A work in progress

Experts debate whether the creation of DHS boosted technology programs as expected

Five years after the 2001 terrorist attacks that prompted the creation of the Homeland Security Department, DHS’ supporters and critics agree that information technology remains at the core of the department’s accomplishments and shortfalls. They disagree, however, about whether creating the department has led to the IT improvements that DHS was supposed to initiate.

Experts continue to debate whether the agencies that were folded into DHS would have been more successful from an IT perspective if they had remained separate.

DHS’ creation was the federal government’s most complicated organizational project since the creation of the Defense Department, said Bruce Brody, vice president for information security at Input, a market research firm.

“DOD was easier because there wasn’t any IT,” he said.

DHS faced the conundrum of setting a vision for using IT to support its mission while that mission was in development, said Bruce Walker, senior director of homeland security at Northrop Grumman IT. IT was fundamental to communicating the new department’s message and vision as quickly as possible, he said.

As it has grown, DHS has raised many IT issues that few people discussed five years ago, such as data privacy and secure credentialing, Walker said.

“DHS has been all about defining what we don’t know about what we don’t know,” he said. “It exposed vulnerabilities in the way we live that people ignored either consciously or unconsciously.”

DHS’ creation was beneficial overall for IT because the department and its supporters recognize the role technology can play in fighting terrorism and protecting the country, said Jennifer Kerber, director of homeland security at the IT Association of America. DHS has also been good for the IT industry, she said. In some areas, such as identity management, the department is a trailblazer in setting policies for IT use.

But Brody said he thinks creating DHS has hurt IT used for the department’s multiple missions. The department has not yet produced its intended efficiencies, he said.

Others say DHS has moved too slowly in some cases. Despite high-profile attention and exertion of political will, DHS has not widely deployed many cutting-edge technologies, such as biometric passport controls, said Rhett Dawson, chief executive officer of the IT Industry Council.

DHS supporters and critics agree that the bar has been set extraordinarily high for the department, and it is still too early to make a final judgment.

The department’s creation has improved the logistics, leadership and organization of homeland security, said Ed Hammersla, chief operating officer at Trusted Computer Solutions. However, the department has spent a lot of time solving internal problems, sometimes at the expense of focusing on its mission, he said. DHS has made real progress in certain areas, he added, but if this were a football game, “we’d still have 80 yards to go.”

New goals
It is difficult to gauge the state of all the IT components before agencies joined DHS because they had their own operations and strategies, said Charlie Armstrong, deputy chief information officer at DHS.

DHS created a new strategic direction that the agencies had to conform to, Armstrong said. When the department came together in March 2003, not every component aligned well with DHS’ strategic goals, he said.

DHS spent its first two years getting core functions, such as e-mail, to operate seamlessly, Armstrong said. Other departmentwide infrastructure projects remain, such as consolidating 17 smaller data centers into two larger ones and merging the department’s seven networks into one consolidated, managed-services network, he said.

Congress created DHS as a small bureaucracy with little authority, which has weakened its ability to integrate the components, said James Carafano, a senior research fellow at the Heritage Foundation.

In DHS’ first two years, undersecretaries battled to create their own empires inside the department instead of working together, he said.

When Michael Chertoff took over as secretary in March 2005, he saw the department’s dysfunction, Carafano said. Chertoff commissioned the Second Stage Review, which identified problems and devised plans to address inadequate information sharing and coordination among DHS component agencies, among other issues.

Technology and operations aren’t the biggest problems DHS faces, Brody said. The real problem is DHS’ lack of a consistent, departmentwide culture, because each component still has custodians of pre-DHS culture who resist integration into a single organization, he said.

“It’s going to take a miracle for some of these cultures to change,” he said.

Moreover, DHS headquarters doesn’t seem to have enough authority over the components, Brody said.

Each agency has its own authorization language, appropriations, congressional supporters and constituencies, he said. A lot of energy goes toward ensuring that each agency is fully empowered, funded and responsive to taxpayers, he added.

Information sharing
Although DHS has many responsibilities, three stand out in terms of the use of IT: information sharing, emergency preparedness and response, and border security.

Since the September 2001 terrorist attacks, the general consensus has been that insufficient sharing of counterterrorism information among federal, state and local law enforcement agencies contributed to the success of the attacks.

Since then, DHS has formed good working relationships with the IT staffs at DOD, the intelligence community and the Justice Department, Armstrong said. “We’re starting to see some of the fiefdoms starting to fall and people collaborate more,” he said.

DHS can connect the dots now better than before Sept. 11, 2001, but it needs to get more intelligence from state and local sources, Hammersla said. “We need our ear to the ground,” he said.

Much discussion about information sharing focuses on “high to low” sharing — from federal agencies to state and local government — and the legal and privacy issues surrounding it, Hammersla said. It would be more effective for DHS to concentrate on “low to high” sharing, getting information from the streets into the hands of federal agencies that could analyze it for threats.

“We could probably catch a couple of [terrorists] by accident,” he said.

The change from need to know to need to share is only occurring at the top executive levels, Hammersla said. The old culture dies hard: classified and unclassified networks are separate for security reasons, and the intelligence community was built on keeping secrets, not sharing them, he said.

Information sharing between federal agencies and their state and local partners has been limited and capricious since the 2001 terrorist attacks, said Mark Ghilarducci, vice president of James Lee Witt Associates, an emergency management consulting firm.

Information sharing needs to be automated and protocol-centered to keep information flowing at all times, he said.

“We’re still stovepiped and truncated in terms of how we share information rapidly,” Ghilarducci said. He agreed that communicating ground-level information to top decision-makers remains problematic.

More agencies have better access to existing systems, but little has been done to integrate back-end systems for one-stop information sharing, said Lynn Ann Casey, CEO of Arc Aspicio, a management consulting firm specializing in homeland security and border management issues.

Emergency preparedness
The devastation of Hurricane Katrina in August 2005 and the government’s delayed response to it outraged the nation. The Federal Emergency Management Agency, DHS’ lead component for emergency preparedness and recovery, took the brunt of the blame.

State and local responders also received their share of criticism for lack of coordination and interoperable communications.

FEMA officials have said FEMA’s incorporation into DHS did not hurt its ability to respond to Katrina.

To prepare for this year’s hurricane season, DHS has supplied FEMA with contractors, DHS contracting officers, geographic information system mapping technology and real-time logistics tracking for essential supplies, said Jeanne Etzel, FEMA’s deputy CIO.

“Being part of the department has really helped us out,” she said.

During her nine months at the agency, Etzel said, she has seen no downside to FEMA joining DHS. Temporary problems associated with consolidation are expected, she said, but they are not an issue if the overall changes are good for the department.

“You have to focus on the greater good,” said Rex Whitacre, FEMA’s chief of enterprise operations.

Experts outside FEMA have a less rosy assessment. Emergency preparedness is a weak point at DHS, Carafano said. The department doesn’t have the right long-term answer for who is responsible for emergency preparedness IT in DHS’ structure, he said.

FEMA has made some progress on monitoring its internal operations but has not reached out to state and local responders to ensure that everyone is on the same page, said Ghilarducci, a former FEMA official.

He said he believe that the federal government should show state and local emergency responders best practices for software and other tools so that the responders can buy equipment that they know will work and interoperate with other responders’ equipment.

DHS’ reaction to Katrina also signifies a problem with how it continually adapts its priorities, Ghilarducci said. Instead of learning from mistakes and adjusting the infrastructure to fix flaws, the department overhauls its operations after every major disaster to meet that last challenge to the exclusion of nearly everything else, he said.

It started with counterterrorism, moved to emergency preparedness after the 2005 hurricanes and is now fixated on border security. “After border security, they’ll move on to the next threat du jour,” he said.

Border security
Building DHS has brought a more coherent focus on the need to apply technology to border security, immigration, customs and airport security, many experts say.

DHS adapts its use of IT as its mission to protect the country evolves, Armstrong said. Since last fall, DHS has focused more on border security and has changed its philosophy toward it, he said. Instead of trying multiple solutions, it is looking at issues globally.

For example, the new Secure Border Initiative will reflect that new perspective, Armstrong said.

A potentially multibillion-dollar initiative involving new technology, infrastructure and employees, SBI is a positive development for border security because it takes an enterprise approach to the problem and integrates the department’s activities, Carafano said.

One of DHS’ most visible IT successes is the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program, experts agree. It collects digital photos and fingerprint scans of foreign travelers to the United States and compares them with those of known terrorists and other criminals on watchlists.

US-VISIT demonstrated that DHS could completely address an issue using IT, Walker said. However, a number of Transportation Security Administration programs have been in development for years and have not come to fruition as industry had expected, Kerber said. They include the Secure Flight and Registered Traveler passenger screening programs and the Transportation Worker Identification Credential.

DHS and TSA must still resolve many policy issues, especially those pertaining to personal data privacy, Kerber said.

Given the scale and complexity of so many of DHS’ initiatives, many observers are sympathetic about the challenges the department faces. But they don’t forget the reasons for the sense of urgency.

“Congress will look back on these five years as nice going but not enough,” Brody said. “Now what do we need to do to get this thing into high gear?”

Chinks in the armor

Even as the Homeland Security Department safeguards the country by bolstering critical fronts, its paltry efforts in cybersecurity and critical infrastructure protection have frustrated information technology partners and experts.

DHS Secretary Michael Chertoff announced in July 2005 that he would create an assistant secretary for cybersecurity and telecommunications position to answer calls from Congress and industry for a senior DHS official dedicated to cybersecurity. More than a year later, it remains unfilled.

Andy Purdy has done a stellar job as acting director of the National Cyber Security Division, said Charlie Armstrong, DHS’ deputy chief information officer. Armstrong declined to speculate why Congress has not approved Purdy for the assistant secretary position.

Although DHS “clearly has had a lot of very important priorities to manage, it is troubling that after an entire year, we still have not seen this crucial position filled,” said Paul Kurtz, executive director of the Cybersecurity Industry Alliance.

James Carafano, a senior research fellow at the Heritage Foundation, isn’t sure that cybersecurity is as compelling a crisis as people make it out to be. Terrorists are more interested in using technology such as the Internet for organizing their campaigns rather than spreading viruses, he said.

Carafano is anything but sanguine, however, about DHS’ efforts in protecting critical infrastructure, such as power and communications grids. “Everything done so far can be flushed down the toilet,” he said. The National Infrastructure Protection Plan released in January is a laughable waste of time and money, he said. “We now have a list of 12,000 ballparks,” he said. “What are we supposed to do with it?”

DHS has paid less attention to cybersecurity and critical infrastructure protection than physical security, but that is not necessarily a problem, said Rhett Dawson, chief executive officer of the IT Industry Council. The private sector has a greater responsibility to protect cyber and critical infrastructure assets because it owns at least 85 percent of them. The federal government should focus more on border security and other issues, he said.

Suggestions for the next 5 yearsOpinions abound on how the Homeland Security Department could improve its use of information technology in the next five years. Some focus on the IT, and others focus on the policies and people who implement it. Here are some of the suggestions.

  • DHS must fully implement the initiatives proposed as a result of its Second Stage Review, completed in July 2005, said James Carafano, a senior research fellow at the Heritage Foundation. IT is a critical component of many of those initiatives, such as better information sharing and improved border security.

  • DHS should operate more like the Defense Department, which has five-year plans, said Jennifer Kerber, director of homeland security at the IT Association of America. If an IT program isn’t in the five-year plan, it doesn’t get done, she said. Once DHS sets a plan, the department must tie all programs, policies and funding to it, Kerber said.

  • DHS should elevate its chief information officer to a full undersecretary position instead of making the CIO report to the undersecretary for management, said Bruce Brody, vice president for information security at Input, a market research firm. DHS should centralize management of all IT functions in the office of the CIO, he said. Finally, the department should withhold executive bonuses until agencies meet specific IT and IT security performance goals and objectives set by the CIO.

  • DHS and other U.S. agencies should strive to develop common intelligence and security standards and practices with other countries, said Thomas Marsden, assistant vice president of Dun and Bradstreet’s Government Solutions. Failure to do so will dilute U.S. security in a global context, he said.

  • DHS should continue to advance cross-functional, cross-agency activities, said Lynn Ann Casey, chief executive officer of Arc Aspicio, a management consulting firm that specializes in homeland security and border management issues. Looking at its enterprise architecture from a business-process perspective, not a technical one, will help DHS identify opportunities for cross-cutting initiatives and reduce redundancies.

  • The federal government should create national standards for interoperable communications equipment and advise state and local responders on what products to buy to meet those standards, said James Lee Witt, founder and president of James Lee Witt Associates, an emergency management consulting firm.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected