[House Hearing, 111 Congress]
[From the U.S. Government Publishing Office]




 
 INVESTMENT MANAGEMENT AND ACQUISITION CHALLENGES AT THE DEPARTMENT OF 
                           HOMELAND SECURITY

=======================================================================

                                HEARING

                               before the

                 SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
                     ORGANIZATION, AND PROCUREMENT

                                 of the

                         COMMITTEE ON OVERSIGHT
                         AND GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED ELEVENTH CONGRESS

                             FIRST SESSION

                               __________

                           SEPTEMBER 15, 2009

                               __________

                           Serial No. 111-60

                               __________

Printed for the use of the Committee on Oversight and Government Reform


  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html
                      http://www.house.gov/reform



                  U.S. GOVERNMENT PRINTING OFFICE
57-625                    WASHINGTON : 2010
-----------------------------------------------------------------------
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092104 Mail: Stop IDCC, Washington, DC 20402ï¿½090001

              COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM

                   EDOLPHUS TOWNS, New York, Chairman
PAUL E. KANJORSKI, Pennsylvania      DARRELL E. ISSA, California
CAROLYN B. MALONEY, New York         DAN BURTON, Indiana
ELIJAH E. CUMMINGS, Maryland         JOHN M. McHUGH, New York
DENNIS J. KUCINICH, Ohio             JOHN L. MICA, Florida
JOHN F. TIERNEY, Massachusetts       MARK E. SOUDER, Indiana
WM. LACY CLAY, Missouri              JOHN J. DUNCAN, Jr., Tennessee
DIANE E. WATSON, California          MICHAEL R. TURNER, Ohio
STEPHEN F. LYNCH, Massachusetts      LYNN A. WESTMORELAND, Georgia
JIM COOPER, Tennessee                PATRICK T. McHENRY, North Carolina
GERALD E. CONNOLLY, Virginia         BRIAN P. BILBRAY, California
MIKE QUIGLEY, Illinois               JIM JORDAN, Ohio
MARCY KAPTUR, Ohio                   JEFF FLAKE, Arizona
ELEANOR HOLMES NORTON, District of   JEFF FORTENBERRY, Nebraska
    Columbia                         JASON CHAFFETZ, Utah
PATRICK J. KENNEDY, Rhode Island     AARON SCHOCK, Illinois
DANNY K. DAVIS, Illinois             BLAINE LUETKEMEYER, Missouri
CHRIS VAN HOLLEN, Maryland
HENRY CUELLAR, Texas
PAUL W. HODES, New Hampshire
CHRISTOPHER S. MURPHY, Connecticut
PETER WELCH, Vermont
BILL FOSTER, Illinois
JACKIE SPEIER, California
STEVE DRIEHAUS, Ohio
------ ------

                      Ron Stroman, Staff Director
                Michael McCarthy, Deputy Staff Director
                      Carla Hultberg, Chief Clerk
                  Larry Brady, Minority Staff Director

  Subcommittee on Government Management, Organization, and Procurement

                 DIANE E. WATSON, California, Chairman
PAUL E. KANJORSKI, Pennsylvania      BRIAN P. BILBRAY, California
JIM COOPER, Tennessee                AARON SCHOCK, Illinois
GERALD E. CONNOLLY, Virginia         JOHN J. DUNCAN, Jr., Tennessee
HENRY CUELLAR, Texas                 JEFF FLAKE, Arizona
JACKIE SPEIER, California            BLAINE LUETKEMEYER, Missouri
PAUL W. HODES, New Hampshire
CHRISTOPHER S. MURPHY, Connecticut
MIKE QUIGLEY, Illinois
                      Bert Hammond, Staff Director


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on September 15, 2009...............................     1
Statement of:
    Duke, Elaine C., Deputy Under Secretary for Management, 
      Department of Homeland Security; James L. Taylor, Deputy 
      Inspector General, Department of Homeland Security; and 
      Randolph C. Hite, Director, Information Technology 
      Architecture and Systems Issues, Government Accountability 
      Office, accompanied by John Hutton.........................     5
        Duke, Elaine C...........................................     5
        Hite, Randolph...........................................    28
        Taylor, James L..........................................    17
Letters, statements, etc., submitted for the record by:
    Duke, Elaine C., Deputy Under Secretary for Management, 
      Department of Homeland Security, prepared statement of.....     7
    Hite, Randolph C., Director, Information Technology 
      Architecture and Systems Issues, Government Accountability 
      Office, prepared statement of..............................    30
    Taylor, James L., Deputy Inspector General, Department of 
      Homeland Security, prepared statement of...................    19


 INVESTMENT MANAGEMENT AND ACQUISITION CHALLENGES AT THE DEPARTMENT OF 
                           HOMELAND SECURITY

                              ----------                              


                      TUESDAY, SEPTEMBER 15, 2009

                  House of Representatives,
            Subcommittee on Government Management, 
                     Organization, and Procurement,
              Committee on Oversight and Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 9:40 a.m., in 
room 2154, Rayburn House Office Building, Hon. Diane E. Watson 
(chairwoman of the subcommittee) presiding.
    Present: Representatives Watson, Connolly, Cuellar, 
Bilbray, and Leutkemeyer.
    Staff present: Bert Hammond, staff director; Adam Bordes 
and Deborah Mack, professional staff; Valerie Van Buren, clerk; 
Dan Blankenburg, minority director of outreach and senior 
advisor; Adam Fromm, minority chief clerk and Member liaison; 
Steven Castor; minority senior counsel; and Ashley Callen, 
minority counsel.
    Ms. Watson. The Subcommittee on Government Management, 
Organization, and Procurement of the Committee on Oversight and 
Government Reform will now come to order. And I would like to 
introduce our newest member, and it is Representative Blaine 
Luetkemeyer from Missouri. Welcome.
    Mr. Luetkemeyer. Thank you, Madam Chairman.
    Ms. Watson. Today's hearing will examine the state of 
investment management and acquisition oversight practices for 
major information technology programs at the Department of 
Homeland Security. And the hearing will also serve as an 
opportunity for DHS leadership to explain their plans for 
strengthening agency oversight, mechanisms governing both 
current investments and future acquisitions.
    Without objection, the Chair and ranking member will have 5 
minutes to make opening statements, followed by opening 
statements not to exceed 3 minutes by any other Member who 
seeks recognition.
    Without objection, Members and witnesses may have 5 
legislative days to submit a written statement or extraneous 
materials for the record.
    I would like to wish a good morning to all of our 
witnesses, staff, and all those out in the audience. And as I 
mentioned, the subcommittee hearing on investment management 
stewardship and acquisition strategies for major information 
technology or IT programs at the Department of Homeland 
Security will be examined. I welcome our distinguished 
panelists and look forward to hearing their testimony.
    Now, today's hearing by our subcommittee is the first look 
into the oversight mechanisms used by DHS for governing its 
portfolio of agency acquisition while examining some of the 
particulars associated with a number of high-risk IT investment 
in development that are critical for achieving many of their 
missions. In fact, roughly $6.6 billion will be spent this year 
by DHS on technology-specific programs deemed necessary for 
both administrative and programmatic functions.
    According to the GAO, the DHS investment review process is 
inadequate and has resulted in a number of poorly performing or 
failed investments. In fact, nearly all the programs achieved 
in GAO's most recent work were proceeding without adequate 
oversight from stakeholder leaders or detailed budget 
justifications for their funding. These factors contribute to 
excessive costoverruns, extended project delays and projects 
that are simply ill-conceived from the outset. The inspector 
general of DHS offered similar observations and findings in his 
previous work as well.
    It goes without saying that funding dedicated to DHS 
investments will require stout internal controls and planning 
processes in order to be successful. We know that previous 
high-profile investments such as the eMerge financial 
management systems program failed due to significant 
deficiencies in the agency's investment planning and contract 
oversight practices.
    I think it is imperative today that the DHS provide us some 
specifics about the lessons learned from previous failed 
programs and how we can be assured that such costly failures 
will be avoided in the near future.
    As part of the prior administration, I hope Ms. Duke can 
explain how exactly we got to this point and whether current 
circumstances merit moving forward with programs that are 
extensively flawed. To be fair, I know this is a tall order for 
her and other DHS leaders to undertake alone. And I implore the 
administration to become more engaged on these issues by 
finally appointing someone to head the Office of Federal 
Procurement Policy at OMB.
    And today I am hoping that our witnesses will provide us an 
updated snapshot of where DHS is by providing specifics about 
some of those programs deemed most at risk or in a poorly 
performing state. Hopefully this will provide us a way forward 
for remedying those issues as the subcommittee continues in its 
oversight of DHS in this Congress.
    And with that, I want to thank our panels for joining us 
today, and we look forward to their testimony.
    I would now like to give time to Mr. Bilbray, our ranking 
member.
    Mr. Bilbray. Thank you, Madam Chair. Madam Chair, first of 
all, I ask for unanimous consent that a text of my opening 
statement be included in the record.
    Ms. Watson. Without objection, so ordered.
    Mr. Bilbray. Madam Chair, I thank you very much for holding 
this hearing. I appreciate the witnesses for being here. I 
think that in the short span that DHS has been in existence, I 
remember the scramble to restructure our system after 9/11. We 
have just passed 8 years, and I think it's a great time to 
reflect on our successes and our failures. The concerns that we 
have, obviously, are always tending to focus on the negative, 
especially in this committee, because that's our 
responsibility. We tend to be the bean counters for the 
Congress in a lot of ways, but mostly not deciding who gets the 
beans but where the beans went. And right now there's a lot of 
this that does not look very effective.
    I got to tell you, the emergency response and the 
capabilities of the Federal Government to respond to certain 
threats are obviously one of the highest priorities 
constitutionally we bear. We do a lot of things and talk about 
a lot of things that are not constitutionally mandated. But 
when it comes to securing our borders, securing our 
neighborhoods, protecting our community at large for the common 
good, that's definitely one of the major focuses of our 
Constitution.
    And you may not know, I was born and raised on the border 
with Mexico down in the San Diego region. My district is very 
close to the largest port of entry in the world, land port of 
entry. And a lot of people forget that. And we have seen a lot 
of mistakes on here. I think that one of the frustrations is 
the half implementation of the VISIT system. I think it's got 
some great potentials.
    I would love to be able to talk about the great potentials 
of getting the biometrics of everyone who comes into this 
country legally and being able to use that, but also the 
frustration of not being able to implement in, what, 12 years--
how many years has it been--the Exit program on the VISIT 
system. So we don't know who is left.
    And I think at the same time, when we talk about that we 
see the failure of the border security system. And frankly I am 
very interested in seeing how much of that was wishful thinking 
or a snake oil salesman showing up and saying, I've got 
technology that will eliminate the need for building a fence. 
We have agents that are being killed down at the border by 
people who are able to cross over, drive trucks and then drive 
over agents. We can detect them but we can't stop them. A lot 
of that, though, is: Was that some kind of response to 
political pressure against building structures that, don't 
worry, we don't have to build a fence and do a structure that 
somebody may take offense to; we can do it all with technology.
    A lot of that kind of question comes out to how much 
political pressure drove people into an assumption that 
technology could solve the problem when in fact it was grossly 
deficient.
    The fact that we're going to address this in many different 
ways I think should be open and frank about it. But I think 
that we have some successes we can look at, but we also have 
some great failures. And I just wonder how many of those are 
people overselling technology or those going to technology to 
avoid political heat for other tactics that would have been 
more successful. And I look forward to opening that discussion 
up.
    So thank you very much, Madam Chair, I appreciate holding 
this hearing, again, and thank you for the testimony of the 
witnesses.
    Ms. Watson. Thank you.
    Mr. Luetkemeyer, would you like to make an opening 
statement.
    Mr. Luetkemeyer. No.
    Ms. Watson. OK. We're now going to proceed to our first 
panel. It is the policy of the Committee on Oversight and 
Government Reform to swear in all witnesses today before they 
testify. And I would like to ask all of you to please stand and 
raise your right hands.
    [Witnesses sworn.]
    Ms. Watson. Thank you. You may be seated. Let the record 
reflect that the witnesses answered in the affirmative. I will 
now introduce our panelists. And first I would like to start 
with Ms. Elaine C. Duke. She's the Under Secretary for 
Management at the Department of Homeland Security. She oversees 
the management of the Department's finance, human capital and 
contracting programs, including the design and implementation 
of all major investments and acquisitions. Prior to her 
appointment as Under Secretary for Management, she served as 
Deputy Under Secretary for Management and as the Department's 
Chief Procurement Officer.
    Mr. James L. Taylor is the Deputy Inspector General at the 
Department of Homeland Security where he has participated in 
multiple audits and examinations of DHS investment management 
policies and acquisition programs. Prior to joining DHS, Mr. 
Taylor served in senior financial management roles at both the 
Department of Commerce and the Federal Emergency Management 
Agency. Mr. Taylor has been the recipient of numerous awards 
for outstanding professional accomplishments, including the 
Presidential Rank Award for Distinguished Executive and the 
Donald T. Scatterberry Memorial Award for Excellence in 
Financial Management. Welcome.
    Mr. Randolph Hite is the Director of Information 
Technology, Architecture and Systems issues at the Government 
Accountability Office. During his career with GAO he has 
directed reviews of major Federal investments in information 
technology and major business systems modernization efforts. 
Mr. Hite is a principal author of several information 
technology management guides such as GAO's Guide on System 
Testing, the Federal CIO Council Guide on Enterprise 
Architectures and GAO's Enterprise and Architecture Management 
Maturity Framework.
    And I understand that you're accompanied by Mr. Hutton of 
GAO's Acquisition and Sourcing Management division.
    I welcome you. And I ask that each one of the witnesses now 
give a brief summary of their testimony, and to keep this 
summary under 5 minutes in duration. Your complete written 
statements will be included in the hearing record.
    And we recognize our member, Mr. Cuellar, and thank you for 
being with us this morning.
    OK. I would like to ask Ms. Duke to please proceed.

   STATEMENTS OF ELAINE C. DUKE, DEPUTY UNDER SECRETARY FOR 
 MANAGEMENT, DEPARTMENT OF HOMELAND SECURITY; JAMES L. TAYLOR, 
DEPUTY INSPECTOR GENERAL, DEPARTMENT OF HOMELAND SECURITY; AND 
RANDOLPH C. HITE, DIRECTOR, INFORMATION TECHNOLOGY ARCHITECTURE 
     AND SYSTEMS ISSUES, GOVERNMENT ACCOUNTABILITY OFFICE, 
                   ACCOMPANIED BY JOHN HUTTON

                  STATEMENT OF ELAINE C. DUKE

    Ms. Duke. Good morning Chairwoman Watson, Ranking Member 
Bilbray and members of the subcommittee. I really appreciate 
the opportunity to come before you today and talk about this 
very important topic not only to the Department of Homeland 
Security but also to our country. And we do indeed, Madam 
Chairwoman, have lessons learned. And I would like to look 
forward to talking to you about how DHS is strengthening its 
oversight of all its acquisition programs, including its 
information technology programs.
    In talking with you this morning I would like to talk about 
where we were, where we are, and where we're going. In the 
aftermath of September 11th, Congress created DHS to provide a 
central point of command for securing our country and citizens. 
In March 2003, we opened our doors and combined the efforts of 
180,000 people from 22 agencies and several newly established 
offices in the DHS headquarters. In March 2003, the IT 
infrastructure for DHS included multiple wide-area networks 
with overlapping and redundant system circuitry, each with its 
own network operation center and security operation center. The 
infrastructure had 24 different data centers and multiple 
independently operated e-mail systems with multiple address 
lists and help desk services. There are multiple sign-on 
systems in policy and no secure data transmission capability.
    This non-unified networking made communication and 
information exchange across Department enterprise arduous and 
costly and inhibited our mission success and timeline. We are 
focused on this operational area in unifying, consolidating and 
modernizing.
    However, we understand that this is more than connecting 
servers and running cables. It is also accomplished through 
good management and acquisition oversight. To strengthen the 
institutional approach to acquisition and IT investment 
management, DHS established the Acquisition Program Management 
Division. This office is responsible for the overall 
coordination of acquisition oversight and policy within the 
Department, with a DHS Chief Information Officer providing the 
leadership in the oversight of the information technology 
programs.
    We have dramatically increased the formal acquisition 
review boards we hold in the Department. In fiscal year 2008 we 
held eight formal board meetings, in fiscal year 2009 to date, 
we have already held 28, including 8 specifically focused on 
American Reinvestment and Recovery Act spending. We will also 
ensure our IT programs are developed in accordance with the 
Office of Management and Budget's Federal enterprise 
architecture guidelines through our Enterprise Architecture 
Board [EAB]. This EAB assesses each IT program and its 
contribution in alignment with the Homeland Security mission. 
Additionally, our CIO reviews all acquisitions, purchase 
requests for any IT investment over $2\1/2\ million.
    We have made major strides in cost estimating and analysis, 
one of the root causes of the weakness in many of our IT 
programs. We have established a cost estimating division which 
is part of each acquisition review, and have also provided cost 
estimating assistance to over a dozen programs. We have 
assessed the risk of all 79 of our major IT programs and have 
posted the results on the OMB information technology dashboard.
    This year we have conducted seven portfolio reviews 
encompassing 61 programs. That is one of the recommendations of 
GAO that we have recently addressed. And in July 2009, we have 
reissued the information Technology Management Governance 
Process Catalog providing clear guidance to the Department of 
how we're overseeing our IT programs.
    Additionally, we have provided updates to many of our 
existing guidance created in the initial startup of the 
Department.
    Also, we have updated existing guidance in terms of our 
acquisition review and have issued the management directive 
102-1 that governs acquisition oversight and policy for the 
entire Department. And we have revised how we're tracking 
action items coming out of our reviews in formal acquisition 
decision memorandum that have specific due-outs and tracking 
system.
    DHS will continue consolidation and oversight of these 
programs toward the Secretary's goal of one DHS, one 
enterprise, a shared vision and integrated results-based 
operations.
    Our future efforts in the IT area include completing the 
Homeland Security data network, primary migration and also 
fully realizing our OneNet vision, finalizing our data center 
consolidation, and creating a more efficient and effective IT 
environment and greater level of information technology 
security to address our cyber threat.
    It is important to note that DHS developed and implemented 
all initiatives I've outlined above while simultaneously 
managing an existing information technology program that has 
grown to nearly $7 billion within the 6 years of the 
Department. While we have strengthened many aspects of our IT 
acquisition program, we will continue to seek improvements in 
our processes and provide our professionals the tools they need 
to meet both our mission objectives and achieve IT oversight.
    I am happy to note that the Department has brought on the 
new administration's full-time Chief Information Officer, 
Richard Spires. Mr. Spires and I have discussed his goals and 
he is leading the Department in the right direction. His focus 
is on a sound approach to conducting systematic reviews of 
major IT investments, and he recognizes the importance of his 
leadership as the Department's CIO.
    Thank you, Madam Chairwoman, and members of the 
subcommittee for your interest in this very important topic. I 
look forward to talking to you about where DHS is, the lessons 
we have learned, and how weplan on moving forward.
    Ms. Watson. Thank you Ms. Duke.
    [The prepared statement of Ms. Duke follows:]

    [GRAPHIC] [TIFF OMITTED] T7625.001
    
    [GRAPHIC] [TIFF OMITTED] T7625.002
    
    [GRAPHIC] [TIFF OMITTED] T7625.003
    
    [GRAPHIC] [TIFF OMITTED] T7625.004
    
    [GRAPHIC] [TIFF OMITTED] T7625.005
    
    [GRAPHIC] [TIFF OMITTED] T7625.006
    
    [GRAPHIC] [TIFF OMITTED] T7625.007
    
    [GRAPHIC] [TIFF OMITTED] T7625.008
    
    [GRAPHIC] [TIFF OMITTED] T7625.009
    
    [GRAPHIC] [TIFF OMITTED] T7625.010
    
    Ms. Watson. Mr. Taylor, you may proceed.

                  STATEMENT OF JAMES L. TAYLOR

    Mr. Taylor. Thank you, Ms. Chairwoman, Ranking Member 
Bilbray, and members of the subcommittee. I appreciate the 
opportunity to appear before you on behalf of the DHS Office of 
Inspector General. My testimony today will focus on the 
progress in IT acquisition management DHS has made over the 
past several years, as well as the challenges the Department 
and its components face going forward. Specifically, I will 
discuss our work related to the establishment of institutional 
and investment management capabilities for delivering major 
information technology systems at DHS.
    As required by the Reports Consolidation Act of 2000, each 
year the OIG updates our assessment of the major management 
challenges facing the Department. Given the past concerns we in 
GAO have raised and the fact that contracting for goods and 
services consumes nearly 40 percent of the Department's annual 
budget and is critical to achieving its mission acquisition 
management, it has consistently remained at the top of that 
list.
    DHS spends over $6 billion a year for IT systems and 
infrastructure to support its mission. The Department's 
components rely extensively on information technology to 
perform mission operations, including immigration benefits 
processing, border security, the execution of response and 
recovery operations and many others.
    Given the size and significance of DHS's IT investments, 
effective management of the Department-wide IT expenditures is 
absolutely critical. In the past we identified the need for the 
Department's Chief Information Officer to have greater 
authority to become a more effective steward of IT funds. The 
Department has responded by strengthening the CIO's role for 
centralized management of IT, providing the CIO the authority 
to guide IT investments and ensure a unified strategy across 
DHS components.
    Additionally, the CIO has gained greater authority over 
component level IT budgets and oversight of IT acquisitions. 
This has resulted from the establishment of new policies in IT 
investment governance functions and a defined IT acquisition 
review process. However, in 2007 only 57 percent of the 
estimated $5.6 billion IT budget was evaluated through this 
process. The Department officials stated that there have been a 
lack of sufficient DHS and component CIO staff to effectively 
execute the ITAR process.
    In 2004, around 75 percent of the Federal positions within 
the CIO's office were filled. By 2007, that number had dropped 
to only 64 percent. Unable to obtain and keep full-time Federal 
employees, the CIO has depended heavily on contractor support. 
During that same timeframe from 2004 to 2007, the number of 
contractors increased from 121 to 550. A combination of factors 
have contributed to the low staffing numbers, including the 
complex and lengthy hiring process, and includes background 
checks that you have heard as a familiar refrain. Once the CIO 
positions are filled, many employees have become burned out 
from working long hours and end up leaving for positions in the 
private sector.
    To address the staffing issues, we recommended that the 
Department improve the CIO staffing plan to include specific 
actions and milestones for recruiting and retaining full-time 
employees. The Department has since developed a revised 
staffing plan to increase Federal positions and to augment 
overall staff by 236, by 2011. This increase is necessary to 
address the complex IT challenges facing DHS.
    An example of major IT challenges, OneNet, an initiative 
aimed at consolidating existing IT infrastructures into a wide-
area network. DHS began working on OneNet in 2005 and envisions 
it will provide the components with secure data voice and video 
communications. Specifically, DHS is experiencing delays in 
meeting its schedule completion date. Some components were 
reluctant to migrate to OneNet and have insisted instead on 
maintaining their own Internet gateways. As a result, DHS may 
not be able to reach its ultimate goal of consolidating and 
modernizing its existing infrastructure and achieve cost 
savings originally estimated at nearly $900 million.
    Concluding, CIOs also face significant challenges in their 
efforts to improve IT management in budgeting, planning and 
investment. Because programs are often funded through direct 
appropriations or other sources investment decisions may reside 
outside the component CIO's purview. In these cases, offices 
and divisions maintain separate budgets that are independent of 
the CIO. Insufficient staff, ineffective IT budget controls and 
fragmented IT management have been longstanding issues for 
several DHS components.
    For example, in November 2006, reporting the results of a 
followup audit of USCIS's transformation program, we noted that 
although CIS had taken steps to address recommendations in our 
2005 report, the component had yet to finalize its 
transformation of implementation approach. Subsequently, we 
found in 2009 that the large-scale CIS transformation program 
is being managed outside the CIO's Office of Information 
Technology.
    The CIO identified the autonomy of CIS's transformation 
program IT efforts and the program's exemption from normal CIS 
controls as an emerging internal control deficiency. In 
addition, we reported that the continuation of decentralized 
fragmented IT program efforts has led to a growing number of 
local systems that are beyond the CIO's current budget or 
staffing level to manage effectively. Although the total number 
of locally funded IT systems is unknown CIS field offices have 
reported thousands of applications that were created in-house.
    To summarize, Ms. Chairwoman, our work with the Department 
has shown that there is a recognition of the weaknesses in IT 
acquisition in governance processes in the Department, and 
there has been progress in addressing these weaknesses. 
However, there remains structural and resource constraints that 
limit the Department's ability to properly plan, acquire, and 
oversee critical information technology projects.
    Thank you for this opportunity, and I welcome any questions 
from you or members of the subcommittee.
    Ms. Watson. Thank you so much Mr. Taylor.
    [The prepared statement of Mr. Taylor follows:]

    [GRAPHIC] [TIFF OMITTED] T7625.011
    
    [GRAPHIC] [TIFF OMITTED] T7625.012
    
    [GRAPHIC] [TIFF OMITTED] T7625.013
    
    [GRAPHIC] [TIFF OMITTED] T7625.014
    
    [GRAPHIC] [TIFF OMITTED] T7625.015
    
    [GRAPHIC] [TIFF OMITTED] T7625.016
    
    [GRAPHIC] [TIFF OMITTED] T7625.017
    
    [GRAPHIC] [TIFF OMITTED] T7625.018
    
    [GRAPHIC] [TIFF OMITTED] T7625.019
    
    Ms. Watson. And Mr. Hite you may now proceed.

                   STATEMENT OF RANDOLPH HITE

    Mr. Hite. Thank you. On behalf of Mr. Hutton and myself, 
let me begin by saying that it was about 3\1/2\ years ago that 
I sat before this subcommittee and I testified on where DHS 
stood in managing large-scale IT system acquisitions. Noting 
that while it had made progress since it was formed in 
establishing this range of institutional management controls 
needed to successfully deliver these systems, it was not where 
it needed to be.
    Today, 3 years later, further progress has been made, most 
notably in the last year. However, more needs to be done on a 
number of fronts to define and implement the range of controls 
needed so that the Department can successfully deliver these 
systems on a repeatable basis.
    Now, what are these institutional management controls that 
I am talking about? One is having and using enterprise 
architecture which can be viewed as an institutional blueprint 
to guide and constrain the structure and the content of what 
these systems are.
    Another is having acquisition investment management 
structures, policies, and procedures that decisionmaking bodies 
can then use to make informed decisions not only about 
programs, but portfolios of programs, decisions around their 
selection and the control. So they are managed in a way to 
maximize benefits, minimize costs and mitigate risks.
    A third is having a defined system life cycle methodology 
that is used to govern how systems are defined, designed, 
developed, tested, integrated, deployed, operated and 
maintained all through their life cycle.
    And a fourth is having the people that you need in order to 
execute all these things.
    How does the Department stack up today against these 
management controls? The answer is mixed. For example, it has 
recently strengthened its acquisition investment management 
approach and has in the last year possibly conducted as many 
formal oversight reviews of major system acquisition programs 
as it did in the prior 5 years combined. However, its new 
approach is still missing key aspects, such as criteria for 
prioritizing and selecting among competing investment options 
and procedures governing oversight reviews.
    Also, while the Department has recently created a system 
life cycle methodology, the scope of this methodology does not 
yet address important topics such as key practices associated 
with acquiring COTS or commercialoff-the-shelf solutions.
    Further, while it has undertaken a number of initiatives to 
expand its acquisition work force, particularly contract 
specialists, it has made very little progress in adopting and 
implementing a strategic and proactive approach to managing its 
IT work force. Over the last 3\1/2\ years, DHS has similarly 
made mixed, or had similarly mixed success when it comes to 
implementing these controls on large-scale IT programs.
    Specifically, our work has shown that programs have been 
allowed to begin and proceed, sometimes for several years, 
without sufficient management, discipline and rigor. And as a 
result they've fallen short of cost scheduling performance 
expectations, assuming in some cases that expectations were 
even set for these programs. That's the bad news.
    The good news is that when we have reported on these 
weaknesses, the Department has acted to correct them and bring 
the program back on track. This means that programs like Secure 
Flight, for example, which is the prescreening of passengers on 
commercial flights, matching their names against a watch list, 
is now being managed effectively. But to get to that point, 
these programs had to overcome several years of poor program 
management and oversight.
    To give you a flavor for the kind of program-specific 
management control weaknesses that we have seen repeat 
themselves on these key programs and that have been addressed 
to varying degrees across the programs, let me cite a few 
programs. They include poor requirements, development and 
management, inadequate testing, unreliable cost and schedule 
estimates, insufficient program office staffing, inadequate 
risk management, limited information security management and 
poor performance measurement.
    So, having said all this, what needs to be done? What needs 
to change? The bottom line is that DHS must effectively manage 
and oversee its newly starting IT programs, like TASC. TASC is 
the follow-on program to the eMerge2 that the chairwoman 
mentioned in her opening remarks. That was a failed 
acquisition. It needs to start managing these acquisitions 
properly, right out of the gate. And for those programs that 
are ongoing but have not yet turned the corner, like the SBInet 
virtual fence, it needs to bring them in line quickly.
    In my view, the recommendations that we have made to the 
Department provide a comprehensive framework for doing this. 
And to DHS's credit it has agreed with these recommendations, 
and we are committed to working with the Department 
constructively to ensure that they are implemented.
    This concludes my statement. I would be happy to answer any 
questions that you have at this time.
    [The prepared statement of Mr. Hite follows:]

    [GRAPHIC] [TIFF OMITTED] T7625.020
    
    [GRAPHIC] [TIFF OMITTED] T7625.021
    
    [GRAPHIC] [TIFF OMITTED] T7625.022
    
    [GRAPHIC] [TIFF OMITTED] T7625.023
    
    [GRAPHIC] [TIFF OMITTED] T7625.024
    
    [GRAPHIC] [TIFF OMITTED] T7625.025
    
    [GRAPHIC] [TIFF OMITTED] T7625.026
    
    [GRAPHIC] [TIFF OMITTED] T7625.027
    
    [GRAPHIC] [TIFF OMITTED] T7625.028
    
    [GRAPHIC] [TIFF OMITTED] T7625.029
    
    [GRAPHIC] [TIFF OMITTED] T7625.030
    
    [GRAPHIC] [TIFF OMITTED] T7625.031
    
    [GRAPHIC] [TIFF OMITTED] T7625.032
    
    [GRAPHIC] [TIFF OMITTED] T7625.033
    
    [GRAPHIC] [TIFF OMITTED] T7625.034
    
    [GRAPHIC] [TIFF OMITTED] T7625.035
    
    [GRAPHIC] [TIFF OMITTED] T7625.036
    
    [GRAPHIC] [TIFF OMITTED] T7625.037
    
    [GRAPHIC] [TIFF OMITTED] T7625.038
    
    [GRAPHIC] [TIFF OMITTED] T7625.039
    
    [GRAPHIC] [TIFF OMITTED] T7625.040
    
    [GRAPHIC] [TIFF OMITTED] T7625.041
    
    [GRAPHIC] [TIFF OMITTED] T7625.042
    
    [GRAPHIC] [TIFF OMITTED] T7625.043
    
    [GRAPHIC] [TIFF OMITTED] T7625.044
    
    [GRAPHIC] [TIFF OMITTED] T7625.045
    
    [GRAPHIC] [TIFF OMITTED] T7625.046
    
    [GRAPHIC] [TIFF OMITTED] T7625.047
    
    [GRAPHIC] [TIFF OMITTED] T7625.048
    
    [GRAPHIC] [TIFF OMITTED] T7625.049
    
    [GRAPHIC] [TIFF OMITTED] T7625.050
    
    [GRAPHIC] [TIFF OMITTED] T7625.051
    
    [GRAPHIC] [TIFF OMITTED] T7625.052
    
    [GRAPHIC] [TIFF OMITTED] T7625.053
    
    [GRAPHIC] [TIFF OMITTED] T7625.054
    
    [GRAPHIC] [TIFF OMITTED] T7625.055
    
    [GRAPHIC] [TIFF OMITTED] T7625.056
    
    [GRAPHIC] [TIFF OMITTED] T7625.057
    
    [GRAPHIC] [TIFF OMITTED] T7625.058
    
    [GRAPHIC] [TIFF OMITTED] T7625.059
    
    [GRAPHIC] [TIFF OMITTED] T7625.060
    
    [GRAPHIC] [TIFF OMITTED] T7625.061
    
    [GRAPHIC] [TIFF OMITTED] T7625.062
    
    [GRAPHIC] [TIFF OMITTED] T7625.063
    
    [GRAPHIC] [TIFF OMITTED] T7625.064
    
    [GRAPHIC] [TIFF OMITTED] T7625.065
    
    [GRAPHIC] [TIFF OMITTED] T7625.066
    
    Ms. Watson. Well, I would like to thank all of you for your 
testimony. And we are now going to move to the question period. 
And we will all proceed under the 5-minute rule.
    And I am going to first start with Ms. Duke and some of the 
points you brought out in your opening testimony, but I want 
you to consolidate them and be more specific. DHS has been 
operating for more than 6 years, during which you have played a 
key leadership role in shaping how it requires and acquires and 
manages large-scale IT programs. It would certainly seem that 6 
years is a sufficient amount of time for the Department to 
become a mature and capable acquirer and manager of IT.
    How would you characterize where the Department stands in 
its capacity to acquire and manage major IT instruments? And 
please describe how DHS matured in developing better 
capabilities for managing its investment portfolios.
    Ms. Duke. I think it is important to note that we have 
three roles. We're both providing the services in many cases to 
DHS headquarters, we're building the policies and procedures 
and then we're doing the oversight.
    Both the GAO and the IG have talked about resource 
constraints. We are hoping this month to reach 100 people in 
the CIO's office. So I think when we think about all three 
roles, which is doing the IT operations, building, writing the 
policies, putting the procedures in place and then actually 
performing the oversight, I think that puts in perspective how 
much we really accomplished in 6 years.
    So what have we done that specifically, I think, is going 
to make a difference now in going forward in the iterations of 
policies we have done? One is we have strengthened the role of 
the CIO. Mr. Spires is the Chief Information Officer for the 
Department and has all the authorities of Clinger-Cohen plus. 
He has authority not only over IT investments but over IT 
portions of non-IT investments. And we have integrated the IT 
oversight into our major acquisition program so that there's a 
consolidated look at acquisition for our senior leadership.
    Our new deputy secretary Jane Holl Lute, chairs our 
acquisition review board and she is personally looking at the 
IT and non-IT investments. And that's one of the reasons we 
have had such an increase in our number of board reviews.
    The other thing that we're doing that may sound simple but 
is really making a difference is each one of these review 
meetings we used to document having the reports and give 
recommendations. What we have switched to is we have precise 
action items that are tracked. And so for each one of these 
meetings we say what the program needs to do for its next stage 
of maturation, and we're tracking on those. And that is 
reported to me biweekly.
    And the final thing I will say is we have a new on-line 
system for our leadership called NPRS that gives the state of 
affairs for each program in terms of cost, schedule and 
performance. And that is going to give visibility continually, 
not only as we have these board meetings, but in between those, 
in terms of the performance of each of the acquisition 
programs.
    Ms. Watson. That probably answers the next question I was 
going to ask. That you assure our subcommittee that all IT 
programs are being reviewed at least once a year for all major 
development milestones. And I think that's what you're 
describing.
    Ms. Duke. Yes ma'am.
    Ms. Watson. What does the new DHS leadership have to say 
about the deficient processes in place for overseeing agency 
investments, and have they established a long-term blueprint 
for strengthening the investment management process? And if so, 
how does it differ from the prior administration?
    Ms. Duke. I think the new Secretary, Secretary Napolitano, 
she came in with not only a knowledge of the mission from her 
leading in the State of Arizona, a border State, a lot of DHS-
type activity. But I think from being a Governor and being in 
the role of managing a bureaucracy, she also came in with a 
very, very strong understanding of how management has to 
effectively work not only the CIO, but the personnel piece, the 
financial piece. So she immediately considered me and the 
management staff as a key partner, considering how we're doing, 
not only meeting the mission but effectively and efficiently 
meeting the mission, including IT. So I think that her work as 
Governor came in with a presumption that we would do everything 
not just to meet mission, but with good business sense. And 
that really has put management, I think, on the front burner 
for each of our mission decisions and has really bolstered our 
visibility in the Department.
    Ms. Watson. I understand that DHS is in its planning stages 
of developing its new headquarters.
    Ms. Duke. Yes.
    Ms. Watson. Here in D.C., which will consolidate a 
significant number of legacy operations and sites into one 
campus. What assurances can you offer us that a multibillion-
dollar investment like this, with so many major program and 
infrastructure components as part of its nerve center, has been 
designed with effective capabilities and requirements for 
meeting the mission and the needs of DHS for decades into the 
future? And do you have specific programmatic life cycle cost 
estimates and benchmarks for delivering that you can share with 
our committee today?
    Ms. Duke. There's actually three pieces of our headquarters 
consolidation. There's the St. Elizabeth Campus, which has 
gotten the most visibility, and that is going to be where the 
Secretary and the senior leadership are. Additionally, we will 
keep about four of our existing facilities, including the 
Secret Service Building and a few others. And, additionally, we 
will be consolidating the remaining 40 or so leases from the 
National Capital Region into about 1.2 million square feet, so 
we will actually end up with about five to eight facilities.
    The way we're managing that project is through management 
of the Chief Administrative Officer. We were given 20 positions 
to manage that project in DHS. We got them in fiscal year 2009, 
which is really a recognition of our appropriators that you do 
need the staff to manage that appropriately. Additionally, with 
leasing, because this is a GSA site, we are using GSA as our 
execution agent. So we are using our 20 assets to determine the 
requirements to make sure we have a stable program that meets 
DHS's headquarter's needs. All the work is being executed 
through GSA. They are awarding the contracts and they are 
managing the contracts. And they have the expertise and the 
bandwidth to actually do those programs.
    So I think the fact that we have a program office fully 
dedicated to this, in addition to DHS's expertise in 
facilities, will help ensure this project goes forward.
    Ms. Watson. I want to thank you, Ms. Duke.
    And I now recognize our ranking minority member, Mr. 
Bilbray, for 5 minutes.
    Mr. Bilbray. Thank you, Madam Chair. And let me just say to 
our witnesses, as I ask questions to one Member, if there is 
anything you want to add to it, this is a dialog, we're trying 
to get into it.
    Ms. Duke, I'll start with you. Where was--let me just say, 
where was the Department coming from--and I know it predated 
the Department to some degree and got into it--but this whole 
issue of the virtual fence that technology could replace 
structures and then have Boeing walk in and say basically, We 
can handle all of this, you don't need to do this, you don't 
need to do that. How did that evolve?
    I mean how does a--I mean, I think all of us here kind of 
trust our lives to Boeing every couple of weeks, but I am not 
so sure I would choose Boeing to be a security force for the 
national frontiers. How did that evolve into such a bet on 
technology that ended up going--you know, basically going bust?
    Ms. Duke. Well, I think that our approach to the southwest 
border started with looking at what mix of solutions do we need 
to appropriately secure the border. We call it an alternatives 
analysis. What mixture of people, Border Patrol, tactical 
infrastructure--which includes fence and roads--and technology 
do we need based on the geography and topography of especially 
the southwest border? And we started doing a very systematic 
look.
    I think that the deviations in the program from taking a 
really bottoms-up look ended up by the urgency--or driven by 
the urgency of protecting the southwest border. So I believe if 
there is one fault that I can point to to be kind of a root 
cause, it would be instead of completing the analysis of 
alternatives and looking at what are the operational 
requirements of the Border Patrol to secure the border, and 
building up to what we buy, because of the urgency there was a 
predisposition to jump to solutions, to jump to technology, 
whether it be tactical infrastructure or technology, but not 
really take the time----
    Mr. Bilbray. Looking for a silver bullet.
    Ms. Duke. Looking for a silver bullet, or jumping to fix 
this rather than looking at the needs.
    Mr. Bilbray. Did anybody take the time to go down and look 
at the terrain, to look at the operation? I mean, the fact is I 
am not against the IT application there. But anybody who has 
ever been there realizes that jersey walls across the canyons 
were going to do a lot more a lot quicker than putting up 
towers with sensors and whatever.
    I hate to say this. I am a history major. It reminds me so 
much of what happened after World War II when the Air Force 
came in and said, we don't need the Army, we don't need the 
Navy; you know, with Atomic Age, all you need is airplanes that 
can drop bombs and all we other services should be abandoned, 
so bet on us.
    And Korea--and we were actually moving toward that. Korea 
taught us real quick what a failed concept that was based on 
that. That seemed like this element. But to be fair with you 
and with the agency, I would ask the question how much politics 
goes into it, too, with people not liking the concept or the 
message sent by putting barriers up at the border, and how much 
of that influenced it? And then how did Boeing end up with this 
thing?
    Ms. Duke. I believe that Boeing was--Boeing was selected 
because what the acquisition strategy, what we were looking 
for, it was a major systems integrator. And Boeing brought both 
the ability to help DHS in determining what mixture of 
technologies and infrastructure go at the border and the 
capability to perform.
    I think in terms of the tactical infrastructure, that was 
our first focus, the fence. In terms of technology we are 
moving forward very carefully and we are doing capabilities 
demonstration to see what benefit technology can bring.
    But I think in going to Mr. Taylor's comment that we should 
move carefully, and Mr. Hite's new programs, we are not 
wholesale just deploying technology across the border. We are 
doing two small test projects in Tucson and Aho and seeing does 
this technology help the Border Patrol.
    Mr. Bilbray. And let me just say I have seen technology 
work right. We were actually back in the seventies, using 
ground sensors that had been developed during Vietnam. And the 
Border Patrol were using them back then. There were all kinds 
of technologies. They're still using those. You don't drive a 
road in the border region without our guys knowing that a car 
has passed.
    What about the VISIT system? One of the great successes is 
the fact that we now have the data base and biometrics on 
everybody that comes into this country legally. And a lot of 
people forget that 40 percent of the people who are illegally 
in this country are overstays and would fall in that category. 
That's been a great success.
    But what's happened over a decade of waiting for the Exit 
program? And I know my time has expired. But that's very 
important. How can we move that agenda? And it appears that no 
matter who is the administration, this issue is being avoided, 
and that's the Exit part of the VISIT program, so we know who 
is left, which makes it a lot easier to know who is left in.
    Ms. Duke. I think the policy decision on Exit has not been 
made. In terms of management of my controls, what we're making 
sure is we're not spending money on a contractor until that 
policy decision is made. And so I do believe, Mr. Bilbray, that 
is one where we have not made progress on it.
    The good news from the management perspective is we're not 
just out there kind of doing things while a policy decision is 
made. So I think that's the approach that this administration 
is taking, is to decide what Exit is.
    Mr. Bilbray. I appreciate that. And let me just close by 
saying this. I thought the policy decision was made by Congress 
when we passed a law that says this program will be plugged in. 
Now, I appreciate you get the political pressure. You got 
people that say it is more important for people to freely pass 
back and forth across that Tijuana crossing every day; that 
commerce being able to come into our ports is more important 
than securing and making sure that only good things get across; 
that the implementation of the law is secondary to political 
pressure by business and political groups. So I think that a 
lot of these problems are based on politics, not on policy, as 
you said, or technology. But we need to separate those two and 
make sure that we take care of the politics and you take care 
of the technology.
    Thank you, Madam Chair. I yield back.
    Ms. Watson. We now yield to the distinguished gentleman 
from Texas, Mr. Cuellar.
    Mr. Cuellar. Thank you, Madam Chair. Thank you for holding 
this meeting. And I want to thank the witnesses for being here. 
I guess March 2003 is when we had the reorganization, 22 
different agencies. And I know from that time there's been a 
lot of good progress that Homeland has done, and I appreciate 
all the work that the men and women have provided.
    At the same time, there have been some issues, some of the 
issues that the gentleman just brought up, talking about the 
border fence or the technology. Since I live in Laredo, I am 
very familiar with it, extremely familiar with it. And I've 
always wondered why we always try to reinvent the wheel. I am 
very familiar with the SBI part of the other committee, 
Homeland. My understanding is that the Department of Defense 
has already done a couple of pilot programs and done a briefing 
on them, where the sensors and the cameras are at a fraction of 
the cost of what you all have invested already. So if it has 
worked for the military, why do we have to go out there and 
reinvent the wheel where it has been already tested? It is 
proven technology at a much cheaper price. And here we are 
spending billions of dollars, No. 1, on technology.
    And I know one of the excuses was, oh, we're still working 
on it, but don't worry we're going to bring team A now to work 
on the issues. This is one of the things.
    So I wondered, you know, so what was this, team B, team C, 
and now we're bringing team A in. And, oh, we didn't know it 
was going to be that hot on the border. I mean, there were a 
lot of things that came up on that.
    But I would ask you to look at the proven technology. And 
if you all haven't sat down with the Department of Defense, 
with the specific agency, and said to the Department, I'll be 
happy to sit down with you, I think it will save you probably 
billions of dollars.
    The other thing is if you look at it, it took us less time 
to win World War II than what we have been trying to organize, 
reorganize. And I saw your testimony and you're saying GAO is 
looking backward. We need to look forward. But we still have to 
look backward to see what the problems are.
    We still know Homeland Security, what, had morale issues. 
There was, what, one of the last ones, or had one of the 
biggest morale issues of any agencies that were surveyed. On 
top of that, we have looked at some of the issues that we have 
here. I can give you specific issues as to how you all contract 
and how you do this, and I can give you examples what's 
happened in my hometown without going into much specifics. But 
one of the things that I really would like to see is your 
performance measures. I have a list of questions, Madam Chair, 
that I would provide to the clerk.
    Ms. Watson. You still have time.
    Mr. Cuellar. And I would like to request that we can submit 
this for the record.
    Ms. Watson. Without objection.
    Mr. Cuellar. Thank you, Madam Chair. And ask you to go 
ahead and bring them in. But I want to know how do you measure 
the work that you're doing, what sort of indicators do you 
have, performance measures that you have, how do you indicate 
success? I mean, if you can't tell us what we're doing, then we 
don't know if we're rewarding success or failure. So I would 
ask you to--and, I don't know, Madam Chair, 2 weeks, is that 
sufficient time?
    Ms. Watson. I would think so.
    Mr. Cuellar. I would ask you if you can submit this to the 
committee within 2 weeks to the list of questions that I have.
    So I guess my statement now, or my question is: When you 
hear from the GAO or the inspector general, what do you do with 
the recommendations, what actually--what's the thought process? 
Because they've given some recommendations and you're 
considered an at-risk agency, which means vulnerable to fraud, 
waste, mismanagement, etc. What actually goes through a thought 
process? When GAO gives you a report, what do you all do? Look 
at it, put it upside down and say, OK, let's move on? What's 
the thought process?
    Ms. Duke. We take the reviews of the IG and the GAO very 
seriously, in addition to the oversight provided to us by 
Congress. Most of the issues, it's very rarely that we 
nonconcur with any of the findings. We might nonconcur on a 
specific fact. And I think that when you look at the reports, 
generally they're saying we're moving in the right direction, 
we just have gaps still in the effectiveness of what we're 
doing.
    So what I look at, No. 1, are there any indications that 
we're going in the wrong direction; are our practices not best 
practices; do our policies have areas that GAO or the IG are 
saying are wrong or not good for the Department? So the first 
thing I look at is a systems look of are we going in the right 
direction? And then the second thing I look at is what 
specifically is called out on a program. Is that a system 
vulnerability? So if they review one program, like SBInet, does 
that same vulnerability--for instance, cost estimating is one. 
We feel that even though the GAO or IG might call that out as a 
vulnerability on one program, we think that's a systemic 
vulnerability or we see it coming up, so we address those 
first.
    Mr. Cuellar. When you get a report, do you sit down with a 
follow-up with GAO and say, We got your recommendations, do you 
have any suggestions on how we can implement this because of 
cost or whatever the factors might come in?
    Ms. Duke. Yes. We sit down with them on specific reports. 
We also sit down with them just regularly, both with the IT 
group and there's an acquisition group, and just look at 
overall. We have also used some of their best practices. We're 
using GAO's cost estimating best practices as part of our 
policy, so we leverage wherever we can.
    Mr. Cuellar. Madam Chair, can I just ask GAO, do they 
followup? I mean what happens afterwards? I know my time is up. 
But I am kind of curious on--there's a report that's given; 
then what happens after that?
    Mr. Hite. We have interaction on a continuous basis with 
the Department to ensure that the recommendations are 
implemented. Within 60 days after the report, they have to 
report formally to the Congress on what they intend to do to 
address those recommendations. Every year we followup on the 
status of our recommendations and work with the Department to 
find out where those things stand. If it deals with major 
programs like SBInet or US-VISIT, we have work that is going on 
continuously, so it is part of that engagement with the agency. 
We're constantly looking to see what's happening. And believe 
me, we're encouraging and urging faster action on some of these 
things.
    Sometimes there's some misunderstanding in the 
communication. Sometimes when we write a recommendation, we 
think it's abundantly clear to anybody, exactly what we meant. 
But sometimes it calls for some clarification down the road, 
and we have worked to do that.
    Mr. Cuellar. Thank you, Madam Chair.
    Ms. Watson. Thank you. I would like now to yield to Mr. 
Luetkemeyer, the gentleman from Missouri.
    Mr. Luetkemeyer. Thank you, Madam Chair. Mr. Hite, do you 
have any private sector experience?
    Mr. Hite. No sir.
    Mr. Luetkemeyer. You have worked for the GAO all your----
    Mr. Hite. I worked for GAO for 32 years, except for my 
details to the Hill.
    Mr. Luetkemeyer. OK. Very good.
    Ms. Duke, in the report that I've got here of the summary 
of some of the reports that were done, back in November 2008 it 
says that the agency concurred with all seven recommendations 
but appears that they have only implemented two of the 
recommendations. Can you explain that?
    Ms. Duke. I am not sure exactly what report you're 
referring to, which GAO report.
    Mr. Luetkemeyer. It's a 2007 DHS report where it obligated 
$12 billion for acquisitions. GAO recommended certain steps by 
DHS that would take more thorough--could take to more 
thoroughly implement the following investment review process. 
And in here it says the agency concurred with all 
recommendations, but appears that they have only implemented 
two of the recommendations.
    So I was just curious why we didn't implement the rest or 
what's the problem? Are we getting on it?
    Ms. Duke. Did you want to say something?
    Mr. Hutton. If I may. I am John Hutton with GAO. I was one 
of the authors of that report. And as Randy said, Mr. Hite 
said, we do followup on our recommendations. But what we won't 
do initially is close the recommendation if we haven't seen 
something executed a little bit further down the line toward 
fruition.
    I share what Ms. Duke has said, that they have taken 
several steps that get right at the specifics of our 
recommendation. But we really believe, and I think Mr. Cuellar 
mentioned earlier, the importance of looking back. We feel that 
the work that we have done where we have looked at the 
execution of their investment reviews through 2004 through 
March 2010--or 2008--it just was not being executed. And we 
came up--we identified several reasons why. So we think it is 
important that you look back, find out why it hasn't worked in 
the past. But to me, execution--follow through to the end is 
what's important here before we're going to consider it a 
recommendation fully met.
    Ms. Duke. And that report, now that I understood it a 
little more fully, we were moving in that direction. But again 
the GAO thought we weren't making enough progress. So some of 
the specific recommendations was we're not holding enough board 
meetings, we're not documenting it properly.
    Mr. Luetkemeyer. You're not having enough meetings?
    Ms. Duke. Enough board meetings, yes. They looked at how 
many acquisition review board meetings we were having, the 
documentation of them, the followup and those type of things. I 
think we have corrected that. At this point the recommendations 
are still open because they want us to demonstrate sustained 
performance in actually keeping the system going. But, yes, a 
lot of it was counting the number of review board meetings we 
had and the documentation of them.
    Mr. Luetkemeyer. Not to be argumentative, but having a 
meeting doesn't mean anything unless you do something in the 
meeting. You can have a meeting every day, but if you don't do 
something in a meeting it's wasting everybody's time. Also, 
with regard to this report it says that they found 14 major 
investments that experienced cost growth, schedule slips or 
performance shortfalls. Have those problems that caused those 
things to happen, have they been fixed?
    Ms. Duke. We have programs that are----
    Mr. Luetkemeyer. Or did we have more meetings to discuss 
it?
    Ms. Duke. The way we're fixing the problems of those type 
are to have putting in place what's called an acquisition 
program baseline that sets cost.
    Mr. Luetkemeyer. Why was it not put in place to begin with?
    Ms. Duke. The programs were active when they came to the 
Department and they were not in place. So we're going back and 
we're fixing the programs that came into the Department. Those 
programs, we only have a few new-start programs since the 
Department stood up. SBInet, CIS transmission, most of those 
programs existed in legacy agencies, and we're trying to build 
a structure around them without stopping them, and balancing, 
building the controls while they're still performing. So, yes, 
it is a going-back exercise.
    Mr. Luetkemeyer. Sir.
    Mr. Hutton. Sir, I would like to continue the discussion a 
little bit on the question about what steps have been taken. 
And Ms. Duke mentioned one of our points was about the 
meetings. But I want to add some context to that. What we are 
talking about is that we looked at--I believe it was 48 major 
investments over almost a 4-year period. And there was already 
a process in place at the time. If it was applied with 
discipline and, for example, the programs had mission need 
statements that were approved, if they had operational 
requirement documents that were approved, if they had 
acquisition program baselines that were approved, and DHS was 
actually involved in holding a meeting, although I think it's 
more than just a meeting, it's getting Department-level 
approval of that investment as it moves forward, that's the 
key.
    But some of our other recommendations were that two of the 
components didn't have their own process that they're supposed 
to have that's consistent with the departmental process. That's 
just another example.
    So we have several recommendations that I think get at the 
core of some of the problems that we saw. And I think that 
while they have taken some steps--and I would agree with Ms. 
Duke--I didn't want to leave the impression that it was just 
having a meeting.
    Mr. Luetkemeyer. OK. Thank you. I see my time has expired. 
Thank you Madam Chair, or ranking member.
    Mr. Bilbray [presiding]. I want to follow back up, Ms. 
Duke. I don't mean to be picking on you. But the issue of 
policy with the VISIT system, was it the policy of the Bush 
administration that the Exit part of the VISIT system was not 
going to be implemented at that time?
    Ms. Duke. Mr. Bilbray, I honestly don't have firsthand 
knowledge of that because I wasn't involved in the policy 
decisions. My role was more do we have an actual requirement to 
execute? So I honestly can't answer that question.
    Mr. Bilbray. I am trying to remember, but I remember pretty 
closely when the VISIT system was being pushed by Lamar Smith 
and Chairman Sensenbrenner. And as far as I know, that was not 
a voluntary authorization, it was a mandatory implementation. 
And I still have a problem with why it hasn't been implemented, 
unless they're still using the excuse that the technology 
doesn't exist to monitor those who are leaving the country. Or 
if the executive branch claims the authority to veto the 
legislative intent with the fact that we feel that it's 
inappropriate at this time to implement the legislative 
mandate. And you have no recollection where the justification 
was that was outside of your realm?
    Ms. Duke. No, I have never heard any discussions that the 
issue was technology. It's more what the Exit solution would 
look like, the specifics. And if you would like, I can get back 
to you for the record on where we currently stand with the Exit 
solution implementation. But it is not a technology issue, it 
was just more--and it wasn't even an issue of whether we are 
going to do Exit or not. It was going to be what precisely is 
Exit going to look like.
    Mr. Bilbray. I am kind of interested to see what decade we 
come to that conclusion, what it's going to look like. Because 
it is one of those situations that after 9/11 there was a lot 
of talk about how terrible it was that the bureaucracy wasn't 
doing the commonsense things and implementing and overlooking 
and avoiding things. And that is State and Federal bureaucracy. 
But now after all this time, to go back and say we're still 
trying to figure out what we want this to look like. At a 
time--and let me just say this--at a time that our neighbors to 
the south are stopping traffic and going through traffic as it 
comes south, we are worried about if somebody may have to slow 
down for a monitor to pick it up. And how many of us drive 
through toll booths that electronically pick up our data? And 
it seems like if it's to raise money, if it seems like it's to 
generate revenue, the technology is there and implementation is 
OK. But if it is to regulate the Federal constitutional mandate 
of immigration and border security that the Federal Government 
has, we just don't know how to implement it.
    And maybe what we ought to be talking about is just going 
to the State agencies that are handling toll roads and saying, 
You know, maybe we want to contract with you guys to do it, 
because they seem to do it pretty well. I mean I avoid the toll 
road, the Dulles toll road, like the plague. But I drive next 
to it every day that I drive south--and south meaning 
southwest. And they sure seem to be able to get that technology 
working there.
    So I want to leave an open invitation that, please, if 
there's political barriers to the implementation of the law, we 
need to know about it. And frankly, I think that's one of those 
things that we need to address.
    The other issue that the gentleman from Texas brought up, I 
want an open invitation of how we can do it better, where you 
see the system needing to be improved. Because we're going to 
be following up on why are we reinventing the wheel. When we 
have sensors and technology that's been used by our military 
and our clandestine services for decades, why aren't those 
technologies being looked at further rather than what appears 
to be last?
    And a lot of this is politics. Look, I have been in the 
game since I was 25 years old. I know how much influence of the 
politics is. And politics can be good or bad. Let's thank God 
that somebody was willing to stand up and tell the bureaucracy 
that we can't do all observations from outer space; we are 
going to try this little remote-control airplane called the 
Predator, which has been one of the greatest success of 
military application within decades.
    But the politics of the lobbyists here pushing us to go use 
technology unproven, the silver bullet that looks so great when 
someone is selling here in Washington, I think those are things 
we are going to address. And I leave you an open invitation, as 
much as you can within the law and protocol, to work with us so 
that we're not just digging through your records, you're able 
to participate with us so we address the issue and serve the 
community we're sworn to serve, and that is the American 
people.
    Thank you very much. I appreciate it.
    Go ahead. Mr. Hite.
    Mr. Hite. Yes, sir. Just a couple thoughts concerning US-
VISIT Exit. I can't comment to the extent it was a policy or 
political decision. I'm not aware of that. The real challenge 
with dealing with US-VISIT Exit is that the physical 
infrastructure was never there to screen people as they were 
leaving this country. It has always been there to screen people 
as they come in, and there are extraordinary physical space 
limitations for land-based borders as well as in airports and 
seaports, too.
    So the real issue, the real challenge that is trying to be 
dealt with now with respect to US-VISIT is not technology, it 
is operationally how are we going to implement this? How are we 
going to implement the technology? Who is going to do what? Is 
TSA going to do it at the checkpoint? Is CBP going to do it at 
the gate for land borders? How are we going to expand the 
physical lanes in a very constricted environment in some of 
these urban ports of entry? So, that is the nature of the 
challenge that is being dealt with now.
    Mr. Bilbray. Let me just say this: The largest land port of 
entry in the world is being rebuilt today. My question to you 
is as we're rebuilding that whole structure, putting diagonal 
lanes, increase, double them up on there, are we engineering 
and designing into that new system the Exit system? Is that 
being engineered in there? Do you know?
    Mr. Hite. I can't tell you that, but that is an excellent 
question, and that is what should be dealt with when you look 
at a portfolio of investments and say, we invest in physical 
infrastructure here; how does that relate to what we want to 
accomplish through technology, through the US-VISIT program? So 
let us make sure they work in lockstep.
    Mr. Bilbray. Let me tell you as someone who has worked on 
border issues since the 1970's, the political pressure is to 
get people into this country and back and forth as quickly as 
possible, and security is way down the list. And the trouble is 
we don't have that kind of lobby and political pressure on the 
bureaucracy to implement the law as we do as to make sure that 
commerce is never obstructed to any degree.
    And frankly, as you said, the infrastructure, if we were 
charging at the border, you darn well say that infrastructure 
would be there like that. But when it comes to securing and 
implementing the requirements of the representatives of the 
people of the United States, it has been put off for a decade.
    So I guess that is one of those things we need to make a 
priority, and my staff will be checking with the millions that 
are going into redesigning and rebuilding the border crossing 
at Tijuana, let us see if the Exit part of it is being 
executed. Let us see if the administration is following the law 
or responding to the political pressure.
    Thank you very much.
    Ms. Watson. Mr. Bilbray, we intend to hold a series of 
these hearings and make recommendations. Since we have a new 
administration, it is just mind-blowing. When we put the 
Department of Homeland Security together, we brought over 
750,000 people from various agencies and departments who had 
their own budgets, and we have to see that this Department 
functions for its intended purposes. And we might quote a 
number of years, but still we have the kinks to work out. And 
so have faith that when we gather all the information, we will 
make the kind of recommendation so Homeland Security will 
indeed secure our homeland.
    I would like to go on now to Mr. Taylor. And your testimony 
cites the explosive growth of contractor support in the CIO's 
office at DHS since 2007. And what are the causes of the 
staffing shortages, and is it a cultural or due to ineffective 
management? I know we threw all of it together; that is why I 
made that comment. And we just want to know, has DHS made the 
significant alterations to its staffing plans since your 
recommendations were made to do so?
    And you can chime in, Ms. Duke.
    Mr. Taylor. Sure. In response to the recommendations, the 
Department has put together a plan to significantly increase 
the CIO's office, and I think Ms. Duke mentioned that they're 
going to hit 100. The total that they plan to do by 2011 was 
something like 236, I believe. So they have responded to that.
    To answer your question about why it got to where it is, I 
think there were--we identified just a number of potential 
reasons. There has been a push historically to reduce the 
number of permanent, full-time Federal employees anyway and 
rely more on contractors in the past. Also the IT area is one 
of these areas where we all sitting at this table and in the 
Federal Government have had a heck of a time hiring qualified 
people. So it is tough to start with because we have trouble 
competing with the private sector, and there are barriers still 
in the hiring process to make it frustrating for someone to try 
to come from the private sector and get into the government if 
they're not experienced with the process. There is background 
checks. Sometimes it takes months to get someone in. They get 
frustrated. They have another offer, they move on.
    Ms. Watson. With the job loss and the situation is now, do 
we see more people out there that would be eligible?
    Ms. Duke.
    Ms. Duke. We see some increase in--especially at the 
lower--excuse me, the higher grades, so people coming out of 
industry with pay parity, kind of the 14, 15 and above levels. 
Our biggest challenge in recruiting is at the journeyman level, 
the high working level, the GS-12s and 13s, and we're not 
seeing too much of an increase in those, but we're starting to 
see.
    Additionally we're working on some with Mr. Berry, who is 
now running the Office of Personnel Management, on getting some 
flexibilities with hiring.
    And the third thing we're doing, because you specifically 
mentioned contractors, is not only in the CIO's office, but 
across DHS, we're looking at the balance of our work force. 
Within CIO we have adjusted our work force to--we were going to 
just about 200 through contractor conversions of essential 
functions; our goal now to be at about 325 Federal employees by 
2011. We think we can do that with the existing budget by 
making core functions of Federal employees. It is going to be a 
human resources challenge to recruit that many people for DHS, 
though.
    Ms. Watson. Let me move on. We're losing a lot of our time. 
Let me address this to Mr. Hite and Mr. Hutton. I want to begin 
with a very general question. And how would you characterize 
the success of DHS in delivering large-scale systems that are 
on time, under budget, and that meet preestablished 
requirements? And let me go, I guess, to Mr. Hite.
    Mr. Hite. A very general question like that, overall I 
would say the success has been poor in doing that. What we have 
seen is a pattern of programs--as I mentioned in my oral 
remarks, a pattern of programs getting started and allowing to 
proceed for many years, where they're rudderless basically. And 
then when these problems come to the attention of certain 
principals, then they get acted on, and, through many years of 
efforts, the programs begin to be brought back on track. That, 
to me, is not an indication of a successful program.
    To measure success, and success can be anywhere on the 
continuum from achieving everything we possibly hoped of to 
achieving nothing, you need to establish what it is you're 
trying to deliver, and you need to make that commitment, and 
you need to measure yourself against it. Time and time again on 
some of these programs I've seen where they get started, and 
they're allowed to proceed in the absence of any commitments, 
without defining what is going to be done by when to deliver 
what kind of capabilities to produce what kind of value. If if 
you don't have those commitments, it is hard to judge success. 
You can proceed for a while and deliver some capability and 
declare success.
    One of the things we have pushed for in our reports, and 
one of the things I would emphasize, is that when programs 
start, they need to be grounded in clear expectations 
surrounding what are we going to get at the end of the day, and 
what is it going to cost us? And then you need to measure 
yourself against that.
    Ms. Watson. In 1996, Congress attempted to strengthen the 
IT investment management oversight process through new 
requirements for capital planning and investment that we use at 
agencies. Both agency procurement and information officers were 
charged with overseeing the following activities.
    Would it be fair to say that ineffective review processes 
are the cause of wasted investments like the eMerge program, 
and is the investment review process at DHS broken? If so, how 
much of it is due to inadequate attention from agency leaders? 
And we will start with you, Ms. Duke.
    Ms. Duke. I think that we have a ways to go to deliver the 
robust acquisition review program that this country deserves, 
but I don't think it is because of a lack of attention. I 
really think that, right or wrong, when the Department was 
formed, it didn't exist. So the programs existed, the $6 
billion worth of IT investments existed, and the things that 
GAO and the IG are saying we should have didn't. And so 
programs came into the Department, and they didn't have cost 
scheduling and performance metrics.
    So what we've had to do in setting up the program is go 
back and put those in place and then start measuring against 
them. So the result is that things have taken time because we 
can't measure performance until we actually put performance 
metrics into place.
    And so in a lot of the first years of the Department, we've 
been in a remedial mode. We've been putting things into place. 
And now as we put them in place, we can measure against them 
and track performance. But we've been--I think that some people 
erroneously believe that we started out kind of zero, we start 
out in a hole. And I think we've dug ourselves out of the hole, 
but we're not to the preciseness that this country deserves 
yet.
    Ms. Watson. I understand that Senator Carper has introduced 
legislation that would make significant alterations to the IT 
investment management process, including increased requirements 
for budget justifications and transparency during the 
development life cycle. And should we be using firm financial 
benchmarks at DHS for determining when to pull the plug on 
programs with cost overruns or deficiencies beyond certain 
thresholds? And are there statutory changes that could be made 
to strengthen the oversight processes in place at DHS, or are 
there problems more related to the execution of current 
processes in place? And let me just start with the GAO, and 
then we will go on to the IG.
    Mr. Hite. Madam Chair, my position on that is you shouldn't 
have to legislate good management.
    Ms. Watson. That is true.
    Mr. Hite. And, in fact, legislating good management can 
sometimes be a dangerous thing to do, can sometimes have 
unintended consequences. What I believe is that the mechanisms 
are in place, they're understood. The issue comes in execution 
and implementation. And in the absence of implementation, it 
doesn't matter how great a process or a review board set-up 
that you have, you have to execute it.
    So I would go back to something I've said many times is 
that for a program of this kind of magnitude to be successful, 
there are literally 100 stars that need to align, and any one 
of those stars can have a major impact on that program. So 
there are a lot of things that have to be done right, and 
oversight is one of those variables, but there are a whole lot 
of others in the equation that need to be done right. And the 
reason that some of these programs have fallen on hard times 
over the years is through a combination of these things.
    And to Ms. Dukes's point about the fact that they inherited 
these agencies, these component agencies, and inherited their 
programs, and hence the Department didn't have its own 
institutional ways of overseeing, that is true. The components 
should have had their own, and the components should have been 
paying attention to them, and the components should have been 
doing those programs correctly, and that wasn't happening.
    Ms. Watson. Thank you.
    Mr. Taylor.
    Mr. Taylor. I would like to back us up. I think the most 
valuable service that a procurement office performs is helping 
management determine what its the requirements are in the first 
place.
    What we've seen over time is a lack of firm, measurable 
requirements, that what is it we're trying to accomplish with 
this technology application, what is it we're trying to 
achieve? And we start with those kinds of problems, that and 
the constant pressure to respond, respond in terms of 
disasters, respond in terms of crisis at the border. We need to 
do something quickly, so we don't have time to really work 
through all of our requirements, and so the requirements 
change, and whenever that happens, you have serious problems 
with oversight.
    You also have a problem where it's not so much that the 
Department doesn't have the infrastructure identified as being 
able to staff it as we've talked about, but it is also being 
able to followup and manage at the component level. So we need 
to focus the kinds of authorities we have in the CIO at the 
Department level on the component CIOs and have them 
responsible for identifying and managing IT budgets and staying 
on top of IT projects.
    Ms. Watson. Thank you.
    And, Ms. Duke, would you like to add to that?
    Ms. Duke. I agree with both the GAO and the IG. I guess in 
terms of what the GAO said about how it should be, I agree 
totally. Unfortunately as the execution person, I have to deal 
with reality and what is, not what should be and trying to get 
to what should be.
    I think that we do--visibility into the budget by the CIO 
is very important, and we have instituted that through our 
performance review process. And I think that we have to put the 
performance measures in place, hold the program managers 
accountable and the components.
    And I think also we have to have the discipline to be 
nimble and quick because our enemy is nimble and quick, but 
have the discipline to not just do things fast. One of the 
earlier cultural pressures on DHS was to do it fast, and that 
seemed to be the measure. And we're trying to right now hold 
the line at doing it fast enough to meet our threat, but do it 
well enough, and that is a tradeoff between cost, schedule and 
performance. And that is one of the biggest cultural changes 
we're in the midst of right now.
    Ms. Watson. Mr. Bilbray.
    Mr. Bilbray. Madam Chair, I'm going to yield my time to the 
Chair. I just want to say in all defense, we've gone through 8 
years without another major attack, so I think we can say to 
DHS, congratulations, but at the same time understanding there 
are huge amounts of waste of resources, effort, critical 
resources that could be used in other locations.
    So we've been successful. We don't know if that success is 
through accomplishment or dumb luck. But we will take it 
whatever, but let's move on and not depend on--let's make sure 
in the future that dumb luck is not what we're depending on. We 
have a responsibility to straighten this out and try to get 
into it and make it as effective as possible so we can move on 
from there.
    And I yield to the Chair.
    Ms. Watson. Thank you so much.
    Let me move on, and this will be our last item of 
questioning and information.
    I would like to hear something about a detailed assessment 
on the lessons learned from the failed eMerge program and how 
we can be assured that its offspring, the transformation and 
systems consolidation, referred to as TASC program, will not 
become another abandoned project that wastes over $50 million. 
So where is DHS in developing the necessary requirements for 
TASC? Has the TASC program been reviewed by the appropriate 
investment review boards and developed the appropriate 
justifications for funding and mission needs? And how did and 
why did we wait so long before terminating the original eMerge 
program, and what information was missing to determine that it 
would not be effective? And what are your life-cycle cost 
estimates for this program and estimated date of completion?
    So any of you can jump in, but I would like to start with 
Ms. Duke.
    Ms. Duke. Regarding eMerge, the two biggest lessons learned 
from the original program that was done within the first year 
of the Department was, one, it was a noble objective. We have 
severe weaknesses in financial systems in many of our 
components to the point where we cannot get to a clean 
financial audit with the current systems. That has to be 
corrected.
    Second, we learned from industry that a single--or a shared 
financial system is essential to an effective merger, and so we 
need some type of communication between our financial systems 
to be the mature Department that this committee and the country 
wants us be to.
    What we did in the initial eMerge was I'll say two lessons 
learned. One, we took what we call the nuclear approach. We 
said we're starting over. Give us a brand new system that's the 
utopic system, one system deployed quickly within months in the 
Department, and it is too complicated to do effectively in that 
type of wholesale just quick-hit approach.
    The second thing we learned from it is that we're relying 
too much on industry for the solution. So it's good to rely on 
industry to deliver the solution and work out the specific ways 
of delivering, but we hadn't come up with our requirements well 
enough. And so then you're at the mercy of industry to deliver 
whatever solution. And so our regrouping and our time has 
mostly been focused on the requirements.
    The current program, TASC, that is being overseen by 
leadership in significant detail. The RFP is out on the street. 
There will be another acquisition review board this calendar 
year to look at the next date.
    I'll have to get back to you on life-cycle cost estimate, 
but it's a multibillion-dollar program if executed throughout 
the Department. But it does allow for a more staggered approach 
so that we really balance risk. So it is really a total 
revision of the approach to financial system management.
    Ms. Watson. Yes. Mr. Hite, please.
    Mr. Hite. Just a quick thought on that. We have ongoing 
work looking at the TASC program for the House Homeland 
Security Committee and for the House Appropriations Committee. 
I believe it is scheduled to be issued this fall, so it is 
coming to a conclusion. And what it's doing is looking at the 
six recommendations that we had made relative to moving forward 
on the son of eMerge2. And so we will be able to speak to what 
the Department is doing relative to defining a strategy for the 
program, developing a concept of operations, putting in place 
the means by which the processes--by which they're going to 
manage it, etc.
    Ms. Watson. I'm just going to throw out some of the other 
programs, too, and you can just across the board just comment 
on them. The Automated Commercial Environment Program, and it 
did not meet its cost schedule or commitments, and the costs 
went up. And then another program, Rescue 21, is plagued by 
cost overruns and so on. So can you comment on what happened 
with those?
    Ms. Duke. Before I comment, I would also offer to brief you 
or your staff on specific programs at their convenience so they 
can get a----
    Ms. Watson. And I just want you to know we're holding these 
hearings so we can fix what went wrong and how--we're putting 
together this humongous DHS. We want to get it right. So what 
we want to find out is how we--and I don't think it has been 
been mentioned--do it through legislation. We just hope that 
the leadership in the various agencies and departments will be 
able to improve.
    Ms. Duke. Automated commercial environment, ACE, we just 
held an acquisition review of that. Probably the fundamental or 
baseline problem of ACE has been evolving requirements. It's a 
major system, and we keep finding new ways to work with the 
shippers. And so that is OK, it's OK for a program to evolve 
over time. What we're trying to do now is be more disciplined 
about making the cost schedule tradeoffs rather than just 
adding requirements. And so right now we're in a period where 
we're having ACE reassess its requirements, its cost estimate 
and its program metrics before proceeding forth with any of the 
planned enhancements.
    In Rescue 21, one of the fundamental problems with the 
initial part of Rescue 21 is there were some COTS solutions, as 
this committee has talked about, to the control system, and the 
initial way we moved forward with Rescue 21 was to develop a 
unique developmental control system. And so one of the things 
we've learned on Rescue 21 to get that back on track is we've 
gone away from that developmental system similar to the 
approach we talked about on SBInet. And that change in 
strategy, which I think is good for the program in the long run 
to have a commercial system, did cause some cost increases.
    Ms. Watson. And I would like to have GAO comment on the 
SBInet and where you see it.
    Mr. Hite. It was about 8, 10 months ago we reported on 
where SBInet was at that time. And our message then, it was 
unclear what was going to be delivered by when, at what cost, 
to what locations. It was constantly shifting. What it was 
going to be was shrinking without becoming more specific. When 
it was going to be delivered was moving further out to right on 
the timeline, and the costs were a veritable unknown at that 
time.
    In addition to that, there were issues surrounding the 
ambiguity of the requirements. If you have unclear 
requirements, it is a recipe for failure, because what you'll 
learn over time is it is very difficult to design and develop a 
system to a requirement that's not clear. And then if you learn 
about those kind of things downstream after you, in fact, have 
developed software or integrated commercial products, and 
you're trying to test them to see whether they meet the 
requirements, it is a whole lot more expensive to fix them then 
than it would have been at the beginning.
    There were issues associated with the testing at that time. 
Component tests were occurring on individual parts of SBInet--
or, I'm sorry, had not occurred yet. Tests were occurring on 
the integration of components, which is kind of out of order. 
So there was a range of program management weaknesses 
associated with it at the time, and it headed on a track for 
just flat out not being successful.
    We raised these risks to the Department. As part of our 
recommendations we wanted the then IRB, Investment Review 
Board, now the Acquisition Review Board, to get involved and 
conduct oversight of it. I'm happy to say that has occurred to 
a considerable extent. The IRB has looked at it. The IRB as 
issued directives, decision directives, to the program on what 
it needs to do in order to bring itself back. There has been a 
wholesale change in that program in terms of the leadership on 
it. The new program director for that is an exceptionally 
qualified individual.
    So I think we're moving in the right direction there. We 
have ongoing work looking at the extent to which the very 
specific program weaknesses that we identified in terms of 
being able to put together a good estimate of what it is going 
to cost, a good schedule of what's going to get done when, and 
to do good requirements, management, good testing. We have work 
going on now for the House Homeland Security on all of those 
fronts. We're probably about 3 or 4 months away from reporting 
on that, and because of our protocols with the Congress, I 
can't disclose what the results of that work is right now. We 
will be exiting with the Department and sharing the results of 
that work in the next probably 30 to 60 days. And so when we're 
in a position to, I will be happy to share that information 
with the committee as well.
    Ms. Watson. Mr. Bilbray.
    Mr. Bilbray. I have no questions.
    Ms. Watson. Mr. Taylor, would you like to comment? One of 
the questions that is still rolling around among us is that 
when do we pull the plug on programs with cost overruns or 
deficiencies beyond certain thresholds?
    Mr. Taylor. That's an excellent question. The problem we 
run into in some of these programs, and you've seen it at DHS 
and other places, I'm sure, but at DHS we have had a problem 
because we don't know what the definition of what we're asking 
for in the first place is. We know we have an operational 
requirement we need to support, but we haven't defined what it 
is we're trying to use that application for and what we're 
trying to achieve.
    So we keep evolving the requirement, and things change as 
we're going along, and the costs add up over time. You saw it 
with some of the other projects. You saw it with the original 
Pearson contract before DHS's time, the original Pearson 
contract with TSA to train TSA screeners. You saw it with 
Deepwater. You see these things evolving. We're concerned about 
the financial system for those kinds of reasons and other 
projects.
    You have to require a real definition of requirements. You 
have to have those requirements in place so that you know what 
you're getting so you can measure those costs against it, and 
that's the biggest weakness right now.
    Ms. Watson. Mr. Connolly, is there a question or statement 
you'd like to make at this point? And welcome.
    Mr. Connolly. Thank you, Madam Chair, and and thank you for 
holding this hearing. Forgive me for being late. I had a caucus 
meeting, and then I gave a 5-minute on the floor, so I'm just 
coming back from the floor. I do have a prepared statement I 
would be glad to enter into the record.
    Ms. Watson. You can submit it for the record.
    Mr. Connolly. And just welcome, folks, here. Obviously the 
whole question of the deployment of technology in our Federal 
Government is very critical moving forward both to this 
committee and certainly in my district. So I'm going to be very 
interested in looking at the testimony and following this 
issue, and I again thank you for holding this hearing.
    Ms. Watson. Thank you.
    Let us now conclude with Ms. Duke. You've heard the input 
from not only questions we asked, but from the GAO and the IG. 
What would your overall view be of the progress we've made at 
DHS? And where do we have to go? You only have an hour to tell 
us.
    Ms. Duke. I think my assessment of the progress varies from 
day to day. I think when we look at the limited resources we've 
had, the challenges we faced, I'm very proud and amazed at the 
progress we made.
    Ms. Watson. Let me just say this: This new administration 
has been accused of growing government, and I really don't know 
what that means, because here is a prime example of why we want 
to grow government for homeland security. It just makes sense 
to me. I come from Los Angeles, and you really need to get 
there 2 hours in advance because you've got to go through 
security. And I look back at the line, just to get up to the 
sensors, there must have been 300 people in three lines side by 
side, and we were there very early. We get the 7:40 flight out.
    And so I'm saying you should upload the first team at each 
one of the security gates so that you can process these people 
for their flights. They had to come through and say, is anyone 
leaving on the 7:05 a.m. flight? And we stood there long enough 
for the crew to change. Then it went faster.
    I said, if you got all these people in line, then we ought 
to put the security force--really double it on the early 
morning flights. And these are the things that have to work 
down through the system. We're talking about investments for 
the most part.
    But there are a lot of things that need to be done to make 
this a true working Department that secures our homeland. So 
we're not trying to throw all of this and get questions for you 
at one time. Where do we need to go? And that might have been 
minor, my experiences, but we do it every single week. And I'm 
saying by now, we should have figured this out. So I understand 
it takes time, it takes money, and when we talk about growing 
government, we have to be sure that we use taxpayers' dollars 
wisely.
    So we want you to tell us how to use those dollars wisely.
    Ms. Duke. One of the things we're working on is rightsizing 
our work force and the balance between Federal and contractor 
employees. Our Senate Homeland Security Committee, this was a 
bipartisan issue since the last Congress, and we've identified 
positions in DHS that would be more appropriately done by 
Federal employees. That's going to be huge in delivering the 
mission effectively. And it's not big government, it's doing 
the right thing and having our core capabilities done by 
Federal employees.
    I think the thing we have to do in acquisition and 
management is sustain the discipline and the tenacity to go 
through this. What we learn as children is that decisions have 
consequences, and we have to be good and disciplined after we 
put the fundamentals in place about making the cost schedule 
and performance tradeoffs so that we have a disciplined 
approach, and if it means slowing down a program, then that is 
the right decision, and that we have the ability and the data 
to stand up and say we're purposely slowing it down or 
whatever, we're doing it to make the right decision.
    I think that we have the building blocks in place, and I 
think we have a great Federal work force in at DHS. I was a 
career Fed for 26 years before my appointment, and we have some 
of the finest people. And I think we have the people to do it. 
We have the leadership in place that will support them. And I 
think that we do have the oversight of our committees that 
help, because it helps us keep the focus on it.
    So my personal opinion after being in the Department is the 
building blocks are in place, and the proof is in, as both GAO 
and the IG have said, in the doing and the discipline to keep 
it up, and have the discipline to make the hard decisions when 
they need to be made.
    Ms. Watson. We're going to send out to you the questions 
that were raised by Mr. Cuellar, and we would appreciate the 
answers. And if any other members of the committee would like 
to have any concerns or questions answered, we will send them 
out to you.
    Yes, Mr. Connolly.
    Mr. Connolly. Madam Chairman, we will, with your consent, 
submit some written questions for the record.
    Can I add one little thing since you're describing your 
experience at LAX?
    Ms. Watson. Please do.
    Mr. Connolly. I would just plead with DHS, it may seem like 
a small thing, but every time I've traveled, I've been 
impressed with sort of an unevenness about the training of 
handling the public by security personnel. It's just as easy, 
maybe even easier, to get compliance with hard-pressed 
travelers waiting in long lines, understanding that security is 
an issue, when there is a ``please'' affixed to the request. 
I've been stunned at how many airports I go through where TSA 
folks act in ways that are profoundly disrespectful to the 
public, where they were barking orders and making demands, and 
it is, frankly, just lack of training. And the public is not 
the adversary. The public is, in fact, just as much concerned 
about security as TSA and wants to be cooperative. But it makes 
it a little harder, and gets people's back up, and creates 
needless stress when, frankly, we don't treat the public with 
the respect they deserve. We're serving that public.
    And so I would plead with the DHS, it may seem like a 
little thing, but I don't think it is. I think if you want the 
public's full cooperation, support and sympathy for the 
mission, then treat them with the respect they deserve. And I 
would plead with you to start to try to have that ethos better 
imbued in the training programs and in the mentality of some of 
the folks who serve the public. Some are great and try to use 
good humor and treat people with respectm. But all too many do 
not. And this is the United States of America. The public is in 
charge.
    Thank you, Madam Chair.
    Ms. Watson. I have to followup on that, too, because that's 
what I was referring to. The TSA has to do a better job in 
selecting the people that work at first contact. You go, you 
get your ticket, and then you get in that line. So they really 
are the first contact, as far as I'm concerned.
    They yell continuously at people, rather than saying, 
``Take your shoes off and place them on the belt.'' That's what 
we have to do in L.A. Here you can put them in the bin. And it 
changes every airport you go in, and I can understand that.
    But you really need to treat the public a little 
differently than we get treated. We travel twice a week, 5 
hours and 15 minutes for me. And I said to them yesterday, you 
know, I'm going to see what we can do about making the process 
more useful and smoother and not as antagonistic as it appears 
to be. That really irks me, someone who flies all the time. 
That's minor, but it means a lot to the passengers.
    And one of the things that annoys me is the personal 
conversation among the employees when there could be someone 
there who really needs to be checked out. And I don't need to 
hear about what you did last night, and your personal problems, 
and who is saying what, and that's the conversation you have to 
stand and listen to.
    So we need more focus. We need more, shall I say, accuracy, 
and we need more detection. And not everyone is an intended 
terrorist, but that's the way we're treated. However, that is 
rather minor, but it is an important issue to start thinking 
about.
    I want to say to the panel that we appreciate your input, 
and this is a hearing to gather information to make this 
particular service to the people, DHS, the best ever, because 
you've heard the complaints out there in the streets. And it's 
like we're the biggest, shall I say, interfering Big Brother 
into people's business. We're growing government, and we're 
endangerering people's future, their children, their 
grandchildren, their great-grandchildren. We're destroying our 
Nation. That is not our intent. Our intent is to build the 
Department of Homeland Security to be the best in the world and 
to protect our country, and that's the reason why we're holding 
these hearings.
    I appreciate your input. And just know we're here to get 
the information that you need. And if we have to do it through 
policy, we'll do it that way. But I think these hearings will 
help us to give the information out to you and let you handle 
it the best way. And I know we're driving the CIO crazy, but we 
appreciate your feedback to us so we can manage the public's 
dollars better and have better results.
    And with that, if there are no more questions, then we will 
adjourn this meeting, and thank you so much.
    The meeting is adjourned.
    [Whereupon, at 11:25 p.m., the subcommittee was adjourned.]

                                 
