwestern Border in the summer of 2014 demonstrated an
important ability to coordinate across the Government and
internationally. Close collaboration between the private sector and the
National Cybersecurity and Communications Integration Center (NCCIC) on
emerging cybersecurity issues in several critical infrastructure
areas--including in the financial and energy sectors--also demonstrates
how far the Department has come.
Yet we continue to see evidence of both the complexity and the lack
of National preparedness across key mission spaces. The response to the
Ebola outbreak provides evidence of the lack of National preparedness
with respect to biodefense, in terms of either naturally infectious
disease or deliberate use of biological weapons. The fire in a
Washington Metro station several weeks ago continues to highlight
critical shortfalls in first responder and law enforcement
communications and situational awareness during emergencies. The
growing numbers of cybersecurity incidents demonstrate that the
Department is playing catch-up in this mission space. The continued
proliferation of technology is allowing State-like capabilities to fall
into the hands of small groups and even individuals; we should expect
these trends to continue.
In considering the case for change, it is worth noting that under
the leadership of Secretary Johnson, the Department has committed to
building the capacities and institutions that will be required. Under
his direction, the Department is undertaking a ``Unity of Effort''
campaign to address many of the deficiencies noted over the
Department's short history, including a greater emphasis on strategy
and collaboration among operational components. These efforts are
critical and must continue. Therefore, my testimony today is both to
reinforce these efforts and to identify additional opportunities for
reform.
In thinking of the potential for DHS reform, it is useful to
consider another Governmental reform effort that is now almost 3
decades old. The 1986 Goldwater-Nichols Act made the broadest and most
sweeping changes to the Pentagon since its establishment by the
National Security Act of 1947. In the years since, it has stood as the
embodiment of the best type of legislative oversight--implementing
thoughtful, serious, and reasoned reforms to address specific
bureaucratic failures and identifying inefficiencies and service
rivalries within the Department of Defense (DoD). The act worked and,
as a result, improved the functioning of the largest Department in the
Federal Government. The same spirit should be applied to reforming DHS
and the HSE.
The use of the Goldwater-Nichols analogy is not to imply that the
DoD model can or should be directly applied to DHS. In fact, DHS reform
is actually far more complex. Unlike DoD, which has a strict
hierarchical command structure, DHS leads through guidance, use of
standards, and developing coalitions between Federal, State, local,
Tribal, and territorial entities, as well as industry, other non-
Governmental organizations, and international actors. It cannot direct
these elements, but must rely on them to collaboratively implement
homeland security initiatives. As a result, DHS reform can apply many
of the lessons learned in Goldwater-Nichols, but must develop a unique
outlook toward reform.
recommendations
My recommendations for DHS reform focus on five critical areas: (1)
Authorities and responsibilities; (2) legislation and oversight; (3)
strategy formulation, planning, effectiveness of operations, and
resource allocation; (4) personnel management, DHS identity, and
culture; and (5) management and administration. Some of these changes
can be made from within DHS, but others will require external support
and direction from Congress and the White House. Additionally, while
some recommendations could be implemented directly, in other cases
innovative alternatives must be developed and compared before a course
of action is determined.
Authorities and responsibilities must be clarified.--This begins
with a comprehensive analysis of the roles, missions, and functions of
the Department and the HSE. Today, many of the authorities and
responsibilities are overlapping, have gaps between them, or are
unclear. Over the past decade, legislation has been appliqued onto the
original Homeland Security Act in an uncoordinated manner. This must be
rectified through comprehensive authorizing legislation, something that
the Department has not had since its inception in 2002. In addition,
the role of the Department versus FEMA in a crisis is another issue
that must be reconsidered. Having FEMA with a direct report to the
President in times of crisis confuses lines of authority and affects
all aspects of preparedness and response, from planning to operations
on the ground. Authorities and responsibilities reform must also
institutionalize the change that is on-going in the Department through
the ``Unity of Effort'' initiative; this must be done through
comprehensive legislation. Without such legislation, the ``Unity of
Effort'' initiative will likely lose momentum, as other attempts at DHS
reform have done during transitional periods.
Oversight challenges and legislation shortfalls require several
important initiatives to be implemented.--The Congressional oversight
process must be streamlined; today, more than 120 committees,
subcommittees, caucuses, and commissions claim some degree of
jurisdiction over DHS. This fractured oversight results in conflicting
guidance, micromanagement on low-level issues, a lack of strategic
direction, and overreporting. Legislation serves to guide the efforts
of the Department. In areas such as cybersecurity, technology policy,
and privacy, having a legal basis for developing policies, programs,
and regulations is essential. In many of these emerging contentious
issues, this legislation is lacking.
Legislation would also be useful for enhancing the relationship
between the Department and State Governors. While the Stafford Act does
provide a systemic means for providing Federal natural disaster
assistance for State and local governments, other coordination
activities between the Federal and State governments could also be
formalized through legislation. Another useful addition to assist
Congress in its oversight process would be the requirement for DHS to
provide an annual submission (similar to the annual Secretary of
Defense Report required under Goldwater-Nichols); such a requirement
would institutionalize a strategy-to-resources discussion of ends,
ways, and means on a more regular basis than the 4-year Quadrennial
Homeland Security Review (QHSR).
In considering a strategy to resources framework, several important
reforms should be considered.--The ``Unity of Effort'' initiative and
the accompanying Joint Requirements Council (JRC) are important first
steps. Additional emphasis must be made to link strategy, planning,
operations, and resources through the identification of key mission
areas and the development of comprehensive strategies to satisfy
operational requirements. This requires developing a systems approach
to these mission areas, identifying seams and gaps, and applying
appropriate resources to close these gaps and build necessary
capabilities. In such a systems approach, there must be a strong
reliance on analysis to guide key decisions. Establishing clearer links
between strategy and resources should also include the development and
submission to Congress of a Future-Year Homeland Security Plan (FYHSP),
similar to the Future-Year Defense Plan (FYDP) submitted by DoD. The
use of a FYHSP would ensure greater stability in DHS budgets and
programs.
Acquisition reform will be important as well. Research,
development, and acquisition within the Department must be linked.
Today, research and development is the purview of the Science and
Technology Directorate, while the under secretary for management
manages the acquisition system. This creates a natural gap between
research and development (R&D) and acquisition, rather than having a
natural linkage between the three areas. The result is a requirements-
generation process that is largely disconnected from Departmental
acquisition programs. Another important initiative would be developing
a Department-wide approach to strategic resourcing in areas such as
screening and vetting, cybersecurity, and aviation; this shortfall has
been recognized within the Department, but additional support and
resources for this effort will be important to prospects for long-term
incorporation into DHS.
Improvements in personnel management and developing a DHS identity
and culture are essential for enhancing the effectiveness and
efficiency of the Department, as well as addressing employee morale and
satisfaction.--Central to this effort would be the development of a
Homeland Security Personnel System (HSPS) charged with the development
of leaders in the Department and within the components, as well as
assisting State, local, Tribal, and territorial (SLTT) entities with
developing their professional homeland security workforce. Career maps
should be developed that assist in the management of personnel,
including guidance on training requirements, operational assignments,
and educational opportunities. Promotions to Senior Executive Service
(SES) and flag rank for components should be based on developing
personal and professional competence through service in a variety of
challenging and broadening assignments, including service on the DHS
staff. For DHS staff personnel, promotion to SES and flag rank should
likewise be tied to successful service on a component staff.
Concerning management and administration, reform is necessary to
improve the effectiveness and efficiency of the Department.--The roles,
missions, and functions analysis recommended earlier in my testimony
would undoubtedly identify opportunities for streamlining activities,
consolidating staffs and functions, and aligning roles and missions.
Examples of several reform initiatives are provided below; however,
these should not be considered to be comprehensive, but rather
illustrative.
The JRC must be formalized with appropriate legislation, as
should the Department Management Action Group (DMAG) and Senior
Leader Group (SLG), which provide senior leader direction for
the Department. These forums have already demonstrated utility
in taking on weighty topics such as aviation security and the
growing Islamic State of Iraq and Syria (ISIS) threat. Such
legislation would ensure that these entities survive into the
next administration.
A combined staff should be developed that rotates in
talented Homeland Security professionals from across the HSE to
serve on 2-year assignments at DHS headquarters. This would
have the benefit of infusing the DHS staff with operationally-
oriented personnel who would also grow immeasurably through the
opportunity.
Organizational reform will also be required, such as
elevating the assistant secretary for policy to an under
secretary and combining the research, development, and
acquisition functions into a single organization.
Finally, the Department is plagued with span of control
issues exacerbated by the distribution of headquarters
throughout the Washington, DC, area and the number of direct
reports to the Secretary and deputy secretary; a concerted
effort to consolidate several headquarters would be a useful
outcome.
Many of these management and administrative reforms will require
appropriate support and resourcing to fully implement, but they will be
essential to the achieving desired outcomes.
During my time serving in the Department, the failure to have
stable budgets resulted in significant opportunity costs.--Uneven
spending profiles throughout a budget cycle during 1 fiscal year
resulted in 80 percent of a budget being spent in the last 3 months.
The lost momentum associated with sequestration and the Federal
workforce furlough hindered progress in the execution of key
Departmental programs. The lost man-hours associated with preparing for
and recovering from the furlough was also a significant distraction and
squandering of resources. The effect on the workforce was palpable.
conclusions
I have made a number of recommendations in this testimony. However,
this is not to imply that the Department has not already been making
progress in many of these areas. Rather, it is to highlight that these
efforts must be well-reasoned, coordinated, and comprehensive; further,
they will require both internal and external support. It is also useful
to remember that other DHS reform efforts have been attempted in the
past, and despite promising rhetoric, none has yet taken hold. A
significant cause of the failures has been not codifying these changes
through legislation.
The time for reexamining the Department and streamlining our
Nation's homeland security efforts is now. The range of challenges
facing the Department and the HSE will continue to evolve and, in many
cases, grow. Ensuring that preparedness and response capabilities will
keep pace necessitates a comprehensive review, followed by vigorous
implementation.
In making recommendations for comprehensive reform of the
Department of Homeland Security, I remain mindful that change will be
difficult, but they are very necessary to strengthen and mature the
enterprise, and to allow the dedicated men and women who serve in the
Department and within the HSE to reach their full potential.
I appreciate the opportunity to discuss recommendations to improve
the Department, and thereby the homeland security of our Nation, and
look forward to your questions.

Mr. Perry. Thank you, Dr. Gerstein.
The Chairman now recognizes himself for questions.
First set of questions will go to the inspector general,
Mr. Roth. The Secure our Borders Act which was recently passed
by the committee requires CBP to fly unmanned aircraft 16 hours
each day every day of the year. However, the IG's report stated
that the Office of Air and Marine only flew them about 22
percent of the anticipated number of hours.
Now, according to CBP, this occurred because of budget
constraints and bad weather, both of which limited total flight
time.
Now, last year there were several reports of CBP loaning
out its unmanned aircraft to State and local agencies for
assistance.
To what extent is this still occurring, if you can tell me?
Has the loaning out of these aircraft to the State and local
authorities limited CBP's ability to fly them more frequently?
Does it create additional wear and tear that leads to otherwise
unneeded maintenance?
Mr. Roth. Thank you, Mr. Chairman.
When we looked at the CBP's use of drones, it was basically
an audit exercise in which we took a look at how often they
were used. We did not look at whether they were loaned out,
what purpose that they were used. We simply used the records
that they had, which, as you indicated, showed that it was
about 20 percent of what it is that they thought they were
going to use when they started the program. I believe other
entities--in fact, I believe the GAO may have done some work in
this area, but we have not.
Mr. Perry. Ms. Gambler, can you comment?
Ms. Gambler. GAO has not specifically looked at the use of
UAS for border security. We did issue a report last year in
response to a mandate that asked us to review a report that the
DHS privacy office did on use of UAS along the border, but our
report and that report did not address use for border security.
We do, and are happy to do some additional work in that area as
well, and do have some plans to do so.
Mr. Perry. All right. Although the CBP had previously
reported that its unmanned aircraft operate over the entire
Southwest Border, the IG reported that CBP data showed that the
time spent flying over the border States varied significantly
by State. In fact, the IG said unmanned aircraft appeared to
only fly over some areas of the border because they were en
route to other missions.
How does CBP explain the lack of flight hours, if you know,
over certain portions of the Southwest Border, and what, if
any, vulnerabilities might this expose according to your
research?
Mr. Roth. As you know, the Southwest Border is about 2,000
miles long. What our audit showed is that that vast majority of
the flights were over a 170-mile sector in Texas and Arizona,
and as a result, of course, that means that CBP is blind, does
not have the ability to have the kinds of visibility that a
drone would give in those other areas.
What CBP tells us is that when they say they fly across the
entire Southwest Border means that they have permission from
the FAA to fly across the entire Southwest Border, but in fact
they only sort of isolate their flight times to this 170-mile
corridor.
Mr. Perry. Now, you said, I think in your testimony, that
they used 22 percent of the allocation based on the cost. Was
that correct?
Mr. Roth. We took a look at what the cost was per flight
hour, and we looked at the total cost of the program, which is
what the guidance requires us to do, both there is OMB guidance
as well as GSA guidance as to how it is that you account for
costs of aircraft. What we found was that is was about $12,000
an hour to fly aircraft. Their calculation was considerably
less than that, about $2,400 per hour. So we disagreed with
each other by a factor of 6.
Mr. Perry. Either way, it is significantly down. I mean,
the usage is significantly down. I mean, we are going to hear
testimony that says that, you know, any shutdown is going to be
horrifically detrimental, and many of us agree that it will
have a significant impact, but at the same time, you can see
just by the usage of the UAS, money is being wasted where it
could be reallocated even in times where there is potential
shutdown.
In the remaining time that I have, understanding that
neither GAO or IG has delved into the possible overreach
associated with this program, I just want to bring this to
light for your further review if it appears to be in concert
with your duties.
An incident occurred in 2012 when a North Dakota district
judge upheld the first-ever use of DHS unmanned aerial systems
to assist in the arrest of an American citizen. A farmer was
herding cattle, and local authorities thought he may be armed
and dangerous, and asked the DHS to fly the UAS over this
individual's home.
In the future, I would like to know if--again, if it is
within the purview of either of your jurisdictions to find out
if that, you know, results or indicates evidence of the
program's potential abuse of its power and working outside its
granted authority, and if there are in fact controls in place
to manage that authority?
With that, I appreciate your testimony.
Now, I would like to recognize the Ranking Member, Ms.
Watson Coleman, for questioning.
Mrs. Watson Coleman. Thank you, Mr. Chairman.
You know, from all that I have been hearing in the various
hearings about the Department of Homeland Security, it is a
relatively new Department in the history of the United States
of America. It was formulated in response to a crisis. It has
done remarkable things, but it has so many more things to do in
order to be able to achieve its mission, ensure our Homeland
Security, and operate efficiently and effectively.
I also know that there are significant watchdogs, and the
two of you, Inspector General, and GAO. In that realm, Mr.
Gerstein, you, from your experience, have observations that I
found very helpful.
I am wondering, Inspector General Roth, and, Ms. Gambler,
in reviewing the materials today it seems that there has been
some overlapping of issues. Do you in any way coordinate or
sort-of interact to ensure that the work that is being done by
both of you is not duplicative and that there is sort-of no
gaps in what should be identified?
Mr. Roth. We are coordinating our answer.
Yes. We coordinate continuously. In fact, before we ever
start an audit, one of our first things that we do is that we
call GAO to ensure, No. 1, to ask what sort of work they have
done in the past, and, No. 2, to make sure that we are not
stepping on something that they are already doing. So there is
a lot of coordination that takes place on the sort of
programmatic level.
Additionally, I speak with GAO all the time, my counterpart
over there who is in charge of the homeland security and
justice issues. We have a very good sort of working
relationship, and I would note that the Inspector General Act
requires me, in fact, to coordinate with GAO, and so we take
that very seriously.
Mrs. Watson Coleman. Have you all encountered any
situations where there has been conflict in--a similarity in a
finding and a conflict in a recommendation?
Mr. Roth. I am not aware of such a thing. I mean sometimes
we look at the same program. For example, we have both looked
at the drone program, but we have looked at different aspects
of it. So I think it is actually highly complementary, but I
will let GAO speak for themselves.
Ms. Gambler. I would just add we have the same process,
where at the start of each GAO review we contact the DHS, OIG
staff to ensure that we are not doing duplicative or
overlapping work. We also, I think, regularly exchange lists of
on-going reviews between the two entities, and we also, as
Inspector General Roth indicated, meet periodically to talk
about the work that we are doing. In cases where there may be
overlap or duplication of effort, we work and collaborate to
ensure that maybe we look at different aspects of the program
or something like that.
Mrs. Watson Coleman. Thank you.
Mr. Roth, your audits save money, your audits
programmatically should--probably ensure that they are
achieving the mission that we are providing the safety to the
homeland and the security. So your audit function is extremely
important.
What happens if we fail--if Congress fails to send a
Homeland Security Funding Initiative to your auditing function
or your whole office or any part of your office?
Mr. Roth. Sure. As you know, in a lapse of appropriation,
we can only do two things. We can work to do things necessary
to save life and property, and we can use money that may have
been appropriated under a different source. In other words, not
a current appropriation. Our law enforcement staff, these are
the folks who are largely on the Southwest Border, but
elsewhere, that are sort of the internal affairs component,
they are the watchers of the CBP and ICE, they will continue to
work because there has been the assessment that this is
necessary to preserve life and safety.
We have an audit staff that works on the disaster relief
fund, the FEMA work, basically, in which we have a small amount
of money left over from last year. That appropriation never
lapsed. So we are able to continue to have those folks work.
But our audit staff will obviously be furloughed. We have
about 60 audits in process currently that will have to be
stopped and then obviously picked back up when we receive
funding.
Mrs. Watson Coleman. Thank you.
Ms. Gambler, even though there has been this recognition
that under the leadership of Secretary Johnson things have
improved tremendously, is there any single most important
action that the Department's leadership should take to ensure
they remain on track to have these issues removed from the
high-risk list? What role do the resources play in addressing
these issues raised by the high-risk list?
Ms. Gambler. What is critical for DHS to address our high-
risk designation going forward is that they continue to show
measurable and sustainable progress across their management
areas. What that means, to give you an example, is within
acquisition management, we have found that they have a good
knowledge-based process and policy for managing acquisitions,
and we have recognized that, and that is to the Department's
credit. But what we need to see now is that the Department can
consistently apply that process to its individual acquisition
programs and demonstrate that those programs are on track to
meet cost schedule and performance expectations.
In terms of resources, one of GAO's five criteria for
removal from the high-risk list is that agencies have the
capacity to resolve the risks, and when we say capacity, we
mean that they have the people and other resources. DHS has
identified resource needs and has identified their capacity for
a number of initiatives they have under way to address our
high-risk designation, but there are other initiatives for
which they are continuing to work to identify what resources
are needed.
Mrs. Watson Coleman. I am going to yield my time back.
Thank you very much, but I hope we have a second round of
questioning because I certainly have a lot of questions.
Mr. Perry. Absolutely. The Chairman thanks the Ranking
Member.
Just remind everybody that the House bill funded OIG at
$142 million for fiscal year 2015, above the fiscal year 2014
requirement, which appears that the House did indeed do its
job.
With that, the Chairman would now recognize the gentleman
from Florida, Mr. Clawson.
Mr. Clawson. Thank you.
Thanks for coming you all. Thanks for your service to our
country.
I am going to go back in time a little bit and ask you to
put your thinking caps on for a minute, put yourself in my
position, and help me think a little bit about how we should
view, measure the Department.
Since I have come here starting last summer, the story that
is told from other folks prior to you all coming here, and this
is good for you all to be here because you are looking at
accountability and measurables, and I want to lift that up a
little bit and so that I know a little bit more about what you
know.
We are told that things are better, that more and more
folks are being stopped on the border, and that things are
getting better throughout the Department, but that we also need
more resources. We were asked for capital expenditure resources
as well as operational resources. So far so good. Right?
But then after that most of the data that we get here is
rather anecdotal. I can't tell you as a Member of this
committee what the goals and metrics are by function, by
region. I hear some data, but I couldn't really roll it up. So,
therefore, for me to get a return on investment, if you will,
for the taxpayer, I can't tell you what it is. I haven't seen
any capex data since 2010, and yet I am asked to approve more
capex data when I haven't seen anything on a macro level about
how we are doing with our money, with the shareholder, or in
this case the taxpayer money.
So I don't know what the current goals are by area on a
macro basis, and I don't know what the current spending is for
each one of those areas, and, therefore, it is hard for me to
make any decisions without a bigger picture on how we are doing
with the resources that we currently have.
Now, you three tell me. You are auditors. Your business is
to dig into the forest level, but it is also to lift above to
30,000 feet as well. Am I missing something here? Are there
goals on a functional level so that we can see how the
Department is doing? If there is goals, and if there is actual
operational data, is there a way we can get it?
I don't have a negative opinion, but neither do I have a
positive opinion. I don't have enough data to have an informed
opinion, and you all are auditors. Am I missing something here?
We seem to wrestle around with what this thing is doing, what
that is doing, without any big picture view of what is really
going on in terms of outputs versus inputs.
I don't know who to direct it to first, but I will let you
start, Honorable Mr. Roth.
Mr. Roth. I think you raise a very good and fundamental
question. I mean, certainly when we look at some of the audits
that we have done, for example, I think on the drone report,
that is one in which we really pushed them and said: What does
success look like? What are your metrics? How is it that you
can justify a $360 million expense over the course of, you
know, 5 years? How is it that you justify that? Is it the
number of aliens that you caught? Is it the number of drugs you
have seized? What is the metric? They do not have a metric. So
it is a very frustrating aspect to me, and I can go through
audit after audit after audit.
The TSA's SPOT Program, their Behavior Analysis Program. It
is, like, what are your performance metrics and how do you know
whether or not you meet those performance metrics? In other
words, for a $200 million program a year, what is it about that
that gives some comfort to us that that is money well spent?
They couldn't answer that question. It is a very frustrating
thing for us as auditors who attempt to try to get some
precision in sort-of effectiveness in Government programs when
they simply don't measure it. So I share your frustration.
Mr. Clawson. Do the other two guests share in that--it is a
rather frightening observation, and I am not partisan on this,
to spend this amount of money and not have goals and,
therefore, not knowing whether we are wasting taxpayer money or
not. How do the two of you feel about it?
Ms. Gambler. So your question gets at a key theme of our
work as well, which is that DHS has performance measures for
some programs but not all programs, and that, you know, sort of
across the DHS spectrum that the Department and components
could strengthen their use of metrics and their use of data for
measuring progress and results.
I would also add that DHS has a Quadrennial Homeland
Security Review and a strategic plan, and we have on-going work
for the subcommittee right now looking at that higher-level
strategy that DHS has to securing the homeland and will be
reporting out to the subcommittee on that going forward.
Mr. Gerstein. So I would like to pick up on the theme and
take it a little bit further and talk a little bit more from an
analytical perspective.
I think it has been recognized across the Department that
there was a lack of metrics, a lack of strategy, a lack of
planning, a lack of operational ability to understand where
certain issues were with respect to solving problems.
So in the Quadrennial Homeland Security Review, they did
identify--the Department identified five basic mission areas,
and for each of those there were, if you will, metrics. They
are high-level metrics, but they are metrics.
Mr. Clawson. Can we see those metrics?
Mr. Gerstein. Absolutely. The Quadrennial Homeland Security
Review is a public document.
The other thing I would add is that Secretary Johnson
recognized this, and on top of the Homeland Security review has
put in place the Unity of Effort which is designed to get at
this very issue. In fact, what the Unity of Effort is trying to
do is to pick areas so one area is cybersecurity, another is
aviation commonality, which the IG spoke about in his remarks.
Another is dealing with common vetting and screening. So
what they are trying to do in these particular areas is
identify what are the requirements in these areas, what are the
metrics that we are measuring against, where are the capability
gaps, and then satisfy them through either business process
reforms, through acquisitions, through a variety of measures.
So I think that it is certainly something that has been
thought about and understood.
The Joint Requirements Council that was discussed in my
written testimony is also at the lower level, and the
adaptation of what went on with the Unity of Effort and the
Quadrennial Homeland Security Review.
Mr. Clawson. I want to apologize to the----
Mr. Perry. The Chairman thanks the gentleman.
Mr. Clawson [continuing]. Folks on the other side for
taking----
Mr. Perry. The Chairman now recognizes the gentlelady from
California, Mrs. Torres.
Mrs. Torres. Thank you, Mr. Chairman.
I have a question for each of you, starting with Ms.
Gambler. Last September the GAO issued a report on Customs and
Border Protection's covert assessments of their ability to
detect nuclear materials at their ports of entry.
Given the proximity of the district I represent to the Port
of LA and Long Beach, and its impact on the labor market of my
district, this is an issue of great interest to me and my
constituents. I noted in the report that the number of covert
tests conducted at seaports has declined from eight in 2010 to
just three in 2013.
Does CBP have the resources to conduct the number of covert
tests needed to fully assess their ability to combat nuclear
smuggling at seaports?
Ms. Gambler. Congresswoman, your question gets at a key
finding that we had in that report, which is that CBP has not
conducted a risk assessment for its covert testing operations.
Such a risk assessment would help CBP better allocate the
resources it has to conducting those covert operations.
What we pointed out in our report was that such a risk
assessment could include looking at the locations for testing,
the types of material to be tested, and the types of technology
to be tested. So we have recommended that CPB conduct that risk
assessment to prioritize and make best use of the resources it
has.
Mrs. Torres. I would encourage you to continue that work.
This is a critical issue for us. We are not talking about human
beings crossing, but, you know, these are weapons that could be
utilized and create mass chaos in our communities.
Inspector General Roth, in a recent report your office
estimated that it costs approximately $12,255 per hour to
operate CBP Air and Marine's unmanned aircraft system, UAS,
program. However, the office of Air and Marine calculated a
cost of $2,468 per flight hour because they did not include
operating costs such as the cost of pilots, equipment, and
overhead. The OIG made a recommendation which CPB concurred
with, but only in principle.
Can you explain to us all of the factors that should be
taken into account when determining the cost per hour for
operating UAS, and are you confident that CBP will implement
your recommendations at this point?
Mr. Roth. Thank you. As you note, they did not include many
of the costs that we believe ought to be included, including
the cost of the pilots, the cost of the sort of satellite
uplink, for example, the cost to--the overhead on the runways,
the cost of the pilots, those kinds of things, the cost of
depreciation. In other words, the wear and tear on the
aircraft. Those are the kinds of things that the Office of
Management and Budget and GSA require that a program count so
we understand what the full cost of the operation are. I always
like to use the analogy of my teenage son who wants to buy a
car, and, you know, it is not just the cost of the car. You
have to have your insurance, you have to have your gas, you
have to figure out where you are going to park it. You have to
put some money away for maintenance when you need that. That is
what CBP has not done here, and that was the basis of one of
our more significant objections.
We are in a 90-day period in which they are assessing our
recommendations, and they are going to come back to us with
what it is that they say that they are going to do. I can't
predict what they are ultimately going to say about our fairly
strong recommendation that all of the costs be accounted for,
but we will certainly keep this committee apprised as we go.
Mrs. Torres. Thank you.
Mr. Gerstein, in your prepared testimony you cite to some
of the problems that arise from the distribution of the
Department of Homeland Security's headquarter staff throughout
the Washington, DC area. Having served in leadership positions
with the Department of Homeland Security, what is your opinion
of the benefits that would be derived from completing the
consolidated headquarters project, and will doing so have
benefits for both operations, and most importantly to me,
workforce morale?
Mr. Gerstein. Thanks. Well, I am not going to take an exact
position on St. Elizabeths, if you don't mind, but I would like
to talk about building a culture and an identity within the
Department of Homeland Security. What it feels like having
worked there for a number of years, and served in leadership
positions, building this identity, a common way of moving
forward is really important. It is based on personal
relationships. It is based on having this common identity.
Right now the Department is spread out over 20 different
sites within--20 large sites within the Washington area alone,
and that makes it very difficult to bring people together.
While modern technology helps, there still needs to be more in
terms of bringing people into a common area.
On the St. Elizabeths, I know that, you know, it is a great
facility. The Coast Guard is there now, but it is my
understanding that it would not be large enough to house the
entire Department staff in that single facility.
Mrs. Torres. Thank you.
I would yield back my time to Mrs. Watson Coleman if she
needs extra time.
Mr. Perry. The Chairman thanks the gentlewoman, and now
recognizes the gentleman from Georgia, Mr. Loudermilk.
Mr. Loudermilk. Thank you, Mr. Chairman.
I would like to go back to the cost of flying the unmanned
aircraft. I believe the IG reported the cost of $12,255 per
hour to operate the aircraft. As an aviator, I find that
astounding that--especially an unmanned aircraft, you know,
where the CBP estimated, you know, I think $2,468 per flight
hour.
Why is there such a differential and why is the cost per
man hour so high, especially for an unmanned aerial vehicle?
Mr. Roth. There is a couple things. The differential is
that we simply are bound by our auditing standards. We are
outside auditors. We go in. We don't have a dog in the fight,
as it were. It is not our program. We simply look at the
program in an objective way. We use the standards that are
already out there that are set by OMB and GSA, and this is the
number we came up with, and we are fairly transparent as to how
we got that number. It is on page 8 of our report, if you would
like to see it.
Now, because they fly the aircraft so few hours, that means
the cost per hour is high. Of course, if they fly it more, then
the cost per hour will decrease. So that is one of our
recommendations, of course, just like because if Southwest
Airlines, you can guarantee when they buy an aircraft, they use
it, and they use it to its full potential, and that is
certainly one of our recommendations. If you use these to the
full potential like you said you were going to do in your
concept of operations when you purchased it, then the cost per
hour is going to go down.
Mr. Loudermilk. So to follow up, you are basically--you are
taking the full cost, including the salary, benefits of the
pilot, the camera operator, or that is included in the cost per
hour of operation?
Mr. Roth. Correct. You know, there is a loaded cost for
each personnel. So, for example, CBP did not have the cost of
the pilots because in their sort of thinking, well, that is
being paid for out of a separate pot. They didn't include, for
example, what it costs the Coast Guard to, you know, assist in
these missions, particularly the over water missions.
They didn't talk about their office of intelligence and law
enforcement liaison because that is in a different budget sort-
of line, which is all sort-of valid except it all comes out of
the taxpayer's pocket anyway. So we need to count everything so
when the Secretary looks at the program he can understand
what--or Congress looks at the program, you can understand
truly what it costs and is this the right investment of money.
Mr. Loudermilk. How many flight hours does an average pilot
have? I mean, are you talking about increasing the number of
hours that we fly, which from my trip to the border we see the
effectiveness of the UAVs.
Are our pilots--do they have subsequent down time that they
are not flying that they could fly more hours without us hiring
more unmanned pilots?
Mr. Roth. I don't know the answer to that question. It is
not reflected in our report. I can certainly get back to you
and see if that is something that we looked at as far as
whether or not it is scalable. In other words, to be able to
fly five times as many hours, do we need X number more pilots?
I will say that according to our analysis, they spend about
$11 million a year on pilot salaries for the UAV program.
Mr. Loudermilk. So with that--if we had to hire more
pilots, then we wouldn't necessarily see a decline in the cost
per hour because we are going to be incurring the cost of more
pilots. That is what I am getting at. Somewhere there is a
differential, I think, beyond just the cost of the pilots in
there, and that is what I was trying to get to because if--it
makes sense if we have the pilots are not flying their full
allotted hours or their capability, whatever the regulation
says you can fly this many hours in a week or time frame.
So that is kind-of where I was getting at. Is it an
accounting difference, or are we spending a lot more on these
unmanned vehicles? Is there some areas that we can save money
without affecting the operation and our capabilities?
Mr. Roth. I understand your question now. Is it linear, in
other words----
Mr. Loudermilk. Right. Exactly.
Mr. Roth [continuing]. Or not and certainly some of the
issues--certainly fuel would be linear, cost of pilots would be
linear. Some of the other would not be linear. The
depreciation, for example. The overhead of the program
management, which is about $5 million a year, that is going to
be the case whether you are flying or not flying. The overhead
on the facilities itself, the runways and the--that kind of
facility would not be linear.
So there are no--I know there are fixed costs that could be
distributed over greater flight hours, but I don't have the
specific data.
Mr. Loudermilk. I appreciate that. Thank you.
I yield back.
Mr. Perry. Chairman thanks the gentleman.
Now Chairman recognizes the gentleman from Louisiana, Mr.
Richmond.
Mr. Richmond. Thank you, Mr. Chairman.
My first question would be directed to Mr. Roth, and our
committee, and especially through our Ranking Member, we have
been trying to get the Department of Homeland Security to give
us information regarding its suspension and disbarment program
in terms of contractors. We have asked them for a number of
things, especially when one of their components recommends a
disbarment or suspension and they don't do it.
So in that sense, has the Office of Inspector General
recently conducted a review of the suspension and disbarment
process at DHS?
Mr. Roth. We have not published any audit reports on that.
I think we are doing some preliminary work on that issue. I
share with you the concern. My prior background is as a
criminal prosecutor and we have done a number of cases on sort
of acquisition fraud kinds of work, and I understand the
strength that can occur as a result of a very vigorous
suspension and debarment program.
Sometimes you can't make a criminal case or you can't even
make a false claims case, and yet you could do something to
ensure that those folks aren't in fact selling to the
Government anymore. I think it has an enormous deterrent effect
when used properly.
So I share your concerns with regard to our program, but we
haven't any published reports on that.
Mr. Richmond. Off-hand would you know any rules,
regulations, or statutes that would give them the ability to
deny us access to the recommendations from their components or
the list of people who were recommended for debarment or
suspension and then their ultimate action?
Would you know of anything that would give them privilege
or keep them from giving us that information in writing?
Mr. Roth. You know, off the top of my head, I am not aware
of it, but, candidly, I haven't done any analysis of that
issue.
Mr. Richmond. Well, good that is my last question.
Mr. Roth. Okay.
Mr. Richmond. Which is, would you be open to conducting
such a review to ensure decisions are being arrived at upon--in
a consistent and equitable manner?
Mr. Roth. I would like to take that back to my auditors and
see what it is that we could in that area. What I would like to
do is perhaps have our staffs meet to get a better sense of
what it is that you are looking at and see whether or not there
can be work that could be done.
Mr. Richmond. Thank you.
The next question would be for Ms. Gambler. I know that
last December you all issued a report on Federal facilities
cybersecurity that stated that DHS and GSA should address cyber
risks to building and access control systems. In the course of
its audit, GAO found that DHS lacks a comprehensive strategy
for addressing the issue. So given GAO's recent work in this
area, could you please elaborate for the subcommittee on the
actions DHS and GSA need to take to ensure that our Federal
facilities are hardened against a cyber attack?
Ms. Gambler. Sure. Thank you for the question. As you
noted, we recommended in that report that DHS work with GSA to
come up with a strategy for assessing cyber risks to building
and access control systems in Federal facilities. We
specifically recommended that that strategy include a
definition of what the problem is, assigns roles and
responsibilities, identifies a methodology for assessing that
risk, and some other things as well.
We also recommended through our report that the Interagency
Security Committee, which is housed within DHS and among other
things, provide some guidelines and guidance for Federal
facility security standards, that they should include some
information in their documents and their guidance about what
the threat is from cyber risk and that that information would
help Federal agencies better assess what their risks are.
Mr. Richmond. Thank you.
I will try to squeeze in one last question. Back to Mr.
Roth. Last Congress, as Ranking Member of the Subcommittee on
Transportation Security, we worked on addressing TSA's
acquisition policies. I noted in your testimony that your
office will be working with DHS acquisitions in the near term.
So is the problem with DHS's acquisition management derived
from the Department not having clear policies and procedures in
place for the components? Or is that the components all too
often disregard the policies that are in place?
Mr. Roth. Congressman, it is a little bit of both.
Certainly for a long time there had not been the right kinds of
procedures and policies in place. I think that Secretary
Johnson has made a very strong effort in the time that he has
been Secretary to put some rationality and some function behind
sort-of a unified effort to do acquisition management. But we
have also seen instances in which the components simply
disregard what the Department has asked to do. There really
hasn't been any consequences for that disobedience.
One of the things that I worry about is that
notwithstanding Mr. Johnson's efforts, he will be at some point
gone, and whether or not I will be here in 2 years asking
whether or not the same kinds of issues are taking place. In
other words, are there the right kinds of policies and
procedures in place and is there someone there who is actually
enforcing them? Certainly the kinds of legislation that we have
seen come out of the House I think has been a very welcome
development.
Last term I know that the House passed the Acquisition
Accountability and Efficiency Act, which I thought was a good
development. I look forward to those kinds of pieces of
legislation in ensuring that the acquisition management
function at DHS continues beyond this administration.
Mr. Richmond. Thank you.
Thank you, Mr. Chairman.
Mr. Perry. The Chairmman thanks the gentleman.
The Chairman now recognizes himself for the beginning of
the second round, or the beginning of the second round.
The first question will go to Ms. Gambler. The GAO recently
reported that DHS had such a large backlog of Freedom of
Information Act, or FOIA, requests that it set a goal of
reducing them by 15 percent each year since 2011. However,
although there was initial progress in fiscal year 2012, the
number of backlog requests nearly doubled in fiscal year 2013
with over 23,000, 23,000 more unfulfilled FOIA requests in
fiscal year 2013 than in the prior year. I mean, that is
astounding this agency is that far behind in answering the
hard-working taxpayers that are paying for it and their
legitimate requests.
The question to you is: Has the DHS done enough to
realistically believe that they would be able to tackle the
backlog of requests from the taxpayers?
Ms. Gambler. There were a few key recommendations that we
made in our report, Chairman, which we believe would help DHS
improve its processing and handling of FOIA requests.
One is for them to update their Department-wide FOIA
regulation, it hasn't been updated since 2003, to make sure
that regulation takes account of everything that has changed in
the FOIA environment since that time. We have also recommended
that DHS and the components do a better of job of taking
account of and tracking and fully tracking the costs that they
spend responding to FOIA requests.
Finally, in doing our work, we found that there was the
potential for some overlap in the processing of immigration-
related FOIA requests, which is a large number of the requests
that DHS gets. So we recommended, to help reduce that
duplication and overlap and help to insert some efficiency,
that DHS and the two components involved, ICE and USCIS, should
look at coming to an agreement about how to process those more
efficiently.
Mr. Perry. I think you said that DHS's Privacy Office has
not updated its FOIA regulations in more than 10 years despite
updates to the policy. Do I have that correct?
Ms. Gambler. That is right. Their FOIA regulation has not
been updated since 2003. There has been some changes
Government-wide to FOIA requirements and policies since that
time.
Mr. Perry. Do you think that a lack of transparency in the
Privacy Office has exacerbated that backlog?
Ms. Gambler. Chairman, that wasn't something that we
specifically looked at in the report. But we did find and
describe in the report that the FOIA processing is, you know,
sort-of specific to the components. It is the components'
responsibility to respond to FOIA requests. So our
recommendations were geared to helping the Department provide
some oversight for how FOIA requests are handled and processed.
Mr. Perry. So each department would have its own separate
staff to deal with the FOIA requests for that department, is
that essentially correct?
Ms. Gambler. Each component, yes, sir.
Mr. Perry. Each component. I imagine the size of that
varies per component, the administrative size I mean, is that
your understanding?
Ms. Gambler. I believe so, yes. The components I think get
different numbers of FOIA requests.
Mr. Perry. Dr. Gerstein, maybe you can shed--as you have
looked at the organizational structure, do you have anything to
add regarding the efficiency or trying to clear up this
backlog, that what you studied might be germane?
Mr. Gerstein. I just know from the S&T perspective, Science
and Technology Directorate, that we were working very hard to
get at the backlogs. I will say there were a couple of FOIA
requests that were very, very complex and required a great deal
of work to be able to dig out literally thousands of emails to
be able to provide on a particular request. So it is not a
trivial process to provide this information.
Mr. Perry. Okay, thank you.
Then moving on to my final questioning for the round is to
find out if there is anybody on the panel that is familiar with
what is known as the single point of failure in the Amtrak
corridor? This relates to cybersecurity and the construction of
an alternate petabyte pathway, where Homeland Security was the
initial impetus for demand of a diverse broadband pathway from
the blast zones associated with the major thoroughfares of
Philadelphia, New York, Baltimore, and the District of Columbia
and where we stand on that. Can anybody speak to that? Or is
that something that you are unfamiliar with?
Ms. Gambler. For GAO, I am not sure, but we would be
happy--I would be happy to check and get back with you and your
staff.
Mr. Perry. All right. I would appreciate it if you would.
At this time, I yield time for the second round to the
Ranking Member, Ms. Watson Coleman.
Mrs. Watson Coleman. Thank you, Mr. Chairman.
Mr. Gerstein, I keep reading that morale is the big issue
in this Department. I guess to some extent it does impact the
Department's ability to accomplish its mission and do the
things that GAO and the inspector general is concerned about. I
also understand that there have been a number of contracts let
to study, to survey the issues of morale.
So I am wondering with your experience and your knowledge,
whatever happened to the recommendations, the findings and the
recommendations and why are they still doing them? Have they
ever implemented any of them?
Mr. Gerstein. So the impetus for a lot of the employee
viewpoint studies is really the OPM, the Office of Personnel
Management, study that comes out on an annual basis. It is
administered in April to June. It comes out in November. Then,
of course, you know, there is efforts by leadership to respond
and be able to think through the issues.
So the question really before us is why then, if you are
doing an annual survey, do you need other surveys to augment
those? The answer is actually fairly straightforward. You know,
when we got our results to the Science and Technology
Directorate, the annual survey, it lacked the granularity to be
able to understand at what level of leadership, for example,
there were criticisms. So we asked for an internal study to be
done, an internal survey that looked specifically and tried to
identify specifically at what levels we might have shortfalls
in the leadership.
There were some things that came out of the survey that
made a great deal of sense. For example, one of the great
criticisms within the piece that directly was related to the
Science and Technology Directorate had to do with shortfalls in
funding. So many people answered very negatively about science
and technology resourcing. Of course, that is the year, in 2011
and 2012, in which the Department and Science and Technology
Directorate in particular saw a 56 percent reduction in
research and development. So no surprise that the workforce
would be signaling in that way.
Now, on the other question of what are done with all the
surveys, I guess I would say that I think there are a number of
subordinate organizations, components, who do their own
internal surveys much like the Science and Technology
Directorate did. Then at the Department level, there is a lot
of effort to try to understand what the survey results are
actually yielding.
So that is the impetus for doing these surveys.
Mrs. Watson Coleman. Is anyone contacting these external
organizations who do these surveys to make the final
recommendations? Then does the Department implement any of
them?
Mr. Gerstein. Well, for example, in Science and Technology,
we used an outside organization to help us. You know, we looked
at the results and we are working to implement change.
So, yes, I do think that they are helpful in trying to
identify areas and provide more granularity.
Mrs. Watson Coleman. Thank you.
This is actually for both Mr. Roth and Ms. Gambler, because
it has to do with the TSA. To the extent you can discuss
findings which you have with regard to the management
conclusion, findings which rely heavily on the behavior
detection policies has fundamental flaws to introduce
unnecessary security risks into the aviation environment.
If, in fact, we are talking about the sort of profiling
that has no scientific basis, Ms. Gambler, has the Department
implemented any of your recommendations with regard to having
less reliance on that, as opposed to expanding its inclusion?
Thank you.
Mr. Perry. Mr. Roth.
Mr. Roth. Thank you.
As you know, the report that we issued with regard to the
PreCheck program is classified both at the SSI and Secret
level. So it is very difficult in this environment to give you
an answer to that question. I would say that we have some very
deep concerns as to some of the decisions that TSA has made
with regard to the Managed Inclusion and PreCheck program.
Mrs. Watson Coleman. So we can have a, then sort-of closed-
door discussion on this at some point in the very near future?
Mr. Roth. We welcome a briefing. We can describe exactly
what our concerns are in a closed briefing.
Mrs. Watson Coleman. Thank you, Mr. Roth.
GAO has also acknowledged that this is not a scientific-
based approach. Has the Department implemented any of your--or
TSA implemented any of your recommendations?
Ms. Gambler. So with regard to the most recent
recommendation we made about the behavioral detection program,
we had recommended that TSA should limit funding for the
program until they were able to show scientifically-validated
evidence that behaviors can be used to detect--or behavioral
indicators can be used to detect threats.
TSA disagreed with our recommendation on that report. In
doing our follow-up on our recommendations, we understand that
TSA is reviewing the program. That is under way right now. So
at this point, it is unclear the extent to which that will meet
the intent of our recommendation.
Mrs. Watson Coleman. Thank you, Mr. Chairman.
Thank you.
Mr. Perry. The Chairman thanks the gentlewoman.
The Chairman recognizes the gentleman from Florida, Mr.
Clawson.
Mr. Clawson. Okay. So let's go back to what we were
speaking about earlier and maybe you all can help me a little
bit.
A strategy always flows from current situation and tactics
flow from strategy. I personally don't have enough data yet to
have an overall view of what the current situation is. So if
you all could do me a favor, maybe get together with my team
and I, somebody, who would it be that I could get the very
basic, top-level data about what is going on in the Department
and so that I can see the top-data, operational metrics, let's
say, border, cybersecurity, whatever the area it is, and so how
we are doing, how that data relates to the goals.
Then, second, the capex, capital expenditures, my area, so
that I can build just a cursory knowledge of taxpayer value
here and how we are doing for the money that we are spending.
You know, I don't know on the border if that means per dollar
spent how many people we are stopping or not. I don't know what
your metric is. I don't know how we ever stand up here and give
opinions without metrics. It feels a little weird to me.
So we don't even have to do it publicly. But if I could get
some metrics, after being up here 6 or 8 months, at a top level
by area of the Department, that would be great. You all can
come. Inspector, you probably know where, if it is not you, you
probably know where we can get that. So that is my request
first of all.
Would you like to respond to that or--because we looked at
the Quadrennial Homeland Review. That is just more strategy to
me. It is very few metrics by area of the Department. I want to
know who is making their goals and who is not and why. Yes,
sir.
Mr. Roth. I think that is a fair request. We would welcome
to work with you----
Mr. Clawson. Yeah, if you all would come and be one of
those groups that when we ask something, you actually come back
to us. We will be responsive.
I am not partisan about this. I am not trying to make the
administration look bad or anybody else. I would just like to
have an opinion on how the Department is doing. With no data, I
just don't know how anybody ever has opinions. It is just
rumors to me. We make mistakes when we make decisions based on
assumptions, as opposed to separating what we assume from what
we know.
Before I accuse anybody of anything, I would like to have
more than just an assumption. Does it seem reasonable you all
what I am asking?
Mr. Roth. Yes----
Mr. Clawson. Then from there, hopefully I can be helpful
and my team can be helpful even in a small way.
Second thing, if we have just another moment, it always
felt to me in my career that morale was driven more by
management's ability to manage up, as opposed to senior
management's ability to manage down. Things always come from
Washington or whatever and they don't understand the situation
on the ground, right? So we make rules and edicts based on what
we think is going on. We never really know. That sends
confusing messages to the folks that actually are trying to get
the work done on the front lines. Sounds reasonable.
Clearly we have a confused situation in terms of the goals
of this Department, in Washington, with the potential shutdown
and everything that is going on. So in my mind, I wonder to
myself, I say if I was in senior management in this Department,
on the one hand, what I am hearing is the confused signal from
Washington clearly would have an impact--negative impact on
morale, right? On the other hand, you tell me that the
Department is getting better and better, that things are
getting clearer because of new management.
To me, that would override some of the concerns about
morale. Because morale is usually more local than it is global.
Tell me how you feel about the morale question then. Do you
have an opinion? You are out there all the time. Any of the
three.
Ms. Gambler. GAO issued a report on employee morale at DHS
a couple of years ago. I think a key take-away from that report
is getting at your question and your thoughts, sir, which is,
you know, that looking at sort-of what is happening within the
individual components is, you know, an important piece of this,
and the extent to which the components are implementing, you
know, actions to address some of the root causes that are
contributing to employee morale. So that was a key finding and
recommendation from the report that GAO did several years ago
on morale at DHS.
Mr. Clawson. So that would say that the hiring process is
the most important input on morale at a local basis?
Ms. Gambler. We didn't get into sort-of specifically tying,
you know, morale problems to sort-of different functions or
things like that. But we did look at the sort-of differences in
morale at the individual components. That was a key part of the
work that we did.
Mr. Clawson. Anybody else on the morale question?
Mr. Roth. We haven't done any work on that. I mean, I will
have to say I was in the Department of Justice for 25 years.
Nineteen of those years were in the field and we didn't really
care what was going on in Washington. What we cared about was
did we have the tools to do our job, and did your immediate
boss appreciate what it is that you are doing? I don't actually
think it is very complicated. But that is just my personal
opinion based on my experience.
Mr. Clawson. It feels to me that we overestimate our own
importance in Washington in this decision. That it is exactly
what you say.
Any input, Doctor?
Mr. Gerstein. Well, the one thing that I would like to just
add and it has to do with the shutdown on the impact of morale.
I was acting under secretary the last time we had a major
furlough. It was about 3 weeks long. I can say that this
affected the workforce in some fairly dramatic ways.
Mr. Clawson. I agree with that.
Mr. Gerstein. We spent a lot of time after that talking to
the workforce and trying to reinforce the importance of the
jobs they are doing and that people do care about them. You
know, as you say, a lot of what goes on in Washington just goes
on in Washington. But, you know, you sort-of have--at the end
of that rope are people who are depending on their paychecks.
Some of them were working at-risk.
Mr. Clawson. Peace on that. I mean, you take people's
paycheck and job away, even temporarily, then the local manager
can't do much about that.
Mr. Gerstein. The other thing that is very interesting is
that recovering from a furlough is a lot more time-intensive
than just the amount of time of the furlough.
Mr. Clawson. Right. Thank you.
Mr. Perry. The Chairman thanks the gentleman. The Chairman
now recognizes the gentlewoman from California, Mrs. Torres.
Mrs. Torres. Mr. Gerstein, in your written testimony, you
state that the lost momentum associated with sequestration and
our Federal workforce furlough in 2013 hindered programs in the
execution of key Departmental programs. You also stated that
the lost man-hours associated with preparing for and recovering
from the furloughs were also a significant distraction and
squandering of resources.
Now, let's go back to that statement, confused signals from
the District of Columbia. Today, with one day left to fund the
Department of Homeland Security, can you explain for the
subcommittee what is going on behind the scenes at the
Department of Homeland Security and the impact appropriations
uncertainty is having on the workforce?
Mr. Gerstein. Yeah. So that is a great question. We started
planning for and thinking about the impact of a potential
furlough back when the original discussion occurred about the
potential for DHS not getting funded. So for a number of months
we have been talking about that. The planning will be more
intensive as we get closer to the furlough.
I will use the last time as a template. But, you know,
several weeks before, we were putting out email messages, we
were notifying employees, we were trying to explain the impact
to the employees. So as we lead up into it, there is a lot of
activity. Obviously, when the furlough occurs, no work is
supposed to occur. For the Department, that has a lot of the
management functions, the under secretary for management,
science, and technology, the policy office, intelligence and
analysis, would be predominately, about 15 percent of the
Department would be those that are most affected.
Then, of course, when the furlough is lifted and people
come back to work, there is, if you will, a stutter-step in
getting back into the business of running the Department.
One interesting area that I think is really important to
consider as a microcosm of what actually happens is in the
programs. So the impact on these programs is very significant.
We don't know what the money is going to be. We don't know what
the top line is going to be. So instead of planning your
procurements, in our case it was the research and development,
over the course of a year and try to front-load that in the
early part of the year, we don't have the money, we don't know
what our top line is going to be. So you don't actually spend
that money. What that creates is a bow wave.
That means in the last, if you will, 3, 4 months of a
fiscal year, you are spending 80 percent of your resources.
Obviously, when you are trying to put that much through the
system at all one time, it becomes very difficult. Imagine the
impact, for example, on contracting. Imagine how it is on
procurement as you are trying to move vast numbers of contracts
through the system.
So there is a huge opportunity cost in waiting until the
last half of the fiscal year to be able to do that. We are
actually very quickly approaching the second part of the fiscal
year for fiscal year 2015.
Mrs. Torres. Thank you.
I want to get one more question for the record. In your
recent op-ed, you say that the Department of Homeland Security
is in a similar position that the Department of Defense was 30
years ago, when the Department underwent a major organizational
restructuring. How would you compare the Department of Homeland
Security's process to that of the Department of Defense? Is DHS
far behind where DOD was? Or is DHS experiencing the normal
growing pains in a relatively new, very massive organization?
Mr. Gerstein. So I do think there are a lot of normal
growing pains associated with bringing together so many people,
the third largest Cabinet-level department, so rapidly.
On the other hand, and I used the Goldwater-Nichols analogy
not because I am trying to make the point of recreating a
Department of Defense within the Department of Homeland
Security, but rather the need for a very significant,
comprehensive reform initiative. So there are a lot of
differences between the Department of Defense and Department of
Homeland Security, not the least of which are military missions
versus law enforcement within the Department of Homeland
Security.
When you think about just the resources, it is almost an
order of magnitude difference between the Department of Defense
and Department of Homeland Security, something like $550
billion versus about $60 billion for the Department of Homeland
Security. When you look at the training time available for law
enforcement versus people in military uniforms, that is also
different. So there are some differences.
But on the other hand, we really saw a vast improvement in
the Department of Defense when they came together and worked as
a single entity and were able to pool the resources and think
more corporately.
Mrs. Torres. Thank you.
Mr. Perry. The Chairman thanks the gentlewoman.
The Chairman now recognizes the gentleman from Georgia, Mr.
Loudermilk.
Mr. Loudermilk. Thank you, Mr. Chairman.
Ms. Gambler, unfortunately DHS does have a history of
acquisitions of technologies and programs that either turn out
they don't meet the mission needs or they are inadequate and,
in the case of SBInet, were inevitably pulled--which I believe
was a Boeing contract and we spent about $1 billion for 53
miles of surveillance.
The other would be BioWatch, that working with the EPA to
detect pathogens in the air and such things. What are some
things that you recommend that we can do to better vet or run
through a process technologies or programs before we go into an
acquisition? It almost seems like sometimes we are actually
going into the acquisition process to do the testing to see if
it works, instead of putting the onus on the vendor to prove
the viability of their program.
Do you have some recommendations of where we could do to
save taxpayer moneys before we waste it on programs that
inevitably we end up pulling just like SBInet?
Ms. Gambler. That question gets at a key point from our
work on acquisition management at DHS, which is that many DHS
acquisition programs don't have the basic fundamental documents
and information in place to be able to, you know, successfully
procure and manage those programs. Those things include having
reliable schedules, having reliable life-cycle cost estimates,
and having in place what are called program baselines that
basically lay out what is the acquisition program going to do,
at what cost is it going to be delivered, and when.
So what we have recommended and what we need to see as part
of the high-risk update and our monitoring of DHS's designation
of high-risk in the acquisition management area, is that the
Department can better ensure that its individual programs are
adhering to acquisition management practices and have those key
documents in place so that they can be, you know, better
managed and monitored to be on track for schedule, cost, and
performance.
Mr. Loudermilk. Okay. Would any of the others like to
comment?
Mr. Gerstein. I would say that I am very familiar with all
the programs that you named. When you peel back the onion on
those, there is a, if you will, a single point of failure. It
has to do with insufficiency in the requirements-generation
process. In other words, you don't necessarily know what you
are trying to achieve or you change your requirement part-way
through the acquisition without changing the metrics, the key
performance parameters. So requirements, requirements,
requirements are absolutely essential to be able to have good
procurements and good acquisition.
Mr. Loudermilk. Mr. Roth.
Mr. Roth. I would simply concur. I mean, certainly in
audits that we have looked at, at this, it is--the technology
is chasing the problem, as opposed to defining the problem and
figuring out the solution for it.
Mr. Loudermilk. So in the case of, let's say, SBInet, we
were throwing a potential solution at a problem that we haven't
really defined how we want to resolve it, is that what you are
getting at? As we get into it, we find out that it is not
meeting the criteria, so we change the requirements? I guess
what I am getting at is that result in the cost overruns
because we are chasing something without fully defining what
the mission is or what the accomplishment is? I mean is that
pretty much what you are stating? That we have to do a better
job at defining what it is we want? I mean, what is the
solution?
Mr. Gerstein. I think when you do a requirements
generation, you have to link your research, your development,
and your acquisition so that they actually flow. They don't
necessarily have to be completely linear. But you do have to do
a certain amount of research to understand the problem and to
help identify what potential solutions are.
So not everything is an acquisition. You may have solutions
that are doctrine solutions or organizational adaptations or
training differences or acquisition. So all of that has to be
factored in. How can I solve the operational problem that I am
encountering? That is really the fundamental question. Then
that would suggest then being able to lay out acquisition
programs in a holistic manner so that you are not just
identifying a technology, as the IG says, Mr. Roth said, you
know, you are not just identifying a technology and saying this
will work for our problem, but rather thinking, how it is going
to fit into a comprehensive system?
Mr. Loudermilk. Okay. Thank you. I yield back.
Mr. Perry. The Chairman thanks the gentleman.
At this time, the Chairman thanks the witnesses for their
valuable testimony and the Members for their questions. The
Members of the subcommittee may have some additional questions
for the witnesses. We will ask you to respond to these
questions in writing. Pursuant to committee rule 7E, the
hearing record will be open for 10 days.
Without objection, the subcommittee stands adjourned.

[Whereupon, at 11:34 a.m., the subcommittee was adjourned.]

[all]