[House Hearing, 117 Congress]
[From the U.S. Government Publishing Office]

20 YEARS AFTER 9/11: TRANSFORMING DHS TO
MEET THE HOMELAND SECURITY MISSION

=======================================================================

HEARING

BEFORE THE

SUBCOMMITTEE ON
OVERSIGHT, MANAGEMENT,
AND ACCOUNTABILITY

OF THE

COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES

ONE HUNDRED SEVENTEENTH CONGRESS

FIRST SESSION

__________

SEPTEMBER 30, 2021

__________

Serial No. 117-31

__________

Printed for the use of the Committee on Homeland Security

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]

Available via the World Wide Web: http://www.govinfo.gov

__________

U.S. GOVERNMENT PUBLISHING OFFICE
46-545 PDF WASHINGTON : 2022

-----------------------------------------------------------------------------------

COMMITTEE ON HOMELAND SECURITY

Bennie G. Thompson, Mississippi, Chairman
Sheila Jackson Lee, Texas John Katko, New York
James R. Langevin, Rhode Island Michael T. McCaul, Texas
Donald M. Payne, Jr., New Jersey Clay Higgins, Louisiana
J. Luis Correa, California Michael Guest, Mississippi
Elissa Slotkin, Michigan Dan Bishop, North Carolina
Emanuel Cleaver, Missouri Jefferson Van Drew, New Jersey
Al Green, Texas Ralph Norman, South Carolina
Yvette D. Clarke, New York Mariannette Miller-Meeks, Iowa
Eric Swalwell, California Diana Harshbarger, Tennessee
Dina Titus, Nevada Andrew S. Clyde, Georgia
Bonnie Watson Coleman, New Jersey Carlos A. Gimenez, Florida
Kathleen M. Rice, New York Jake LaTurner, Kansas
Val Butler Demings, Florida Peter Meijer, Michigan
Nanette Diaz Barragan, California Kat Cammack, Florida
Josh Gottheimer, New Jersey August Pfluger, Texas
Elaine G. Luria, Virginia Andrew R. Garbarino, New York
Tom Malinowski, New Jersey
Ritchie Torres, New York
Hope Goins, Staff Director
Daniel Kroese, Minority Staff Director
Natalie Nixon, Clerk
------

SUBCOMMITTEE ON OVERSIGHT, MANAGEMENT, AND ACCOUNTABILITY

J. Luis Correa, California, Chairman
Dina Titus, Nevada Peter Meijer, Michigan, Ranking
Donald M. Payne, Jr., New Jersey Member
Ritchie Torres, New York Dan Bishop, North Carolina
Bennie G. Thompson, Mississippi (ex Diana Harshbarger, Tennessee
officio) John Katko, New York (ex officio)
Lisa Canini, Subcommittee Staff Director
Eric Heighberger, Minority Subcommittee Staff Director
Geremiah Lofton, Subcommittee Clerk

C O N T E N T S

----------
Page

Statements

The Honorable J. Luis Correa, a Representative in Congress From
the State of California, and Chairman, Subcommittee on
Oversight, Management, and Accountability:
Oral Statement................................................. 1
Prepared Statement............................................. 2
The Honorable Peter Meijer, a Representative in Congress From the
State of Michigan, and Ranking Member, Subcommittee on
Oversight, Management, and Accountability:
Oral Statement................................................. 3
Prepared Statement............................................. 5
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Chairman, Committee on
Homeland Security:
Prepared Statement............................................. 6

Witnesses

Mr. Chris Currie, Director, Homeland Security and Justice Team,
Government Accountability Office:
Oral Statement................................................. 8
Prepared Statement............................................. 9
Mr. Randolph ``Tex'' Alles, Acting Under Secretary for
Management, Department of Homeland Security:
Oral Statement................................................. 17
Joint Prepared Statement....................................... 19
Ms. Angela Bailey, Chief Human Capital Officer, Department of
Homeland Security:
Oral Statement................................................. 23
Joint Prepared Statement....................................... 19

20 YEARS AFTER 9/11: TRANSFORMING DHS TO MEET THE HOMELAND SECURITY
MISSION

----------

Thursday, September 30, 2021

U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Oversight, Management,
and Accountability,
Washington, DC.
The subcommittee met, pursuant to notice, at 2:01 p.m., via
Webex, Hon. J. Luis Correa (Chairman of the subcommittee)
presiding.
Present: Representatives Correa, Titus, Torres, Meijer,
Bishop, and Harshbarger.
Also present: Representative Langevin.
Mr. Correa. The Subcommittee on Oversight, Management, and
Accountability will now come to order.
Without objection, the Chair is authorized to declare the
subcommittee in recess at any time.
Let me begin by thanking everyone for joining us today.
This month, as you know, we have commemorated 20 years
since the tragic 9/11 cowardly attack on our country that
essentially led to the creation of the Homeland Security
Department and this committee.
As we look back on the last two decades, it is impossible
to ignore how much has changed. The threats to our homeland and
the ones we face today have grown beyond foreign terrorists to
include cyber attacks, climate change, and domestic violent
extremism. To meet these new threats, the Department of
Homeland Security has evolved as well.
A department that was once barely more than a collection of
22 Federal agencies has matured to become more cohesive and,
therefore, more effective. But ensuring the Department's many
components work together, coordinated in tandem, is a daily
effort that still needs much more work.
Over the years, several Secretaries of Homeland Security
have made it a priority to unify the departments and to
consolidate management functions within a strong centralized
headquarters. Many DHS components existed as independent
agencies for decades before the Department was created, and
each had its own histories and each its own cultures. Although
these agencies have been brought together under one umbrella,
they don't always work together as they should. DHS
headquarters often lack the ability to adequately coordinate
these policies, resources, and oversight as a whole.
We have made progress. Today, DHS has created new offices
to better coordinate information sharing, strategic planning,
and overlapping operations. Today, I look forward to hearing
from two representatives from DHS's Management Directorate
about how the Department has changed and evolved over the last
20 years and how it is taking on new and evolving challenges.
I also look forward to hearing from the Government
Accountability Office, which has provided consistent oversight
over the Department since its creation, especially through its
biannual ``High-Risk List,'' which is a report that identifies
Government operations with significant vulnerabilities to
fraud, waste, and abuse and mismanagement.
When this department, DHS, was first created, GAO added
implementing and transforming the new Department of Homeland
Security to its ``High-Risk List.'' In 2003, GAO noted that
such a task was, ``an enormous undertaking that will take time
to achieve in an effective and efficient manner,'' but that
failure to do so, ``would expose our Nation to potentially very
serious consequences.'' DHS has transformed itself over the
last 20 years, and its designation on the ``High-Risk List''
has changed as well.
Now, GAO's recommendations are more focused on improving
the Department's management functions. Although DHS has made
significant progress over the years, it continues to struggle
with integrating and strengthening the core functions that
affect every single aspect of the agency. This includes the
management of information technology, human capital,
acquisition, finances--all of which are housed within the
Department's Management Directorate.
These remain on the list, in many ways because they are
issues that offer the most challenges to a decentralized
headquarters. The constant push and pull between operational
components and headquarters have hampered the Department's
ability to develop a strong and unified approach to these core
issues.
But taking on these problems is key to ensuring that DHS
can continue to protect the homeland from all threats--those we
faced 20 years ago and those that we are facing now and those
that we will face in the future.
I do look forward to hearing more about how DHS has grown
into the agency it is today, as well as how we can help them--
we can help them continue to mature and meet these enduring and
evolving challenges.
With that, I thank you again, all, for joining us today.
[The statement of Chairman Correa follows:]
Statement of Chairman Lou Correa
September 30, 2021
This month, we commemorate 20 years since the tragic 9/11 terrorist
attacks, which led to the creation of the Department of Homeland
Security and this committee. As we look back on the last two decades,
it's impossible to ignore how much has changed. The threats our
homeland faces today have grown beyond foreign terrorists to include
cyber attacks, climate change, and domestic violent extremism.
To meet these new and existing threats, the Department of Homeland
Security has evolved as well. A Department that was once barely more
than a collection of 22 disparate Federal agencies has matured to
become more cohesive and therefore more effective. But ensuring the
Department's many components work in tandem is a daily effort and there
is still much progress to be made.
Over the years, several Secretaries of Homeland Security have made
it a priority to unify the Department and to consolidate management
functions within a strong, centralized headquarters. Many DHS
components existed as independent agencies for decades before the
Department was created, and each had their own distinct histories and
cultures. Although these agencies had been brought together under one
umbrella, they didn't always function as one cohesive Department. DHS
headquarters often lacked the ability to adequately coordinate
policies, resources, and oversight of the Department as a whole. But
significant improvements have been made. DHS has created new offices to
better coordinate information sharing, strategic planning, and
overlapping operations.
Today, I look forward to hearing from two representatives of DHS's
Management Directorate about how the Department has evolved over the
last 20 years and how it is tackling on-going and new challenges. I
also look forward to hearing from the Government Accountability Office
(GAO), which has provided consistent oversight over the Department
since its creation, particularly through its biennial High-Risk List--a
report which identifies Government operations with significant
vulnerabilities to fraud, waste, abuse, and mismanagement.
When DHS was first created, GAO added ``Implementing and
Transforming the New Department of Homeland Security'' to its High-Risk
List. In 2003, GAO noted that such a task was an ``enormous undertaking
that will take time to achieve in an effective and efficient manner.''
But that failure to do so would ``expose the Nation to potentially very
serious consequences.'' DHS has transformed itself over the last nearly
20 years, and its designation on the High-Risk List has changed as
well.
Now, GAO's recommendations are more narrowly focused on improving
the Department's management functions. Because although DHS has made
significant progress over the years, it continues to struggle with
integrating and strengthening the core functions that affect every
single aspect of the agency. This includes the management of
information technology, human capital, acquisition, and finances, all
of which are housed within the Department's Management Directorate.
They remain on the list in many ways because they are the issues that
suffer the most from a decentralized headquarters. The constant push
and pull between operational components and headquarters have hampered
the Department's ability to develop a strong and unified approach to
these core issues.
But tackling these problems is key to ensuring that DHS can
continue to protect the homeland from all threats, those we faced 20
years ago and those we may face in the future. I look forward to
hearing more about how DHS has grown into the agency it is today as
well as how we can help them continue to mature and meet these enduring
challenges.

Mr. Correa. I would like to recognize the Ranking Member of
the subcommittee, the gentleman from Michigan, Mr. Peter
Meijer, for his opening statement.
Mr. Meijer, welcome.
Mr. Meijer. Thank you, Mr. Chairman, for holding this
important hearing today.
Thank you to our witnesses from DHS and GAO.
This hearing comes at a critical time for the Department of
Homeland Security. DHS was created in the wake of the most
devastating terrorist attacks to occur on U.S. soil, and when
we lost nearly 3,000 Americans on 9/11, we vowed as a Nation to
prevent any such attack from occurring again.
We passed the 20-year anniversary of 9/11 this month and
find ourselves facing a multifaceted threat landscape that is
constantly evolving. As new threats continue to emerge, we are
also seeing conditions that resemble those that existed in the
days leading up to the tragic attacks 20 years ago.
The United States has withdrawn from Afghanistan, and there
is real concern that the swift Taliban takeover of the country,
coupled with the mismanaged U.S. withdrawal, has left a vacuum
in which terrorist groups will reconstitute and proliferate.
At the same time, DHS is leading the enormous task of
vetting and resettling over 60,000 evacuees from Afghanistan
into the United States. Operations Allies Welcome will be a
complicated, time-consuming effort for the Department, and DHS
does not have the luxury of focusing solely on this issue.
The threat landscape has expanded beyond the actions of
foreign terrorist organizations like al-Qaeda that served as
the original catalyst for the creation of the Department. But,
as a result, DHS must be prepared to handle an increasing
number of new threats, including cyber attacks, challenges on
the border with migrant surges, and encroachment on U.S.
economic security as foreign actors seek unique ways to
negatively influence our democracy. DHS must be prepared to
handle all of these threats and more.
We recognize and commend the dedicated work the Department
and its employees have undertaken and all that they have
accomplished over the past 20 years. It is no easy task to
create a new organization, and even more difficult to combine
22 distinct entities into 1 cohesive unit.
Where DHS has certainly made great strides over the years,
it remains lacking in several key areas. The Government
Accountability Office published its most recent ``High-Risk
List'' in March of this year. The list delineates high-risk
Government programs and operations as well as providing a
status report of the Government's efforts to address these
high-risk areas.
This year, GAO emphasized that the Department must continue
implementing its integrated strategy for high-risk management,
which outlines progress related to strengthening and
integrating information technology, financial management, human
capital management, and acquisitions.
By GAO's assessment, DHS is still lacking in areas to build
capacity in its acquisition programs, IT, and financial
systems. The these areas are critical to supporting the safety
and security of DHS's numerous missions at home and abroad.
Specifically, of the 5 management functions GAO assesses
for every program and operation, DHS is meeting 3 of them but
only partially meeting 2, the 2 regarding capacity and
demonstrated progress functions. I cannot stress how vital it
is that DHS missions have the proper people, resources, and
systems in place to reduce risks in its programs and
operations.
This could not be clearer than in DHS's efforts to help
Afghan evacuees. DHS has appointed Bob Fenton, a regional FEMA
administrator, to lead the interagency Unified Coordination
Group in charge of vetting and resettling evacuees from
Afghanistan.
This gives DHS the incredible responsibility for the lives
of tens of thousands of evacuees while it is still dealing with
other domestic challenges, including the on-going COVID-19
pandemic and the fallout from the worst hurricane season on
record. The demands on DHS personnel are compounded by
shortages of personnel in key areas across the Department,
which GAO cited as limiting factors in their 2021 report.
Before coming to Congress, I witnessed first-hand as
countries struggled with these kinds of crises around the
world. I led disaster-response operations both in the United
States and abroad, assisting communities that have been
impacted by natural disasters, and I spent close to 2 years in
Afghanistan as a conflict analyst with the humanitarian aid
community, working to protect aid workers who were delivering
vital assistance to those in need.
Without the full support of my coworkers, I would have been
at a loss in these disaster-relief efforts. Similarly, without
proper capacity at every level in DHS, each of its components
will struggle for success.
In terms of DHS's ability to demonstrate progress, I am
interested to learn what steps DHS takes or plans to take to
resolve these high-risk areas. It is imperative that we see the
Department's acquisition processes, IT systems, and financial
oversight capacity, as well as human capital and management,
functioning at the highest possible levels. With the current
global threat landscape in massive flux, we cannot leave
anything to chance with the programs and operations meant to
keep our homeland secure.
Mr. Chairman, thank you again for holding this hearing, and
I sincerely look forward to hearing our witnesses' testimony
today and working closely with the Department to ensure it
reaches its full and vital potential.
[The statement of Ranking Member Meijer follows:]
Statement of Ranking Member Peter Meijer
Thank you, Mr. Chairman, for holding this important hearing today,
and thank you to our witnesses from DHS and GAO.
This hearing comes at a critical time for the Department of
Homeland Security. DHS was created in the wake of the most devastating
terrorist attacks to occur on U.S. soil. We lost nearly 3,000 Americans
on 9/11, and we vowed as a Nation to prevent any such attack from
occurring again.
We passed the 20-year anniversary of 9/11 this month and find
ourselves facing a multifaceted threat landscape that is constantly
evolving. As new threats continue to emerge, we are also seeing
conditions that resemble those that existed in the days leading up to
the tragic attacks 20 years ago. The United States has withdrawn from
Afghanistan and there is real concern that the swift Taliban takeover
of the country, coupled with the egregiously mismanaged U.S.
withdrawal, has left a vacuum in which terrorist groups will
proliferate. At the same time, DHS is leading the enormous task of
vetting and resettling over 60,000 evacuees from Afghanistan into the
United States.
Operation Allies Welcome will be a complicated, time-consuming
effort for the Department, and DHS unfortunately cannot focus solely on
this issue. The threat landscape has expanded beyond the actions of
Foreign Terrorist Organizations like al-Qaeda that served as the
catalyst to create the Department. As a result, DHS must be prepared to
handle an increasing number of new threats such as cyber attacks,
surges of migrants that undermine our Nation's border security, and
encroachments on U.S. economic security as foreign bad actors seek
unique ways to negatively influence our democracy.
DHS must be prepared to handle all these threats and more. We
recognize and commend the dedicated work the Department and its
employees have undertaken and all they have accomplished over the past
20 years. It is no easy task to create an entirely new organization. It
is even more difficult to combine 22 distinct entities into one
cohesive unit. While DHS has certainly made great strides over the
years, it remains lacking in several key areas.
The Government Accountability Office published its most recent
High-Risk List in March of this year. This list delineates high-risk
Government programs and operations as well as a status report of the
Government's efforts to address high-risk areas. This year, GAO
emphasized that the Department must continue implementing its
Integrated Strategy for High-Risk Management, which outlines progress
related to strengthening and integrating information technology,
financial management, human capital management, and acquisitions.
By GAO's assessment, DHS is still lacking in areas to build
capacity in its acquisition programs, information technology, and
financial systems management. These areas are critical to supporting
the safety and security of DHS's numerous missions at home and abroad.
Specifically, of the 5 management functions GAO assesses for every
program and operation, DHS is meeting three of them, but only partially
meeting two, the two regarding capacity and demonstrated progress
functions.
I cannot stress enough how vital it is to DHS missions to have the
proper people, resources, and systems in place to reduce risks in its
programs and operations. This couldn't be clearer than in DHS's efforts
to help Afghan evacuees. DHS has appointed Bob Fenton, a regional FEMA
administrator, to lead the interagency Unified Coordination Group in
charge of vetting and resettling evacuees from Afghanistan. This gives
DHS the incredible responsibility for the lives of tens of thousands of
evacuees while it is still dealing with other domestic challenges,
including the on-going COVID-19 pandemic and the fallout from the worst
hurricane season on record. The demands on DHS personnel are compounded
by personnel shortages in key areas across the Department, which GAO
cited as limiting factors in their 2021 report.
Before coming to Congress, I witnessed first-hand as communities
struggled with these kinds of crises around the world. I led disaster
response operations both in the United States and abroad, assisting
communities that had been impacted by natural disasters, and I spent 2
years in Afghanistan as a conflict analyst with the humanitarian aid
community, working to protect aid workers who were delivering vital
assistance to those in need. Without the full support of my coworkers,
I would have been at a loss in those disaster relief efforts.
Similarly, without proper capacity at every level in DHS, each of its
components will struggle for success.
In terms of DHS's ability to demonstrate progress, I am very
interested to learn what steps DHS plans to take to resolve high-risk
areas. It is imperative that we see the Department's acquisition
processes, IT systems, financial oversight, and human capital
management functioning at the highest possible levels. With the current
global threat landscape in massive flux, we cannot leave anything to
chance with the programs and operations meant to keep our homeland
secure.
Mr. Chairman, thank you again for holding this hearing. I am
sincerely looking forward to hearing our witnesses' testimonies today
and working closely with the Department to ensure it reaches its full
potential.

Mr. Correa. I want to thank the Ranking Member for his
comments. I want to thank the Ranking Member also for your
service to our country. Duly noted. Thank you very much.
Members are also reminded the committee will operate
according to the guidelines laid out by the Chairman and the
Ranking Member in their February 3 colloquy regarding remote
procedures.
Without objection, Members on the subcommittee shall be
permitted to sit and question the witnesses--that is, Members
not on the subcommittee shall be permitted to sit and question
the witnesses.
Member statements may be submitted for the record.
[The statement of Chairman Thompson follows:]
Statement of Chairman Bennie G. Thompson
September 30, 2021
I have been a Member of this committee since it was stood up, and I
have witnessed the many challenges DHS has faced since it was
established. For example, shortly after the Department's creation, it
was placed on the Government Accountability Office's (GAO's) High-Risk
List given the challenges associated with consolidating 22 existing
Federal agencies into one new Department. After much progress, in 2013,
GAO and the Department agreed to 30 specific outcomes DHS needed to
achieve for removal from the High-Risk List.
I am encouraged by the fact that, over the last 8 years, DHS has
fully addressed 17 of these 30 outcomes. I look forward to hearing more
about the Department's efforts to address the remaining challenges as
well as any recommendations GAO has for achieving that goal.
One exercise that assists the Department in addressing challenges
and establishing long-term strategies is the development of the
Quadrennial Homeland Security Review (QHSR). The QHSR is a statutorily-
required, comprehensive examination of the homeland security strategy
of the United States. Despite several public promises from DHS
officials that its release was imminent, the Trump administration
failed to issue the 2017 QHSR. Unfortunately, that means it's been 7
years since the last QHSR was issued. While the Management Directorate
is not specifically responsible for drafting the QHSR, I sincerely hope
that current leadership completes a timely QHSR.
I am committed to ensuring that the Department is well-positioned
to meet the challenges it faces today. The Trump administration left
key DHS leadership positions vacant, undermining the Department's
progress toward adequate coordination of policy, resources, and
oversight.
Accordingly, in July, I introduced the ``DHS Reform Act'' to
improve DHS operations and address lessons learned from the
mismanagement, waste, and abuse under President Trump. The Act promotes
continuity and confidence in Department leadership by placing
additional restrictions on who can serve in ``acting'' roles. It also
authorizes the under secretary for management to serve a 5-year term,
which will ease transitions from one administration to the next. The
Act takes steps to codify the spirit of former-Secretary Jeh Johnson's
``Unity of Effort'' campaign.
For example, the legislation would centralize oversight of DHS'
multi-billion-dollar portfolio of acquisition programs under the
Management Directorate. Furthermore, the Act strengthens Constitutional
protections in the Department's programs and activities by granting the
DHS Privacy Office and Office for Civil Rights and Civil Liberties
additional authorities and further integrating those offices with
operational components. These are just a few of the Act's highlights,
and I anticipate working with leadership at the Department to make
these reforms a reality.
I also look forward to working with the acting under secretary for
management--who has a wealth of experience serving in many roles
throughout the Department--as well as the chief human capital officer
on efforts to address challenges facing the Department. Finally, I
always appreciate the straightforward testimony offered by GAO and look
forward to hearing from Mr. Currie.

Mr. Correa. If I can, I would like to turn now to our panel
of witnesses.
First, we have Mr. Chris Currie. Mr. Currie is a director
on the Homeland Security and Justice Team at the Government
Accountability Office, or GAO. He leads the agency's work on
emergency management, disaster response and recovery, and DHS
management and high-risk issues. Mr. Currie has been with GAO
since 2002 and has been the recipient of numerous agency
awards, including the Meritorious Service Award in 2008.
Welcome, Mr. Currie.
Our second witness is Mr. Tex Alles, who serves as the
acting under secretary for management at DHS. In this role, he
oversees all aspects of the Department's management functions,
including financial, human capital, information technology,
procurement, security, and asset management. Mr. Alles has
served in many senior leadership roles since joining the
Department in 2012 and most recently served as director of the
Secret Service.
Our final witness is Ms. Angela Bailey, chief human capital
officer at DHS. Ms. Bailey is responsible for the Department's
human capital program, including human resource policy,
recruitment, and hiring, and employee development. She has
dedicated more than 40 years as a career public servant, with
34 of those years in human resources. Ms. Bailey was appointed
to her current position in January 2016.
Without objection, the witnesses' full statements will be
inserted into the record.
I will now ask each witness to summarize his or her
statement in 5 minutes, and I will begin with Mr. Currie.
Welcome, sir.

STATEMENT OF CHRIS CURRIE, DIRECTOR, HOMELAND SECURITY AND
JUSTICE TEAM, GOVERNMENT ACCOUNTABILITY OFFICE

Mr. Currie. Thank you, sir. Thank you, Chairman Correa,
Ranking Member Meijer, and others. It is honor to be here to
discuss GAO's work on DHS.
As you and the Ranking Member said in your opening
statement, DHS has been on GAO's ``High-Risk List'' since it
first opened its doors in 2003. We did this because combining
22 separate agencies was a massive challenge. Many of its
agencies already had major challenges from the start, and the
effective creation was critical to National security as well.
I think it is important in this hearing to reflect over the
last 20 years on how DHS has evolved and the tremendous
transformational progress they have made. There are several
reasons for the progress, which you talked about in your
opening statement.
First has been leadership commitment. At GAO, we have more
than 30 high-risk areas across Government and many more that we
have taken off the list over the years. There is not an agency
or a management team more committed or involved in addressing
these issues than the ones at DHS. For example, they meet with
us quarterly. They do a strategy twice a year. We have seen
tremendous commitment to these issues.
Second, DHS devotes resources to these issues and measures
progress, which is critical. For example, dedicated teams
manage each individual outcome area and ensure accountability
in the agency.
Another reason for progress has been consistent
Congressional oversight over 20 years. Hearings like this one
and hearings in the Senate keep the spotlight pointed on this
issue and encourage steady progress. As a result, DHS has
transformed from a fragmented department without a clear
culture to the third-largest Cabinet agency with almost 250,000
people and arguably the most diverse and difficult mission in
all of Government. I have personally seen this over the last 19
years working with the Department.
However, while progress has been made, it is still the
newest department, and more work is needed before we can take
it off our ``High-Risk List.'' Specifically, we monitor DHS
progress across several key areas, including human capital, IT
management, acquisitions, and financial management. So far, DHS
has addressed 18 of the 30 areas that we measure and is working
to address the remaining 12.
I would like to highlight some of the most challenging
areas left to address.
In the area of acquisitions, DHS continues to implement
more disciplined processes to better manage acquisitions across
the Department. However, in our most recent look at major
acquisitions, we found that 10 of the 24 major acquisition
programs we looked at did not meet cost or schedule goals. In
some cases, this was because DHS underestimated a program's
complexity or the requirements needed for the program.
Financial management has been another very challenging
area. While DHS has made progress, the initial challenge was so
great that there is still a long way to go. To use a private-
sector analogy, you can imagine if 22 large corporations had to
combine financial systems and processes.
For example, DHS has now received a clean audit opinion on
its financial statements for 8 years straight, which is a major
achievement. However, it struggles to modernize several of its
financial systems. Specifically, DHS needs to effectively
implement its long-term systems modernization efforts at the
Coast Guard and particularly at FEMA, who manages this lion's
share of the Department's dollars and grants that go out the
door.
FEMA's system is over 25 years old and manages a huge well-
over-$100-billion portfolio of DHS funds, including grants.
They have only begun steps to begin the modernization of FEMA,
and it is going to be many more years before there is a new
system in place.
Last, I have to talk about employee morale. This has been a
focus of much attention over the years, and the story is way
more complicated than simply saying DHS ranks last among large
departments. No issue likely frustrates the folks on this
hearing from DHS more.
We have seen tremendous efforts to understand the root
causes of this issue and determine how to address it. The
bottom line is that some DHS components have high morale scores
and others don't. The larger components, like TSA and CBP,
consistently rank lower and bring the collective Departmental
scores down.
What we have seen is that more focused oversight and
attention is needed on the components and more accountability
by their leadership. It is very hard for top-level DHS actions
to trickle deep into the components and make change. Component
heads and management are the key to making progress in their
respective agencies, and we have recently made a number of
recommendations to ensure this happens.
This concludes my statement, and I look forward to the
questions.
[The prepared statement of Mr. Currie follows:]
Prepared Statement of Chris Currie
September 30, 2021
highlights
Highlights of GAO-21-105418, a testimony before the Subcommittee on
Oversight, Management, and Accountability, Committee on Homeland
Security, House of Representatives.
Why GAO Did This Study
The events of September 11, 2001, led to profound changes in
Government agendas, policies, and structures to confront homeland
security threats. In 2003, DHS began operations, with missions to
prevent terrorist attacks and reduce the country's vulnerability to
future terrorism. GAO's High-Risk List identifies programs and
operations (such as DHS's management functions) that are vulnerable to
waste, fraud, abuse, or mismanagement, or in need of transformation.
GAO's 5 criteria for removing areas from the High-Risk List guide the
assessment of DHS's progress.
This statement addresses DHS's progress and actions needed to
strengthen its management functions. It is based on reports in GAO's
high-risk series, including its most recent March 2021 update, as well
as selected updates on DHS's efforts as of September 2021. For this
work, GAO analyzed DHS documents and data and interviewed DHS
officials.
DHS Progress against High-Risk List Removal Criteria

department of homeland security.--progress made strengthening
management functions, but work remains
What GAO Found
Shortly after the Department of Homeland Security (DHS) was formed,
GAO designated implementing and transforming DHS as a high-risk area to
the Federal Government because it had to transform 22 agencies--several
with major management challenges--into one department.
Progress made.--In 2013, GAO reported that challenges remained for
DHS across its range of missions, but that the Department had made
considerable progress transforming its original component agencies into
a single Cabinet-level department. As a result, GAO narrowed the scope
of the high-risk area to focus on strengthening DHS management
functions--specifically acquisition, information technology, financial,
and human capital management.
DHS's efforts to strengthen and integrate its management functions
have resulted in the Department meeting 3 of 5 criteria for removal
from GAO's High-Risk List--demonstrating leadership commitment, having
an action plan, and monitoring the effectiveness of its actions. DHS
has partially met the remaining two criteria for removal--having
sufficient capacity and demonstrating progress.
Several factors contributed to DHS's success in narrowing the scope
of the high-risk area. These include:
DHS's top leaders demonstrated leadership commitment and
support for addressing the Department's challenges, which
helped ensure sustained, consistent progress in this high-risk
area.
DHS consistently communicated its efforts and regularly
sought constructive and specific feedback from GAO on its
strategy and approach to addressing the high-risk area.
Work remaining.--Continued progress for this high-risk area depends
on DHS addressing its remaining management challenges. For example, DHS
needs to make additional progress identifying and allocating resources
in acquisition and financial management. For instance:
DHS lacks acquisition support staffing plans and has not
clearly defined which acquisition positions are critical for
oversight responsibilities, limiting DHS's insight into whether
it has appropriate staff to carry out its duties.
DHS's financial statement auditor identified several
capacity-related issues, including resource limitations and
inadequate staff training, resulting in material weaknesses in
its 2020 financial statements.
DHS also has work remaining to demonstrate progress implementing
corrective measures. Specifically, of the 30 outcome measures GAO uses
to gauge the Department's progress, DHS has not yet fully addressed 12
of 30 measures. For example, DHS needs to effectively implement its
long-term financial systems modernization efforts and use Department-
wide training data to inform its human capital programs.
In the coming years, DHS needs to continue implementing its
remaining work and sustaining its progress to-date.
Chairman Correa, Ranking Member Meijer, and Members of the
subcommittee: I am pleased to be here today to discuss the Department
of Homeland Security's (DHS) management challenges and its progress in
addressing them. The Nation recently passed the 20-year anniversary of
the September 11, 2001, terrorist attacks. The events of that day led
to profound changes in Government agendas, policies, and structures to
confront homeland security threats facing the Nation. Most notably, DHS
began operations in 2003 with key missions that included preventing
terrorist attacks from occurring in the United States, reducing the
country's vulnerability to terrorism, and minimizing the damages from
any attacks that may occur. This milestone provides an opportunity to
reflect on the progress DHS has made since its establishment and
challenges it continues to face.
In 2003, shortly after the Department was formed, we designated
Implementing and Transforming DHS as a high-risk area to the Federal
Government.\1\ DHS has since taken steps to address this high-risk
area, including implementing key homeland security operations and
achieving important goals in many areas. For example, DHS has
implemented 73 percent of the approximately 6,200 recommendations we
have made since 2003, resulting in strengthened program management,
performance measurement, and other impacts. As DHS matured and evolved,
we narrowed the focus of this high-risk area in 2013 to Strengthening
DHS Management Functions. This narrowing recognized DHS's progress and
the significant challenges that remained. We continue to closely
monitor DHS's efforts and regularly meet with DHS management to discuss
progress.
---------------------------------------------------------------------------
\1\ GAO's High-Risk List identifies programs and operations that
are vulnerable to waste, fraud, abuse, or mismanagement, or in need of
transformation. We issue an update to the High-Risk List every 2 years
at the start of each new session of Congress. Our most recent update
was issued in March 2021. See GAO, High-Risk Series: Dedicated
Leadership Needed to Address Limited Progress in Most High-Risk Areas,
GAO-21-119SP (Washington, DC: Mar. 2, 2021).
---------------------------------------------------------------------------
Our 5 criteria for removing areas from the High-Risk List guide our
discussions with DHS and our assessments of its progress. Specifically,
the agency must have: (1) A demonstrated strong commitment and top
leadership support to address the risks (leadership commitment); (2)
the capacity--the people and other resources--to resolve the risks
(capacity); (3) a corrective action plan that identifies the root
causes, identifies effective solutions, and provides for substantially
completing corrective measures in the near term, including but not
limited to steps necessary to implement solutions we recommended
(action plan); (4) a program instituted to monitor and independently
validate the effectiveness and sustainability of corrective measures
(monitoring); and (5) the ability to demonstrate progress in
implementing corrective measures (demonstrated progress).
My statement discusses DHS's progress addressing high-risk issues
and remaining actions needed to strengthen and integrate its management
functions. This statement is based on reports in our high-risk series,
including our most recent March 2021 high-risk update, as well as
selected updates on employee engagement as of September 2021 based on
our on-going monitoring of DHS's efforts to address this high-risk
area.\2\ For this work, we analyzed DHS strategies and other documents
related to the Department's efforts to address its high-risk areas and
interviewed DHS officials, among other actions. More detailed
information on the scope and methodology of our prior work can be found
within each specific report. We provided the information from our on-
going monitoring effort to DHS for review. DHS provided technical
comments, which we incorporated as appropriate.
---------------------------------------------------------------------------
\2\ See, for example, GAO-21-119SP; GAO, High Risk: Important
Progress Made, but More Work Needed to Strengthen DHS Management, GAO-
19-475T (Washington, DC: Apr. 3, 2019), and High-Risk Series: An
Update, GAO-13-283 (Washington, DC: Feb. 2013).
---------------------------------------------------------------------------
We conducted the work on which this statement is based in
accordance with generally accepted Government auditing standards. Those
standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe that
the evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives.
dhs continues to work to address its high-risk issues
DHS's Progress Led to Narrowing the High-Risk Focus to DHS Management
Functions
In 2003, we designated implementing and transforming DHS as high-
risk because DHS had to transform 22 agencies--several with major
management challenges--into one department. Further, failure to
effectively address DHS's management and mission risks could have
serious consequences for U.S. National and economic security. Given the
significant effort required to build and integrate a department as
large and complex as DHS, our initial high-risk designation addressed
the Department's initial transformation and subsequent implementation
efforts.
In 2007 and 2009, we reported that DHS made progress implementing
its range of missions and that it needed to address various
programmatic and management challenges. DHS's initial focus on
implementing its mission was understandable given the critical homeland
security needs facing the Nation at the time, as well as the unique
challenges facing DHS in creating, integrating, and transforming the
Department.
In 2011, we reported in our assessment of DHS's progress and
challenges 10 years after 9/11 that the Department had implemented key
homeland security operations and achieved important goals in many
areas, thus creating a foundation for reaching its potential.\3\
However, we also identified that DHS needed to complete more work to
address weaknesses in its operational and implementation efforts,
including strengthening the efficiency and effectiveness of those
efforts. We further reported that continuing weaknesses in DHS's
management functions had been a key theme hindering the Department's
implementation efforts.
---------------------------------------------------------------------------
\3\ GAO, Department of Homeland Security: Progress Made and Work
Remaining in Implementing Homeland Security Missions 10 Years after 9/
11, GAO-11-881 (Washington, DC: Sept. 7, 2011). This report addressed
DHS's progress in implementing its homeland security missions since it
began operations, work remaining, and issues affecting implementation
efforts. Drawing from over 1,000 GAO reports and Congressional
testimony related to DHS programs and operations, and approximately
1,500 recommendations made to strengthen mission and management
implementation, this report addressed progress and remaining challenges
in such areas as border security and immigration, transportation
security, and emergency management, among others.
---------------------------------------------------------------------------
In 2013, we reported that challenges remained for DHS across its
range of missions, but that the Department had made considerable
progress transforming its original component agencies into a single
Cabinet-level department. As a result, we narrowed the scope of the
high-risk area to focus on strengthening DHS management functions--
acquisition, information technology (IT), financial, and human capital
management--in addition to integrating these management functions.
Management integration requires DHS to implement actions and outcomes
in each management area to develop consistent or consolidated processes
and systems within and across its management functional areas (such as
better managing investments and management functions across the
Department's component agencies). We also changed the name of the high-
risk area to Strengthening DHS Management Functions to reflect this
focus.\4\
---------------------------------------------------------------------------
\4\ GAO-13-283.
---------------------------------------------------------------------------
DHS Has Made Progress in Strengthening Its Management Functions, but
Work Remains
DHS's efforts to strengthen and integrate its acquisition, IT,
financial, and human capital management functions have resulted in the
Department meeting 3 of 5 criteria for removal from the High-Risk
List--leadership commitment, action plan, and monitoring. DHS has
partially met the remaining two criteria--capacity and demonstrated
progress, as shown in figure 1.

Leadership commitment.--DHS's top leaders have continued to
demonstrate commitment and support for addressing the Department's
management challenges. They have also taken actions to institutionalize
this commitment to help ensure the success of the Department's efforts.
For example, the deputy under secretary for management issued strategic
guidance to DHS's component agencies encouraging investment in areas
critical to DHS management functions, including financial system
modernization, human resource training, and career development
programs. Furthermore, top DHS leaders, such as the under secretary for
management and the Department's chief executive officers, routinely
meet with GAO management to discuss progress on this high-risk area.
Action plan and Monitoring.--DHS's Management Directorate produced
the Department's first Integrated Strategy for High-Risk Management in
January 2011 and has since issued 19 updated versions. DHS's next
update is planned for fall 2021. The most recent strategy from March
2021 describes DHS's progress and planned corrective actions to further
strengthen its management functions. If effectively implemented and
sustained, the Integrated Strategy for High-Risk Management provides a
path for DHS to be removed from our High-Risk List.
Capacity.--DHS has partially demonstrated sufficient capacity
(i.e., the people and other resources to resolve the identified risks)
but needs to make additional progress identifying and allocating
resources in acquisition and financial management. In October 2020, we
reviewed DHS component acquisition executive (CAE) roles and
responsibilities for oversight, policy, and acquisition workforce and
found that not all CAEs prepared support staffing plans, and DHS has
not clearly defined which acquisition positions are critical to carry
out oversight responsibilities.\5\ Without complete support staffing
plans and clearly defined critical positions--the expertise needed at
minimum to support oversight of cost, schedule, and performance--DHS
lacks insight into whether it has the appropriate staff to carry out
primary oversight responsibilities. Additionally, in 2020, DHS's
financial statement auditor identified several capacity-related issues,
including resource limitations, inadequate management, and inadequate
staff training as causes for the material weaknesses reported.\6\
---------------------------------------------------------------------------
\5\ Component acquisition executives--with the exception of those
in DHS's Management Directorate--are senior acquisition executives
below the department level within DHS components. For example, DHS
components include the United States Coast Guard, Customs and Border
Protection, and the Transportation Security Administration. Component
acquisition executives have acquisition responsibilities in four key
areas: Oversight, policy, acquisition workforce, and acquisition data
support. The Management Directorate differs because organizationally it
resides at the department level, has 5 separate component acquisition
executives (or individuals performing the duties of the component
acquisition executive), and provides support to the DHS operational
components. GAO, Homeland Security Acquisitions: DHS Has Opportunities
to Improve Its Component Acquisition Oversight, GAO-21-77 (Washington,
DC: Oct. 20, 2020).
\6\ DHS Office of Inspector General, Independent Auditors' Report
on DHS's Fiscal Year Financial Statements and Internal Control over
Financial Reporting, OIG-21-08 (Washington, DC: Nov. 13, 2020).
---------------------------------------------------------------------------
Demonstrated progress.--The final criterion, demonstrated progress
(i.e., the ability to demonstrate progress in implementing corrective
measures), remains partially met. In 2010, we identified 30 specific
outcomes in the areas of acquisition management, IT management,
financial management, human capital management, and management
integration that are critical to addressing the Department's overall
management challenges. DHS agreed with these outcomes, and they have
since become the key criteria by which we gauge DHS's demonstrated
progress. As of September 2021, DHS has fully addressed 18 of the 30
outcomes, mostly addressed 4, partially addressed 5, and initiated
actions to address the remaining 3, as shown in table 1.

TABLE 1: GAO ASSESSMENT OF DEPARTMENT OF HOMELAND SECURITY (DHS) PROGRESS ACROSS MANAGEMENT AREAS, AS OF
SEPTEMBER 2021
----------------------------------------------------------------------------------------------------------------
Fully Mostly Partially
Key Management Function Addressed \1\ Addressed \2\ Addressed \3\ Initiated \4\ Total
----------------------------------------------------------------------------------------------------------------
Acquisition management.................. 2 3 ............. ............. 5
Information technology management....... 5 ............. 1 ............. 6
Financial management.................... 2 ............. 3 3 8
Human capital management................ 6 1 ............. ............. 7
Management integration.................. 3 ............. 1 ............. 4
-----------------------------------------------------------------------
Total............................. 18 4 5 3 30
----------------------------------------------------------------------------------------------------------------
Source: GAO analysis of DHS documents, interviews, and prior GAO reports./GAO-21-105418
\1\ ``Fully addressed'': Outcome is fully addressed.
\2\ ``Mostly addressed'': Progress is significant and a small amount of work remains.
\3\ ``Partially addressed'': Progress is measurable, but significant work remains.
\4\ ``Initiated'': Activities have been initiated to address the outcome, but it is too early to report
progress.

In recent years, DHS has made particular progress in the areas of
IT management and human capital management. Specifically, since 2017,
DHS has taken steps to fully address 5 outcomes across these 2
management areas. First, DHS fully addressed 2 IT management outcomes
by: (1) Providing on-going oversight and support to troubled IT
investments to help improve their cost, schedule, and performance and
(2) demonstrating significant progress in implementing its IT strategic
workforce planning initiative. Additionally, the Department fully
addressed 3 key human capital management outcomes by: (1) Demonstrating
that components are basing hiring decisions and promotions on human
capital competencies, (2) strengthening efforts to obtain employee
input, and (3) improving its employee engagement scores as measured by
the Office of Personnel Management's (OPM) Federal Employee Viewpoint
Survey.\7\
---------------------------------------------------------------------------
\7\ The Federal Employee Viewpoint Survey is a tool that measures
employees' perceptions of whether and to what extent conditions
characterizing successful organizations are present in their agency.
---------------------------------------------------------------------------
Important progress and remaining work in all of the 5 management
functions includes:
Acquisition management.--DHS has taken steps to strengthen
requirements development across the Department, such as re-
establishing the Joint Requirements Council in June 2014.\8\
However, DHS continues to face challenges in effectively
executing its acquisition portfolio. In May 2018, we found that
enhancements to DHS's acquisition management, resource
allocation, and requirements policies largely reflected key
portfolio management practices. However, in January 2021, we
found that 10 of the 24 major acquisition programs we assessed
with approved schedule and cost baseline goals did not meet a
goal at some point in fiscal year 2020.\9\
---------------------------------------------------------------------------
\8\ In November 2014, in response to a GAO recommendation, DHS
reestablished the Joint Requirements Council that it had dissolved in
2006, to review requirements submitted by DHS's component agencies
(e.g., the Transportation Security Administration). The purpose of the
council is to validate and prioritize operational requirements--those
capabilities that are necessary to conduct DHS's mission--for all major
acquisitions and to ensure that objective, analytical rigor supports
these requirements.
\9\ GAO, DHS Annual Assessment: Most Acquisition Programs Are
Meeting Goals but Data Provided to Congress Lacks Context Needed for
Effective Oversight, GAO-21-175 (Washington, DC: Jan. 19, 2021).
---------------------------------------------------------------------------
Some of these instances were because of factors outside of a
program's control, such as the Coronavirus Disease 2019
pandemic. However, we also reported that in some instances, DHS
did not implement sound acquisition practices. For example, 2
of the 10 programs failed to meet their cost or schedule goals
because of an underestimation of the programs' complexity or
requirements. Further, we found that some of the programs that
were meeting their currently established goals were at risk of
future cost growth or schedule slips. Although the Department
had various assessment mechanisms to review individual program
progress, it had not yet established an integrated approach to
assess the performance of and inform oversight of its overall
acquisition portfolio.
IT management.--DHS has continued to sustain and mature its
Department-wide Enterprise Architecture program over the past 6
years. For example, in response to our recommendations, the DHS
chief information officer developed a fiscal year 2020-2023
Enterprise Architecture Strategic Plan to provide strategic
direction for delivering IT services and solutions across the
Department.\10\ Further, in response to other recommendations,
the Department has continued to manage its IT investments using
an IT portfolio management approach.\11\ For example, in fiscal
year 2020, the Office of the Chief Information Officer (OCIO)
produced portfolio data and analysis related to each of the
Department's 7 IT portfolios. OCIO officials reported that the
chief information officer and other DHS leadership used this
information to support IT investment oversight and resource
allocation recommendations. This portfolio management approach
should enable DHS to identify potentially duplicative
investments and opportunities to consolidate investments, as
well as reduce component-specific investments.
---------------------------------------------------------------------------
\10\ GAO, Homeland Security: DHS Enterprise Architecture Continues
to Evolve but Improvements Needed, GAO-07-564 (Washington, DC: May 09,
2007), and GAO, Homeland Security: Efforts Under Way to Develop
Enterprise Architecture, but Much Work Remains, GAO-04-777 (Washington,
DC: Aug. 06, 2004).
\11\ GAO, Information Technology: DHS Needs to Further Define and
Implement Its New Governance Process, GAO-12-818 (Washington, DC: July
25, 2012).
---------------------------------------------------------------------------
In addition, DHS has made progress implementing recommendations
identified in the fiscal years 2016 to 2018 DHS Office of the
Inspector General's (OIG) reports related to IT security
weaknesses. However, much work remains for DHS to enhance its
information security program. In September 2020, the OIG
reported that the Department's information security program was
ineffective for fiscal year 2019.\12\ Specifically, the OIG
identified that DHS did not have an effective strategy or
Department-wide approach to manage risks for all of its
systems, nor did it apply timely security patches and updates
to mitigate critical and high-risk security vulnerabilities on
selected components' systems, among other issues.
---------------------------------------------------------------------------
\12\ DHS Office of Inspector General, Evaluation of DHS's
Information Security Program for Fiscal Year 2019 (REDACTED), OIG-20-77
(Washington, DC: Sept. 30, 2020).
---------------------------------------------------------------------------
Additionally, in fiscal year 2020, the Department's financial
statement auditor identified that DHS had ineffective design
and implementation of controls to remediate IT findings,
including insufficient corrective actions to address
deficiencies that have existed for several years in multiple
information systems. Further, for the 17th consecutive year,
the auditor designated deficiencies in IT systems controls as a
material weakness for financial reporting purposes. As a
result, since our 2019 report, DHS has moved from a mostly
addressed to a partially addressed rating for one IT management
area outcome on IT security. OCIO officials informed us that
they are taking steps to address this outcome, such as
conducting an independent verification and validation of plans
of actions and milestones and performing configuration audit
checks for selected operating systems.
Financial management.--DHS received an unmodified audit
opinion on its financial statements for 8 consecutive years--
fiscal years 2013 to 2020.\13\ However, for fiscal years 2019
and 2020, DHS's financial statement auditor reported 2 material
weaknesses in the areas of: (1) Financial reporting, and (2) IT
controls and information systems, as well as instances of
noncompliance with laws and regulations. According to the
auditor, these two material weaknesses led to an adverse
opinion on internal controls over financial reporting. These
deficiencies hamper DHS's ability to provide reasonable
assurance that its financial reporting is reliable and the
Department is in compliance with applicable laws and
regulations. For DHS to obtain and sustain an unmodified audit
opinion on its internal controls over financial reporting, and
to achieve substantial compliance with the Federal Financial
Management Improvement Act of 1996, DHS needs to continue to
strengthen its financial management controls and ensure that
key controls are in place to address the auditor's findings
related to the two material weaknesses.
---------------------------------------------------------------------------
\13\ An unmodified opinion, sometimes referred to as a clean
opinion, is expressed when the auditor concludes that management has
presented financial statements fairly and in accordance with generally
accepted accounting principles.
---------------------------------------------------------------------------
In addition, much work remains to modernize DHS components'
financial management systems and business processes.
Specifically, DHS needs to effectively implement its long-term
financial systems modernization efforts at the U.S. Coast
Guard, the Federal Emergency Management Agency, and U.S.
Immigration and Customs Enforcement. DHS also needs to ensure
that key controls are in place to address the auditor's
findings.
Human capital management.--Since our March 2021 High-Risk
report, DHS has fully addressed an outcome related to its
employee engagement scores on OPM's Federal Employee Viewpoint
Survey. DHS has made continued improvements in its Employee
Engagement Index, which OPM calculates from the Federal
Employee Viewpoint Survey. Starting in 2015, DHS reversed a 5-
year downward trend in its scores on the Employee Engagement
Index. After 4 consecutive years of improvements, DHS surpassed
its 2010 benchmark in 2019, and its Employee Engagement Index
in 2020 was the second consecutive year above the 2010
benchmark (see fig. 2).

To address the remaining human capital management outcome, DHS must
complete steps to use Department-wide training data to inform its human
capital programs. DHS anticipates completing action on this outcome in
fall 2021.
Management integration.--Since 2019, DHS has communicated
management priorities through the Department planning,
programming, budgeting, and execution process. Specifically, in
fiscal year 2019, the deputy under secretary for management
issued strategic guidance to components encouraging investment
in areas critical to DHS management functions. To achieve this
outcome, DHS must continue to demonstrate sustainable progress
integrating its management functions within and across the
Department, as well as fully address the other 12 outcomes it
has not yet fully achieved.
Significant effort is required to build and integrate a department
as large and complex as DHS, and continued progress for this high-risk
area depends on DHS addressing the remaining management outcomes.
Several factors have contributed to DHS's success in narrowing the
scope of the high-risk area so far and are helping it to make progress
on its remaining challenges. These include top DHS leaders
demonstrating leadership commitment and support for addressing the
Department's challenges; consistently communicating its efforts and
regularly seeking feedback from us on its strategy and approach to
addressing the high-risk area; establishing an action plan for
addressing the high-risk area; and identifying performance measures to
monitor its progress. In the coming years, DHS needs to continue
implementing the remaining work across its key management functions and
sustaining its progress to date. We will continue to monitor DHS's
efforts in this high-risk area to determine if the outcomes are
achieved and sustained over the long term.
Chairman Correa, Ranking Member Meijer, and Members of the
subcommittee, this completes my prepared statement. I would be happy to
respond to any questions you may have at this time.

Mr. Correa. Thank you very much, Mr. Currie.
Now I would like to recognize Mr. Alles to summarize his
statement for 5 minutes.

STATEMENT OF RANDOLPH ``TEX'' ALLES, ACTING UNDER SECRETARY FOR
MANAGEMENT, DEPARTMENT OF HOMELAND SECURITY

Mr. Alles. Good afternoon, Chairman Correa, Ranking Member
Meijer, and distinguished Members of the subcommittee.
It is a privilege to appear before you today along with
Chief Human Capital Officer Angie Bailey to discuss the
maturation of our Department of Homeland Security's management
functions as well as some of our challenges, which Chris has
laid out for us.
DHS employees rise to every challenge, and the challenges
are many. The Management Directorate provides vital mission
support services designed to enable front-line operators to
more effectively respond to these challenges.
Since the founding of the Department in 2003, the challenge
for DHS leadership has been to integrate the numerous diverse
organizations brought together in the aftermath of 9/11. Most
of these organizations had unique and sometimes long-standing
management practices and systems already in place.
Because of these challenges, the GAO designated
implementing and transforming DHS as an area on its ``High-Risk
List'' in 2003. After a decade of hard work, GAO acknowledged
the Department's significant progress in 2013, narrowing the
high-risk areas to focus on 5 key management functions:
Acquisition and program management, information technology,
financial management, human capital, and the integration of
management functions across the Department.
I am pleased to report that DHS has ``fully'' or ``mostly
addressed'' 22 of the 30 high-risk outcomes, and GAO is a
valued partner in this effort. In light of our demonstrated
sustained progress, we are working closely with GAO to narrow
and re-scope our high-risk designation for DHS's management
functions with the goal of removal from the list in the
relatively near future.
So I want to highlight some of the specific challenges and
successes.
DHS leadership has long made supporting and strengthening
the work force a top priority, all the more so during the
COVID-19 pandemic. Angie Bailey, our CHCO, will discuss these
efforts in more detail.
As the chief acquisition officer of the Department, I
oversee all major acquisition programs, and I recognize the
critical role of sound acquisition management in meeting needs.
Of the 5 acquisition outcomes, all are ``fully'' or ``mostly
addressed.'' We are on track to close the ``mostly addressed''
outcomes by demonstrating sustained progress with existing
initiatives and program staffing and oversight, specifically
maturing and enhancing our acquisition program health
assessment procedures.
DHS has made substantial progress in maturing the
Department's IT security and capabilities, and GAO has
recognized that success by rating 5 of the 6 IT outcomes as
``fully addressed.'' The sixth outcome, enhanced IT security,
was previously considered ``mostly addressed,'' and, in January
2021, GAO informed the DHS CIO of their intent to downgrade
this rating to ``partially addressed.'' Over this last year,
CIO has made progress toward resolution of the issues raised,
which are highlighted in my statement for the record.
The Department is very proud of obtaining its eighth
consecutive clean financial audit opinion. We are optimistic
that we will earn a ninth opinion in fiscal year 2021. Our
remaining financial management challenges are rooted in our
outdated financial systems, so our Financial Systems
Modernization Program will provide components with modern,
efficient, and compliant business systems, including financial
procurement and asset management functions.
The remaining financial management outcomes focus on
modernizing procurement and asset management systems used by
FEMA and ICE, and DHS is moving forward with a system that
serves those components. We expect to report significant
progress over the next 3 to 5 years.
The Under Secretary of Management Office is responsible for
driving progress across the directorate and in part with
respect to management functions. So, even while dealing with
the immediate threat of COVID, the Management Directorate has
remained focused on long-term issues. For example, we are
achieving significant environmental and financial benefits
through the National Capitol Region real property strategy that
includes consolidation of DHS organizations on St. Elizabeth's
campus and within the National Capitol Region.
So, further remain focused on opportunities for small
business, and, in so doing, we have been recognized by the
Small Business Administration with an A or A-plus grade on its
Small Business Procurement Scorecard for the past 12 years.
Since being placed on the ``High-Risk List,'' DHS has made
tremendous and sustained progress in addressing the central
issues that resulted in GAO's high-risk designation. We
appreciate GAO's strong partnership and willingness to continue
our discussions about re-scoping and eventually removing
management functions from the ``High-Risk List.''
Thank you again for this opportunity to appear before you
to discuss the Department's management functions and
challenges, and I will welcome any questions you have in a few
moments. Thank you, sir.
[The joint prepared statement of Mr. Alles and Ms. Bailey
follows:]
Joint Prepared Statement of Randolph D. ``Tex'' Alles and Angela Bailey
September 30, 2021
Chairman Correa, Ranking Member Meijer, and distinguished Members
of the subcommittee: It is a privilege to appear before you today to
discuss the maturation of the Department of Homeland Security's (DHS)
management functions, as well as some of our remaining challenges.
On a daily basis, the more than 240,000 men and women of DHS
respond to our Nation's most serious threats. DHS employees rise to
every challenge, and the challenges are many. DHS is aggressively
pursuing the administration's priorities and addressing some of the
most critical and evolving threats to the United States. We are focused
on easing the burdens of the COVID-19 pandemic, responding to natural
disasters such as Hurricane Ida, promoting a safe, orderly, and humane
immigration system, combatting Domestic Violent Extremism, and
detecting, mitigating, recovering from, and responding to, malicious
cyber attacks.
In his role as deputy under secretary for management, Mr. Alles
currently leads the Management Directorate. The Directorate includes
mission support functions designed to enable front-line operators to
more effectively respond to these daily challenges. Having formerly
served as director of the U.S. Secret Service and in multiple
operational leadership positions at U.S. Customs and Border Protection,
Mr. Alles keenly appreciates how crucial effective and efficient
management functions are to successful mission performance.
In her role as chief human capital officer, Ms. Bailey currently
leads the Office of the Chief Human Capital Officer (OCHCO). She joined
DHS in January 2016 as a career Federal executive with more than 38
years of service, 32 of those in human resources.
gao high-risk list
Passage of the Homeland Security Act of 2002 brought together
numerous diverse organizations to form the new Department. These
organizations had existing, unique, and sometimes long-standing
management processes. Since 2003, the challenge for DHS leadership has
been to integrate these disparate systems and processes, many of which
were inefficient, costly, and did not meet basic standards of internal
controls and security requirements. Developing these organizations into
a cohesive team would be a challenge for a mature organization in calm
times. For DHS, brought together in the immediate aftermath of the 9/11
attacks with an urgent need to maximize mission focus and protect the
country, the task of integration has been Herculean. We could not be
prouder of how far the Department has come.
Because of these challenges, the Government Accountability Office
(GAO) designated ``Implementing and Transforming DHS'' an area on its
High-Risk List in 2003. After a decade of hard work, GAO acknowledged
the Department's significant progress and in 2013 narrowed the high-
risk area to focus on 5 key management functional areas: Acquisition
and program management, information technology (IT) management,
financial management, human capital management, and integration of
management functions across the Department.
We must emphasize what a valued partner GAO has been throughout the
Department's maturation. The feedback provided by both GAO and the DHS
Office of Inspector General (OIG), coupled with the sustained
commitment by successive DHS leaders to implement this feedback, has
materially contributed to the significant progress we have made across
all high-risk areas. We remain dedicated to implementing and resolving
audit recommendations as we continue to improve DHS.
To help focus the organization on strengthening management
functions, we developed the DHS Integrated Strategy for High Risk
Management (Integrated Strategy). The Integrated Strategy is a detailed
playbook that is updated biannually and defines a clear path to
achieving GAO high-risk outcomes (GAO outcomes)--the goals DHS and GAO
mutually agreed on as clear measures of maturation for DHS management
functions. First issued by DHS in 2011, the Integrated Strategy is
recognized as a best practice and is now required by statute.\1\ This
strategy serves as a rudder to guide our progress, which is
substantial.
---------------------------------------------------------------------------
\1\ 6 U.S.C. 341.
---------------------------------------------------------------------------
As assessed by GAO, DHS fully or mostly addressed roughly 73
percent of GAO's outcomes. This leaves only 8 of 30 outcomes where GAO
indicates a significant amount of work remains. In light of our
demonstrated and sustained progress, we are working closely with GAO to
narrow and re-scope the high-risk designation for DHS's management
functions. With years of progress behind us, and external indicators to
confirm our success--such as 8 consecutive clean financial audit
opinions--management functions no longer represent a significant threat
to the Department's mission execution. We have initiated discussions
with GAO about removing the high-risk designation altogether and
finding other avenues through which to focus GAO's continued oversight
on areas that require sustained investment of effort and resources,
particularly in information systems security and financial systems
modernization.
The following examines our progress and remaining challenges within
the Strengthening DHS Management Functions area on the GAO High-Risk
List and highlights additional on-going initiatives to strengthen
Management's contributions to DHS mission execution.
human capital
Supporting and strengthening the workforce has long been a top
priority for DHS leadership. Across the Department, leadership
continues to emphasize workforce engagement with the goal of improving
agency-wide employee satisfaction. To attract, incentivize, and retain
a diverse and talented workforce, DHS is implementing Department-wide
human capital solutions to build career paths and develop a continuous
pipeline of leaders, inspire creativity and innovation, and maximize
employee performance while encouraging work-life balance. Through
dedicated workplace inclusion, DHS continues to build a workforce that
reflects our Nation to accomplish our homeland security missions.
OCHCO is the lead organization for overseeing efforts to address
GAO outcomes related to human capital, and every DHS organization--down
to first-line supervisors--has a vital role to play in developing and
maintaining a high-performing and engaged workforce.
Seven of 30 GAO outcomes relate to human capital. Six of the 7 are
fully addressed: (1) Implement human capital plan, (2) Link workforce
planning to other Department planning efforts, (3) Enhance recruiting
to meet current and long-term needs, (4) Base human capital decisions
on competencies and performance, (5) Seek employee input to strengthen
human capital approaches, and (6) Improve Federal Employee Viewpoint
Survey (FEVS) scores. GAO rates the seventh outcome in human capital as
``mostly addressed'' with only a small amount of work remaining: Assess
and improve training, education, and development programs. These
actions are all in advanced stages of maturity.
With respect to the Department's FEVS scores, GAO notified DHS in
advance of this hearing that they were upgrading this outcome from
``mostly'' to ``fully addressed.'' We would like to thank GAO for
acknowledging the tremendous progress DHS has made in improving
employee engagement and overall employee satisfaction, as evidenced by
steady, year-over-year increases since 2015 in both the Employee
Engagement Index (EEI) and the Global Satisfaction Index (GSI). From
2015 to 2020, the overall DHS EEI increased a total of 13 percentage
points, a sustained trend that brings the score to 66 percent, and the
GSI increased 14 percentage points to 61 percent.
As an agency with many front-line workers, COVID-19 poses special
challenges for DHS. Working with OCHCO's Workforce Health and Safety
Division (WHS), which provides on-going guidance and policy based on
information from the Centers for Disease Control and Prevention,
Department of Labor, and the Safer Federal Workforce Task Force, DHS
leadership implemented public health protections across the Department.
WHS immediately established communication procedures to continually
update employees and their families regarding workplace protocols and
available resources. WHS continues to provide assistance to employees
working in an environment shaped by the pandemic.
acquisition management
The Office of Program Accountability and Risk Management (PARM) is
the DHS executive office for acquisition program management oversight.
PARM partners across components on governance, assessment, and support
services for major acquisitions. With support from the Office of the
Chief Procurement Officer (OCPO), PARM is the lead organization for
addressing GAO high-risk recommendations and outcomes related to
acquisition management.
Five of the GAO high-risk outcomes relate to acquisition
management. Two are fully addressed: (1) Timely validate required
acquisition documents, and (2) Improve component acquisition
capabilities. The remaining three are mostly addressed: (1) Establish
and effectively operate the Joint Requirements Council (JRC), (2)
Assess acquisition program staffing, and (3) Establish oversight
mechanisms to validate that acquisitions policies are achieving goals
and comply with Department policies.
The JRC is effective at helping identify common gap areas across
the DHS components and making joint requirements and commonality
recommendations. For example, the JRC fostered unprecedented cross-
component collaboration growth in areas including Countering Unmanned
Aircraft Systems, Next Generation Vertical Lift, Combating
Transnational Criminal Organizations, and Document and Media
Exploitation. Today, the JRC operates as designed and is fully
integrated with the Department's research and development, acquisition,
and resource allocation processes. DHS has achieved the desired end-
state--to effectively establish and operate the JRC.
Regarding the acquisition program staffing outcome, in September
2020, PARM undertook a comprehensive staffing analysis report providing
recommendations to mitigate critical staffing gaps; 68 percent of
fiscal year 2020 critical staffing gaps are now addressed. The 2021
review/analysis began in May 2021 and is nearing completion. In
addition to analyzing and addressing staffing gaps, PARM focuses on
staffing plan development and implementation along with training and
certification of the workforce to bolster effective program management.
As of September 2021, DHS program manager certification across all
major programs (with a life-cycle cost estimate greater than $300
million) stands at 94 percent.
Finally, with regard to the GAO outcome concerning acquisition
program oversight, we have taken the following steps: (1) Closely
monitoring programs in breach of their acquisition program baseline;
(2) requiring program documentation such as life-cycle cost estimates,
certifications of funds availability, and approval documents for each
acquisition decision event in the program life cycle; (3) closely
monitoring program health through our monthly High Visibility Program
briefings with the Acquisition Review Board, quarterly Acquisition
Program Health Assessments, and targeted Acquisition Review Board
Program Reviews; and (4) enhancing program data quality and
availability, and providing data to the Unified View of Investments,
which provides leadership with information to support decisions on
major acquisitions.
information technology
The Office of the Chief Information Officer (OCIO) provides
infrastructure, governance, and oversight to deliver mission
capabilities securely, efficiently, and effectively. OCIO serves as the
lead office for GAO high-risk recommendations and outcomes related to
IT.
Six of the GAO outcomes relate to IT. Five are fully addressed: (1)
Achieve Enterprise Architecture Management Maturity Framework Stage 4,
(2) Achieve Information Technology Investment Management Framework
Stage 3, (3) Achieve Capability Maturity Model Integration Level 2, (4)
Implement IT human capital, and (5) Adhere to IT program baselines.
The sixth outcome--Enhance IT Security--was previously considered
mostly addressed. In January 2021, GAO informed the DHS OCIO of their
intent to downgrade their rating to partially addressed. The basis for
this determination was primarily the DHS OIG's fiscal year 2019 Federal
Information Security Modernization Act (FISMA) assessment and the
fiscal year 2020 Independent Auditors' Report on DHS Financial
Statements and Internal Control. While DHS does not concur with GAO's
assessment, OCIO has made progress toward resolution of the issues
raised in the FISMA assessment and the Independent Auditors' Report.
The Chief Information Security Officer continues to coordinate with
the OIG to ensure an effective and transparent fiscal year 2021 FISMA
assessment. In November 2020, the OIG issued its fiscal year 2020 FISMA
Cyberscope report that includes preliminary results for the fiscal year
2020 FISMA assessment. In the Cyberscope report, OIG noted an
improvement in DHS's FISMA rating giving the Department an overall
rating of ``Effective.'' This rating was earned as a result of
demonstrated improvement in the Department's information security
program.
financial management
The Office of the Chief Financial Officer (OCFO) is responsible for
the Department's budget, financial reporting and policy, financial
systems, financial assistance oversight, internal controls, cost
analysis, program analysis and evaluation, and liaison with GAO and OIG
auditors. OCFO serves as the lead office for GAO high-risk
recommendations and outcomes related to financial management.
Eight of the GAO outcomes are in financial management, five of
which are either fully or partially addressed: (1) Obtain a clean
financial audit opinion, (2) Sustain a clean financial audit opinion,
(3) Obtain a clean internal control audit opinion, (4) Comply with the
Federal Financial Management Improvement Act, and (5) the United States
Coast Guard (USCG) Financial Systems Modernization.
The Department is very proud of obtaining a clean financial audit
opinion. DHS first earned this opinion at the end of fiscal year 2013
and has sustained it since then. Based on progress to date, we are
optimistic that we will earn a ninth consecutive clean opinion for
fiscal year 2021.
Progress toward the other three outcomes has been initiated: (1)
Sustain a clean internal control audit opinion, (2) Federal Emergency
Management Agency (FEMA) Financial Systems Modernization, and (3) U.S.
Immigration and Customs Enforcement (ICE) Financial Systems
Modernization.
DHS is the only Federal department required by law to obtain an
internal control audit opinion.\2\ This is effectively a second annual
audit opinion that is focused strictly on controls and processes. Thus,
even if a clean financial statement opinion is earned, the existence of
any control weaknesses can prevent a clean internal control opinion.
Although we believe this requirement is no longer necessary to ensure
accurate financial reporting, we continue working toward a clean
internal control opinion with a target of fiscal year 2024.
---------------------------------------------------------------------------
\2\ Pub. L. 108-330, Sec. 4.
---------------------------------------------------------------------------
Many of our remaining financial management challenges are rooted in
outdated financial systems; our Financial Systems Modernization (FSM)
program helps remediate these conditions. The FSM program is intended
to provide components with modern, efficient, and compliant business
systems, including financial, procurement, and asset management
functions. Our first major modernization project was the USCG system.
Two other DHS components--the Transportation Security Administration
(TSA) and the Countering Weapons of Mass Destruction Office (CWMD)--
used USCG's legacy system and successfully transitioned to a new FSM
solution in fiscal year 2021 and fiscal year 2016, respectively. USCG
is on track to transition starting in October 2021 and should be in
full production in the first quarter of fiscal year 2022, after which
time its legacy system will begin to sunset.
The remaining GAO outcomes focus on achieving modern integrated
financial, procurement, and asset management systems in FEMA and ICE.
DHS is moving forward with both systems, and we expect to report
significant progress over the next 3 to 5 years. Our current notional
schedule has FEMA, ICE, and smaller DHS components (which use the
current ICE system) moving to FSM solutions in a phased approach
starting at the end of fiscal year 2024 and continuing through the end
of fiscal year 2026.
management integration
The under secretary for management's office is responsible for
driving progress across the Directorate and the Department with respect
to management functions. DHS's rapid response to the COVID-19 pandemic
demonstrated particularly well management's capacity, ability, and
readiness to integrate key functions across our lines of business and
components to support operations. To achieve a fully addressed outcome
for management integration, we will continue to demonstrate sustainable
progress integrating management functions within and across the
Department.
The human capital efforts discussed above dovetailed with the award
of Department-wide and component contracts by OCPO, that included
innovative solutions and provided critical pandemic-related supplies
and services, all while supporting small businesses whenever possible.
DHS is continuously focused on opportunities for small businesses that
bring innovative solutions to bear in solving challenges, and in doing
so, garnered DHS a letter grade of A or A+ from the Small Business
Administration on its Small Business Procurement Scorecard for the past
12 years.
Even while dealing with the immediate threat of COVID-19, the
management directorate has remained focused on long-term issues. We
established processes and goals to reduce the effects of climate
change, while increasing resiliency. Our Resilience Framework includes
assessments for climate and man-made vulnerabilities in all our
critical assets, including energy and water, facilities, information
communication technology, and transportation. Smart buildings and
electric vehicles are a requisite part of our strategy that we are
actively planning.
We will also achieve significant environmental and financial
benefits through the National Capital Region Real Property Strategy
that includes consolidation of DHS organizations on the St. Elizabeths
campus and within the National Capital Region (NCR), reducing the DHS
footprint in the NCR by over 1.2 million square feet with a cost
avoidance of $1.3 billion over the next 30 years.
We continue to increase not just the security of our physical
assets, but that of our human capital as well through increasingly
comprehensive and continuous electronic vetting and monitoring of
potentially threatening activities from within. The Department made
substantial progress toward fully implementing the Federal Personnel
Vetting Core Doctrine through the Federal Government's on-going Trusted
Workforce (TW) 2.0 efforts. On July 14, 2021, DHS finalized the TW 2.0
Implementation Plan for the Department. In August 2021, DHS self-
certified for TW 1.25 compliance, and in the second quarter of fiscal
year 2022, DHS intends to request certification from the Office of the
Director of National Intelligence for TW 1.5 compliance.
Recognizing that cybersecurity is a National security and economic
security imperative--and with the support of Congress through
establishing new Title VI authorities--DHS will launch the
Cybersecurity Talent Management System (CTMS) in November to establish
an innovative means to hire and retain the very best cyber talent.
Through the DHS Cybersecurity Service, we will provide a competitive
public service career experience for cybersecurity professionals with
the opportunity for tactical compensation, exciting career development,
and the ability to shape the future of cybersecurity.
conclusion
Since being placed on the High-Risk List, DHS has made tremendous
and sustained progress in addressing the central issues that resulted
in GAO's high-risk designation by integrating a myriad of disparate
organizations and functions into a cohesive and effective Department,
one that is greater than the sum of its parts. Without a doubt, the
areas of human capital, acquisition management, information technology,
and financial management were high risks for the Department in its
early years. We have made significant and sustained progress since
then. Some challenges remain in IT and financial management; however,
we have demonstrated significant progress in those areas and expect
further improvement in the years ahead.
As of March 2021, Strengthening Department of Homeland Security
Management Functions is one of only two High-Risk areas remaining on
the list that meet the majority of GAO's criteria for removal.\3\ We
appreciate GAO's strong partnership and willingness to continue our
discussions about re-scoping and removal of the Strengthening DHS
Management Functions high-risk area to more accurately reflect the
state of management at DHS.
---------------------------------------------------------------------------
\3\ GAO, High-Risk Series: Dedicated Leadership Needed to Address
Limited Progress in Most High-Risk Areas, GAO-21-119SP (Washington, DC:
March 3, 2021), page 19. In 2021, DOD Support Infrastructure Management
met all 5 criteria and was removed from the list.
---------------------------------------------------------------------------
It is our honor to serve the Department and lead the remarkable
public servants that fulfill the Management Directorate's essential
roles in our critical homeland security mission. Thank you again for
the opportunity to appear before you to discuss the Department's
management functions and challenges. We welcome any questions you have.

Mr. Correa. Thank you, Mr. Alles.
Now I would like to recognize Ms. Angela Bailey to
summarize her statement in 5 minutes.
Welcome.

STATEMENT OF ANGELA BAILEY, CHIEF HUMAN CAPITAL OFFICER,
DEPARTMENT OF HOMELAND SECURITY

Ms. Bailey. Thank you, Mr. Chairman.
Chairman Correa, Ranking Member Meijer, and distinguished
Members of the subcommittee, it is a privilege to appear before
you today alongside Mr. Alles, deputy under secretary for
management, to provide additional information about our one
remaining human capital outcome and our employee engagement
efforts.
I was here early last year talking to this subcommittee
about employee engagement and morale at DHS, and I am pleased
to report continued progress despite the tremendous challenges
we face.
DHS is a living, breathing organization made up of more
than 240,000 human beings. They worry about the same things all
Americans worry about. They struggle with student loan debt,
child care responsibilities, taking care of sick or elderly
family members, or missing yet another family vacation,
birthday, or anniversary due to work obligations.
On top of that, every day, our people perform some of the
most difficult, dangerous, and at times heartbreaking and
thankless work in the Nation, and they do it well. Our people
work through holidays and nights and weekends. They are always
vigilant and ready.
But the work they do is often directly affected by some of
the most critical issues facing society, like the pandemic and
natural disasters that dominate media headlines. For example,
over 80 percent of DHS employees worked unpaid during previous
Government shutdowns, and 65 percent have held the front lines
during the COVID-19 pandemic.
We can't change the work, but we can continue to explore
and implement ways to support our people affected by that work.
Through our efforts on DHS initiatives like employee and family
readiness and leadership and other developmental programs, we
have increased support for our employees and their families
across the Department.
Our operational components continue working to meet
employee and family needs through their efforts like resilience
and suicide-prevention programs at U.S. Customs and Border
Protection; intensive local action planning at select airports
by the TSA; emergency back-up child care in FEMA; diversity and
inclusion education and awareness programs within the U.S.
Coast Guard consisting of over 100 change agents; and taking
action to rebuild morale and provide opportunities for
employees to voice their concerns and share feedback at USCIS
after the furlough threat in 2020.
We also share ideas and best practices with each other,
leading, for example, to U.S. Immigration and Customs
Enforcement adapting TSA's successful local action planning to
their own organization's resources, structures, and needs, and
headquarters implementing emergency back-up child care as well.
Federal Employee Viewpoint Survey scores reflect the
positive effects of these efforts. For example, CBP's Employee
Engagement Index, otherwise known as EEI, increased 15
percentage points since 2015. TSA's EEI has increased 11
percentage points. The overall DHS EEI has increased 13
percentage points. In fact, 5 of our components equal or
surpass the Government-wide average.
In an agency as large, diverse, and geographically
distributed as DHS, this is significant. It is so significant
that both OPM and GAO have recognized the hard work that has
gone in to these positive trends. I would like to thank the GAO
team for continuous support and its productive relationship
that they have had with us.
All of this hard work has really led to us being able to
achieve ``fully addressed'' on all but one human capital
outcome, and we are close on the one that remains. It is a very
productive partnership.
As Mr. Currie and DUSM Alles noted, for the remaining human
capital outcome, the Department made significant progress with
continued implementation and sustainment of a variety of
programs. The remaining work is to institutionalize the use of
DHS-wide training data to inform human capital programs in
2022.
Thank you again for the opportunity to testify today. The
Department would not be successful without your support and the
work of our brave men and women who sacrifice each day to make
our country safe.
I look forward to your questions.
Mr. Correa. I want to thank again all our witnesses today
for their time and their testimony.
I want to remind the subcommittee that each one of us will
have 5 minutes to ask their questions of the panelists.
I will recognize myself now for 5 minutes of questions.
Five minutes is not too long, so let me start out with Ms.
Bailey.
Great progress. It looks like we are doing some good work
at Homeland Security.
My question to you is focused on morale. We have talked
about this in the past. This is what I see as an interesting
challenge at homeland: 240,000 employees. That is bigger than
most of my cities in California. That is big. Yet each one of
those individuals working for you is part of that line of
defense for the homeland.
FBI officers, nobody can deny the fact that they should be
paid well, they should have benefits, they should be 30-year
career agents. They are the best of the best at what they are
doing.
Yet you have TSA employees at the airport, where they are,
a lot of them, part-time. A lot of them are struggling to get
health benefits, until recently, with TSA. Turnover is
unbelievable. Yet those are the folks that are watching that
monitor, that screen, looking at people, trying to figure out
whether there is something there that can get into an airplane
that would do us major harm.
How can we help you, not you by yourself, but how can we as
a legislature help you make the argument that we need to bring
these people up to speed, need to make them professionals, we
need to pay them well, we need to make sure that their
attitude, you know, their--that they know that their mission--
but we pay them accordingly?
Please.
Ms. Bailey. Thank you for your question, Mr. Chairman.
Yes, TSA--you raise a very important point for us and one
that we have put a lot of attention and effort into. I know Mr.
Pekoske is fully supportive of the efforts that we are making
to ensure that we raise the pay of our TSOs. Because, as you
said, in some cases, in some of our major locations, they can
actually be paid more to work at a local retail or at a fast
food restaurant than they can for TSA. So it is a primary
concern of ours and something that we intend to address.
The second issue also has to do with making sure that we
provide them their MSPB appeal rights. I am pleased to say
that, just this week, we were able to work a deal with MSPB to
ensure that our employees do have those appeal rights available
to them.
Then with regard to their actual morale or engagement and
their working life, some of the things that we are very pleased
about is the initiatives that we have put into our employee and
family readiness initiatives----
Mr. Correa. What do we need to make those folks full-time
instead of part-time?
You know, flipping hamburgers, my daughter did that last
summer, OK? She got paid well, but she wanted to get out of
there as quickly as possible. I want to make sure that our TSA
employees aren't there part-time and wanting to get out of that
job for the next job that offers them a dollar more an hour.
Ms. Bailey. Right. So that is a very good question as well,
Mr. Chairman. One of the things that we are striving to do is
get the balance between part-time and full-time appropriate.
Because there are some instances where we have found where our
employees do want part-time so that they can raise their
families or they can continue to go to school and have
different opportunities.
The other thing that we really stress within TSA is that it
is also a foot into the Federal Government, it is a foot into
DHS. We do find that many of our TSOs have the actual
opportunity to promote within TSA and/or to go on to CBP,
Secret Service, and then on to ICE.
So we have found that by having specific career progression
for them throughout this law enforcement community is something
that they have really valued and that they look forward to as
putting more effort into that as well.
Mr. Correa. So a couple of things. I would just argue that
the typical FBI agent probably knows that they can go maybe
part-time, or some of the other Federal agents can go part-
time, depending on the family situation.
TSA employees, they get an opportunity to become an FBI
agent, they move on. But how do you make it attractive for them
to be there for 30 years?
I have 30 seconds left. You are not going to answer that in
30 seconds. But, you know, these are some of the issues we need
to work on, because, again, the weakest link in the chain is
one that will break, and we can't afford any, you know,
failures in our defense of the homeland.
So I look forward to working with all of you. I don't want
to criticize you; I want to work with you to make sure it is a
win-win situation.
With that, I will recognize the Ranking Member for 5
minutes of his questions.
Welcome, sir.
Mr. Meijer. Thank you, Mr. Chairman.
Thank you to those statements from all of our witnesses
here today.
Mr. Currie, I just wanted to, I guess, follow up a little
bit on what the Chairman was mentioning in terms of concerns on
the employee side and on the morale side. Mr. Currie, you had
mentioned that if you take out, I believe it was, the Coast
Guard and TSA from the broader DHS work force that it would be
a much different picture.
Can you elaborate a little bit more on what is distinctive
about the TSA and Coast Guard relative to the rest of the DHS
work force, and also to what extent both the TSA being a wholly
new creation with a very unique mission relative to the rest of
DHS and also the Coast Guard having that dual role of uniformed
defense and a quasi-military capacity depending on its
orientation?
Mr. Currie. Yes, sir, sure. So, actually, if I said that, I
was incorrect. It is TSA and Customs and Border Protection, so
CBP, are the two. But that is a great question. I will break
that down. I think----
Mr. Meijer. I heard ``USCG'' and not ``CBP,'' so I
apologize. But, yes--but also just, if you could better kind-of
truncate how you view those cultural differences.
Mr. Currie. Well, and, actually, I think you make a great
point, because the Coast Guard's morale is pretty high
comparatively, because they were a legacy component well before
DHS had a strong mission, strong tie to the Department of
Defense, as you probably know well.
But let me talk a little bit about TSA and CBP. I think
there are a couple of things going on there.
First of all, they are by far the largest components, you
know, with, together, over 100,000 employees.
I think, also, second, they really do represent what Ms.
Bailey was saying, like, the front line, have to be there every
day, day in and day out, no-break kind-of employees, protecting
our border, scanning international passengers, scanning
international cargo, you know, all the tough things that we
think about at DHS.
I have to tip my cap. I mean, we have tremendous respect
for those folks. You know, they don't have the luxury of
working remotely like a lot of us in the professional world
have been able to do over the last year and a half. They have
no choice. COVID has really impacted them hard.
But they are the largest. I think they have the toughest
mission. Everything they do is under constant public scrutiny.
If you think about a lot of other Federal workers, they don't
have somebody watching them do their job every day. So I just
think they have a tremendously difficult mission.
Then I think, you know, what we just talked about with TSA.
I think this is why, in our view, it is so critical that we
really zone in to these components and figure out how,
culturally, we can make some changes and, frankly, hold their
leadership accountable.
Ms. Bailey and Mr. Alles, from the DHS standpoint, can do a
lot, and they have. But unless the supervisors and the managers
deep within those components feel accountable for morale, I
don't think it is going to be a huge priority.
Mr. Meijer. Well, thank you for that, Mr. Currie.
I just want to, kind-of, pull up a little bit to the
40,000-foot level. You mentioned specific things going down to
that supervisory level. On the whole, you know, the GAO's
``High-Risk List'' is something that DHS has been on for close
to 20 years. Can you give a bit of a sense of how unique that
is to DHS? I mean, are there other Federal agencies that have
been on it for a very long time? I know DOD is sort-of in its
own specific category there, but among, I would say, more
comparable Executive branch agencies?
Mr. Currie. Yes, sir. As you know well, DOD is always in a
special category. But, yes, so there are some that have been on
since the inaugural ``High-Risk List'' since 1990. For example,
Medicare, improper payments in Medicare have been on there for
that whole time. But there are others that have been on for
less than that, 4 to 6 years, that have gone on and come back
off. Also, there are some that have gone on, come off, and then
go on again a couple years later because the problems came
back.
So I wouldn't say it is out of the realm of ordinary that
something as big and complicated as the Department--and here is
the other part: It is not just the management issues; it is the
criticality for National security. I wouldn't say it is an odd
thing that they are still on the list.
Mr. Meijer. Thank you, Mr. Currie.
My time is running short, so I just want to ask Mr. Alles
real quick: GAO narrowed down their ``High-Risk List'' area in
2013, recognizing key mission-related areas, such as the
Quadrennial Homeland Security Review. But DHS has not published
a QHSR since 2014, obviously 7 years ago. Any plans for
completing that in the short-term, sir?
Mr. Alles. Yes, sir. The Secretary has promised to produce
that. It is produced through the Office of Plans and Policy and
up through management. So I can direct a more specific answer
to them to get back to you with that, if that is OK.
Mr. Meijer. Thank you.
Mr. Chairman, with that, I yield back.
Mr. Correa. Thank you very much, Mr. Meijer.
Now the Chair will now recognize other Members for
questions that they may ask of the witnesses. In accordance
with the guidelines laid out by the Chairman and Ranking Member
in their February 3 colloquy, I will recognize Members in order
of seniority, alternating between the Majority and Minority.
Members are reminded to unmute themselves when they are
recognized for questions.
Let me start out with Mr. Torres from New York.
Welcome, Mr. Torres.
Mr. Torres. I actually think there is a more senior Member
on, so I would be happy to defer.
Mr. Correa. Alternating between--who is the other Member--
oh, let's see, who else do we have here? Mr. Langevin? Is that
who you are talking about? Mr. Langevin?
Mr. Torres. I thought I saw Congresswoman Titus, but----
Mr. Correa. Ms. Titus, are you----
Mr. Torres. That is who I thought.
Mr. Correa. Ms. Titus, welcome.
Thank you, Mr. Torres.
Ms. Titus. Well, thank you very much, Mr. Torres. I don't
mean to ever cut a line. I appreciate you recognizing that I am
running back and forth.
Thank you, Mr. Chairman.
I would like to direct my question to Ms. Bailey, and it is
about the diversification of the work force. I think we
strengthen the work force if we do diversify it, and so that is
something I have been working on. There are a number of HBCUs,
Hispanic-serving institutions, our veterans out there. The more
we reach out to them and try to bring them in, I think the
stronger we become.
I had a bill that passed out of this committee, and I thank
the Chairman for his support of it. It passed the House, and it
was in the NDAA that we approved, but now we have to get it out
of the Senate. It is called the Homeland Security Acquisition
Professional Career Program Act, and it codifies training
programs in these institutions that I mentioned for our work
force.
I wonder if you would just comment on the importance of
having qualified and diverse professionals to supply the things
that we need to keep our country safe?
Ms. Bailey. Yes. Thank you very much for the question. It
is something that we have been working extremely hard at.
One of the things that I am really proud about is that the
DHS work force is actually 47 percent diverse. In fact, we are
higher than the Government-wide average of 38 percent. Often I
am asked, well, what about, you know--that is because of TSA
and CBP. But even if you take them out, we are still 40 percent
diverse.
Our Hispanic population is at 22 percent. Women represent
35 percent. In our non-LEO occupations, such as my own, we are
up to 48 percent. In our SES, we have 31 percent women
representation. Our veterans are at 26 percent. We have
maintained an exemplary rating since fiscal year 2017.
So we have put a tremendous amount of effort into
recruiting and going out and making sure that we really seek
talent from all segments of society. We have also put much
effort into making sure that our leadership development
programs really help raise up everyone within the Department so
that they are ready, capable to be able to go into our SES
ranks.
So the one area that I would say that remains a challenge
for us is our representation of women in law enforcement. Mr.
Mayorkas has challenged us to be able to get to 30 percent by
2023. There is an initiative that is going on within the women-
in-law-enforcement community to--I think it is 30 by 2030, but
we have challenged ourselves to make that 30 by 2023.
So, with that, you know, we look forward to working with
you to ensure that we can improve our diversity even more, but
we are really heading toward 50 percent of DHS will have some
type of diverse representation across all of our components.
Ms. Titus. Well, I am glad to hear those numbers.
I would also just hope that you really target minority-
serving institutions when you do recruiting, because, often,
they are not aware that these career opportunities exist.
Furthermore, I don't know what your policy is on
internships or mentorships, but those often work well to bring
young people into some of these professions.
Ms. Bailey. Absolutely, Congresswoman. You hit the nail on
the head. Our internship programs--in fact, this summer, we
just did a cyber sprint and we hired over 300 people and put
out another 500 tentative job offers, so that is, like, 800
people.
We created a cyber honors program. The Secretary has
created a Secretary's cyber honors program. With that, we have
put folks into that as well.
So internship programs are hugely beneficial for us. Going
to these minority-serving institutions is where we have found
just tremendous talent. So we are very supportive of those
efforts.
Ms. Titus. Well, thank you. Go over there to the Senate and
tell them that, so they will pass this bill on the Senate side.
Well, thank you very much.
Thank you again, Mr. Torres.
I will yield back.
Mr. Correa. Mrs. Harshbarger. Yes? Welcome.
Mrs. Harshbarger. Yes, I can hear you now. Can you hear me?
Mr. Correa. Yes.
Mrs. Harshbarger. Great. Thank you, Mr. Chairman, Ranking
Member Meijer, and all the guests here today.
You know, I have a question. I don't know who wants to
answer this. But, you know, I live in a rural district with a
smaller airport. You know, the President's Executive Order on
vaccination for these Federal employees is set to take effect
prior to Thanksgiving. You know, that is a heavy travel period
and one of the busiest weeks of the year.
I guess my question is, in a smaller airport like in my
district, there is going to be a significant work force
disadvantage to the TSA employees, and they are going to be
laid off due to that vaccine requirement, especially if that
area is smaller.
Can you walk us through what plan DHS has for employees
that are not going to be vaccinated at that time? That could be
detrimental not just to DHS or those TSA employees but to a lot
of different facilities. Can anybody answer that?
Mr. Alles. Yes, ma'am. I will start off, and I will let
Angie pitch in also.
First off, we want to make sure we fully engage the work
force with what the intent is of the administration on the
vaccination program. So first off is to lay out the time line
for those vaccinations and then make available a location where
you can get vaccinated, which are fairly wide, even in numerous
locations through your local pharmacies.
So we want to start in that area there, and then, you know,
we want to encourage them. We certainly don't want to lose
employees over vaccination. So, I mean, that is kind-of our
starting point as we work this down. I think really
communicating with them and making vaccines available is a
critical part of this effort.
Angie, do you want to fill in more on that?
Ms. Bailey. Yes. I would say that we had our OVOW, which is
our Operation Vaccinate Our Workforce, where we made sure that
we actually partnered with VA to provide as much vaccination
support as we could to our mission-critical positions, and that
included our TSA operations in, like, the small airport that
you mentioned. Seventy-seven percent of those folks that were
eligible that had requested it actually did get their
vaccinations.
On whole, DHS is 64 percent--we have had our employees
respond. We are at 64 percent of our work force has been
vaccinated. That is on par with the Nation as well.
So, to Mr. Alles' point, we are going to put a full-court
press on educating our work force, make sure that we get them
as many facts as we can so that they can make an informed
decision. We are providing them a time table of when they need
to have their first shot and their second shot.
We are working with OMB Privacy and Civil Rights and Civil
Liberties to make sure that we have a reasonable accommodation
process put in place to address anybody who has a medical or
religious exemption.
So we are not in the business of removing our employees. We
are in the business of trying to make sure that we educate
them, that we provide them every opportunity to get vaccinated
or to put in for reasonable accommodations. Because this
Nation's security and safety is--you know, it is a National
security issue for us to make sure that we have every DHS
employee that we can on board.
Mrs. Harshbarger. Well, it is a National security risk,
because if you have these rural areas--and that is where I am
seeing from. You know, I am also in the Doctors Caucus, and
when we look at these statistics Nation-wide, we see that the
rural areas are the ones that have, I guess, a lower percentage
of vaccination.
So I guess my question is, again, what is the plan when we
don't have employees to work those stations?
You know, I push for PreCheck in a lot of rural areas.
People don't know what they don't know, and we want them to
know that they can go ahead, if they are a lower risk, go ahead
and sign up for that PreCheck.
But what are we going to do? We can't afford to close those
smaller airports. So does DHS have a plan to fill those spots
in case they do have to lay them off for that?
Mr. Alles. Yes, I think I would say, as we have already
described, ma'am, that our intent is to encourage employees in
the vaccination. I mean, if there are shortages there in those
airports, we will have to address those in stride through
additional hiring or, you know, temporarily moving employees to
keep things open.
I think, actually, the specifics of the question may be
best referred, though, to TSA, because I don't want to speak to
them on how they would actually address the operations part of
it.
Mrs. Harshbarger. OK. Well, I know it is coming up on us
pretty darn quick. We have about a month-and-a-half to get a
strategy put together. But thank you for your answers.
With that, I yield back, sir.
Mr. Correa. Thank you, Mrs. Harshbarger.
I will now recognize Mr. Torres. Yes?
Mr. Torres. I am sorry, Mr. Chair, I think Mr. Langevin is
on. Congressman Langevin is more senior.
Mr. Correa. He is, but he is not on the committee.
Mr. Torres. Oh, he is not?
Mr. Correa. I want him to be on the committee, but I still
have to send him, I guess, more flowers before he decides to.
Mr. Torres. I just assume that I am always the least
senior, so----
Mr. Correa. That is right.
Mr. Torres. I have the glimpses of seniority.
So, as all of you know, January 6 was obviously a wake-up
call about the depth of domestic terrorism in the United
States, particularly within the ranks of law enforcement.
I know DHS is the largest law enforcement agency in the
Federal Government. Secretary Mayorkas in April said that he
was going to conduct a review of how to best prevent, detect,
and respond to domestic terrorism, particularly within the
ranks of DHS, domestic extremism.
I am curious to know, what is the status of the review, and
when can we expect to see the findings of the review?
That is for the under secretary.
Mr. Alles. I will take that, sir.
So he just testified, the Secretary, a few days ago on this
particular topic and made the note that this is one of our most
important missions, is to not only provide National
intelligence about domestic violent extremists but also to
ensure that our head---not our headquarters, but our Department
is secure in that regard too.
So, in that regard, we are going to increase training
opportunities and other support to help identify individuals at
risk of radicalization----
Mr. Torres. Mr. Under Secretary, I asked, what is the
status of the review, and when can we expect a report? I am
glad it is a priority, but I am asking for----
Mr. Alles. He did commit to providing the report to the
committee, to the full committee. That is due back to him in
October sometime, and, depending on his time lines, it should
be sometime after that.
Mr. Torres. Thank you.
My next question is for GAO. I know, Mr. Currie, you
identified TSA as a troubled entity within DHS, as well as
Border Patrol. I am curious, what is your assessment of ICE?
Mr. Currie. Well, in terms of the morale score, sir?
Mr. Torres. Performance, morale. I mean, you classified DHS
as a high-risk agency. If I understood your testimony
correctly, TSA is a disproportionate driver of that. I am
interested to know where ICE ranks.
Mr. Currie. Yes. Well, so, under the management areas, in
terms of ICE, there are a few critical issues.
One, we do have some morale concerns there, them being a
law enforcement organization within the Department that doesn't
have as high a morale as some other components. So there is a
concern there that needs to be addressed. It is not that I am
less concerned about ICE than TSA or CBP; it is just, when you
talk about overall morale of the Department, they are a little
bit smaller.
You know, also, obviously, they have a tremendously
difficult mission right now too. So I am concerned about their
work force and the morale of the work force too.
The other thing we look at, too, in the management area is
their financial systems too. ICE is 1 of the 3 components in
DHS that has one of the oldest legacy financial management
systems left over from since before the Department started, and
they have a ways to go before they are able to modernize that
as well. So we have concerns there.
Mr. Torres. Does each have to have its own financial--I
mean, why not have, like, shared or centralized systems?
Mr. Currie. Well, that--sir----
Mr. Torres. Administrator?
Mr. Currie [continuing]. That question is the question on
financial management.
Mr. Torres. Oh, I guess under secretary. Why not have
centralized systems for----
Mr. Currie. No, that--yes, that was the goal from the
beginning, was to centralize. At the very beginning, the idea
was, we are going to take 22 legacy agencies, some were
created, some were existing, and we are going to put all these
together into one system. I think very quickly we saw that that
was just not possible.
So, right now, there is kind-of a hybrid. Some still have
the old systems. Like I mentioned, FEMA's is over 25 years old.
Some----
Mr. Torres. Why isn't it possible?
Mr. Currie. Well, and some--for example, with FEMA, it is
just a matter of--first of all, they got started a little bit
late, trying to modernize them. Then there are so many
different systems just within FEMA's system. At one point, they
were managing over 20 different grant programs with different
systems. So they manage a ton of money. Just, it has taken a
long time, and there has been----
Mr. Torres. You are telling me it is impossible to create
one centralized system that can administer all those grants,
sir?
Mr. Currie. You know, nothing is impossible, but I can say
over 20 years that to do this across DHS into one system has
been very difficult.
Now, they have been able to do this in some components and
be successful. I think they are just down to some of the most
challenging components.
Mr. Torres. I just want to quickly interject, because I
heard a contradiction between the two testimonies.
You identified 30 management areas, and you said DHS has
made progress in 18 of those or has achieved its goals in 18 of
those. But I heard the under secretary say 22.
So I am curious to know what is the disconnect between your
two testimonies.
Mr. Currie. Well, there are different ratings, so what I
was referring to is the ones that are fully addressed and
completed. There are others that are partially. So I think that
was the difference.
Mr. Torres. Of everything that remains, what is the most
urgent?
Mr. Currie. I think, right now, the most urgent--I classify
``urgent'' and ``challenging'' as the same, because, to me, the
most challenging are going to be the hardest to address and
they need the most focus and the most resources.
I think, you know, financial management is the one that is
going to take the longest to address across the Department and
there is still the most work to be done. I think even DHS has
said they are still on a horizon of it being at least probably
5 years until some of these issues are addressed. So I am very
concerned about that.
But, you know, I continue to be concerned about morale too.
You know, while we give DHS a lot of credit because there has
been consistent steady progress and improvements last year, you
know, almost every agency in Government improved last year.
So I don't think anybody at DHS would say they are where
they want to be in terms of employee morale, which has
cascading effects, sir. You know, it affects recruitment, it
affects retention. It just has such a huge impact on the
mission. I think that is another major area I am concerned
about.
Mr. Torres. My time has expired. Long expired.
Mr. Correa. Thank you, Mr. Torres.
Now, Mr. Meijer, unless you object, I will go to Mr.--do
you have any other Republican Members on your side right now?
Mr. Meijer. Mr. Chairman, I am not seeing any of my
colleagues on this side of the aisle, so no objection.
Mr. Correa. Unless you object, I will go to Mr. Langevin.
Mr. Langevin. Very good. Thank you, Mr. Chairman.
Mr. Correa. Welcome, sir.
Mr. Langevin. I thank you and the Ranking Member for
allowing me to sit in on this subcommittee. I am proud to be on
the Homeland Security Committee, but haven't had the pleasure
of serving on this subcommittee, but maybe in the future. But
glad I could participate in this subcommittee hearing.
I thank the witnesses for their testimony.
I would like to start, if I could, with Ms. Bailey.
Ms. Bailey, what percentage of cybersecurity billets within
the Department of Homeland Security are unfilled right now?
Obviously, cybersecurity is the National security and
economic security challenge of our time. We need all hands on
deck; we need every billet filled. I know that DHS is still
underresourced there in terms of bodies.
Can you give me an idea of how many are unfilled right now?
Ms. Bailey. I think we have--well, thank you for your
question, Congressman.
You know, I am not sure. I may have to get back to you on
the exact number. I know we have close to 10,000 positions that
are identified as being--as being identified as being cyber.
One of the things that we were trying to do with our sprint was
at least to address 10 percent of our vacancies.
So I think that we are somewhere around 80 percent, but I
really need to get back to you--80 percent filled, not vacant.
Mr. Langevin. Yes.
Ms. Bailey. So I need to get--I need to get back to you
with regard to the exact number.
Mr. Langevin. So you would say approximately 20 to maybe 30
percent is a reasonable estimation?
Ms. Bailey. I think it is around 10 to 20 percent,
because----
Mr. Langevin. OK.
Ms. Bailey [continuing]. We had a really significant push
this summer, and we far exceeded what we wanted to be. I think
we are somewhere around 2,000 vacancies, if I am not mistaken,
and so this summer we were able to, again, get almost 1,000 of
those filled.
Mr. Langevin. Well, I strongly hope that when you do look
at the actual numbers that it is closer to the 10 percent, not
20 percent or more. Because even at 20 percent, I would
certainly characterize that vacancy rate as unacceptable and,
you know, feel that it is troubling. I mean, I find it a
troubling statistic.
But could you please explain to the committee what you plan
to do to address this vacancy rate going forward?
Ms. Bailey. Certainly.
I do want to make sure that I was clear on this. We have
around 2,000--we had around 2,000 vacancies this summer, and we
filled almost 800 of them, of those 2,000. So we have made
significant progress against making sure that we have all of
our positions filled.
Now, with regard to some of the things that we are doing,
one of the things that I am very pleased to say is that--and
this is with Congress's support--we were able to implement our
Cyber Talent Management System, which will give us an
incredible ability to recruit and hire, pay, and retain, train
our cyber work force in a way that we have never been able to
do within the Federal Government.
So that will give us the ability to, like, reach out to and
establish partnerships with some of the minority-serving
institutions, as well as, you know, being able to qualify folks
who have maybe been successful at a hackathon, you know, won a
National hackathon award.
So, by being incredibly creative and inventive and actually
breaking apart everything that is known as far as Civil Service
goes, we will have the advantage of being able to, again,
really go after the talent that is in this Nation, pay them in
accordance with what the market is paying, and then be able to
retain them in a way that we have never been able to before.
Mr. Langevin. OK. Thank you. Very important.
Let me ask you this. Congress granted DHS the authority to
implement its Cyber Talent Management System in 2014, yet the
Department is just now preparing to launch that system.
So the authorities in question give the Department broad
authority to create new positions necessary to carry out its
responsibilities. So what roles and responsibilities does the
Department envision CTMS helping to fill? What resources does
the Department require to meet these hiring goals?
Ms. Bailey. Well, we do plan to use that to fill a variety
of our cybersecurity needs, everything from forensics, to
network investigations, to what you would consider typical
cybersecurity positions.
So, in working with CISA and with our CIO, we have been
able to really identify the kinds of skills that they need so
that we can get the talent into those particular positions.
We anticipate, right off the bat, of bringing in close to
150 people and then just keep expanding it from there and, you
know, across the board. So I think you will be pleased with
where we are by next spring, considering that we will have it
fully implemented and ready to recruit and hire on Day 1.
Mr. Langevin. Thank you. Thank you.
Mr. Chairman, I have one last question at this time, but
if----
Mr. Correa. Please, go ahead. Go ahead and ask it, sir.
Mr. Langevin. Thank you. Thank you, Mr. Chairman.
Well, basically, last question, I would like to focus now
on the Cybersecurity and Infrastructure Security Agency. Given
that CISA is a new agency with a critical mission, it is
important that it be able to hire the cybersecurity talent
necessary to execute that mission. For example, giving CISA the
authority to grant cybersecurity fellowships that brings in
outside talent could be very helpful.
How is the Department supporting and empowering CISA to
ensure it can bring on the cybersecurity talent it needs?
Ms. Bailey. Well, one of the things that we are doing is
working very closely--I have a very good relationship with both
the director and the deputy director of CISA, and it gives us
the opportunity to really dive in and figure out exactly where
they have their needs. We are really making use--we will make
use of our Cyber Talent Management System to address many of
the needs that you have addressed.
The fellowship programs or the internship programs, all of
those will still exist as well, by the way. So, you know, we
are not just simply going and saying CTMS is the only thing
that we are going the do. We will make use of all the hiring
authorities, including the Schedule A hiring authority that we
have that helps us reach deep down in and be able to get the
talent that we need.
Mr. Langevin. I certainly hope so. It is a vital mission.
So is it possible that you could come and brief us on CTMS in,
say, December or so?
Ms. Bailey. Yes, absolutely. Absolutely, Congressman. More
than happy to come brief you on CTMS.
Mr. Langevin. All right. Thank you very much.
Mr. Chairman, I appreciate the extra time and your allowing
me to ask questions as part of the subcommittee today. Thank
you very much. I yield back.
Mr. Correa. Mr. Langevin, please come by anytime. We love
to have your sharing of your good comments on the committee and
questions, of course.
Are there any other Members in the committee that have not
asked a question? Any other Members?
Then I would ask Mr. Peter Meijer if he is interesting in
going for a second round of questions. Are you OK with that?
Mr. Meijer. Absolutely, Mr. Chairman.
Mr. Correa. OK.
I want to follow up--I will start out with 5 minutes here.
I want to kind-of follow up with some of Mr. Langevin's
thoughts there.
You know, one of my prior lives, I used to chair a
committee in Sacramento, California, that had jurisdiction over
CalPERS and CalSTRS, some of the biggest pension funds in the
Western world. The challenge was always trying to keep the good
asset managers working for CalPERS and CalSTRS. Once Wall
Street found out that they were actually really good, they were
hired away, because we just could not afford to pay them the
multimillion-dollar salaries that Wall Street could afford to
pay them.
My question to you is obvious. I mean, how do we keep the
good cyber folks on your payroll and not having them
essentially be taken away by the private sector?
Mr. Alles. If I could comment, I think there are two
aspects. One is what Angela talked about----
Mr. Correa. Yes, Mr. Alles.
Mr. Alles [continuing]. The Cyber Talent Management System.
I think we discussed the other part yesterday. It is the
appeal for the mission. In fact, I have had several people call
me that want to work for the Department, not because it pays
well. They want to do it because they are interested in
protecting the Nation, and there is an appeal to them because
of the mission of the Department. I think that is an important
part of it that we had kind-of discussed yesterday.
So that is a key part. You know, obviously, that is how the
military appeals to people. They are not doing that job because
they are getting paid a lot of money; they are doing it because
they feel it is a service to their Nation. So I think that is a
key part.
Mr. Correa. Ms. Bailey.
Ms. Bailey. I would also say, to add to what Mr. Alles
said, one of the other things is that we completely understand
that this is a field in which they are not going to stay with
us for 30 years. They are not going to stay in any business,
whether it is private, public, nonprofit, it doesn't matter. So
what we have done is create a system in which they can come in
and out of Federal Government in a very easy way.
Today, under the current Civil Service rules, you can't do
that. Like, when you come in, often--well, often what happens
is, whenever you leave and then you come back in, you basically
can't be paid for any of your experience or education that you
have received, although OPM has worked to change some of those
rules just recently.
But when we designed CTMS, we designed it with that in mind
knowing that this is not only a generation but it is also an
occupation that is not going to stay with us. So we are OK with
that.
What we have to do is make sure that, when they are here,
that they are given the kinds of resources and experiences that
they are looking for and then, whenever they go back out to
private sector, that we keep track of them and that we then,
whenever we have new opportunities, we reach out to them and
bring them back in.
So it is something that we actually have planned for,
rather than trying to assume that they are all going to want a
30-year career.
Mr. Correa. Thank you very much.
With that, I will call on Mr. Peter Meijer for his
questioning. Thank you very much, sir.
Mr. Meijer. Thank you, Mr. Chairman.
Ms. Bailey, I just had a brief question. During COVID,
Congress gave agencies special Schedule A COVID hiring
authority. Can you share a little bit more about how DHS
utilized that hiring authority and if you think that hiring
authority might be a positive model for the future?
Ms. Bailey. Yes. Thank you for your question, Ranking
Member.
It was an important authority. I will tell you that it was
mostly used by CISA, where they could go out and get some of
the talent that they needed. We only actually used it for about
52 positions, and headquarters used it for some of their
positions as well.
So is it important? Sure. I mean, every time we are given a
new hiring authority, we make full use of those hiring
authorities, I will tell you that.
One of the things, though, that I will say that I would
love to see us do is, rather than--because we have over 100
special hiring authorities on the books that can be used by all
agencies. One of the things we would really like to do is just
net that down.
We have our Enhanced Hiring Act that actually had made it
into the last Congress. But one of the things that we would
love with that is the ability to just have one streamlined
hiring authority for our veterans and then make sure we
maintain 20 percent veterans on board at all times within DHS
and then have the ability to go out and make partnerships and
relationships with all of the different academias, as well as,
you know, the universities, as well as private sector and some
of these different specialized groups to be able to bring that
talent on board within DHS.
So, you know, like, if I had my dream, that would be it,
that we could really have our Enhanced Hiring Act be something
that complements what we are trying to do with our Cyber Talent
Management System.
Mr. Meijer. Thank you, Ms. Bailey.
Mr. Currie, just kind-of sticking a little bit on cyber but
pivoting over to the acquisitions side of the house, I know
that, obviously, DHS has faced challenges in effectively
executing that portfolio. We have seen that with the Coast
Guard cutter acquisitions and also at CISA's National
Cybersecurity Protection System.
The GAO report mentioned that one action that remains is
for DHS to establish and effectively operate the Joint
Requirements Council to review and validate component-driven
capability requirements that drive the Department-wide
acquisitions and also work to identify and eliminate unintended
redundancies.
Can you share to what extent there has been progress in
this area and conclude with what remains to be done?
Mr. Currie. There has been a lot of progress in this area.
I mean, I think we have seen the JRC in existence for long
enough to know that it is the right organization with the right
processes to oversee the requirements development.
I think we are pretty close to probably addressing that,
maybe in another 6 months or so. I think we want to spend some
time validating this, though, and actually seeing the results
over the next 6 months.
You know, we do still have some concerns that, while there
is a lot more acquisition discipline and process, we still want
to see more programs within cost and schedule, we want to see
more successes. I just don't think we are seeing enough actual
successes.
Because, you know, it is not just about having the
discipline and the processes. I mean, the whole purpose of that
is you want to see effective implementation of these programs
into homeland to achieve the mission. We just haven't seen
enough of that yet to feel like that is not a high-risk issue.
Mr. Meijer. Are there any other acquisition programs across
the Government, whether within DOD or within more specialized
agencies or components, that you look at as a model or, you
know, areas that you would suggest that DHS emulate?
Mr. Currie. Well, there is no doubt that acquisitions is
tough across all Federal Government, I mean, especially DOD. I
mean, it is hard for me to say DOD is better than--you know,
they have challenges, too, as you know well.
But I think that DHS has a unique challenge here, though,
because a lot of times what they are trying to do is they are
trying to apply commercially-available technologies or other
sort of things to a very, very specific homeland application. I
think that is where sometimes we run into some challenges.
For example, you know, the USM and I were talking the other
day about the biodetection system, you know, where the DHS is
trying to implement a system that will, you know, within
minutes, detect a bio attack on our homeland. Well, it is very,
very difficult because the technology is just not available
yet. So the idea is good, but, you know, it is just not ready
to go in the homeland, whereas you may be able to use a
technology like that on a more experimental basis in the
warfighter scene or in theater or something like that.
So DHS just has a number of very unique challenges.
Mr. Meijer. Thank you, Mr. Currie.
Mr. Chairman, my time is expiring, and I believe we also
just had a vote call, for your awareness. With that, I yield
back.
Mr. Correa. Mr. Torres, did you want to ask a couple of
questions?
Mr. Torres. I would be able to ask a question, but if you
feel you have to end the hearing, that is----
Mr. Correa. Go ahead, shoot. You have about 12 minutes. Go
ahead.
Mr. Torres. OK.
Well, actually, we are going to vote on one of my bills. I
have a bill that would require the under secretary for
management, I believe, to issue Department-wide guidance to
require DHS contractors to submit a bill of materials
identifying the origin of software components. The legislation
was meant as a response to SolarWinds.
So my question for the under secretary is, what actions has
the agency taken to shore up our cybersecurity in the wake of
SolarWinds?
Mr. Alles. Yes. So, in the wake of SolarWinds, we are
developing a Unified Cybersecurity Maturity Model, because
SolarWinds is more complex than just looking at FISMA scores.
In fact, those kind-of evaluate the knowns. In this case, this
is what we call a zero-day exploit. So a lot of this is going
to address our cybersecurity domains, access control, audit and
accountability, risk management systems, and communication
protections.
It is based on the domains established in DOD's CMMC,
Cybersecurity Maturity Model Certification, which will help
make sure that the supply chain, which is how they got into our
systems through the SolarWinds supply chain, through security
issues with that contractor, will help ensure the contractors'
networks are secure.
It will also include implementation of a zero-trust
architecture, a supply chain risk management system, and then
enhance our cybersecurity provider program and our identity
verification management systems.
Mr. Torres. Can I ask a question about EINSTEIN in
particular? My understanding is that EINSTEIN lacks the
capacity to detect anomalous threats intruding----
Mr. Alles. Right.
Mr. Torres [continuing]. Into the Federal network. Is that
accurate? What are we doing to address that deficiency?
Mr. Alles. Yes, sir. EINSTEIN was formed to address known
threats. So, by definition, a zero-day exploit is not going to
be an EINSTEIN-protected----
Mr. Torres. So are we creating an EINSTEIN 4 or an entirely
new capacity to confront unknown anomalous threats?
Mr. Alles. It would be a different capacity, as I
mentioned--zero-trust architecture, securing your supply chain,
making sure your contractors are secure on their side.
Mr. Torres. One other question. What is the time line for
finalizing that?
Mr. Alles. For all these efforts, we are just getting them
under way. I would give that probably a couple of years to be
fully implemented.
Mr. Torres. All right. That was the extent of my
questioning. I just wanted to follow up on the supply chain
security.
I don't know if GAO has any thoughts on DHS's preparedness
in relation to a supply chain attack like SolarWinds?
Mr. Currie. Yes, sir, we do. I am not our cybersecurity
expert, but we have definitely have done a ton of work in that
area, and I can get you all that information.
Mr. Torres. That would be great.
OK. That is the extent of my questioning. Thank you, Mr.
Chair.
Mr. Correa. Thank you, Mr. Torres.
Mrs. Harshbarger, I believe you are next.
Mrs. Harshbarger. Well, I think I am good. If I have a
question, I will just give it to you in writing.
So thank you, Mr. Chairman.
Mr. Correa. I want to thank all of you. I want to thank the
witnesses for being here today and for your testimony, and
Members for your questions.
Members of the committee may have additional questions of
the witnesses, and we ask that you respond expeditiously to
them when they ask them in writing.
The Chair reminds Members that the committee record will
remain open for 10 business days.
Without any further objections or business, this committee
hearing is now adjourned.
Thank you very much.
[Whereupon, at 3:16 p.m., the subcommittee was adjourned.]

[all]