IT hampers FEMA's hurricane recovery

Inefficient IT and its uneven implementation has nagged the Federal Emergency Management Agency for years and hampered FEMA's response to a major 2017 hurricane, a new report from the Department of Homeland Security's watchdog agency found.

A CIO that doesn't directly report to the agency's administrator, lack of an agencywide strategic IT plan and aging IT hardware have all contributed to FEMA's sometimes-fumbling IT efforts, according to the DHS Office of Inspector General report released Sept. 3.

The report came a day after Hurricane Dorian devastated the Bahamas and inched towards the mainland U.S.  FEMA told the OIG it is strengthening CIO oversight and prioritizing IT planning.

FEMA has sometimes struggled with setting up IT systems in support of disaster recovery, according to the report. After Hurricane Harvey flooded Houston and surrounding counties in 2017, for instance, the agency didn't have an approved wireless network access system in place for its work there. The agency's IT staff "spent several weeks installing more than 80 miles of network cable and wiring approximately 1,200 connections for workstations and other devices" as a result, the OIG found.

Inadequate IT operations also slowed some the work of 17,000 personnel who surged into areas hit by Harvey. Among those employees were 4,000 non-FEMA staff that needed access to agency networks -- yet the report found FEMA didn't provide adequate instructions to its mobilization centers on how to provide network access to those partners.

Also in 2017, the report said, some FEMA personnel used their personal laptops instead of FEMA's official systems to keep up with mission requirements during that year's hurricanes and severe western wildfires.

Central to the agency's IT issues, according to the report, is that FEMA's CIO does not directly report to the agency's leader.  The CIO instead reports to the associate administrator of mission support.

Because of that indirect reporting, the report said, FEMA's CIO doesn't have central oversight of agencywide IT assets and programs. The CIO oversees only 22 of FEMA's 97 major IT systems, while individual program offices independently manage the remaining 75. FEMA's FY 2018 IT spending totaled more than $452 million, but the CIO controlled only about 40% of that.

That indirect control and lack of direct CIO oversight has sometimes translated into plodding, inefficient disaster recovery support. The report said that in 2017, because FEMA's Office of the CIO didn't provide guidance or standards for field operations, IT deficiencies slowed the agency's response to Hurricane Harvey after the storm inundated the Texas coast.

The OIG made four recommendations: bring the CIO's authority to implement IT management practices up to date with federal mandates; set centralized IT planning and management as an agency priority; develop a long-term strategic plan to implement a centralized IT investment framework; and  develop a systems modernization approach that includes a plan to resolve IT integration, information sharing and reporting deficiencies.

FEMA concurred with the recommendations and said it had already begun implementing some of them. The agency said acting Director Pete Gaynor has signed a directive giving the CIO authority to exercise and fulfill the agency's IT responsibilities. Additionally, agency officials said they have urged Gaynor to prioritize agencywide IT planning and financial management and direct a strategic IT planning effort.