[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]





EXAMINING CHALLENGES AND WASTED TAXPAYER DOLLARS IN MODERNIZING BORDER 
                          SECURITY IT SYSTEMS

=======================================================================

                                HEARING

                               before the

                       SUBCOMMITTEE ON OVERSIGHT
                       AND MANAGEMENT EFFICIENCY

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             SECOND SESSION

                               __________

                            FEBRUARY 6, 2014

                               __________

                           Serial No. 113-50

                               __________

       Printed for the use of the Committee on Homeland Security


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________

                         U.S. GOVERNMENT PRINTING OFFICE 

88-024 PDF                     WASHINGTON : 2014 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Printing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
         DC area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, 
                          Washington, DC 20402-0001




















                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Paul C. Broun, Georgia               Yvette D. Clarke, New York
Candice S. Miller, Michigan, Vice    Brian Higgins, New York
    Chair                            Cedric L. Richmond, Louisiana
Patrick Meehan, Pennsylvania         William R. Keating, Massachusetts
Jeff Duncan, South Carolina          Ron Barber, Arizona
Tom Marino, Pennsylvania             Dondald M. Payne, Jr., New Jersey
Jason Chaffetz, Utah                 Beto O'Rourke, Texas
Steven M. Palazzo, Mississippi       Tulsi Gabbard, Hawaii
Lou Barletta, Pennsylvania           Filemon Vela, Texas
Richard Hudson, North Carolina       Steven A. Horsford, Nevada
Steve Daines, Montana                Eric Swalwell, California
Susan W. Brooks, Indiana
Scott Perry, Pennsylvania
Mark Sanford, South Carolina
Vacancy
                        Vacancy, Staff Director
          Michael Geffroy, Deputy Staff Director/Chief Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

          SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY

                 Jeff Duncan, South Carolina, Chairman
Paul C. Broun, Georgia               Ron Barber, Arizona
Lou Barletta, Pennsylvania           Donald M. Payne, Jr., New Jersey
Richard Hudson, North Carolina       Beto O'Rourke, Texas
Steve Daines, Montana, Vice Chair    Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (Ex             (Ex Officio)
    Officio)
               Ryan Consaul, Subcommittee Staff Director
                   Deborah Jordan, Subcommittee Clerk
           Tamla Scott, Minority Subcommittee Staff Director




























                            C O N T E N T S

                              ----------                              
                                                                  Page

                               Statements

The Honorable Jeff Duncan, a Representative in Congress From the 
  State of South Carolina, and Chairman, Subcommittee on 
  Oversight and Management Efficiency:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable Ron Barber, a Representative in Congress From the 
  State of Arizona, and Ranking Member, Subcommittee on Oversight 
  and Management Efficiency:
  Oral Statement.................................................    14
  Prepared Statement.............................................    16
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     4

                               Witnesses

Mr. David A. Powner, Director, Information Technology Management 
  Issues, U.S. Government Accountability Office:
  Oral Statement.................................................     6
  Prepared Statement.............................................     7
Mr. Charles R. Armstrong, Assistant Commissioner, Office of 
  Information and Technology, Customs and Border Protection, U.S. 
  Department of Homeland Security:
  Oral Statement.................................................    17
  Prepared Statement.............................................    19
Mr. Thomas P. Michelli, Chief Information Officer, Immigration 
  and Customs Enforcement, U.S. Department of Homeland Security:
  Oral Statement.................................................    22
  Prepared Statement.............................................    24

                                Appendix

Questions From Chairman Jeff Duncan for David A. Powner..........    43
Questions From Chairman Jeff Duncan for Charles R. Armstrong.....    43
Questions From Chairman Jeff Duncan for Thomas P. Michelli.......    44

 
EXAMINING CHALLENGES AND WASTED TAXPAYER DOLLARS IN MODERNIZING BORDER 
                          SECURITY IT SYSTEMS

                              ----------                              


                       Thursday, February 6, 2014

             U.S. House of Representatives,
          Subcommittee on Oversight and Management 
                                        Efficiency,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:02 a.m., in 
Room 311, Cannon House Office Building, Hon. Jeff Duncan 
[Chairman of the subcommittee] presiding.
    Present: Representatives Duncan, Barber, and O'Rourke.
    Also present: Representative Jackson Lee.
    Mr. Duncan. The Committee on Homeland Security, 
Subcommittee on Oversight and Management Efficiency will come 
to order.
    I will say that the Ranking Member is on his way. Attending 
the prayer breakfast this morning, and he is running a few 
minutes behind. So hopefully he will get here before I finish 
my opening statement. If not, we may pause and allow him to 
have an opening statement as we go because I think that is so 
important.
    But the purpose of this hearing is to examine DHS's attempt 
to modernize key information technology systems in use by the 
U.S. Immigration and Customs Enforcement and the U.S. Customs 
and Border Protection, specifically the TECS Modernization 
program.
    I now recognize myself for an opening statement.
    During the first half of this Congress, our subcommittee 
has had a laser focus on how the Department of Homeland 
Security spends tax dollars and how efficient and effective the 
Department's programs are during a time when the Nation faces 
unparalleled debt and fiscal challenges. As Chairman, I believe 
DHS must not only protect the homeland but do so in a fiscally 
responsible way.
    Yet, time and again, hearing after hearing, we have 
examined findings from Congressional watchdogs that show a 
Department with little interest in safeguarding taxpayer 
dollars. From duplicative programs, broken trust by airport 
screener misconduct, and ill-disciplined acquisition practices, 
effective management of DHS has consistently taken a backseat.
    Unfortunately, today's hearing is no different: Another 
program in the ditch, desperately needing a tow. Today we will 
examine DHS's efforts to modernize key information technology, 
or IT systems, used by the Customs and Border Protection and 
Immigration and Customs Enforcement, specifically to TECS 
Modernization program.
    Having visited the border agents along the Southwest Border 
and actually in Mr. Barber's district, I know first-hand how 
important it is for CBP officers and ICE agents to have all the 
tools that they need to secure the border. I know Ranking 
Member Barber shares that view.
    For the CBP officer on the border, TECS is an integral tool 
to secure the homeland. The system helps officers determine the 
admissibility of over 900,000 visitors and approximately 
465,000 vehicles into the country daily, share critical 
information with other Federal law enforcement agencies, and 
alert officers to possible threats entering the United States. 
That is important. Nine hundred thousand visitors, 465,000 
vehicles--that is an immense challenge. I get that.
    For the ICE agent, TECS is the primary investigative tool 
used to document and build cases for prosecution. A legacy 
system in operation since 1987, TECS has become increasingly 
difficult and expensive to maintain due to the system's 
antiquated technology and its inability to support the 
requirements needed by CBP and ICE personnel in the field.
    Despite TECS' critical importance to our security, CBP and 
ICE have failed to manage the modernization program 
effectively. As the Government Accountability Office, or GAO, 
recently reported, the result has been wasted taxpayer dollars, 
missed deadlines, and delays in fielding enhancements to CBP 
officers and ICE agents.
    For instance, despite some success deploying functional 
capabilities to secondary inspection locations, GAO reported 
that CBP has revised its schedule and cost estimates because 
they were unachievable. CBP expects to complete the project by 
2016 for a total cost of about $700 million.
    GAO further found that CBP did not develop a master 
schedule that links work activities to the overall project 
schedule, despite the fact that numerous projects are being 
deployed concurrently. While CBP contends the remainder of its 
concurrent program upgrades will be operational by the 
beginning of 2016, I am concerned that, minus a sound master 
schedule, the project could be further delayed and over-budget, 
which could snowball into CBP officers not having the tools 
that they need to do their job.
    Of even more concern are ICE's failures. Due to unmet 
requirements, ICE is starting over on redeveloping its 
requirements after spending some $60 million and failing to 
produce any deliverables. After about 4 years and $60 million, 
ICE has little to show for its efforts, doesn't yet know the 
revised total cost or what the program will achieve. The stakes 
are high because of a looming 2015 deadline that, if not met, 
will force DHS to spend more taxpayer dollars to maintain the 
system currently in use.
    In addition, I am concerned that, despite numerous 
management layers, DHS headquarters still let the program 
proceed. The DHS chief information officer has increased 
oversight and governance of information technology by reviewing 
DHS component programs and acquisitions over the years. Yet the 
Office of Program Accountability and Risk Management, two 
executive steering committees, and the Office of Chief 
Information Officer's Enterprise Business Management Office all 
failed to adequately address escalating problems associated 
with the TECS Modernization effort.
    Further, the lack of complete, timely, and accurate data 
from the components to DHS chief information officer, as 
reported by the GAO, negatively affected the Department's 
ability to make informed and timely decisions on the program.
    Even the best governance framework won't improve outcomes 
if the senior DHS leaders don't have the discipline to enforce 
it. DHS must hold programs accountable, and if they fail, then 
we will hold DHS accountable.
    With the speed with which technology advances today, it 
shouldn't take DHS 8 years to complete an IT project. Private-
sector CEOs likely wouldn't tolerate such poor performance and 
management; neither should DHS. It is an affront to the 
American taxpayer, and it is time for DHS to do better.
    [The statement of Chairman Duncan follows:]
                   Statement of Chairman Jeff Duncan
                            February 6, 2014
    During the first half of this Congress, our subcommittee has had a 
laser focus on how the Department of Homeland Security (DHS) spends 
taxpayer dollars and how efficient and effective the Department's 
programs are during a time when the Nation faces unparalleled debt and 
fiscal challenges. As Chairman, I believe DHS must not only protect the 
homeland but do so in a fiscally responsible way. Yet time and again, 
hearing after hearing, we've examined findings from Congressional 
watchdogs that show a Department with little interest in safeguarding 
taxpayer dollars. From duplicative programs, broken trust by airport 
screener misconduct, and ill-disciplined acquisition practices, 
effective management of DHS has consistently taken a back seat. 
Unfortunately, today's hearing is no different . . . another program in 
the ditch desperately needing a tow.
    Today, we will examine DHS's efforts to modernize key information 
technology (IT) systems used by Customs and Border Protection (CBP) and 
Immigration and Customs Enforcement (ICE), specifically the TECS 
modernization program. Having visited with border agents along the 
Southwest Border, I know first-hand how important it is for CBP 
officers and ICE agents to have the tools they need to secure the 
border. I know Ranking Member Barber shares that view.
    For the CBP officer on the border, TECS is an integral tool to 
secure the homeland. The system helps officers determine the 
admissibility of over 900,000 visitors and approximately 465,000 
vehicles into the country daily, share critical information with other 
Federal law enforcement agencies, and alert officers to possible 
threats entering the United States. For the ICE agent, TECS is a 
primary investigative tool used to document and build cases for 
prosecution. A legacy system in operation since 1987, TECS has become 
increasingly difficult and expensive to maintain due to the system's 
antiquated technology and its inability to support the requirements 
needed by CBP and ICE personnel in the field.
    Despite TECS's critical importance to our security, CBP and ICE 
have failed to manage the modernization program effectively. As the 
Government Accountability Office (GAO) recently reported, the result 
has been wasted taxpayer dollars, missed deadlines, and delays in 
fielding enhancements to CBP officers and ICE agents.
    For instance, despite some success deploying functional 
capabilities to secondary inspection locations, GAO reported that CBP 
has revised its schedule and cost estimates because they were 
unachievable. CBP expects to complete the project by 2016 for a total 
cost of about $700 million. GAO further found that CBP did not develop 
a master schedule that links work activities to the overall project 
schedule, despite the fact that numerous projects are being developed 
concurrently. And while CBP contends the remainder of its concurrent 
program upgrades will be operational by the beginning of 2016, I am 
concerned that minus a sound master schedule, the project could be 
further delayed and over budget which could snowball into CBP officers 
not having the tools they need to do their job.
    Of even more concern are ICE's failures. Due to unmet requirements, 
ICE is starting over on redeveloping its requirements after spending 
some $60 million and failing to produce any deliverables. After about 4 
years and $60 million, ICE has little to show for, doesn't yet know the 
revised total cost, or what the program will achieve. The stakes are 
high because of a looming 2015 deadline that if not met will force DHS 
to spend more taxpayer dollars to maintain the system currently in use.
    In addition, I am concerned that despite numerous management 
layers, DHS headquarters still let the program proceed. The DHS chief 
information officer has increased oversight and governance of 
information technology by reviewing DHS component programs and 
acquisitions over the years. Yet the Office of Program Accountability 
and Risk Management; two Executive Steering Committees; and the Office 
of the Chief Information Officer's Enterprise Business Management 
Office all failed to adequately address escalating problems associated 
with the TECS modernization effort.
    Further, the lack of complete, timely, and accurate data from the 
components to the DHS chief information officer as reported by the GAO 
negatively affected the Department's ability to make informed and 
timely decisions on the program. Even the best governance framework 
won't improve outcomes if senior DHS leaders don't have the discipline 
to enforce it. DHS must hold programs accountable. If they fail, then 
we will hold DHS accountable.
    With the speed with which technology advances today, it shouldn't 
take DHS 8 years to complete an IT project. Private-sector CEOs likely 
wouldn't tolerate such poor performance and management. Neither should 
DHS. It's an affront to the American taxpayer and it's time DHS do 
better.

    Mr. Duncan. So I will recognize the Ranking Member when he 
comes in. While we are waiting on him, let me just go ahead and 
remind Members of the subcommittee that opening statements may 
be submitted for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                            February 6, 2014
    Thank you, Chairman Duncan, for convening this hearing.
    I also thank the witnesses for appearing today and look forward to 
hearing their testimony.
    When the Department of Homeland Security was created in 2002, there 
was a merger of not only agencies and the people employed by those 
agencies, but also technology and the systems used by legacy agencies 
to keep our country safe and secure.
    One such technology was TECS. As the largest law enforcement tool 
used throughout the United States, TECS is a vital component to our 
homeland security efforts.
    It is used at the border to ensure that legitimate travelers and 
trade are welcomed into our country and terrorists, drugs, and weapons 
are prevented from entering the United States. It is also used away 
from the border by more than 20 Federal agencies to create and access 
terrorist ``lookouts,'' track financial crimes, and disseminate 
intelligence reports.
    Unfortunately, given the age of this system and the way that it is 
structured, it has become outdated, and, in some ways obsolete. Its 
inefficiency has at times hindered our border security efforts by 
increasing wait times and producing false positives that create further 
delay.
    Like many legacy systems now in use at DHS, TECS is currently 
undergoing a modernization effort that by some calculations is expected 
to cost more than $1.5 billion. By all accounts, an improved TECS is 
well overdue; however, the Department's implementation is cause for 
serious concern.
    For example, rather than having one program office, established at 
the Headquarters level, this major acquisition is being carried out by 
two separate components--Customs and Border Protection (CBP) and 
Immigrations and Customs Enforcement (ICE)--simultaneously.
    As a result, we have two separate program offices, two separate 
program managers, two separate funding streams and the need for a 
limited acquisition workforce to conduct oversight over two separate 
major investments.
    Under this structure, I am concerned that duplication, redundancy, 
and the inability for one hand to know what the other hand is doing.
    Furthermore, both components continue to face challenges that 
further reduce my confidence in the management of this billion-dollar-
plus acquisition.
    CBP continues to be challenged by scheduling delays, and although 
it insists that the portions of TECS Modernization that have not been 
delivered will be ready by 2015, the program is still running without a 
master schedule and a clearly-defined time line for what will happen 
when.
    ICE has made the disconcerting decision to halt its efforts after 
operating for years without established requirements, resulting in 
testing failures and the expenditure of $20 million developing a system 
that was ultimately of no use.
    That is $20 million of scarce homeland security funds that can 
never be recovered that has simply ``gone down the drain.''
    These issues and others have caused the Government Accountability 
Office in a recently-released report to state that: ``After spending 
millions of dollars and over 4 years on TECS modernization, it is 
unclear when it will be delivered and at what cost.''
    Hopefully, today's witnesses can shed some light on how this effort 
can be put on a better track and inform this subcommittee on how much 
TECS modernization is expected to cost, when it will be delivered, and 
when Federal, State, and local law enforcement officials can stop 
relying on a 30-year-old, obsolete system while our security hangs in 
the balance.
    I yield back the balance of my time.

    Mr. Duncan. We are pleased to have a very distinguished 
panel of witnesses before us today on this important topic.
    Let me remind the witnesses that their entire written 
statement will appear in the record. I will go ahead and 
introduce each of you first and then recognize you for your 
testimony.
    Our first panelist is Mr. David Powner. He is the director 
of IT management issues at the U.S. Government Accountability 
Office. Mr. Powner is responsible for a large segment of GAO's 
information technology work, including systems development, IT 
investment management, health IT, and cyber critical 
infrastructure protection reviews. At GAO, Mr. Powner has led 
teams reviewing major IT modernization efforts at Cheyenne 
Mountain Air Force Station, the National Weather Service, the 
Federal Aviation Administration, and the IRS.
    Our second panelist is Mr. Charles Armstrong. He is the 
assistant commissioner for the Office of Information and 
Technology at U.S. Customs and Border Protection. Mr. 
Armstrong's responsibilities include software development, 
infrastructure services and support, tactical communications, 
research and development functions, and IT modernization 
initiatives. Mr. Armstrong has led the office since June 2008. 
He manages a budget of $184 million and a workforce of about 
6,000 Federal employees and contractors.
    Prior to serving as assistant commissioner, Mr. Armstrong 
was DHS's deputy CIO, where he worked on the Department's IT 
initiatives for improving the agency's secure information-
sharing capabilities. Mr. Armstrong has over 30 years of 
technology experience in the operations and management of IT.
    Our third panelist is Mr. Thomas Michelli.
    Did I pronounce that right?
    He is the chief information officer for U.S. Immigration 
and Customs Enforcement, where he is the agency's top 
technology administrator and responsible for critical IT 
initiatives, modernizing IT systems, and providing IT solutions 
throughout ICE.
    Prior to joining the Department, Mr. Michelli served as 
executive director of enterprise solutions for the Defense 
Logistics Agency. In the private sector, Mr. Michelli served as 
director of international IT operations and chief information 
officer for the real estate firm Cushman & Wakefield. He also 
served as chief technology officer at General Dynamics 
Information Technology.
    Folks, thank you for being here.
    I will now go ahead and recognize Mr. Powner to testify. 
Keep in mind that if Mr. Barber comes in between testimonies, I 
will let you finish, but then we will recognize him for a 
statement.
    So Mr. Powner can testify.

STATEMENT OF DAVID A. POWNER, DIRECTOR, INFORMATION TECHNOLOGY 
    MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Powner. Chairman Duncan, we appreciate the opportunity 
to testify this morning on DHS's efforts to improve its ability 
to secure our borders, prevent terrorism, and enhance our 
intelligence functions.
    The primary system used for admitting persons to the United 
States and one of our Nation's most important law enforcement 
systems, known as TECS, provides CBP officers and ICE agents 
with critical information. This system has over 70,000 users, 
is accessed by 10 departments, interfaces with over 80 systems, 
including terrorist watch lists, and screens nearly 1 million 
visitors and 500,000 vehicles daily.
    This system is in need of a major overhaul because it is 
expensive to maintain, does not quickly support mission 
requirements, and needs major functional improvements like 
enhanced searches and better algorithms to match names.
    In 2008, CBP and ICE each pursued separate acquisitions to 
address these shortfalls. Collectively, these two acquisitions 
were to cost over $1.5 billion to build and operate. Mr. 
Chairman, we issued a report at your request last month on 
those acquisitions, which I will briefly summarize, starting 
with CBP.
    CBP planned to deploy functionality in five separate 
increments and, to their credit, deployed the first increment 
related to enhanced secondary inspections at all air and sea 
ports in 2011 and land ports in 2013. The remaining four 
increments were to be deployed concurrently in 2015, but the 
program is being rebaselined for the second time in the past 
year, meaning that what will be delivered when and at what cost 
is changing.
    When we issued our report, DHS was working on new cost and 
schedule estimates. We understand that DHS has a new 
requirements document, cost estimate, and program baseline that 
shows them achieving full operating capability now in 2016, and 
the life-cycle cost has dropped slightly to just below $700 
million. CBP has spent over $225 million to date on this 
effort.
    Turning to ICE, ICE planned to deploy an initial release in 
December 2013 and annual releases after that but in 2010 began 
experiencing technical problems that led to them deferring 
3,000 of the 4,300 requirements for the first release. That is 
70 percent of the first release being deferred. This led to a 
review that determined the system was not technically viable in 
June 2013, and the program decided to start over.
    We understand there has been an independent technical 
assessment of the program and that a new cost estimate and 
baseline is expected in the April-May time frame. ICE reported 
only having spent about $20 million on their program when we 
conducted our review, but today's testimony discloses that $64 
million have been spent to date.
    So what went wrong with the two acquisitions? Our report 
highlights two major areas: No. 1, poor fundamental program 
management; and, No. 2, ineffective governance. Both 
acquisitions put in place robust requirements management 
processes too late, and that was definitely more evident with 
the ICE program. In addition, both programs did not effectively 
escalate program risks in a timely or aggressive fashion. We 
thought CBP should have been addressing scheduling and 
contractor risks and ICE should have been identifying the 
requirements backlog and technical solution risks much better.
    Regarding governance, multiple groups are in place to 
oversee these acquisitions: CBP and ICE each have an executive 
steering committee, the CIO performs monthly ratings on these 
acquisitions, and the under secretary for management oversees 
major acquisitions.
    These governance bodies clearly were not getting complete 
information to assess programs risks, and their assessments 
were way too rosy. The under secretary's assessment for both 
acquisitions were deemed low-risk in July 2013. The latest CIO 
assessments were better, but not much, calling the CBP 
acquisition moderately low-risk and the ICE program medium-
risk. It was quite clear during our review that the ICE program 
was high-risk at that time.
    Moving forward, Mr. Chairman, both programs need to 
establish solid baselines so that Congress clearly knows what 
we are spending and what exactly is being delivered when to 
better support our CBP officers and ICE agents. Once these 
decisions are made and approved, DHS needs to tighten program 
management processes and executive-level governance practices 
to deliver needed improvements and to keep these acquisitions 
within their cost and schedule estimates.
    This subcommittee's oversight will play a critical role in 
ensuring that the new approaches are focused on what is most 
needed, cost-justified, and delivered as soon as possible.
    Mr. Chairman and Ranking Member Barber, thank you for your 
leadership on these critical acquisitions, and I would be 
pleased to respond to questions.
    [The prepared statement of Mr. Powner follows:]
                 Prepared Statement of David A. Powner
                            February 6, 2014
                             gao highlights
    Highlights of GAO-14-3M42T, a testimony before the Subcommittee on 
Oversight and Management Efficiency, Committee on Homeland Security, 
House of Representatives.
Why GAO Did This Study
    DHS's border enforcement system, known as TECS, is the primary 
system for determining admissibility of persons to the United States. 
It is used to prevent terrorism, and provide border security and law 
enforcement, case management, and intelligence functions for multiple 
Federal, State, and local agencies. It has become increasingly 
difficult and expensive to maintain and is unable to support new 
mission requirements. In 2008, DHS began an effort to modernize the 
system. It is being managed as two separate programs by CBP and ICE.
    In December 2013, GAO reported that DHS needed to strengthen its 
efforts to modernize these key enforcement systems. This statement 
summarizes that report. Specifically, it covers: (1) The scope and 
status of the two TECS Mod programs, (2) selected program management 
practices for TECS Mod, (3) the extent to which DHS is executing 
effective oversight and governance of the two TECS Mod programs, and 
(4) the importance of addressing our recommendations for improving 
DHS's development efforts.
What GAO Recommends
    GAO is making no new recommendations in this statement. In its 
December 2013 report, GAO recommended that DHS improve its efforts to 
manage requirements and risk, as well as its governance of the TECS Mod 
programs. DHS agreed with all but one of GAO's eight recommendations, 
disagreeing with the recommendation about improving CBP's master 
schedule. GAO continues to believe improvements are necessary to 
validate schedule commitments and monitor progress.
border security.--dhs needs to strengthen its efforts to modernize key 
                          enforcement systems
What GAO Found
    The schedule and cost for the Department of Homeland Security's 
(DHS) border enforcement system modernization program known as TECS Mod 
that is managed by Customs and Border Protection's (CBP) continue to 
change; while the part managed in parallel by Immigration and Customs 
Enforcement (ICE) is undergoing major revisions to its scope, schedule, 
and cost after discovering that its initial solution is not technically 
viable. CBP's $724 million program intends to modernize the 
functionality, data, and aging infrastructure of legacy TECS and move 
it to DHS's data centers by 2016. To date, CBP has deployed 
functionality to improve its secondary inspection processes to air and 
sea ports of entry and, more recently, to land ports of entry in 2013. 
However, CBP is in the process of revising its schedule baseline for 
the second time in under a year. Further, CBP has not developed its 
master schedule sufficiently to reliably manage work activities or 
monitor program progress. These factors raise questions about the 
certainty of CBP's remaining schedule commitments. Regarding ICE's $818 
million TECS Mod program, it is redesigning and replanning its program, 
having determined in June 2013 that its initial solution was not viable 
and could not support ICE's needs. As a result, ICE largely halted 
development and is now assessing design alternatives and is revising 
its schedule and cost estimates. Program officials stated the revisions 
will be complete in spring 2014. Until ICE completes the replanning 
effort, it is unclear what functionality it will deliver, when it will 
deliver it, or what it will cost to do so, thus putting it in jeopardy 
of not completing the modernization by its 2015 deadline.
    CBP and ICE have managed many risks in accordance with some leading 
practices, but they have had mixed results in managing requirements for 
their programs. In particular, neither program identified all known 
risks, nor escalated them for timely management review. Further, CBP's 
guidance reflects most leading practices for effectively managing 
requirements, but important requirements development activities were 
underway before such guidance was established. ICE, meanwhile, operated 
without requirements management guidance for years, and its 
requirements activities were mismanaged, resulting in testing failures 
and delays. ICE issued requirements guidance in March 2013 that is 
consistent with leading practices, but it has not yet been implemented.
    DHS's governance bodies have taken actions to oversee the two TECS 
Mod programs that are generally aligned with leading practices. 
Specifically, they have monitored TECS Mod performance and progress and 
have ensured that corrective actions have been identified and tracked. 
However, a lack of complete, timely, and accurate data have affected 
the ability of these governance bodies to make informed and timely 
decisions, thus limiting their effectiveness. Until these governance 
bodies base their performance reviews on timely, complete, and accurate 
data, they will be constrained in their ability to effectively provide 
oversight.
    Chairman Duncan, Ranking Member Barber, and Members of the 
subcommittee: I am pleased to be here today to discuss the Department 
of Homeland Security's (DHS) border enforcement system, known as 
TECS.\1\ TECS has been used since the 1980's for preventing terrorism, 
providing border security and law enforcement, and sharing information 
about people who are inadmissible or may pose a threat to the security 
of the United States, and today still provides traveler processing and 
screening, investigations, case management, and intelligence functions 
for multiple Federal, State, and local agencies. Over time, however; it 
has become increasingly difficult and expensive to maintain because of 
technology obsolescence and its inability to support new mission 
requirements. DHS estimates that TECS's licensing and maintenance costs 
are expected to be $40 million to $60 million per year in 2015.
---------------------------------------------------------------------------
    \1\ TECS was created as a system of the Customs Service, which was 
then a component within the Department of the Treasury. The term TECS 
initially was the abbreviation for the Treasury Enforcement 
Communications System. When the Customs Service became part of DHS 
under the Homeland Security Act, TECS became a DHS system, and 
thereafter has simply been known as TECS.
---------------------------------------------------------------------------
    In 2008 the Department initiated TECS Modernization (TECS Mod) to 
modernize existing system functionality, address known capability gaps, 
and move the program's infrastructure to DHS's new data centers. TECS 
Mod is managed as two separate programs working in parallel: U.S. 
Customs and Border Protection (CBP) and Immigration and Customs 
Enforcement (ICE) are each modernizing existing functionality specific 
to their respective roles and missions within the Department. Both 
programs had planned to be fully operational by September 2015.
    In December 2013, we reported that DHS needed to strengthen its 
efforts to modernize these key border enforcement systems.\2\ In that 
report, we issued multiple recommendations aimed at improving DHS's 
efforts to develop and implement its TECS Mod programs. My testimony 
today will summarize the results of that report. Specifically, I will 
cover: (1) The scope and status of the two TECS Mod programs, (2) 
selected CBP and ICE program management practices for TECS Mod, (3) the 
extent to which DHS is executing effective executive oversight and 
governance of the two TECS Mod programs, and (4) the importance of 
addressing our recommendations for improving DHS's development efforts.
---------------------------------------------------------------------------
    \2\ GAO, Border Security: DHS's Efforts to Modernize Key 
Enforcement Systems Could be Strengthened, GAO-14-62 (Washington, DC: 
Dec. 5, 2013).
---------------------------------------------------------------------------
    The work on which my testimony is based was conducted from December 
2012 to December 2013. Further details on the scope and methodology for 
the previously-issued report are available within that published 
product. In addition, we analyzed recently-received documentation from 
DHS on the status of the two TECS Mod programs. All work on which this 
testimony is based was performed in accordance with generally accepted 
Government auditing standards. Those standards require that we plan and 
perform the audit to obtain sufficient, appropriate evidence to provide 
a reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives.
                               background
    TECS is an information technology (IT) and data management system 
that supports DHS's core border enforcement mission. According to CBP, 
it is one of the largest, most important law enforcement systems 
currently in use, and is the primary system available to CBP officers 
and agents from other departments for use in determining the 
admissibility of persons wishing to enter the country. In addition, it 
provides an investigative case management function for activities 
carried out by ICE agents, including money-laundering tracking and 
reporting; telephone data analysis; and intelligence reporting and 
dissemination.
    Over time, TECS has evolved into a multi-faceted computing platform 
that CBP describes as a system of systems. This mainframe-based system 
dates back to the 1980s and interfaces with over 80 other systems from 
within DHS, other Federal departments and their component agencies, as 
well as State, local, and foreign governments. It contains over 350 
database tables, queries, and reports (e.g., querying law enforcement 
records to determine if a traveler appears on a terrorist watch list), 
and multiple applications (e.g., ICE's existing investigative case 
management system). CBP agents and other users access TECS via 
dedicated terminals. The system is managed by CBP's Office of Passenger 
Systems Program Office and is currently hosted at CBP's data center.
    On a daily basis, the system is used by over 70,000 users and 
handles more than 2 million transactions--including the screening of 
over 900,000 visitors and approximately 465,000 vehicles every day. In 
addition, Federal, State, local, and international law enforcement 
entities use TECS to create and disseminate alerts and other law 
enforcement information about ``persons of interest.'' Ten Federal 
departments and their numerous component agencies access the system to 
perform a part of their missions.
    The current TECS system uses obsolete technology, which combined 
with expanding mission requirements, have posed operational challenges 
for CBP and others. For example, users may need to access and navigate 
among several different systems to investigate, resolve, and document 
an encounter with a passenger. In addition, CBP identified that TECS's 
search algorithms do not adequately match names from foreign alphabets. 
TECS's obsolescence also makes it difficult and expensive to maintain 
and support. Specifically, DHS estimates that TECS's licensing and 
maintenance costs are expected to be $40 million to $60 million per 
year in 2015.
    In 2008, DHS initiated efforts to modernize TECS by replacing the 
mainframe technology, developing new applications, and enhancing 
existing applications to address expanding traveler screening mission 
needs, improving data integration to provide enhanced search and case 
management capabilities, and improving user interface and data access. 
DHS's plan was to migrate away from the existing TECS mainframe by 
September 2015 to avoid significantly escalating support costs. The 
modernization effort is managed by two program offices--one at CBP and 
the other at ICE--working in parallel, with each having assumed 
responsibility for modernizing the parts of the system aligned with 
their respective missions.
    CBP expects that its modernization efforts will yield certain 
improvements over the existing system, including the following.
   Enhancements to TECS's search algorithms to better match 
        names from foreign alphabets; address gaps in current processes 
        that could result in missing a person of interest. This 
        includes an improved ability for inspectors to update 
        information on travelers at air and sea borders at the time of 
        encounter.
   Improvements in the flow and integration of data between CBP 
        and its partner agencies and organizations. This is intended to 
        aid the agency's inspectors by providing timely, complete, and 
        accurate information about a traveler during the secondary 
        inspection process.
    CBP planned to develop, deploy, and implement these capabilities 
incrementally across five projects from 2008 to 2015.
   Secondary Inspection.--This project is to support processing 
        of travelers referred from primary inspection for either 
        enforcement or administrative reasons. According to CBP, this 
        project's functionality was fully deployed to all air and sea 
        ports of entry in 2011, and was fully deployed to all land 
        ports of entry in 2013.
   High Performance Primary Query and Manifest Processing.--
        This project is intended to improve TECS data search results in 
        order to expedite the processing of manifests from individuals 
        traveling to the United States on commercial or private 
        aircraft, and commercial vessels. It is to be fully operational 
        by March 2015.
   Travel Document and Encounter Data.--This project is 
        intended to improve CBP's ability to query and validate travel 
        documentation for both passengers and their means of 
        conveyance. It is to be fully operational by March 2015.
   Lookout Record Data and Services.--This project is intended 
        to improve the efficiency of existing data screening and 
        analyses capabilities. It is to be fully operational by March 
        2015.
   Primary Inspection Processes.--This project is intended to 
        modernize the overall inspection process and provide support 
        for additional or random screening and communication functions. 
        It is to be fully operational by March 2015.
    As part of each of these projects, CBP is also developing an on-
line access portal, called TECS Portal, for authorized users to access 
information remotely using a modern web browser, along with security 
and infrastructure improvements, and the migration of data from the 
current system to databases in the new environment at the DHS data 
center. Ultimately, TECS Mod functionality is to be deployed to over 
340 ports of entry across the United States.
    ICE's TECS Mod effort is to focus on specific law enforcement and 
criminal justice functions; tools to support ICE officers' collection 
of information, data analysis, and management operations; enhanced 
capabilities to access and create data linkages with information 
resources from elsewhere in DHS and other law enforcement agencies; and 
capabilities to better enable investigative and intelligence 
operations, corresponding management activities, and information 
sharing. Similar to CBP, ICE intended to deliver functionality in 
multiple phases:
   Phase 1: Core Case Management.--This phase was to encompass 
        all case management functions currently residing in the 
        existing TECS system. ICE planned to develop and deploy these 
        functions in three releases beginning in 2009, and was 
        scheduled to deploy Release 1 by December 2013, with additional 
        releases following about every 12 months, in order to achieve 
        independence from the existing TECS platform by September 2015. 
        Specific capabilities that were to be provided include:
     Basic electronic case management functions, including 
            opening cases, performing supervisory review of cases, and 
            closing cases within the system;
     Development of reports for use as evidentiary material in 
            court proceedings arising from ICE agents' investigations;
     Maintenance of records relating to the subjects of ICE 
            investigations; and,
     Audit capabilities to monitor system usage.
   Phase 2: Comprehensive Case Management.--This phase was to 
        expand on the features delivered as part of Phase 1 and to be 
        delivered in four increments starting in 2016, with an 
        estimated completion date in fiscal year 2017.
DHS Oversight of Major IT Programs
    DHS's Office of the Chief Information Officer (CIO) and the Office 
of the Under Secretary for Management are to play key roles in 
overseeing major acquisition programs like TECS Mod. For example, the 
CIO's responsibilities include setting Departmental IT policies, 
processes, and standards; and ensuring that IT acquisitions comply with 
DHS IT management processes, technical requirements, and approved 
enterprise architecture, among other things. Within the Office of the 
CIO, the Enterprise Business Management Office has been given primary 
responsibility for ensuring that the Department's IT investments align 
with its missions and objectives. As part of its responsibilities, this 
office periodically assesses IT investments like TECS Mod to gauge how 
well they are performing through a review of program risk, human 
capital, cost and schedule, and requirements.
    In October 2011, DHS's under secretary for management established 
the Office of Program Accountability and Risk Management. This office 
is to ensure the effectiveness of the overall program execution 
governance process and has the responsibility for developing and 
maintaining DHS's Acquisition Management Directive.\3\ It is also 
responsible for periodically providing independent assessments of major 
investment programs--called Quarterly Program Accountability Reports--
as well as identifying emerging risks and issues that DHS needs to 
address.
---------------------------------------------------------------------------
    \3\ The Acquisition Management Directive provides the overall 
policy and structure for acquisition management within the Department 
and is used in planning and executing acquisitions.
---------------------------------------------------------------------------
    In December 2011, DHS introduced a new initiative to improve and 
streamline the Department's IT program governance. This initiative 
established a tiered governance structure for program execution. Among 
other things, this new structure includes a series of governance 
bodies, each chartered with specific decision-making responsibilities 
for each major investment. Among these are executive steering 
committees, which serve as the primary decision-making authorities for 
DHS's major acquisition programs. ICE chartered its steering committee 
in September 2011 and it has been meeting since December of that year. 
CBP established its steering committee in early 2013 and it held its 
first meeting in February.
   schedule and cost of both tecs modernization programs are unclear
    CBP has begun delivering functionality to its users; however, its 
schedule and cost commitments continue to change and are still being 
revised. Specifically, CBP intends to modernize the functionality, 
data, and aging infrastructure of legacy TECS and move it to DHS's data 
centers. CBP plans call for developing, deploying, and implementing 
these capabilities in five distinct projects that are to be delivered 
by 2015. To date, CBP has completed one of these five projects, having 
completed its deployment of functionality to improve its secondary 
inspection processes to air, sea, and land ports of entry in 2013. CBP 
is in the process of revising its schedule baseline for the second time 
in under a year, making it unclear when the program ultimately intends 
to deliver needed functionality.
    Exacerbating this situation is the fact that CBP has not developed 
its master schedule sufficiently to effectively manage work activities 
or monitor the program's progress.\4\ Specifically, the program has not 
linked all the work activities in the individual project schedules, nor 
has it defined dependencies that exist between projects in the master 
schedule: Approximately 65 percent of CBP's remaining work activities 
were not linked with other associated work activities. Thus, any delays 
early in the schedule do not ``ripple'' (i.e., transmit delays) to 
activities later in the schedule, meaning that management will be 
challenged to determine how a slip in the completion date of a 
particular task may affect the overall schedule. In our report, we also 
noted that CBP had not yet developed a detailed schedule for 
significant portions of the program. CBP reported in January 2014 that 
it has now completed that work.
---------------------------------------------------------------------------
    \4\ Our research has identified, among other things, that a key 
element associated with a complete and useful schedule or roadmap for 
executing a program such as TECS Mod is to logically sequence all work 
activities so that start and finish dates of future activities, as well 
as key events based on the status of completed and in-progress 
activities, can be reliably forecasted. See GAO, GAO Schedule 
Assessment Guide: Best Practices for Project Schedules, Exposure Draft, 
GAO-12-120G (Washington, DC: May 2012).
---------------------------------------------------------------------------
    Program officials stated these deficiencies existed because the 
program has only two staff members with skills needed to properly 
develop and maintain the schedules, and that fully documenting all the 
dependencies would be time-consuming, and in their view, not 
sufficiently important to warrant the additional resources necessary to 
complete them. However, without a complete and integrated master 
schedule that includes all program work activities and associated 
dependencies, CBP is not in a position to accurately determine the 
amount of time required to complete its TECS modernization effort and 
develop realistic milestones.
    The program's cost estimates have also changed as a result of 
rebaselining and are also being revised. The program's baselined life-
cycle cost estimate \5\ was approximately $724 million, including $31 
million for planning management, $212 million for development, and $481 
million for operations and maintenance. As of August 2013, the program 
reported that it had expended about $226 million. However, as 
previously stated, the program is in the process of revising its 
estimate, and thus, it is unclear how much it will cost to complete the 
program. In January 2014, CBP reported that its revised estimates 
should be approved internally and submitted to DHS for its approval by 
the end of January 2014.
---------------------------------------------------------------------------
    \5\ This estimate is in the program's November 2012 acquisition 
program baseline.
---------------------------------------------------------------------------
    Meanwhile, ICE is replanning its $818 million TECS Mod program, 
having determined in June 2013 that the system under development was 
not technically viable and could not support ICE's needs--this coming 
after having already reduced the scope of its initial program 
installment by about 70 percent due to protracted technical 
difficulties and schedule delays. Specifically, ICE determined that, 
after spending approximately $19 million, the system under development 
could not be fielded as part of ICE's eventual solution due to on-going 
technical difficulties with the user interface, access controls, and 
case-related data management. Instead of continuing with the existing 
technical solution, the program manager explained that ICE would scrap 
a significant portion of the work done to date and start over. As a 
result, ICE halted most development work in June 2013 and has since 
been assessing different design and technical alternatives. In January 
2014, ICE reported that it had rebaselined its program requirements and 
that it anticipates having its revised cost and schedule estimates 
finalized this coming spring. Nevertheless, given the time lost in 
developing the current technical solution, as well as the already-
reduced program scope, ICE cannot say what specific features it will 
release to users, when this functionality will be delivered, or how 
much such efforts will cost. As such, ICE is at significant risk of not 
achieving independence from the existing system by 2015.
   tecs modernization's risk management is generally consistent with 
  leading practices, but requirements management has had mixed results
    Both CBP and ICE implemented risk management practices that are 
generally--though not fully--consistent with leading practices, and 
both had mixed results in managing program requirements. Of four 
leading practices associated with effective risk management, CBP and 
ICE each fully implemented two (establishing documented risk management 
processes and assigning roles and responsibilities for managing risks) 
and partially implemented the other two (capturing all known risks and 
managing risk mitigation efforts through to completion). Specifically, 
neither program identified all known risks, nor escalated them for 
timely review by senior management.
    Further, of four leading practices for managing program 
requirements, CBP fully implemented three (establishing a requirements 
management process, assigning roles and responsibilities for 
requirements development and management activities, and defining a 
change control process) while partially implementing the one other 
(eliciting user needs). However, CBP began executing key requirements 
activities before such practices were established, and as a result, CBP 
officials reported that some TECS Mod requirements were not as 
consistently well-formed or detailed because their process during that 
time lacked rigor. In ICE's case, management weaknesses and the lack of 
appropriate guidance for the program's requirements management process 
led to technical issues, testing failures, and ultimately, the deferral 
and/or deletion of about 70 percent of the program's original 
requirements. ICE issued new requirements guidance for the program in 
March 2013 that is consistent with leading practices, but has yet to 
demonstrate that these have been fully implemented.
    dhs's governance bodies have taken actions aligned with leading 
   practices, but incomplete and inaccurate data have limited their 
                             effectiveness
    DHS's governance bodies have taken actions to oversee the two TECS 
Mod programs that are generally aligned with leading practices. 
Specifically, they have monitored TECS Mod performance and progress and 
have ensured that corrective actions have been identified and tracked. 
However, a lack of complete, timely, and accurate data have affected 
the ability of these governance bodies to make informed and timely 
decisions, thus limiting their effectiveness. For example:
   Steering committees.--In an April 2013 meeting, the CBP 
        program manager briefed the steering committee on its target 
        milestone dates; even though the agency told us a month later 
        that it had not fully defined its schedule, raising questions 
        about the completeness and accuracy of the proposed milestone 
        dates upon which the committee based its oversight decisions.
   The Office of the CIO.--In its most recent program health 
        assessments, the Enterprise Business Management Office 
        partially based its rating of moderately low-risk on CBP's use 
        of earned value management; however, the program manager stated 
        to us that the CBP program is not utilizing earned value 
        management because neither it nor its development contractor 
        had the capability to do so. Similarly, even though ICE had not 
        reported recent cost or schedule data for its program--an issue 
        that may signal a significant problem--the Office of the CIO 
        rated ICE's program as medium-risk. The reliance on incomplete 
        and inaccurate data raises questions about the validity of the 
        risk ratings.
   Office of Program Accountability and Risk Management.--In 
        the July 2013 Quarterly Program Accountability Report, DHS's 
        Office of Program Accountability and Risk Management rated both 
        TECS Mod programs as high-value with low risk. However, CBP's 
        low-risk rating was based in part on the quality of the 
        program's master schedule and acquisition program baseline; 
        however, as we stated earlier, problems with the agency's 
        schedule raise questions about the validity and quality of 
        those milestones. Further, the low-risk rating it issued for 
        ICE was based, in part, on its assessment of ICE's performance 
        between April and September 2012, which rated the program's 
        cost performance with the lowest possible risk score. Yet, 
        during that same time period, program documents show that ICE 
        TECS Mod's cost and schedule performance was declining and 
        varied significantly from its baseline. For example, program 
        documents show that, as of June 2012, ICE TECS Mod had 
        variances of 20 percent from its cost baseline and 13 percent 
        from its schedule baseline.
    Moreover, the Quarterly Program Accountability Report is not issued 
        in a timely basis, and as such, is not an effective tool for 
        decision-makers. For example, the most recent report was 
        published on July 7, 2013, over 9 months after the reporting 
        period ended and therefore did not reflect that, since then, 
        ICE has experienced the issues with its technical solution 
        described earlier in this report. As discussed, these issues 
        have caused the program to halt development and replan its 
        entire acquisition. Consequently, the newly-issued report is 
        not reflective of ICE's current status, and thus is not an 
        effective tool for management's use in providing oversight.
    Until these governance bodies base their reviews of performance on 
timely, complete, and accurate data, they will be limited in their 
ability to effectively provide oversight and to make timely decisions.
   implementation of recommendations could improve dhs's efforts to 
              develop and implement its tecs mod programs
    In our report, we made several recommendations to improve DHS's 
efforts to develop and implement its TECS Mod programs. Specifically, 
we recommended that the Secretary of Homeland Security direct the CBP 
commissioner to: (1) Develop an integrated master schedule that 
accurately reflects all of the program's work activities, as well as 
the timing, sequencing, and dependencies between them; (2) ensure that 
all significant risks associated with the TECS Mod acquisition are 
documented in the program's risk and issue inventory--including 
acquisition risks mentioned in our report--and are briefed to senior 
management, as appropriate; (3) revise and implement the TECS Mod 
program's risk management strategy and guidance to include clear 
thresholds for when to escalate risks to senior management, and 
implement as appropriate; and (4) revise and implement the TECS Mod 
program's requirements management guidance to include the validation of 
requirements to ensure that each is unique, unambiguous, and testable. 
In January 2014, CBP provided documentation that it had taken steps to 
begin addressing the second, third, and fourth recommendations.
    We further recommended that the Secretary of Homeland Security 
direct the Acting Director of ICE to: (1) Ensure that all significant 
risks associated with the TECS Mod acquisition are documented in the 
program's risk and issue inventory--including the acquisition risks 
mentioned in our report--and briefed to senior management, as 
appropriate; (2) revise and implement the TECS Mod program's risk 
management strategy and guidance to include clear thresholds for when 
to escalate risks to senior management, and implement as appropriate; 
and (3) ensure that the newly-developed requirements management 
guidance and recently revised guidance for controlling changes to 
requirements are fully implemented.
    We also recommended that the Secretary of Homeland Security direct 
the under secretary for management and acting chief information officer 
to ensure that data used by the Department's governance and oversight 
bodies to assess the progress and performance of major IT acquisition 
programs are complete, timely, and accurate.
    DHS concurred with all but one of our recommendations, disagreeing 
with the recommendation regarding the weaknesses in CBP's schedule. In 
response, DHS stated that CBP's scheduling efforts for TECS Mod were 
sound. However, given the weaknesses in CBP's master schedule, we 
continue to believe that management will be unable to determine how a 
slip in the completion date of a particular task may affect the overall 
project or program schedule, and thus, absent any changes, continuing 
to use it as a tool to track progress will remain ineffective.
    In conclusion, after spending nearly a quarter billion dollars and 
over 4 years on its two TECS Mod programs, it remains unclear when DHS 
will deliver them and at what cost. While CBP's program has delivered 
one of the five major projects that comprise the program, its 
commitments are being revised again and the master schedule used by the 
program to manage its work and monitor progress has not been fully 
developed. Moreover, ICE's program has made little progress in 
deploying its system, and is now completely overhauling its original 
design and program commitments, placing the program in serious jeopardy 
of not meeting the 2015 deadline and delaying system's deployment. The 
importance of having updated cost and schedule estimates for both the 
CBP and ICE programs cannot be understated, as this important 
management information will provide Congress and DHS with visibility 
into the performance of these vital border security investments. 
Further, while both agencies have defined key practices for managing 
risks and requirements, it is important that the programs fully 
implement these critical practices to help ensure that they deliver the 
functionally needed to meet mission requirements and minimize the 
potential for additional costly rework. Finally, until DHS's governance 
bodies are regularly provided complete and accurate data for use in 
their performance monitoring and oversight duties, their decisions may 
be flawed or of limited effectiveness.
    Chairman Duncan, Ranking Member Barber, and Members of the 
subcommittee, this concludes my statement. I would be happy to answer 
any questions at this time.

    Mr. Duncan. Yeah. Thank you, Mr. Powner.
    We are going to pause, and I am going to recognize the 
gentleman from Arizona, Mr. Barber, the Ranking Member, for his 
opening statement.
    Mr. Barber. Well, good morning. I apologize for being late. 
All the streets get closed down, you know, when the President 
is moving around. So I just came from the National Prayer 
Breakfast and ran a little bit late, so I appreciate your 
indulgence on that.
    I want to thank the Chairman for convening this hearing on 
a very important topic. We frequently talk here about the many 
systems that are part of the infrastructure at DHS, and today 
we are going to be talking about one that is critical and on 
which myself and the Chairman wrote a letter last month 
expressing our concerns about where we are.
    Technology, infrastructure, and personnel are obviously 
three key elements in securing our borders and ensuring the 
safe and legal entry of people and goods into the United 
States.
    I can tell you, from my perspective as 1 of the 9 Members 
from a Southwest Border district, that we have significant 
problems in processing, expediting people coming into the 
country, particularly at our ports of entry in Nogales, which 
is a neighboring district, in my own district at the Douglas 
port of entry, partly due to the lack of numbers of Customs 
agents, but, also, I believe, due to the cumbersome nature of 
the technology that is used by our personnel in DHS to process 
people into the country.
    Employees from U.S. Customs and Border Protection and ICE 
utilize, as you know, many different types of technology to 
carry out their mission. One of the largest IT systems 
currently in use is TECS, which is the primary border 
enforcement system supporting the screening of travelers 
entering the United States.
    As you also know, the use of TECS goes well beyond CBP and 
ICE. It is currently used by over 20 Federal agencies, 
resulting in over 70,000 users conducting more than 2,000 
transactions each and every day.
    According to the CBP, which maintains TECS, it is the 
largest and most important law enforcement system currently in 
use by the Federal, State, and local law enforcement agents. It 
supports law enforcement lookouts, border screening, reporting 
for CBP primary and secondary inspection processes, money-
laundering tracking, and reporting telephone and data analysis 
and intelligence reporting and dissemination. In sum, TECS is a 
vital asset to homeland security.
    However, TECS is a legacy system that has been plagued with 
problems based upon both the age of the system and the outdated 
and, I would say, obsolete technology. As a result, the 
Department of Homeland Security is in the process of 
modernizing this 34-year-old border security tool through a 
multi-billion-dollar project known as TECS Mod. Given the 
importance of TECS and its widespread use throughout the law 
enforcement community at every level, I support the 
modernization and look forward to the day when it can actually 
be used with speed, efficiency, and reduced likelihood of false 
positives, which are also frequent.
    Unfortunately, 4 years after beginning the TECS Mod, ICE is 
not much closer to developing a solution than it was on Day 1. 
Not only that, but CBP is still unable to determine its costs 
or schedule with sufficient detail. Furthermore, DHS's 
management of this project and the lack of stated requirements 
have led to the waste of millions of dollars of scarce Homeland 
Security funds--not very good stewardship of the taxpayers' 
money.
    This concerns me because, as Ranking Member of this 
subcommittee, it is my responsibility, as it is all of our 
responsibilities, to ensure that the Department is spending 
taxpayer dollars efficiently and that its programs are actually 
doing what they are supposed to do and are keeping southern 
Arizonans and all Americans safe. Ultimately, the Department of 
Homeland Security is at risk of spending an additional $45 
million to $60 million per year to maintain the aging system 
due to its outdated technology and exorbitant maintenance 
costs.
    CBP is the Nation's largest law enforcement entity, and its 
thousands of law enforcement officials or agents across the 
United States rely on this system. Yet they rely on it in order 
to get their jobs done and keep us safe from harm, and it just 
doesn't work very well.
    Our Border Patrol agents and Customs officers and other 
border security officials in the field are doing their part 
every single day to keep our country safe and secure, and we 
owe it to these front-line personnel to provide them with the 
technological tools they need to carry out their mission.
    At present, TECS Mod is being managed under the direction 
of two separate program offices within DHS: ICE and CBP. 
Although we have been advised that these offices coordinate--
and the initial decision may have made sense on paper, to 
divide the mission--I am very concerned that this decision has 
and will result in duplication, unnecessary costs, and uneven 
results, which ultimately affect the end-user.
    When you put two separate components in charge of the same 
program, it is difficult to determine who should be held 
accountable. When more than one person is in charge, then 
essentially no one is in charge. This could lead to 
jurisdiction conflict or, worse, the inability to track 
accountability.
    According to the GAO, the schedule and costs of both 
programs are still unclear, making it much more difficult for 
those who rely on TECS to do their jobs. CBP states that the 
project will be completed in 2015, but the GAO report casts 
doubt on that as a possibility. ICE cannot determine the date 
because it has halted all work on TECS until an independent 
contractor can determine the life-cycle costs and the necessary 
requirements. As a result, the 2015 completion date is in 
serious doubt.
    In sum, Mr. Chairman, the Department has work to do to turn 
this effort around and put it on the right track. I look 
forward to hearing both from CBP and ICE on how they plan to 
move TECS Mod forward effectively and efficiently, including 
how they will define key requirements and identify and manage 
risks and accurately estimate the completion date for full 
modernization. This is essential to our Nation and to the 
mission of the Department.
    Thank you, Mr. Chairman. I yield back.
    [The statement of Ranking Member Barber follows:]
                 Statement of Ranking Member Ron Barber
                            February 6, 2014
    Technology, infrastructure, and personnel are three key elements to 
securing our borders and ensuring the safe and legal entry of people 
and goods into the United States.
    Employees from the U.S. Customs and Border Protection (CBP) and 
Immigrations and Customs Enforcement (ICE) utilize many different types 
of technology to carry out their mission. One of the largest IT systems 
currently in use is TECS, which is the primary border enforcement 
system supporting the screening of travelers entering the United 
States.
    The use of TECS goes well beyond CBP and ICE. TECS is currently 
accessed by over 20 Federal agencies; resulting in over 70,000 users 
conducting more than 2,000 transactions each and every day. According 
to CBP, which maintains TECS, it is the largest, most important law 
enforcement system currently in use by Federal, State, and local law 
enforcement agents.
    It supports law enforcement ``lookouts,'' border screening, 
reporting for CBP's primary and secondary inspection processes, money-
laundering tracking and reporting, telephone and data analysis, and 
intelligence reporting and dissemination.
    In sum, TECS is a vital asset to homeland security. However, TECS 
is a legacy system that has been plagued with problems based on the age 
of the system and its outdated technology.
    As a result, the Department of Homeland Security is in the process 
of modernizing this 34-year-old border security tool, through a multi-
billion dollar project known as TECS Mod.
    Given the importance of TECS and its widespread use throughout the 
law enforcement community at every level, I support its modernization 
and look forward to the day when it can be used with speed, efficiency, 
and a reduced likelihood of false positives.
    Unfortunately, 4 years after the beginning of TECS Mod, ICE is not 
much closer to developing a solution than it was on Day 1. Not only 
that, but CBP is still unable to determine its costs or schedule with 
sufficient detail.
    Furthermore, DHS's management of this project and the lack of 
stated requirements have led to the waste of millions of scarce 
homeland security funds.
    This concerns me because, as Ranking Member of this subcommittee, 
it is my responsibility to ensure that the Department is spending 
taxpayer dollars efficiently and that its programs are actually doing 
what they were intended to do and are keeping Southern Arizonans safe.
    Ultimately, the Department of Homeland Security is at risk of 
spending an additional $45 to $60 million per year to maintain the 
aging system due to its outdated technology and exorbitant maintenance 
costs.
    CBP, the Nation's largest law enforcement entity and its thousands 
of law enforcement agents across the United States rely on this system. 
They rely on it in order to do their jobs and keep us safe from harm.
    Our Border Patrol agents and Customs officers and other border 
security officials in the field are doing their part to keep our 
country secure. We owe it to these front-line personnel to provide them 
the technological tools they need to carry out their mission.
    At present, TECS Mod is being managed under the direction of two 
separate program offices--one at ICE and the other at CBP.
    Although we have been advised that these offices coordinate and the 
initial decision may have made sense ``on paper,'' I am concerned that 
this decision will result in duplication, unnecessary costs, and uneven 
results, which will ultimately affect the end-user.
    When you put two separate components in charge of the same program, 
it is difficult to determine who should be held accountable for its 
results.
    This could lead to jurisdiction conflict or worse, the inability to 
track accountability.
    According to GAO, the schedule and cost for both programs are 
unclear, making it more difficult for those who rely on TECS to do 
their jobs. CBP states that the project will be complete in 2015, but 
GAO doubts that is possible.
    ICE cannot determine a date because it has halted all work on TECS 
until an independent contractor can determine the life-cycle costs and 
the necessary requirements. As a result, the 2015 is in doubt.
    In sum, the Department has work to do to turn this effort around 
and put it on the right track. I look forward to hearing from both CBP 
and ICE on how they plan to move TECS Mod forward, including how they 
will define key requirements, identify and manage risks, and accurately 
estimate a completion date for full modernization.

    Mr. Duncan. I thank the Ranking Member.
    We will go ahead and get back on track. I will recognize 
Mr. Armstrong for his testimony for 5 minutes.

  STATEMENT OF CHARLES R. ARMSTRONG, ASSISTANT COMMISSIONER, 
   OFFICE OF INFORMATION AND TECHNOLOGY, CUSTOMS AND BORDER 
        PROTECTION, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Armstrong. Good morning, Chairman Duncan, Ranking 
Member Barber, and distinguished Members of the subcommittee. 
Thank you for the opportunity to appear before you to discuss 
U.S. Customs and Border Protection's efforts to modernize our 
aging information technology systems. I appreciate the 
subcommittee's leadership and your continued efforts to support 
the security of the American people.
    Today I will discuss efforts we are making at CBP to 
continue effective delivery, within budget, of our TECS 
Modernization program.
    TECS is a vital border security system supporting the 
vetting of travelers entering the United States who may be 
inadmissible or may pose a threat. TECS provides for the 
creation and query of lookout records and has more than 70,000 
users from over 20 Federal agencies. Approximately 1 million 
travelers a day are vetted through TECS when entering the 
United States.
    TECS is over 25 years old and uses data technology that is 
difficult to enhance and expensive to maintain. As part of an 
overarching strategy, TECS is migrating to a new enterprise 
architecture that will provide a solid foundation for the 
future, enhance capabilities, maintain high performance and 
availability, and align with other DHS modernization 
activities.
    CBP began its TECS Mod effort in fiscal year 2008. TECS Mod 
functionality is concurrently and incrementally developed and 
deployed through five projects that focus on major functional 
areas.
    CBP's TECS Mod effort is led by a program management office 
that has successfully delivered other high-profile border 
security systems. I chair the CBP TECS Modernization Executive 
Steering Committee, which provides program oversight and 
monitors cost, schedule, performance, and risk-management 
activities. The committee includes representation from CBP, 
ICE, and DHS offices.
    I also hold monthly program management reviews and regular 
meetings with Mr. Michelli to provide additional oversight and 
coordination of the TECS Modernization activities. CBP and ICE 
program staffs meet frequently for detailed collaboration on 
the program.
    CBP TECS Modernization has delivered functionality in four 
of the five projects. Secondary inspection has been fully 
deployed to all ports of entry. Officers have better 
information available to determine admissibility, spent less 
time navigating multiple screens and more time focusing their 
attention on the traveler.
    CBP has also deployed a modernized query engine for Advance 
Passenger Information and for primary at air and sea ports. The 
modernized query provides a fast response to lookout record 
queries, informing officers if a traveler is of interest to CBP 
or other Federal agencies. TECS portal enhanced queries of 
lookout records, cross-data, and travel documents.
    Because of the budget uncertainty during fiscal year 2013, 
the final TECS Modernization project primary inspection 
process, PIP, was paused. As a result, the TECS Modernization 
schedule was revised to restart the PIP in late second quarter 
of 2014 and move the program completion date from the end of 
fiscal year 2015 to mid-fiscal year 2016.
    GAO's recent report contained four recommendations for CBP. 
CBP concurred with and has already implemented three of the 
recommendations concerning risk and requirements management. 
CBP did not concur with GAO's recommendation on our schedule 
process. I believe our established process has proven effective 
and aligns with our continuing effort to move to agile 
development.
    The CBP TECS Modernization program has stayed within budget 
since it began in 2008 and has made significant progress, 
achieved many milestones, and the program is in good overall 
health. Mr. Michelli and I are committed to the successful 
delivery of the program.
    I thank you for the opportunity to testify today, and I 
look forward to answering your questions.
    [The prepared statement of Mr. Armstrong follows:]
               Prepared Statement of Charles R. Armstrong
                            February 6, 2014
    Chairman Duncan, Ranking Member Barber, and distinguished Members 
of the subcommittee, thank you for the opportunity to appear before you 
on behalf of the dedicated men and women of U.S. Customs and Border 
Protection (CBP) to discuss our efforts to modernize aging information 
technology systems in support of our border security mission. We 
appreciate the subcommittee's leadership and your continued efforts to 
ensure the security of the American people.
    As the unified border security agency of the United States, CBP is 
responsible for securing our Nation's borders while facilitating the 
flow of legitimate international travel and trade that is so vital to 
our Nation's economy. Within this broad responsibility, our priority 
mission remains to prevent terrorists and terrorist weapons from 
entering the United States. Today, I will discuss efforts we are making 
at CBP to continue effective delivery, within budget, of TECS 
Modernization, one of our key border security systems to support the 
missions of CBP, DHS, and other Federal law enforcement agencies.
                               background
    TECS (no longer an acronym) is a key border enforcement system 
supporting the vetting of travelers entering the United States and the 
requirements of other Federal agencies used for law enforcement and 
immigration benefit purposes. TECS supports the sharing of information 
about people who are inadmissible or may pose a threat to the security 
of the United States through the creation and query of ``lookout 
records.'' TECS is used by more than 70,000 users, including users from 
more than 20 Federal agencies that use TECS in furtherance of their 
missions. TECS receives and processes traveler manifests from carriers 
and supports primary and secondary inspections for almost a million 
travelers and almost half a million vehicles at United States ports of 
entry (POEs) each day. TECS not only collects and creates border 
security information, but also shares that data with other systems and 
agencies. TECS also provides access to National Criminal Information 
Center (NCIC) and the International Justice and Public Safety Network 
(Nlets), as appropriate. TECS provides security and privacy controls to 
ensure users can only run transactions and access data to which they 
are authorized. TECS also includes extensive auditing of user actions 
for internal control purposes.
    A typical ``TECS Check'' regarding a particular individual provides 
authorized users information on:
   Lookout records;
   Entries into and exits from the United States;
   Previous secondary inspections; and
   NCIC wants and warrants.
    Because TECS is over 25 years old and uses dated architecture and 
technology that are difficult to enhance and expensive to maintain, 
TECS is migrating to a new enterprise architecture that will provide a 
solid foundation for the future, enable enhanced capabilities, maintain 
high performance and availability, and align with other DHS 
modernization activities. The program provides for highly-scalable 
functionality that meets constantly-emerging user requirements.
    The modernization of the legacy TECS system is being accomplished 
through two separate but coordinated programs, one within CBP and the 
other within U.S. Immigration and Customs Enforcement (ICE). Each is 
funded and being executed separately in support of each agency's 
mission requirements. While both modernization programs remain focused 
on continued support of each agency's unique mission, both programs 
coordinate closely on common interests regarding planning, development, 
and data migration efforts.
                         cbp's tecs mod program
    CBP began its 8-year TECS Modernization or ``TECS Mod'' efforts in 
fiscal year 2008. A specific challenge to CBP's modernization effort is 
that modifications cannot interrupt existing TECS functionality or 
availability. CBP's TECS system must be available to support border 
crossing operations 24 hours a day, 7 days a week. The need for high 
availability requires redundant hardware and failover processes to 
allow system maintenance with little or no interruption to end users of 
the system.
    CBP's TECS Mod program is transitioning functionality incrementally 
with five projects, focusing on major functional areas to decrease risk 
and to continue providing existing capabilities to the end-user until 
modernization is complete. In addition to the five functional area 
projects, CBP TECS Mod also includes two overarching efforts to address 
infrastructure and security. The program includes migration of data 
from the legacy source system to the target databases, developing 
services for interfaces, and deploying a modernized web-based user 
interface (portal) to support TECS on-line users, ensuring compliance 
with security and privacy policies. The five functional area projects 
are:
   Secondary Inspection (SI).--This project supports processing 
        of travelers referred from primary inspection and creates a 
        modernized graphical user interface.
   High Performance Primary Query and Manifest Processing 
        (HPPQ).--This project focuses on modernizing services and 
        functionalities essential for primary inspection (person/
        vehicle) query functions. HPPQ also modernizes Advance 
        Passenger Information System (APIS) receipt and processing of 
        arriving and departing international traveler manifests.
   Travel Document and Encounter Data (TDED).--This project 
        manages travel document data from the Department of State, U.S. 
        Citizenship and Immigration Services, and State, Provincial, 
        and Tribal governments. TDED also modernizes the way encounter 
        data, which include person and vehicle crossing (entry/exit) 
        data, I-94 arrival/departure data, and Currency and Monetary 
        Instrument Report data, are made available for TECS on-line 
        users and primary and secondary inspections.
   Lookout Record Data and Screening Services (LRDS).--This 
        project will modernize the creation, maintenance, and query of 
        lookout records for on-line users and interfaces with other 
        systems. LRDS will also provide TECS data query capabilities 
        and services to the law enforcement community via system-to-
        system interfaces or services. Additionally, the LRDS project 
        will support current query capabilities for DHS component users 
        with authorization to access NCIC, Nlets, and criminal history 
        information.
   Primary Inspection Processes (PIP).--This project will 
        modernize primary inspections (Air, Sea, and Land) user 
        interfaces, services and processes. PIP will also modernize 
        current Alternate Inspection (AI) processing which includes any 
        inspection that is not conducted at an air, sea, vehicle, or 
        pedestrian primary booth.
Program Governance and Oversight
    The CBP TECS Modernization Executive Steering Committee (ESC) 
provides oversight of the TECS modernization effort. As CBP's chief 
information officer and Office of Information and Technology (OIT) 
assistant commissioner, I chair the ESC, which includes members from 
CBP offices; DHS's under secretary for science and technology, chief 
information officer, and chief financial officer; representatives from 
stakeholder groups; and ICE's TECS Mod program manager. The ESC, which 
meets every 2 months, monitors the program's cost, schedule, and 
performance, reviews risk management mitigation activities, and ensures 
corrective actions are identified.
    Additional oversight and governance of CBP's TECS Mod program is 
provided by existing policies and guidance from DHS's Office of the 
Chief Information Officer (OCIO), Office of the Under Secretary for 
Management, and the director of operational test and evaluation. All 
three offices play key roles in overseeing DHS's major acquisition 
programs and are very involved with CBP TECS Mod. Further, DHS's Office 
of Program Accountability and Risk Management (PARM) works to ensure 
the effectiveness of the overall program execution governance process 
by providing independent assessments of major investment programs, and 
by identifying emerging risks and issues that DHS and its components 
need to address. I hold a monthly Program Management Review (PMR), 
attended by OCIO and PARM representatives, which covers schedule, cost, 
risks/issues, and other topics. In addition to these formal meetings, 
Mr. Thomas Michelli, ICE's chief information officer, and I hold 
regular meetings to coordinate TECS Mod activities, and our program 
staffs meet frequently for detailed collaboration.
Program Management
    CBP's TECS Mod effort is led by the TECS Mod Program Management 
Office (PMO) within OIT's Passenger Systems Program Directorate (PSPD). 
PSPD manages applications which support CBP's traveler vetting and 
processing systems at U.S. ports of entry. It has successfully 
delivered several high-profile border security systems, including 
Trusted Traveler, Electronic System for Travel Authorization (ESTA), 
and Western Hemisphere Travel Initiative (WHTI).
    Vital aspects of CBP TECS Mod's strong program governance and 
program management are the risk and requirements management processes. 
CBP TECS Mod's risk management processes include a strategy outlining 
techniques and procedures for identifying sources of risks, and how to 
categorize, analyze, and prioritize identified risks. Additionally, 
each of CBP's five TECS Mod projects have a Government Project Manager 
whose responsibilities include identifying, verifying, analyzing, 
documenting, and tracking project risks, as well as communicating risk 
issues to the TECS Mod Program Risk Manager.
    CBP's TECS Mod requirements management process was revised and 
improved in 2012, resulting in better organization, tracking, analysis, 
and communication of program requirements. These practices include a 
standardized plan to identify requirement types, such as operational, 
functional, or technical, and to attribute mandatory and optional 
traits for each requirement, such as source, date certified, and 
status. Requirements are elicited at user sessions, supported by key 
users identified by the CBP Office of Field Operations (OFO) and 
additional user communities within CBP, DHS, and/or partnering 
Government agencies (PGAs). Once functionality is developed, it 
undergoes rigorous developmental and user acceptance testing, followed 
by independent operational testing to ensure that the functionality is 
consistent with the approved requirements and satisfies user needs.
Program Schedule and Cost
    The TECS Mod Acquisition Program Baseline (APB), the program's 
guiding document, provides the program milestones for key schedule 
events, including objective dates and threshold dates. The APB also 
specifies program cost objectives and thresholds to ensure the program 
stays within budget. The CBP TECS Mod program has stayed within budget 
since it began in fiscal year 2008. The PMO collaborated with the DHS 
Cost Center of Excellence in March 2012 to refine the Life Cycle Cost 
Estimate (LCCE) to ensure risk sensitivity was addressed and to 
validate the accuracy and approach of the LCCE. The LCCE has recently 
been updated to reflect actual costs for fiscal year 2012 and fiscal 
year 2013 as well as the impact of the pause of the PIP project. The 
current LCCE is $692.557 million (threshold level) covering planning, 
development, and maintenance costs from fiscal year 2008 through fiscal 
year 2021.
    The TECS Mod master schedule provides visibility into program and 
project activities aligning with the APB. The schedule is reviewed and 
maintained by the TECS Mod Project Schedule Manager. CBP TECS Mod is 
continually improving and refining information in the schedule as a 
result of project and program maturity. The detailed schedule is 
reviewed biweekly and progress of major milestones is tracked. Despite 
challenges such as the size, detail, and complexity of a schedule with 
over 20,000 tasks, the current process allows the Program Manager to 
monitor the APB milestones, decision gates, and major deliverables and 
to ensure successful project management and delivery within planned 
dates.
    The CBP TECS Mod scheduling process has helped the program deliver 
timely incremental functionality and stay on track for completion of 
the total program. Because of fiscal year 2013 budget uncertainty and 
sequestration, the CBP ESC decided to pause PIP, the last project under 
TECS Mod. As a result, the CBP TECS Mod schedule was recently revised 
to restart PIP late in the second quarter of fiscal year 2014 and to 
move the program completion date from the end of fiscal year 2015 to 
mid-fiscal year 2016. The APB has been updated with the revised 
schedule and is currently going through the approval process within CBP 
and DHS.
Program Performance
    Some CBP TECS Mod functionalities have already been delivered, such 
as the modernized Secondary Inspection application, which is being used 
successfully at air, land, and sea ports of entry. The modernized High 
Performance Primary Query Service was made operational in 2012 and is 
now being used by the Advance Passenger Information System. In fiscal 
year 2013, TECS Mod delivered additional functionality such as 
implementing TECS portal, a web-based interface which will replace the 
current terminal-only access, for the TDED and LRDS projects. The first 
phase of this user-facing functionality includes lookout and travel 
document queries. In fiscal year 2014, TECS Mod will deliver new 
functionality such as enhancements to query and lookout applications.
    CBP has made significant progress with our TECS Mod Program to 
date, and we anticipate completion of program development and Full 
Operational Capability (FOC) in mid-fiscal year 2016. While 6 
milestones were not met early in the program, by incorporating 
additional operational capabilities and adjusting to address technology 
implementation challenges, we have met all other major milestones and 
have been delivering modernized functionality incrementally as planned. 
Program planning and execution can always be improved; however, CBP 
TECS Mod has strong schedule, risk, and requirements management 
practices in place, which have facilitated delivery of required 
functionality on schedule and within budget. The PMO has grown in staff 
and matured its management processes since the program began in 2008.
    The CBP TECS Mod program has made significant progress, reached 
many milestones, and the program is in good overall health. GAO report 
GAO-14-62, DHS's Efforts to Modernize Key Enforcement Systems Could be 
Strengthened, published December 5, 2013, contained four 
recommendations for CBP's TECS Mod program. DHS and CBP concurred with 
three of the recommendations and is in the process of resolving and 
implementing these recommendations. Although CBP did not concur with 
GAO's recommended changes to our schedule process based on the fact 
that our established process has proven to be effective and efficient, 
we will continue to refine and improve upon our current model.
                               conclusion
    CBP is working hard to continue incrementally delivering TECS Mod 
functionality and completing the program within budget by mid-fiscal 
year 2016. We are continuing to improve the management of all our 
programs by ensuring effective oversight, and by harnessing best 
practices in how we run those diverse programs. These efforts enhance 
CBP's multi-layered approach to vetting and identifying potential 
travelers to the United States who may pose a threat to the homeland.
    Thank you for allowing me the opportunity to testify before you 
today. I look forward to answering your questions.

    Mr. Duncan. Thank you for your testimony.
    Mr. Michelli, you are recognized for 5 minutes.

  STATEMENT OF THOMAS P. MICHELLI, CHIEF INFORMATION OFFICER, 
    IMMIGRATION AND CUSTOMS ENFORCEMENT, U.S. DEPARTMENT OF 
                       HOMELAND SECURITY

    Mr. Michelli. Chairman Duncan, Ranking Member Barber, 
Congressman O'Rourke, I thank you for the opportunity to 
discuss ICE's efforts to improve TECS and the findings of GAO's 
recently-released report.
    We appreciate GAO's work conducting the review of TECS 
Modernization, and we look forward to working with Mr. Powner 
and GAO on this important program.
    Today I would like to provide some background on ICE TECS 
Mod and to outline the actions we have taken to manage our 
program, as well as respond to GAO's findings and 
recommendations.
    As you have mentioned, TECS supports ICE's investigative 
case management, including documenting subjects of criminal 
investigation in the form of records and reports, which is the 
basis for criminal prosecution. TECS Mod is a coordinated 
initiative by ICE and CBP to replace the portions of legacy 
TECS that align with our respective core missions.
    ICE's goal is to relocate the system from an expensive 
mainframe by the end of September 2015 by developing a 
modernized and comprehensive investigative case management 
system that will support the investigative mission of ICE's 
Homeland Security investigations.
    Subsequent to a full and open competition in 2011, ICE 
awarded a best-value, cost-plus contract for a custom-developed 
investigative case management system. Much work progressed 
well, including programmatic management improvements, 
requirements refinement, development and delivery of data 
synchronization with the legacy system, interfaces to required 
systems, and robust development in test environments.
    What did not progress well was core case management design 
and development. Many of the issues we identified causing this 
lack of progress were subsequently included within the findings 
in the GAO report. Our Government and contractor team worked 
diligently to remedy these issues before, during, and following 
the GAO study.
    As we work to improve program performance, we apprise and 
receive direction from the appropriate executive steering 
committees, which included DHS, ICE, and CBP senior leadership. 
We made program decisions based on business analysis of trade-
offs of cost, schedule, and performance consistent with our 
overall goal to be off the legacy TECS mainframe by September 
2015.
    In June 2013, after a diligent effort to bring the core 
case management development back on track, ICE concluded, in 
collaboration with the vendor, that the core technical 
architecture was insufficient. In an effort to independently 
validate our concerns, ICE commissioned a brief independent 
verification and validation analysis of the system's status and 
viability, which confirmed that the existing technical 
architecture was not viable.
    Once ICE confirmed nonviability of the technical solution, 
we acted immediately to change the direction of the program. 
Based on the recommendation from the IV&V, a subsequent market 
research assessment, as well as the conclusions reached in 
conjunction with our governing bodies, ICE is pursuing 
procurement of a commercial off-the-shelf, or COTS, -based 
solution for investigative case management.
    All indications based on recent market research are that we 
will be able to procure, deploy, and successfully be off the 
mainframe by September 2015, while also achieving lower life-
cycle costs.
    GAO's findings related to ICE focused on two key 
deficiencies: Risk management and requirements management. We 
concur with all three recommendations offered by GAO to aid in 
overcoming these deficiencies and have completed the 
appropriate documentation and implemented processes and 
procedures to fulfill these recommendations.
    ICE initiated new status reporting methods based on leading 
practices, providing management with a more immediate picture 
of program progress. The program has overhauled its reporting 
structure and established integrated project teams that report 
status and coordinate dependencies weekly. We now track all 
known risks, not just those considered significant. We have 
revised our risk threshold to ensure risks are identified and 
are properly raised to leadership in a timelier manner.
    The program has also implemented a method to mitigate each 
elevated risk over a period of time. Both the revised risk 
threshold escalation and the method to mitigate risk have been 
incorporated into Government oversight process and will be in 
the scope of work for the new contracts for a future ICE TECS 
Mod solution.
    The ICE TECS Mod program has completed a detailed 
evaluation and comprehensive analysis of our system 
requirements. The program identified and eliminated overly 
prescriptive, technically outdated, and redundant requirements. 
This refinement resulted in a reduction in excess of 75 percent 
of system requirements without compromising capability.
    We have validated our new requirements baseline and 
confirmed that they are in line with other Federal law 
enforcement investigative case management programs. ICE has 
established new guidelines related to requirement management 
and established strict change control processes, which is 
consistent with GAO's recommendation.
    ICE remains committed to working in a coordinated effort 
with DHS and CBP to remedy any issues that have arisen during 
our modernization effort. We will continue to coordinate with 
stakeholders as we move forward to rebaseline the program and 
restart development work.
    In closing, both Mr. Armstrong and I are committed to the 
success of this program. Thank you again for the opportunity to 
appear before you today, and I would be pleased to answer any 
questions.
    [The prepared statement of Mr. Michelli follows:]
                Prepared Statement of Thomas P. Michelli
                            February 6, 2014
                              introduction
    Chairman Duncan, Ranking Member Barber, and distinguished Members 
of the subcommittee: On behalf of Secretary Johnson and Acting Director 
Sandweg, thank you for inviting me to appear before you today to 
discuss efforts of U.S. Immigration and Customs Enforcement (ICE) to 
improve TECS and the findings of a report released in December 2013 by 
the Government Accountability Office (GAO) entitled ``DHS's Efforts to 
Modernize Key Enforcement Systems Could Be Strengthened.''
    The U.S. Department of Homeland Security (DHS) and ICE appreciate 
GAO's work conducting the review of TECS Modernization and issuing this 
report, and I am grateful for the opportunity to provide background on 
ICE TECS Modernization (ICE TECS MOD) and outline the actions we have 
taken relating to GAO's findings and our continued collaboration with 
U.S. Customs and Border Protection (CBP) to address the recommendations 
offered by GAO.
               history of tecs and modernization efforts
    TECS is a mainframe system that is the primary system of both ICE 
and CBP, initially developed in the 1980s. TECS was previously known as 
the Treasury Enforcement Communications System when it was managed by 
the former U.S. Customs Service (which previously encompassed portions 
of both CBP and ICE functions). The system, which is currently managed 
by CBP, supports primary and secondary inspection processes for CBP and 
Federal agencies vetting for law enforcement and immigration benefits 
purposes. TECS also supports ICE's investigative case management 
including documenting subjects of criminal investigation in the form of 
records and reports, forming the basis for criminal prosecutions. The 
TECS modernization effort (TECS MOD) is a coordinated initiative by ICE 
and CBP to replace our respective portions of legacy TECS.
    Currently, our agencies are engaged in efforts to modernize the 
system into products that fit both specific and mutual needs and to 
migrate the legacy TECS system from the outdated CBP mainframe computer 
system (ICE TECS MOD and CBP TECS MOD programs, respectively). ICE's 
initial goal was to relocate the system from the prohibitively 
expensive mainframe by September 30, 2015 by developing a comprehensive 
law enforcement investigative case management system that will support 
the investigative mission of ICE's Homeland Security Investigations 
(HSI) and its shared mission with CBP to protect the homeland.
    Subsequent to the award of a best-value, cost-plus contract, ICE 
concluded, in collaboration with the vendor, that the core technical 
architecture was technically insufficient in June 2013. In an effort to 
independently validate our concerns, ICE commissioned a brief 
Independent Verification and Validation (IV&V) analysis. ICE used the 
IV&V to conduct an assessment of the system's status and viability. 
Following an abbreviated examination, the IV&V confirmed that the 
utilization of existing architecture would not be technically viable to 
support system needs. The IV&V also indicated that there were 
significant technical and management process deficiencies that would 
make meeting the September 30, 2015 deadline highly improbable.
    In consideration of the collective conclusions of ICE, the vendor, 
and the IV&V, it was determined that the ICE TECS MOD program required 
restructuring in order to ensure accountability and the ability to 
address deficiencies in technical oversight and requirements 
management. Accordingly, ICE restructured the program by increasing 
executive oversight, establishing integrated project teams and 
Government personnel accountability, identifying alternative technical 
options, and began the process of identifying a new prime contractor.
                        prior and future funding
    The ICE TECS Modernization Life Cycle Cost Estimate (LCCE) was 
finalized on September 6, 2011, at $818 million for all acquisition and 
sustainment costs, assuming a life cycle for the program extending to 
2024. Prior to the award of the Design/Development contract in 
September 2011, the program received $55.4 million in automation 
modernization funding and expended $22 million in support of 
requirements analysis, data migration, and acquisition activities. 
Between fiscal year 2012 and fiscal year 2013, the program received 
$36.9 million in automation modernization funding, expending $21.2 
million on the Design/Development effort that was curtailed in July 
2013, and expending $17.8 million on ancillary contracts including data 
migration, training, and communications and program support. In fiscal 
year 2014, the program's automation modernization budget is $23 
million. In total, ICE TECS Modernization has received $115.3 million 
in funding, and we have expended $63.9 million to date.
    The program is in the process of revising its LCCE to be in line 
with its future plans for the program, and anticipates the full LCCE to 
be less than the original $818 million due in large part to an 
increased use of commercial, off-the-shelf products (COTS) that will 
require less custom development and on-going support. Once the revised 
LCCE is complete, the program will be able to adjust future automation 
modernization funding requests, and account for both funds received but 
not expended, as well as lower anticipated costs.
             gao's findings and ice's response and actions
    According to GAO, its objective during its review was to determine 
the scope and status of CBP's and ICE's TECS MOD programs, assess 
selected program management practices for TECS MOD, and assess the 
extent to which DHS is executing effective executive oversight and 
governance of the two TECS MOD programs. In order to accomplish these 
objectives, GAO reviewed requirement documents, as well as cost and 
schedule estimates to determine the current scope, completion dates, 
and life-cycle expenditures. In addition, GAO reviewed risk management 
and requirement management plans, as well as the meeting minutes of the 
governance bodies.
    The report highlights that ICE's initial efforts were determined to 
be ineffective, resulting in the need for the program to restart. It is 
pivotal to note that ICE made the determination itself based on 
identified risks, schedule slips, and poor quality of interim 
deliverables, which ultimately led to the final determination that the 
current technical solution would not be able to support the mission 
needs of ICE. Based on this determination, ICE took steps to verify 
this conclusion through an independent third party, as well as improve 
management oversight. Once ICE confirmed non-viability of the technical 
solution, we acted immediately to change the direction of the program. 
Our action included an external evaluation, which predated the GAO 
report. Upon receipt of this independent evaluation, ICE undertook 
major course corrections that are in line with those ultimately 
recommended by GAO.
    GAO's findings highlighted the status of ICE's efforts to modernize 
our portion of legacy TECS, focusing on two key deficiencies: Risk 
management and requirements management. We concur with the three 
recommendations offered by GAO for executive action directly linked to 
ICE.
    The following are highlights of ICE's responses and actions taken:
                            risk management
    GAO recommended that the Secretary of Homeland Security direct the 
acting ICE director to ensure that all significant risks associated 
with the TECS MOD acquisition are documented in the program's risk and 
issue inventory--including acquisition risks--and briefed to senior 
management, as appropriate.
    ICE initiated new status reporting methods based on leading 
practices, providing management with a more immediate picture of 
program progress. The program has overhauled its reporting structure 
and established Integrated Project Teams that report status and 
coordinate dependencies weekly.
    In addition to the other programmatic risk changes, we also concur 
and have adopted the GAO's recommendation to add and track all known 
risks. For example, the ICE TECS MOD program has documented in the risk 
inventory a new acquisition risk that accounts for the aggressive time 
lines associated with the revised program strategy. This risk, as with 
all identified risks, has been reviewed by the program's Risk Advisory 
Board and elevated to ICE and DHS senior leadership.
    GAO also recommended that the Secretary of Homeland Security direct 
the acting ICE director to ensure that the appropriate individuals 
revise and implement the TECS MOD program's risk management strategy 
and guidance to include clear thresholds for when to escalate risks to 
senior management.
    The ICE TECS MOD program currently has a set of conditions that 
must be met for a risk to be elevated. We are revising our risk 
threshold to ensure risks are identified and appropriately raised to 
leadership in a timelier manner. The program is also identifying 
detailed activities that will help to mitigate each elevated risk over 
a period of time. Both the revised risk threshold escalation and the 
method to mitigate risk are being incorporated into the Government 
oversight process and will be in the scope of work for new contracts 
for the future ICE TECS MOD solution.
                        requirements management
    In addition, GAO recommended that the Secretary of Homeland 
Security direct the acting ICE director to ensure that the newly-
developed requirements management guidance and recently revised 
guidance for controlling changes to requirements are fully implemented.
    The ICE TECS MOD program has completed a detailed evaluation and a 
comprehensive analysis of our functional requirements. The program 
identified and eliminated overly prescriptive, technically outdated, 
and redundant requirements. This refinement resulted in a reduction in 
excess of 75 percent of functional requirements without compromising 
capability. Additionally, the program has validated its new 
requirements baseline against other Federal law enforcement 
investigative case management programs. ICE has established new 
guidelines related to requirement management and strict change control 
processes, which is consistent with GAO's recommendation.
                   coordination with key stakeholders
    Throughout this effort, we have been committed to open and 
consistent communication with the DHS Office of the Under Secretary for 
Management. As it became apparent that the technical solution under 
development would not support the objectives of the program, ICE 
increased the frequency of its meetings with DHS to provide more 
regular and timely reporting of program issues and proposed 
resolutions. Additionally, ICE notified DHS after learning the program 
would not meet the revised baseline date of December 2013. The program 
is currently working with DHS's Office of Program Accountability and 
Risk Management to establish a new revised program baseline. This 
baseline will be formally reviewed and approved by DHS per the 
Acquisition Decision-102 guidance, before the program can restart 
development.
    In a similar manner, we have maintained on-going collaboration and 
coordination with CBP, our key mission partner. CBP serves as a voting 
member on the ICE Executive Steering Committee (ESC), which is 
responsible for oversight of the ICE TECS Modernization effort, and ICE 
serves as a voting member on the corresponding CBP ESC. In addition, 
both ICE and CBP participate as partners through the coordination of 
delivery schedules, technical solutions, and risk/issue resolution. We 
recognize that close coordination is vital to the joint success of both 
programs, and will continue to take the steps necessary to maintain 
that coordination going forward.
                               conclusion
    ICE remains committed to working in a coordinated effort with DHS 
and CBP to remedy any issues that have arisen during our modernization 
efforts. The ICE TECS MOD effort has taken a variety of steps to ensure 
that the program not only stays on track, but that there is careful 
oversight of the acquisition and development process while utilizing 
independent authorities to assist with validation of our collective 
efforts. ICE will continue to coordinate with stakeholders as we move 
forward with efforts to re-baseline the program and restart development 
work to become independent of the costly legacy system as soon as a 
viable modernized system can be deployed.
    Thank you again for the opportunity to appear before you today and 
for your continued support of ICE and its law enforcement mission. I 
would be pleased to answer any questions.

    Mr. Duncan. Thank you, gentlemen, for your opening 
statements.
    I will now recognize myself for 5 minutes for questions.
    Let me just say, I will reiterate what I said earlier. I 
understand the immense challenge of the number of vehicles and 
persons entering the country every day. I probably don't 
understand it as much as the gentlemen from El Paso or Arizona 
do, but I do comprehend that we need to facilitate the flow of 
commerce and activity across the border in these border 
communities like El Paso. I will leave those comments for my 
friend from Texas.
    But when I think about it from a private-sector standpoint 
and I look at the fact that we just spent $60 million in 
taxpayer funds--taxpayer dollars, taken from hardworking 
Americans that work hard to earn that money, taken from them 
through taxation--and we spent that over a 4-year period of 
time, and I don't know that we are far enough down the road to 
where we need to be.
    I am not going to say that 100 percent of that $60 million 
was wasted, because you learned from those efforts, you 
actually built a platform that you can take the next step from, 
so I am not saying that at all. But I am concerned, because I 
know in the private sector there are not many firms, if any, 
that could invest that kind of money for very little result. I 
don't know many private-sector firms that actually would. They 
would hold someone accountable in year 1, year 2, and probably 
a lot quicker.
    So it seems that the requirements process broke down within 
both CBP and ICE regarding the TECS program. Given the 
requirements process has been a problem in past DHS failures, 
and I point specifically to SBInet, explain to me why CBP and 
ICE weren't able to get this right this time. You know, what 
were some of the obstacles that, after spending $6 million, you 
say, you know, we are going to have to start over?
    I will address that first off to Mr. Armstrong, and then I 
will come back to the GAO. I want to hear your take on it.
    Mr. Armstrong.
    Mr. Armstrong. Well, first off, I mean----
    Mr. Duncan. Microphone. There you go.
    Mr. Armstrong. First off, you know, I don't believe we had 
any complete failures in our requirements process. Our 
requirements process did have some challenges that could have 
been better, but I will say that one of the lessons learned, 
you know, since you asked, I mean, one of the lessons learned 
we have picked up from other programs is we are trying to move 
to more of an iterative process where we are prototyping 
functionality and not doing a big, monolithic build of 
functionality before we deploy something.
    So our officers and agents actually get to see the 
functionality early on before we spend a lot of money to go 
then build it. Then, after we build it, then we go out to some 
test ports, and then we prototype that in the actual live 
environment. That gives the officers and agents an opportunity 
to work with the system and gives our program office an 
opportunity to make sure that we have the requirements right 
before we fully deploy the system.
    So we iterate back through that; we roll that back into 
sub-releases. Then, once that is in a, kind-of, final stage, it 
goes through a control gate, where then the user signs off on 
it and we start to deploy that out to more locations.
    So I think that those are the big lessons learned that we 
got out of other programs. I feel like we are on track.
    Mr. Duncan. Thank you for that.
    Before I come to the GAO, it just hit me that, you know, in 
the private sector, there is a finite amount of money that a 
company has to spend. Sometimes that is money that they have 
saved over the course of business practices for a number of 
years, anticipating the need for further investment, regardless 
of whether it is IT or capital improvements or whatnot, or they 
borrow money, or they raise money through stock initiatives, 
but it is still a finite amount.
    But it seems to me, when we see where we are with this kind 
of money being spent, that elements within the Government don't 
believe there is a finite amount, they believe that there is an 
unlimited supply. You know, we are $17.5 trillion in debt 
because we have had that mentality in this Nation that we can 
just continue spending without the kind of accountability that 
you would see in the private sector.
    So, Mr. Powner, the GAO has looked at this. That is your 
responsibility. How can we be better stewards of taxpayer 
dollars, and how can we ensure that these agencies actually 
don't wait till 4 years out, that they actually have more 
checks and balances going forward?
    Mr. Barber mentioned the two different groups' almost 
duplicative efforts and how you have accountability with that. 
So I would love for you to speak to that, if you will.
    Mr. Powner. So, a couple points, starting with 
requirements.
    I think from a requirements perspective, both programs, I 
would say they have fairly solid requirements management 
processes in place now. Those were put in place late. I think 
it was most evident in the ICE program. I mean, Mr. Michelli's 
comments about the requirements resulting in a 75 percent 
reduction in requirements, that is a big change. I am glad that 
we are getting it together now, but a lot of this is coming too 
late.
    The other thing that I would like to mention in addition to 
the program management on requirements and the risk that we 
need to do a better job at, not just here at DHS but in a the 
lot of pockets of the Federal Government, is executive 
leadership. These executive steering committees that were put 
in place, chaired by both these individuals, are now in place, 
and I think they are working more effectively now. But it sure 
would have been nice to have those in place sooner.
    Mr. Duncan. Okay.
    My staff just reminded me, you know, I am talking about $60 
million, but CBP has spent a quarter of a billion dollars since 
2008, and the only project fully completed is secondary 
inspection. You have a long ways to go. That is a heck of a lot 
of taxpayer dollars that were spent--a quarter of a billion 
dollars.
    I am going to stop because I need to let my blood pressure 
calm down a little bit as we move forward, and I am going to 
recognize the Ranking Member.
    Mr. Barber. The Chairman is passing his blood pressure 
problem along to me. Very good. I appreciate it.
    I, too, am worried and concerned, as the Chairman is.
    Let me start, Mr. Armstrong, by asking you this question. 
Last month, on January 10 to be precise, the Chairman and I 
wrote a letter to the under secretary for management, Mr. 
Borras, expressing our concern over CBP's decision to take 
corrective action on the procurement efforts for the TECS Mod 
and asking for an update on when the final request for 
proposals will be complete.
    The contract, as you may know, is currently operating on a 
series of 3-month extensions. Such short-term contracting, I 
think without question, has created uncertainty among those 
individuals who are responsible for the TECS Mod update.
    To my knowledge, my office--and perhaps the Chairman has, 
but I don't know that he has, because I think we would both 
receive the response at the same time--we have not yet received 
a response from the Department. It has been almost 30 days.
    So, two questions: No. 1, when can we expect the office to 
respond to our inquiry? How is DHS providing direction and 
clarity to stakeholders throughout the TECS Mod process, 
including any decision to recompete the TECS Mod contract?
    Mr. Armstrong.
    Mr. Armstrong. First of all, I don't control the 
Departmental clearance process. So, I mean, we are prepared to 
give them--I mean, we have the information that they would need 
to respond to you. That would need to be cleared by the 
Department.
    We would be more than happy to come up and do a, kind-of, 
closed-door briefing on the acquisition. But since a lot of 
that is procurement-sensitive, I really don't feel comfortable, 
kind-of, commenting on all that here today. But more than happy 
to come back with our contracting officers and go through, 
kind-of, where we are on the acquisition for you.
    Mr. Barber. Certainly. Contact my office as soon as you 
can, and we will arrange for that meeting.
    Could you, within the Department, ask of the people you 
have to deal with on the clearance process when we might expect 
an answer to the questions that we phrased?
    Let me next move to some questions for Mr. Powner.
    You know, I have only been on this committee for a year-
and-a-half, and one of the things that I think troubles me a 
lot is how many GAO reports we get regarding DHS. Perhaps other 
agencies get as many, but I have a feeling we are a little bit 
on the high end here.
    So, as you know, Mr. Powner, TECS is used by CBP and ICE, 
of course, and it is also used by over 20 other Federal 
agencies, as I have mentioned in my opening remarks, including 
FBI; Alcohol, Tobacco, and Firearms; and the Terrorist 
Screening Center; as well as Departments of State and Treasury. 
These are accessing TECS on a daily basis.
    When you looked at the TECS Mod process, Mr. Powner, did it 
reveal to you the level of consultation that DHS had or the 
interactions it had with other users of the TECS from other 
Federal agencies to get their feedback on suggested 
requirements?
    I mean, critical, I think, in any development of any 
system, new system or revised system, that the end-user have 
some input on the process and what they expect to get out of 
the end product. Could you tell us what you found in your 
inquiries, if you looked at this?
    Mr. Powner. Well, when you look at the requirements-setting 
process, I mean, clearly, you know, when they put a system in 
place, the primary user is DHS, but that process does touch 
with the other stakeholders in the program and the other 
departments and agencies. I mentioned in my opening statement 
10 departments use this system.
    So that is part of the process. It is important as part of 
the process going forward that when we validate these new 
requirements, as these programs are being rebaselined, that we 
continue to get feedback from those stakeholders. I assume--
like Mr. Michelli talked about, discover the requirements--I 
assume there was a process to vet that with some external 
stakeholders.
    Mr. Barber. Well, perhaps, Mr. Michelli, you could comment 
on that in terms of consultation with other departments. Can 
you tell us to what extent that was done as you are moving 
forward?
    Mr. Michelli. Congressman, I don't know for sure what the 
extent was, and I can get back to you on that. I do know that 
we have an entity within ICE that conducts information-sharing 
requirements generation with other entities, and I will find 
out what they have done.
    Mr. Barber. I am running out of time, but, Mr. Chairman, if 
you can indulge me a few more seconds here. Just two quick 
questions for Mr. Armstrong.
    Basically the same question that I just asked of Mr. 
Michelli and Mr. Powner, but in a different context. Again, 
when the end-user is consulted in any IT project, you get a 
better outcome. Unfortunately, all too often, they are not 
considered.
    So can you tell us, were CBP officers and agents involved 
in the development and setting of requirements for TECS Mod?
    Mr. Armstrong. Sir, they were absolutely involved. We have 
a requirements board that worked with our officers and agents 
and worked with other stakeholders throughout the Federal 
Government. I can tell you that even in our first deliveries of 
secondary processing, we got feedback from other agencies 
complimenting us on the efficiency by which the system worked.
    So, absolutely. We have been doing this for a long time 
with other agencies. We have a lot of experience in doing 
requirements management with other agencies. So we believe that 
it is working efficiently.
    Mr. Barber. My last question to you, Mr. Armstrong, has to 
do with something I mentioned earlier, and that is the delays 
that people have coming into our country for legal commerce, 
tourism, produce, products from Mexico and all the rest. The 
lines that are waiting at the ports of entry, particularly in 
my district and the adjoining district, sometimes can be 2, 
2\1/2\ hours. This directly speaks to the economic issue that 
my State and the country faces; when we could expedite trade, 
we get economic development and growth.
    I want to ask you if you can comment on to what extent you 
think the TECS system, which is cumbersome and obsolete, has 
impacted on these delays. I know we have a problem with the 
number of agents we need, but is TECS a part of the problem, do 
you think?
    Mr. Armstrong. Well, I would say the biggest issue in terms 
of TECS and wait times at the border has been the stability of 
the old system. So the new system is going to allow for a lot 
more redundancy within the system, and it will reduce the 
amount of outages we have to take for maintenance.
    So I think, coupled together, the availability is going to 
go up. That is certainly the platform that we put together. It 
will also reduce those outages, those planned outages that we 
normally take at least once a month. So I believe it will 
improve things.
    Then, also, kind-of parallel to this, you know that we have 
been moving to other technologies at the ports that will help 
expedite especially the pedestrian traffic, so things like 
ready lanes and allowing more self-service in those areas. The 
new system, I believe, will allow us to avail ourselves of some 
of these technologies as they become available much quicker 
than the old mainframe system.
    So, as our officers continue to work on process 
improvement, looking at throughput in the ports not just from 
the physical standpoint but also from the time it takes to get 
people through primary and/or through secondary, I believe the 
new system will definitely expedite that processing downstream.
    Mr. Barber. Well, thank you, Mr. Armstrong.
    Mr. Chairman, before I yield, I would like to ask unanimous 
consent that Congresswoman Sheila Jackson Lee, who is a Member 
of the full committee and Ranking Member of the Border 
Subcommittee, be allowed to join the panel and ask questions 
when time is allowed.
    Mr. Duncan. Without objection, so ordered.
    The Chairman will now recognize Mr. O'Rourke for 5 minutes.
    Mr. O'Rourke. Thank you, Mr. Chairman.
    I want to commend you for your focus on issues of 
accountability, especially when it comes to purchasing and 
contracting within DHS. I feel that, when it comes to 
technology solutions, we can become enamored of quick fixes, 
blinded by the difficulty of understanding the specifics 
involved. When we have the kind of blunders that it seems that 
the GAO has uncovered here, the boondoggles like SBInet that 
you pointed to, as a whole, as a body, Congress, I think, 
oftentimes turns a blind eye. So I really appreciate the focus, 
the attention, and the drive for accountability.
    I also want to refer to the numbers that you gave us: A 
quarter of a billion dollars for CBP's five-step program, only 
one of which, one of those steps, has been achieved. You 
mentioned $60 million earlier; $20 million on the Raytheon 
mistake with the TECS Mod where we are cutting 75 percent--or 
70 percent of the requirements, had delays of nearly a year, 
and are having to redesign from the beginning the whole 
process.
    You compare those numbers to $140,000, which is what it 
costs to fully train, hire, and move a CBP officer to where he 
will be employed. That officer will contribute nearly $2 
million to the economy, will help create 22 additional jobs in 
the U.S. economy throughout every State in the Union.
    So, while I certainly understand, as Mr. Armstrong said, 
the time savings that we might be able to see if we can 
successfully implement some of these technology initiatives, 
and I certainly want us to do that, I also think that we have 
some much lower-hanging fruit, including spending and deploying 
those assets much more wisely.
    I would start with our human assets, those CBP officers, 
who have some of the most dangerous, difficult, and most 
critically important jobs when it comes to our economy, the 
safety and security of our country. I would urge CBP and DHS to 
focus more attention on that.
    To Mr. Powner, you mentioned SBInet, which really seemed 
like a contractors-gone-wild episode, where Boeing is designing 
the scope of the project, they are responsible for defining the 
milestones and the measurements, and we saw, you know, hundreds 
of millions of dollars later, that we had a system that we 
could not use, that was a waste of taxpayer money, and that we 
had to scrap completely.
    We looked at the Raytheon TECS Mod project, begun in 
September 2011: A delay of 7 months, 70 percent of the 
requirements were removed from the project, and $20 million 
later, it sounds like we are starting over again.
    Do we have--and you mentioned a deficiency in your opening 
statement of core case management and development. Is there 
some kind of brain drain within the Federal Government that 
does not allow us to properly manage these projects? Should we 
be doing more of this in-house and not allowing the Boeings and 
the Raytheons of the world to design these projects, and should 
we be doing more of that work in-house? Then, when it comes to 
actually implementing, programming, testing, holding to account 
those who are working on this, should we be doing more of that 
in-house, as well?
    Mr. Powner. Well, there are very few pockets in the Federal 
Government that can do a lot of this, in terms of the 
development. There are limited pockets. I will give you IRS as 
one example; they have pockets where they do their own 
development. But we contract this out.
    I think the key is, there are responsibilities that the 
Government has and responsibilities that the contractors have. 
In the requirements-setting process, let's start with that, 
that is the responsibility of the Federal Government to define 
what we want. Too often with a lot of these programs, you are 
absolutely right, Representative O'Rourke, that we have 
contractors get involved in defining how we are going to do 
things, so that we need a real clear line of delineation there. 
I think these two gentlemen are getting--that is actually 
improving with both these programs. That is very important.
    Then, once we get those contracts in place, the contractor 
oversight that needs to occur needs to be rigorous. We need to 
know what is being delivered in terms of productivity and 
quality. A lot of these programs, when you go in and you ask, 
is the contractor delivering, how is the quality and 
productivity, we don't get the right answers from the 
Government when we look at it. That is why I would say these 
executive steering committees are very important in ensuring 
that we have the appropriate contractor oversight and we are 
holding contractors' feet to the fire.
    I would say, on both these programs, in addition to our 
recommendations, one very important thing is we are in the 
process of putting contractors in place on both programs. I 
believe the ICE program has an award date for this summer, and 
I believe that is the same with CBP. It is very important that 
we get those contractors in place, the right contractors, as 
soon as we possibly can so that we can make progress.
    Mr. O'Rourke. Mr. Armstrong and Mr. Michelli have done a 
good job of walking us and taking us through process 
improvements, oversight committees, means by which we are 
sharing information across silos. But given SBInet, given what 
we have just described from the Members of the committee and 
what we read in the GAO report, what is going to give me 
confidence in terms of the human resources that we have within 
DHS, that we are not going to have a repeat of these problems 
going forward?
    In other words, do we have the right structure, the right 
line of accountability within DHS to ensure that we don't have 
this again, either within ICE or CBP or some other aspect of 
DHS?
    I am out of time, so I will ask Mr. Armstrong and Mr. 
Michelli to just very quickly address that question.
    Mr. Armstrong. Well, you know, I would say, at the current 
staffing level, I feel confident that we can provide the 
correct oversight on the program.
    I think what concerns me and part of why I am still here in 
the Government is, you know, the budget issues that are going 
on today across the Government and the desire to, kind-of, 
start to downsize some of these mission support areas in order 
to save money. So what I can't speak to is what is going to 
happen in the following years, in terms of staffing and our 
ability to replace people as they retire and go on to other 
things in their life.
    I will tell you that a large part of my staff, more than I 
would like, is retirement-eligible. They stick around because 
they enjoy the work that they do and they feel like the value 
they deliver to those front-line officers is very important to 
them. But that is going to soon come to an end because they 
can't stay around forever.
    So our ability to attract and bring new talent into the 
Government to be able to pick up with the new technologies 
greatly concerns me.
    Mr. O'Rourke. You know, Mr. Chairman, with your indulgence, 
point well-taken that, when we have the sequester, when we have 
Government shutdowns, we are not allocating resources wisely. 
It affects you and your ability to retain the best and 
brightest within your organizations.
    But I will also note that, since 1986, we have seen a 1,400 
percent increase in spending on border security solutions. So 
when we look at SBInet, when we look at TECS Mod, when we look 
at a potential biometric exit system, I understand that we need 
to resource appropriately from the Congressional level, but, at 
the same time, you have unparalleled, unprecedented resources 
at your disposal today.
    Maybe what we are both saying is that more of that could be 
spent on our human resources, on the talent that we have there, 
recruiting and retaining, and less on flashy new ideas like 
SBInet, like a biometric exit system, when our greatest single 
asset is the people who protect our borders, serve the trade 
and the crossers coming across, and potentially design and 
oversee these systems that we are talking about.
    Mr. Michelli, any thoughts on that?
    Mr. Michelli. Yes. In ICE, after day-to-day mission, 
cybersecurity, and public officer safety, ICE TECS Mod is the 
No. 1 priority. We are putting our best and brightest on TECS 
Mod.
    When we did the requirements refinement in our ESC, which 
has an HSI, Homeland Security Investigator chair, realized that 
we could use additional help, he has put his best and brightest 
on the project, as well.
    I do have concerns as we progress into a commercial off-
the-shelf program that we have the right technical skills for 
oversight for that. So, as part of the contract action, we have 
gone out with an FFRDC to get that expertise in-house so we 
will have that technical oversight.
    So I believe we are staged to have the right human skills, 
both on the technical side and on the mission side, to have 
success.
    Mr. O'Rourke. I hope so. We need to make sure that that is 
the case.
    Thank you, Mr. Chairman.
    Mr. Duncan. Thank you. Great questioning.
    Before I recognize the gentlelady from Texas, I had looked 
up some comparison numbers of a system known as Iron Dome 
deployed by Israel, very effectively I may add, a system that 
was developed from drawing board to combat-readiness in less 
than 4 years, a system that is effective at shooting down an 
airborne rocket traveling at a very high rate of speed, for the 
cost of $210 million. Rafael corporation did that.
    So, you know, the reason I say that is, we have put this in 
context, with the amount of money we are spending and what we 
are spending the money on--it is not hardware; to some degree, 
it is a software and hardware blend, I understand that--but 
what one group of people were able to do in less than 4 years 
for a lot less money than the numbers we are talking about 
today.
    So, with that, I will recognize the gentlelady from Texas, 
Ms. Jackson Lee, for 5 minutes.
    Ms. Jackson Lee. Let me thank the Chairman, Mr. Duncan, and 
Mr. Barber, the Ranking Member, for their courtesies for 
allowing me, as a Member of the full committee, to sit on this 
committee.
    Let me thank the witnesses very much for their service.
    Allow me just to make two points before I offer some 
questions that I think we all are concerned about--the 
operations of a very, very, very important agency.
    I first want to say that I am very grateful for the 
breakthrough that we have heard over the last couple of weeks, 
or last week, regarding our Republican friends in the United 
States Congress on the idea of comprehensive immigration reform 
and their own principles that have been enunciated, and to 
thank them for that.
    One of the key elements, which I want to put on record, 
where there is not a divide is the idea of border security. 
This hearing obviously plays a very large role, I believe, in 
the moving forward of comprehensive immigration reform.
    We truly believe here on the Homeland Security that we have 
crafted a thoughtful legislative framework in H.R. 1417 that 
may avoid prospectively some of the defaults of this TECS Mod 
program. H.R. 1417 thoughtfully lays out a roadmap, seeks the 
input of the Department of Homeland Security ahead of the 
strategies being articulated, and soundly commits to the 
security of the Northern Border, which I always want to 
mention, and the Southern Border.
    Mr. Chairman and Mr. Ranking Member, I think the oversight 
work that you are doing complements where we need to be if we 
move forward as Republicans and Democrats on what I hope will 
be not listening to the naysayers who are countering my 
optimism that we will reach a point where we have an effective 
construct. With that in mind, we will need the kind of 
technological forceful structure that works because that is 
part of the compliment of H.R. 1417.
    The last statement I want to make is that I hope that we 
can work out CBP--this is on the record--the issues with how 
CBP officers are dealing with overtime. We recognize that there 
are some unfortunate incidences that have occurred, but I 
support them. I would like to see their overtime reinstated or 
a process reinstated for them to be fairly compensated for both 
their work and their sacrifice, along with ICE and others.
    I want to quickly move to Mr. Powner and indicate if I 
could what can you give us, give the committee an effective, 
efficient, and modernized tech system, what if you could just 
concisely throw out what it would be? I know you gave us a 
number of suggestions, and unfortunately, it looks as if they 
were not followed. Then would you also suggest how it would be 
managed? Can it effectively be managed with multiple partners 
or multiple leaders? I will just pose that question to you. I 
will quickly go to Mr. Armstrong and Mr. Michelli, if you can 
be prepared to tell me what you actually got out of the $60 
million in 4 years program that was halted.
    Mr. Powner, can you answer what would be an efficient tech 
system?
    Mr. Powner. So, first, when you look at the process for 
delivering the tech system, I think the requirements are 
getting laid out in increments. I will reiterate the importance 
of having strong program management, risk and requirements and 
having the executive-level governance. I will add this. When we 
look at successful IT acquisitions, they go small increments. 
When we try to go big, we have failures time and time again. We 
always have these failures, and what happens to fix it? We go 
with smaller increments, so I think the more we can go with 
small increments and even smaller increments going forward, 
that is what will be very successful going forward.
    Ms. Jackson Lee. When you say ``executive,'' what do you 
mean by that?
    Mr. Powner. Having the right executive-level oversight. 
What I mean by that is when something fails, we typically point 
at the poor program manager and blame the program manager when, 
in fact, it needs to be executives who own the project.
    Ms. Jackson Lee. How far up do you go when you say 
executive? Secretary of Homeland Security?
    Mr. Powner. Well, clearly, these guys run the executive 
steering committee, so they're key players. But then it ought 
to go up the CIO of the Department, and it ought to go up to 
the under secretary for management, clearly, if this is an 
important project for the Department.
    Ms. Jackson Lee. I think these are important instructions. 
Can I quickly ask you to ask us, just you, did we gain anything 
from the present system that we had?
    Mr. Powner. We sure did. I mean, if you look at what CBP, 
with the secondary inspections, clearly there was value in--
delivered with that. We had $225 million spent on that piece, 
so there was some value derived there.
    To Chairman Duncan's comment about $64 million spent, you 
are right; we did learn a little bit, but there was some money 
wasted there, Mr. Chairman.
    Ms. Jackson Lee. To the two gentlemen who, agents or groups 
who were the co-managers, I guess, of this, what did your boots 
on the ground, what did you think your particular entity, CBP 
and ICE, gain from the present program that was halted, and how 
can you learn going forward?
    Mr. Armstrong. Well, certainly, as Mr. Powner said, our 
officers have gained greatly from the secondary inspection 
consolidation because that allowed us to reduce the number of 
lookups and screens they had to go to and gave them more 
opportunity to focus on the person in front of them and less 
time toggling through screens.
    It also, and certainly in an airport environment, where 
there may be different parts of secondary located physically 
separate, it allowed for kind-of a consolidated view from the 
different officers within secondary so they would all know 
exactly what the status was of that particular traveler and 
anything that they may be bringing in with them.
    Also, I do want to point out that we have delivery in our 
high-performance primary query that was not completed at the 
time of this report, but that is now up and running. That 
brings together a lot of our queries, and we're running that in 
parallel with our old system. The big advantage there is once 
we get that fully deployed, that gets what we call rapid 
response out to all of our officers. Rapid response does a lot 
more criminal history checks than what the old tech system did. 
So just to highlight, we have gotten significant value so far.
    Ms. Jackson Lee. Mr. Chairman, if you would indulge me, I 
would ask Mr. Michelli to give me the same answer. If he might 
just respond, what is the name of that the system, Mr. 
Armstrong, that you just spoke of, what is that operating under 
right now?
    Mr. Armstrong. It is one of the five projects that was 
delivered as part of TECS Modernization, and it is our high-
performance primary query.
    Ms. Jackson Lee. That one is operating?
    Mr. Armstrong. Yes.
    Ms. Jackson Lee. And is still under funding; is that what 
you are telling me? It is still being funded?
    Mr. Armstrong. Yes. It is part of the $240 million.
    Ms. Jackson Lee. All right.
    Mr. Michelli.
    Mr. Michelli. Congresswoman, we have programmatic 
management improvements, requirements refinement, development 
and delivery of data synchronization with the legacy system, in 
other words a new database, interfaces to required systems. We 
have our development and test environments. This may not seem 
like a lot, but it actually is. This is equivalent to if you 
are building a skyscraper, the foundation. It is something that 
most people don't see, but it is very fundamental for any new 
system. We have that in hand. What we don't have is the first 
floor.
    So, of the $60 million that we spent, about $20 million was 
for co-development. We made the decision, after receiving at 
least one, that it was not a sustainable solution, and we had 
to look at other alternatives.
    So what we did learn from that is when we went out to do 
the market research, that the market has changed and that there 
are commercial off-the-shelf programs that we can now use. Our 
HSI agents are excited at what they see. In fact, by using from 
the custom code development to a commercial off-the-shelf 
solution, early estimates, very early estimates in the market 
research is we could save money over the life-cycle cost 
estimate of the system.
    Ms. Jackson Lee. Let me, Mr. Chairman, thank you.
    If I might just say to the committee, it is very obvious 
that hardware of the 1970s or 1980s is so different from what 
we have now. Technology changes so rapidly, and as this 
committee does its very able work, I think some of the 
questions that we need to hear answered is a whole new 
construct as to how acquisition is done, what kind of 
thoughtfulness is put into it. I think what Mr. Powner said 
strikes me so strongly is, be measured and small. When you try 
to get into the ocean and just grab everything, you may have 
serious issues of those elements working together. I am hoping 
the whole committee can look at your work and maybe work, 
looking at a whole, I would say a whole new approach.
    We have been doing acquisition issues and issues dealing 
with purchases by this Department for as long as I have been on 
this committee.
    Mr. Duncan. I want to thank I the gentlelady for that. We 
are working on an acquisition bill, and it is a bipartisan with 
Ranking Member Thompson and Ranking Member Barber and others on 
your side of the aisle. Hopefully, we will be bringing that 
forward soon. I would love to have you look at it, Ms. Jackson 
Lee, and love to have your support because it does a lot of the 
things that we are talking about today and the great comment 
about the ocean and thinking, you know, small steps and small 
parameters so we scan have measurable activities, and we can 
actually measure it on a very timely basis. So I look forward 
to that.
    Ms. Jackson Lee. Well, let me then thank you and Mr. Barber 
for allowing me to be on and to listen to the proposal. I look 
forward to looking at the legislation. Let me thank the 
witnesses.
    I yield back.
    Mr. Duncan. Thank you for your interest.
    In the essence of time, because they are going to call 
votes in 15 minutes, and much to the chagrin of my staff, I am 
going to yield some time to the gentleman from the Southwest 
for the remaining time we have here because this is an issue 
that is closer to home to you guys. I have got all kinds of 
questions I could ask, but I want to make sure that we ask the 
right questions if you all bring some personal local experience 
to the table.
    So, with that, I yield to the Ranking Member, Mr. Barber, 
for a question.
    Mr. Barber. Thank you, Mr. Chairman.
    Again, I want to thank the witnesses. I know that we have 
asked some tough questions of you today, and I just wanted to 
express that it is frustration on a broader level. As I said, I 
have been on this committee now for, on the subcommittee, for a 
year and a month and on the full committee for a little longer. 
But it is really frustrating for me to go home to the people I 
represent and to tell them once again we have another issue 
with expenditures with apparent waste of taxpayer dollars. We 
are not making much progress.
    I absolutely recognize and appreciate that bringing 
together 22 legacy agencies is no small task. In fact, I have 
said before that I think actually, given the scope of this job 
and the importance of this job to the safety of our country, 
this Department is probably one of the, if not the top in 
priority department in the Federal Government, and certainly 
the job of Secretary is enormous.
    I met recently--he came to my district with the new 
Secretary, and I am hopeful that he can bring some greater 
efficiency and effectiveness to some of these matters.
    Let me just pose a question, a similar question, to both 
Mr. Armstrong and Mr. Michelli.
    Mr. Armstrong, as you know, the GAO states that CBP's 
Office of Information Technology lacks a sufficiently-detailed 
master program schedule to complete major portions of the TECS 
Mod project and that 65 percent of its work activities 
apparently remain unconnected. This has led to delays and cost 
overruns. This obviously creates uncertainty for users of the 
system in the Department and for those involved in 
modifications of the program itself. To date, only the 
secondary inspection, as you mentioned, project to process 
travelers has actually been deployed to all air, sea, and land 
ports of entry.
    So I would like to ask you, Mr. Armstrong, if you could 
outline for the committee how and when the Department plans to 
complete a sufficiently-detailed master program schedule for 
the modernization.
    A similar question if I might to Mr. Michelli. You know, 
there apparently is no clear designed framework estimate of how 
much the project is going to cost, why it costs the amount it 
does and why it is in the interest of the Government to pay the 
amount requested. Then also, of course, with ICE TECS Mod's 
component, these are vital determinations that cannot be made 
because ICE cannot state with any specificity what it will 
deliver and how much what it will deliver will cost.
    So, to both gentlemen, could you please respond to these 
questions? When are we going to see this level of detail which 
we can use as a road map to see where we are going and when we 
are going to get there and what it is going to cost?
    Mr. Armstrong. Sir, I think that, from our perspective, 
there is kind of a misunderstanding in terms of what actually 
lays out a master schedule. We have a 20,000-line master 
schedule in place today. The issue that GAO brought up is that 
we don't have all of our predecessor tasks tied together at a 
low level. You know, in concert with an agile development 
process, we wouldn't have this tied together. We would deal 
with those more from the iterative process that we go through. 
This program meets weekly to go through essentially immigration 
and risk issues within the program. As we move more and more to 
an agile environment, that process will become almost daily.
    So the idea is that we are not going to be building out 
schedules for 3 years from now when we don't know exactly what 
all those tasks are going to be. We are going to build them out 
to that degree and scope when we are actually getting ready to 
do the work.
    I think to the point earlier about some of these big 
programs that have failed, they have spent a lot of time and 
money building out schedules for years and then found that when 
they get to that point, the schedules aren't valid, and they 
have to go back and rework all those schedules.
    So we did have some schedule issues early on in the 
program. Some of those were the result of some technical 
problems that we had, not within the scheduling, but getting 
technology to work. So, therefore, it took us a little bit 
longer to get some of our technology that allows us to keep 
both the old system and the new system in sync because we are 
building a plane and flying it at the same time. So the 
commercial off-the-shelf software that was out there at the 
point in time we started the program could not keep up with the 
rapid pace of which we needed to be able to process people 
through the border. So we had to work very closely with the 
vendors to get that software tuned and get it working right. So 
that did cause us a little bit of schedule issues.
    We have now learned some lessons from that. That is part of 
our iterative development process to talk about those much more 
rapidly and get those escalated quicker. So I feel like we have 
got a schedule and a schedule process that works, and I think 
that, from my perspective and from the direction from the 
Department, we need to focus more on this iteration through the 
requirements and getting stuff deployed in smaller chunks 
quicker.
    Mr. Duncan. Mr. Michelli.
    Mr. Michelli. Congressman, yes.
    We have a very broad schedule now because at week-end we 
are going out to a new procurement. We met our first goal 
yesterday when we went out with a solicitation or an RFI for a 
commercial off-the-shelf solution. Our next target date is 
June, when we hope to make an award at that time because we 
don't want to tell the winning vendor how to do their business. 
We want to work with them collaboratively to ensure that we are 
off the mainframe by September 2015. We will work with them to 
get the more refined schedule out.
    As far as to cost, preliminary market research shows that 
with a commercial off-the-shelf solution, we anticipate a 10 to 
20 percent lower cost in the total life-cycle of the solution.
    Mr. Barber. I want to thank the Chairman again for 
convening the hearing, the witnesses for coming. I just hope 
that we can get these processes moving faster, more 
efficiently, and be better stewards--I think we all need to 
be--of the taxpayers' money.
    I know you are working hard at this, but we need to 
succeed, and we need to do it soon and in a very cost-effective 
way. I wish you the best of luck, and thank you for coming here 
today.
    Mr. Duncan. Thank the Ranking Member, and I will recognize 
for the last questions, because they are calling votes as we 
speak, for 5 minutes, and then we will wrap it up.
    The gentleman from Texas.
    Mr. O'Rourke. Thank you. I want to get to the issue of 
accountability and, again, always view issues through the 
perspective of being a resident of the border and through the 
eyes of my constituents, one of the poorest communities in this 
country, a community that has 22 million crossings across our 
border every year. Those crossings are fundamental to economic 
opportunity and job creation that have in El Paso and paramount 
to a quality of life that we want to maintain there. So I 
appreciate the efforts to improve that through faster crossing 
times, implementing technologies that will allow for that. But 
it is also hard to go back to those folks in El Paso who are 
really struggling to get by, who are waiting in these long 
border lines, and tell them that we have spent $240 million so 
far to achieve it now turns out two of the five steps that we 
need to achieve, that we have wasted money without much 
accountability to it.
    So a couple of questions. First, to Mr. Armstrong, $240 
million has bought us secondary inspection and high-performance 
primary query. When it comes to these modifications to the TECS 
system, how much will it cost us to deliver the three remaining 
parts of that 5-step process?
    Mr. Armstrong. So we have spent $240 million to date, and 
let me point out that it is not just on those two pieces of 
functionality. I talk about those in terms of the results that 
we have achieved. We have actually done work in all five areas. 
Even in the PIP process, we have done requirements development, 
but we did not go on to start building things because there was 
budget uncertainty. So each one of the five projects, there has 
been work going on concurrently.
    Mr. O'Rourke. Understood, but just in the essence of time, 
how much will it cost us when we are done?
    Mr. Armstrong. So the current life-cycle cost estimate, 
which was just completed, is $693 million.
    Mr. O'Rourke. Thank you. What are the--to Mr. Armstrong, to 
Mr. Michelli, if we have time, I would love to hear from the 
representative from the GAO--what are the consequences when we 
miss our budget targets, when we spend more than we committed 
to spending? What are the consequences to the contractors? What 
are the consequences to you and the people who work for you? 
What is the accountability that we have in DHS for these 
mistakes that have been made so far? I will ask Mr. Armstrong 
first and then turn to Mr. Michelli.
    Mr. Armstrong. Well, you know, all of these objectives are 
laid out in the performance plans for my program managers. So 
both my program manager over this program, my executive 
director that oversees all of our passenger processing, myself, 
my deputy, we all have performance milestones within our 
performance plans with respect to the delivery of this program.
    Part of the re-compete of the contract is the old contract 
didn't have a whole lot of avenues for accountability in it. I 
am hopeful that the new one will and that we can hold the 
vendor more accountable for delivery. To the point that you 
asked me earlier, we have a lot more Government staff on-board 
now than we did, say, 10 years ago; so the mix of Government-
to-contract employees overseeing this program is much greater 
than it was in the past. So I am confident that we are going to 
deliver within our budget and there hasn't been more than a $7 
million swing in any of our life-cycle cost estimates by the 
middle of fiscal year 2016.
    Mr. O'Rourke. For Mr. Michelli, and I believe I am quoting 
from the GAO report. In September 2011, ICE entered into a 
contract with Raytheon to serve as a prime contractor for TECS 
Mod. In 2012, the program began to experience technical issues, 
which resulted in a delay of approximately 7 months and the 
decision to defer or remove approximately 70 percent of the 
requirements Raytheon was hired to complete. What are the 
consequences to Raytheon?
    Mr. Michelli. So, for any vendor, we provide a CPARS, which 
is a rating on the performance, so we would rate them 
appropriately. They also in their contract have an award fee, 
and we would adjust that award fee appropriately based on the 
requirements of the----
    Mr. O'Rourke. Can you tell us how we have adjusted downward 
the award fee to Raytheon due to their performance?
    Mr. Michelli. I would be happy to get back to you once I 
consult with the contracting office. I am not sure what the 
sensitivity of that is.
    Mr. O'Rourke. Okay. For the last word, I have got 10 
seconds, Mr. Powner. Anything on that theme that you would like 
to comment on?
    Mr. Powner. Yeah, I think you are spot-on. I think there 
needs to be more accountability, not only within the Department 
of Homeland Security, but with those contractors. I think a 
best practice up-front is you sit down with the contractor and 
demand a meeting at a very high level and talk about what a 
priority this is for the Department of Homeland Security with 
folks probably even above these two individuals' levels, 
because you get the A team men if you are the squeaky wheel.
    They are going to be competing with a lot of programs in 
the Federal Government. Those contractors have a lot of other 
Federal contracts. The program that is the squeaky wheel, that 
you get a very high-level individual saying that I am on top of 
this, and I am going to watch the performance of this contract 
and how things are going, that would help.
    Mr. O'Rourke. Thank you. I appreciate that.
    Mr. Chairman, thank you.
    Mr. Duncan. I want to thank the witnesses, Mr. Powner, Mr. 
Armstrong, Mr. Michelli, for your valuable testimony today. I 
apologize that the hearing is going to be cut short due to 
votes.
    There are a lot of other questions that we have as we 
pursue how we proceed from here and make sure that we are good 
stewards.
    You know, these hearings aren't the grooviest topics. They 
are not the Benghazis or the IRS targeting or all of that, but 
I think it is important, as you have seen today, on both sides 
of the aisle, we are very concerned about how taxpayer dollars 
are being spent, to make sure that we are getting the most bang 
for the buck and that we don't go so far down the road, have to 
stop, retrace our steps and start over.
    So I want to thank the Members of the subcommittee for 
their questions and participation. The Members of the 
subcommittee may have additional questions for you guys, and we 
will ask those witnesses if they will respond to those 
questions in writing.
    So, without objection, the subcommittee will stand 
adjourned.
    [Whereupon, at 11:23 a.m., the subcommittee was adjourned.]


                            A P P E N D I X

                              ----------                              

        Questions From Chairman Jeff Duncan for David A. Powner
    Question 1. The DHS chief information officer rated the TECS Mod 
program for ICE as medium-risk and CBP as moderately low-risk. In 
addition, the Program Accountability and Risk Management Office rated 
the program as high-value, low-risk.
    Do you believe the Department needs to reevaluate the criteria by 
which it considers these large-scale IT projects high-risk and in need 
of a TechStat review or health assessment?
    Answer. Response was not received at the time of publication.
    Question 2. One of the subcommittee's biggest concerns with the 
review process for an IT project of the size of TECS is that the 
appropriate risks were never identified, whether it is with identifying 
the appropriate requirements needed or that smaller problems snowballed 
and were never identified until the whole program was put on hold.
    How would you recommend these risks be corrected so that we don't 
end up in this situation again in the future?
    Answer. Response was not received at the time of publication.
    Question 3. What grade (A,B,C,D,F) would you give CBP and ICE in 
their development and implementation of major IT programs based on 
their ability to meet mission needs, cost, and schedule? How would you 
rate DHS's performance in delivering IT systems against other Federal 
agencies?
    Answer. Response was not received at the time of publication.
      Questions From Chairman Jeff Duncan for Charles R. Armstrong
    Question 1. If DHS had conducted a TechStat review of the TECS 
modernization effort, could that have helped to identify performance 
lapses and recommend corrective actions to get the modernization effort 
back on track? What steps have you taken to ensure that high-risk, 
high-value IT programs like TECS Mod will be identified as such in the 
future?
    Answer. Response was not received at the time of publication.
    Question 2a. According to a copy of the Acquisition Program 
Baseline CBP recently submitted to DHS that was provided to the 
subcommittee, TECS Mod's costs have decreased by about $30 million, 
while the end-date for the program has been pushed out to the middle of 
2016.
    Can you explain how the program will cost less but take longer to 
complete? Do CBP's revised plans for TECS Mod envision a reduction in 
functionality--and if so, what does the reduction consist of?
    Answer. Response was not received at the time of publication.
    Question 2b. In that same revised APB, CBP altered, or in some 
cases removed key TECS Mod performance parameters. In practical terms, 
please explain what these changes will mean for the overall performance 
of the system, especially for the CBP officer at a port of entry.
    Answer. Response was not received at the time of publication.
    Question 3. The current request for proposal has been protested by 
three of the four competitors and, it is my understanding, that the CBP 
withdrew the award before the GAO could rule. After more than a year, 
it is my understanding that the CBP is going to simply recomplete the 
contract based on the same RFP.
    To what extent has CBP considered extending the current contract?
    Answer. Response was not received at the time of publication.
    Question 4a. According to the GAO report, the TECS modernization 
effort should result in the ability to better match names from foreign 
alphabets and improve the flow and integration of data between CBP and 
its partner agencies.
    Looking back at the tragic Boston marathon bombings, are there 
capabilities that may help prevent similar events from occurring in the 
future?
    Answer. Response was not received at the time of publication.
    Question 4b. If TECS had been modernized fully last year, could 
TECS have increased the alert and awareness on Tamerlan Tsarnaev?
    Answer. Response was not received at the time of publication.
       Questions From Chairman Jeff Duncan for Thomas P. Michelli
    Question 1a. Did anyone within your office at ICE reach out to the 
DHS CIO to initiate a TechStat review of your TECS Mod efforts in order 
to identify performance lapses and recommend corrective actions to get 
the modernization effort back on track?
    Question 1b. What steps have you taken to ensure that high-risk, 
high-value IT programs like TECS Mod will be identified as such in the 
future?
    Answer. Response was not received at the time of publication.
    Question 2. The cost of the ICE TECS Mod program before the 
rebaseline was $800 million. What will the new life-cycle cost be?
    Answer. Response was not received at the time of publication.
    Question 3. ICE recently commissioned a technical assessment by 
MITRE to identify potential commercial-off-the-shelf solutions for its 
TECS Mod program. Please describe the results of this study and how ICE 
intends to incorporate those results in its planning moving forward? 
Will you please provide the results of this assessment to the 
subcommittee?
    Answer. Response was not received at the time of publication.
    Question 4. Do you believe you are using the DHS OCIO's risk 
management processes effectively? Do you think problems with your 
portion of TECS Mod could have been escalated earlier on to address 
them?
    Answer. Response was not received at the time of publication.
    Question 5a. According to your statement, ICE ``anticipates the 
full life-cycle cost to be less than the original $818 million due in 
large part to an increased use of commercial off-the-shelf products 
that will require less custom development and on-going support.''
    Whether it is SBINet or high-cost IT programs, the committee has 
heard that COTS products alone will reduce costs but this seems rarely 
the case because there's usually more work needed to adapt the 
technologies to operational needs. What assurance does the taxpayer 
have that use of COTS in this case will reduce costs? What concrete 
evidence do you have to show that COTS in this type of IT environment 
will result in cost savings?
    Answer. Response was not received at the time of publication.
    Question 5b. Will a single COTS product satisfy all of ICE's 
requirements? If not, what additional functionality will be required 
and how will that functionality be delivered?
    Answer. Response was not received at the time of publication.
    Question 6. You mentioned during the hearing that ICE's 
``preliminary market research shows that with a commercial off-the-
shelf solution, [ICE] anticipate[s] a 10 to 20 percent lower cost in 
the total life cycle of the solution.'' Can you explain where these 
savings are coming from and why these savings were not identified in 
the original APB?
    Answer. Response was not received at the time of publication.

                                 [all]
