Two DHS IT projects enter troubled waters
The Homeland Security Department’s Emerge2 and Transportation Worker Identification Credential programs, two of its most critical management and security projects, are delayed and facing scrutiny from high level officials as well as congressional auditors.
Emerge2 delays will hamper DHS’ efforts to consolidate its crazy quilt of legacy financial systems and target its funds at the gravest terrorist threats.
TWIC’s delays will continue to expose national transportation facilities to infiltration by terrorists.
BearingPoint of McLean, Va., leads the contractor teams implementing both Emerge2 and TWIC.
Emerge2 has slowed because of poor government and contractor performance, said Andy Maner, DHS’ chief financial officer and the business sponsor of Emerge2. TWIC’s schedule stretched and the cost of its prototype phase contract doubled because the government expanded BearingPoint’s work scope, the department said.
“The government and the vendor have not performed as well as we would have wanted,” Maner said.
Senate Homeland Security and Governmental Reform Committee chairman Susan Collins, whose committee oversees DHS, wrote to comptroller general David M. Walker in late February, directing him to launch a Government Accountability Office investigation of the TWIC program.
“[T]his delay prolongs the time that critical transportation infrastructures are vulnerable to terrorist attack,” the Maine Republican wrote to Walker.
Emerge2 is a $229 million project that is expected to take at least two years to build a consolidated financial services backbone for the department to serve its 22 component agencies.Biometric IDs
TWIC is intended eventually to provide hundreds of thousands of biometric identification cards to transportation workers to help control access to ports, airports and similar facilities. The credential program was budgeted at $50 million in fiscal 2004 and 2005, but it eventually is expected to become self-supporting via user fees.
The department’s recently de- parted CIO, Steve Cooper, said in an e-mail exchange: “The Management Directorate is completing an in-depth analysis that in-volved the CFO team, the CIO team, and the [chief procurement officer] team, along with BearingPoint. That analysis is now under review by the undersecretary for management, Janet Hale. This will guide the next steps in moving Emerge2 forward.”
Asked about BearingPoint’s performance on Emerge2, Maner said in an interview, “We definitely have been working with them on quality issues for the last six months,” referring to “quality of deliverables and quality of everything.”
Maner conceded that, on Emerge2, “right now I am going slower than anticipated.”
He declined to specify how far behind schedule the project had slipped, but said that at the current rate, DHS and the vendor team would begin implementing it in 2006.
“People are asking me every time I go to the bathroom what is wrong with Emerge2,” Maner said. “I laugh because we are just managing the program.”
A senior DHS official confirmed reports circulating for weeks in the vendor community that DHS officials have reviewed the possibility of issuing a “cure letter” to BearingPoint that would be a first step to terminating the Emerge2 contract. DHS officials have discussed how to protect the government’s interests in relation to the contract, the official said.
Maner denied that he seeks to formally issue a cure letter to BearingPoint. “You do a cure letter when you have lost confidence in a vendor to proceed or deliver,” he said. “I have not lost confidence.”
Maner said DHS officials have decided to base the Emerge2 system on Oracle Corp.’s suite of database management system tools and that they are working with BearingPoint to decide exactly how to implement the project.
“It’s a make or buy decision,” Maner said. “We can either build Emerge2 from the ground up or look at [systems already in place] at the Secret Service and the Coast Guard, and see how they implemented it.”
Maner defended the department’s approach in dealing with Emerge2 issues, saying the project would proceed at a “comfortable” pace and that DHS officials were monitoring it daily.
“I can tell you one thing for sure, we know our requirements,” Maner said, responding to the concern that many software projects run into problems when requirements change.
“The issue is that the government and BearingPoint need to perform better to get the department on a unified financial system,” Maner said.
BearingPoint spokesman John Schneidawind said, “The Emerge2 program’s end-state vision remains the same, and BearingPoint re-mains strongly committed to DHS and Emerge2.” He referred other questions about Emerge2 to the department.
As for TWIC, both the department and BearingPoint defended the program schedule extension.
“The TWIC program is not delayed, experiencing quality issues or cost overruns,” Schneidawind said in response to written questions.
TSA spokeswoman Amy von Walter also submitted a written response describing why the prototype phase of the program had been extended by three months, to end on June 30, and why BearingPoint’s contract had been increased from $12 million to $24.5 million.New standards
Von Walter described how officials had modified the TWIC schedule to take into account biometric standards mandated by Homeland Security Presidential Directive 12 in late August, 2004, days after DHS awarded the TWIC contract to BearingPoint.
Schneidawind said DHS had increased his company’s scope of work on the TWIC prototype phase by adding procurement and installation of physical access control gear as well as centralized card production and personalization services.
“Please remember that the responsibility for card production was a major deliverable and functionality added to our requirements in October 2004 and was originally to be performed by the government, at a government operated facility,” Schneidawind said.
Von Walter described the same events somewhat differently: “Under the original contract, the government would provide data storage and would produce the cards, however, due to network security requirements and the need for the continuity of operations, the contractor provided these services.”
Connect with the GCN staff on Twitter @GCNtech.