[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]





   ASSESSING DHS'S PERFORMANCE: WATCHDOG RECOMMENDATIONS TO IMPROVE 
                           HOMELAND SECURITY

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                            
                             OVERSIGHT AND
                             
                         MANAGEMENT EFFICIENCY

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                     
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED FOURTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           FEBRUARY 26, 2015

                               __________

                            Serial No. 114-5

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC] [TIFF OMITTED] 
                                     

      Available via the World Wide Web: http://www.gpo.gov/fdsys/

                               __________
                               
                               
                   U.S. GOVERNMENT PUBLISHING OFFICE 

94-109 PDF                WASHINGTON : 2015 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001                            
                               

                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Loretta Sanchez, California
Mike Rogers, Alabama                 Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice    James R. Langevin, Rhode Island
    Chair                            Brian Higgins, New York
Jeff Duncan, South Carolina          Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania             William R. Keating, Massachusetts
Steven M. Palazzo, Mississippi       Donald M. Payne, Jr., New Jersey
Lou Barletta, Pennsylvania           Filemon Vela, Texas
Scott Perry, Pennsylvania            Bonnie Watson Coleman, New Jersey
Curt Clawson, Florida                Kathleen M. Rice, New York
John Katko, New York                 Norma J. Torres, California
Will Hurd, Texas
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
                   Brendan P. Shields, Staff Director
                    Joan V. O'Hara,  General Counsel
                    Michael S. Twinchek, Chief Clerk
                I. Lanier Avant, Minority Staff Director
                                 ------                                

          SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY

                  Scott Perry, Pennsylvania, Chairman
Jeff Duncan, South Carolina          Bonnie Watson Coleman, New Jersey
Curt Clawson, Florida                Cedric L. Richmond, Louisiana
Earl L. ``Buddy'' Carter, Georgia    Norma J. Torres, California
Barry Loudermilk, Georgia            Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
               Ryan Consaul, Subcommittee Staff Director
                    Dennis Terry, Subcommittee Clerk
        Brian B. Turbyfill, Minority Subcommittee Staff Director
        
        
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Scott Perry, a Representative in Congress From the 
  State of Pennsylvania, and Chairman, Subcommittee on Oversight 
  and Management Efficiency:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable Bonnie Watson Coleman, a Representative in Congress 
  From the State of New Jersey, and Ranking Member, Subcommittee 
  on Oversight and Management Efficiency:
  Oral Statement.................................................     3
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     5

                               Witnesses

Mr. John Roth, Inspector General, U.S. Department of Homeland 
  Security:
  Oral Statement.................................................     7
  Prepared Statement.............................................     8
Ms. Rebecca Gambler, Director, Homeland Security and Justice 
  Issues, U.S. Government Accountability Office:
  Oral Statement.................................................    16
  Prepared Statement.............................................    17
Mr. Daniel M. Gerstein, Senior Policy Researcher, The Rand 
  Corporation:
  Oral Statement.................................................    27
  Prepared Statement.............................................    28

 
   ASSESSING DHS'S PERFORMANCE: WATCHDOG RECOMMENDATIONS TO IMPROVE 
                           HOMELAND SECURITY

                              ----------                              


                      Thursday, February 26, 2015

             U.S. House of Representatives,
                     Subcommittee on Oversight and 
                             Management Efficiency,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:03 a.m., in 
Room 311, Cannon House Office Building, Hon. Scott Perry 
[Chairman of the subcommittee] presiding.
    Present: Representatives Perry, Clawson, Loudermilk, Watson 
Coleman, Richmond, and Torres.
    Mr. Perry. Good morning. The Committee on Homeland Security 
Subcommittee on Oversight and Management Efficiency will come 
to order.
    The purpose of this hearing is to receive testimony 
regarding the recommendations from the Government 
Accountability Office and DHS inspector general to improve the 
Department of Homeland Security.
    Before I begin, I would like to welcome the new Members of 
the subcommittee. Unfortunately, I am sure there is a lot going 
on this morning. I literally have three places to be at one 
time, and I think most of us are the same way. Just the same, 
to officially welcome them to the subcommittee. The other 
Members bring with them tremendous private-sector, military, 
and other experience which will be helpful in our oversight of 
the Department of Homeland Security. I also look forward to 
working with all of our colleagues on both sides of the aisle.
    Ranking Member Watson Coleman and I met recently to discuss 
the subcommittee's priorities, and I look forward to working 
with her on areas of mutual interest.
    I now recognize myself for an opening statement.
    Last month the Secretary of Homeland Security Jeh Johnson, 
in a speech before the Wilson Center, said that regarding how 
his Department conducts business and protects the homeland, we 
are still finding our way, but we are headed in the right 
direction. While I certainly give Secretary Johnson credit for 
trying to improve relations with Congress, his statement and 
acknowledgement of mediocrity is very disappointing.
    The Secretary also made discouraging statements about 
recent border security legislation passed by this committee as 
unworkable and impossible to achieve. As the Oversight and 
Management Efficiency Subcommittee, we must hold the Department 
accountable to the highest standards given that our National 
debt is over $18 trillion and we face numerous threats. Whether 
from radical jihadi terrorists intent on attacking us, to 
porous borders with a steady flow through the illegal 
immigrants and drugs coming into our communities, DHS simply 
must secure the homeland efficiently and effectively.
    Folks back home in Pennsylvania didn't send me to 
Washington to watch their tax dollars wasted on ineffective 
programs.
    Testimony from our witnesses today is, then, so important. 
Watchdogs from the Government Accountability Office, the GAO, 
and DHS Office of Inspector General, the OIG, safeguard 
taxpayer dollars from waste, fraud, and abuse.
    Earlier this month, GAO released its high-risk list of 
areas in the Federal Government most susceptible to 
mismanagement. Despite DHS's hope that it will get off the list 
soon, areas related to DHS management functions, terrorism-
related information sharing, and cybersecurity continue to 
remain at high risk to fraud, waste, and abuse according to 
GAO's 2015 report.
    In addition, OIG releases an annual report on major 
management challenges facing DHS. The 2014 report identified 
nine broad areas where the Department faces serious management 
and performance challenges. OIG also identified hundreds of 
millions of dollars in questionable costs and funds that could 
be put to better use. Hundreds of recommendations by these 
watchdogs remain open and unimplemented by DHS at this time.
    A recent GAO and OIG report also highlighted specific 
dysfunctional programs where management failures continue at 
DHS, to include the following: Ineffective use of unmanned 
aerial systems at the border; a lack of a cybersecurity 
strategy for Federal facility, physical facility, and access 
control systems; failure to adequately manage DHS's 
headquarters consolidation project at St. Elizabeths; 
mismanagement in processing Freedom of Information Act or FOIA 
requests; and a lack of rigorous covert testing program for 
nuclear smuggling at our borders. These reports show serious 
deficiencies in how DHS secures the border, protects Federal 
buildings from cyber attacks, and manages billions of taxpayer 
dollars. DHS must act on these and other recommendations to 
improve our homeland security.
    Finally, I need to hear more from the inspector general on 
a recent report where in his opinion TSA attempted to cover up 
embarrassing findings using its authority to classify 
information as Sensitive. I am concerned that TSA failed to 
provide a timely explanation to the IG's report's findings 
regarding Sensitive security markings. Although DHS has a 
responsibility to protect information that if released could 
harm our National security, DHS has absolutely no excuse to 
hide information from the American people simply to avoid 
embarrassment. Secretary Johnson said that management reform 
itself is a homeland security imperative. However, DHS has a 
long way to go to reach its full potential.
    I look forward to hearing from today's witnesses on their 
recommendations to improve the efficiency and effectiveness of 
DHS and what the Department is doing to address these concerns.
    [The statement of Chairman Perry follows:]
                   Statement of Chairman Scott Perry
                           February 26, 2015
    Last month, the Secretary of Homeland Security, Jeh Johnson, in a 
speech before the Wilson Center, said that regarding how his Department 
conducts business and protects the homeland, ``we are still finding our 
way, but we are headed in the right direction.'' While I give Secretary 
Johnson credit for trying to improve relations with Congress, his 
statement and acceptance of mediocrity is very disappointing. The 
Secretary also made discouraging statements about recent border 
security legislation passed by this committee as ``unworkable'' and 
``impossible to achieve.''
    As the Oversight and Management Efficiency Subcommittee, we must 
hold the Department of Homeland Security (DHS) accountable to the 
highest standards. Given that our National debt is over $18 trillion 
and we face numerous threats--whether from radical jihadi terrorists 
intent on attacking us, to porous borders with a steady flow of illegal 
immigrants and drugs coming in to our communities--DHS must secure the 
homeland efficiently and effectively. Folks back home in Pennsylvania 
didn't send me to Washington to watch their tax dollars be wasted on 
ineffective programs.
    Testimony from our witnesses today is, then, so important. 
Watchdogs from the Government Accountability Office (GAO) and DHS 
Office of Inspector General (OIG) safeguard taxpayer dollars from 
waste, fraud, and abuse. Earlier this month, GAO released its ``High-
Risk List'' of areas in the Federal Government most susceptible to 
mismanagement. Despite DHS's hope that it will get off the list soon, 
areas related to DHS management functions, terrorism-related 
information sharing and cybersecurity continue to remain at high risk 
to fraud, waste, and abuse according to GAO's 2015 report.
    In addition, OIG releases an annual report on major management 
challenges facing DHS. The 2014 report identified nine broad areas 
where the Department faces serious management and performance 
challenges. OIG also identified hundreds of millions of dollars in 
questionable costs and funds that could be put to better use. Hundreds 
of recommendations by these watchdogs remain open and unimplemented by 
DHS.
    Recent GAO and OIG reports also highlight specific dysfunctional 
programs where management failures continue at DHS, to include:
   Ineffective use of unmanned aerial systems at the border;
   Lack of a cybersecurity strategy for Federal facility 
        physical and access control systems;
   Failure to adequately manage DHS's headquarters 
        consolidation project at St. Elizabeths;
   Mismanagement in processing Freedom of Information Act 
        (FOIA) requests; and
   Lack of a rigorous covert testing program for nuclear 
        smuggling at the border.
    These reports show serious deficiencies in how DHS secures the 
border, protects Federal buildings from cyber attacks, and manages 
billions of taxpayer dollars. DHS must act on these and other 
recommendations to improve our homeland security.
    Finally, I need to hear more from the Inspector General on a recent 
report where, in his opinion, TSA attempted to cover up embarrassing 
findings using its authority to classify information as Sensitive. I'm 
concerned that TSA failed to provide a timely explanation to the IG 
report's findings regarding Sensitive security markings. Although DHS 
has a responsibility to protect information that, if released, could 
harm our National security, DHS has no excuse to hide information from 
the American people simply to avoid embarrassment.
    Secretary Johnson said that, ``management reform is itself a 
homeland security imperative,'' however, DHS has a long way to go to 
reach its full potential. I look forward to hearing from today's 
witnesses on their recommendations to improve the efficiency and 
effectiveness of DHS and what the Department is doing to address these 
concerns.

    Mr. Perry. The Chairman now recognizes the Ranking Minority 
Member of the subcommittee, the gentlelady from New Jersey, 
Mrs. Watson Coleman, for a statement she may have.
    Mrs. Watson Coleman. Thank you very much, Mr. Chairman, and 
thank you for holding this important hearing. I look forward to 
working with you during the 114th Congress to ensure that the 
Department of Homeland Security has the direction and resources 
it needs to perform its critical mission as efficiently and 
effectively as possible.
    I also extend my gratitude to our distinguished panel of 
witnesses that are appearing before the subcommittee this 
morning. During the hearing I will be especially interested to 
hear the witnesses' perspectives on the impact of a lapse in 
funding for the Department of Homeland Security; what it would 
have on the DHS's ability to implement the recommendations that 
we will be discussing today.
    Given that the Department endured the challenges of a lapse 
in funding less than 2 years ago and the dangers another 
shutdown of DHS would pose to our Nation's security, I 
sincerely hope that my Republican colleagues will realize the 
error of their ways and pass a full funding measure for the 
Department without strings attached. The women and men who so 
ably work for the Department deserve guarantees that they will 
continue to be compensated for their service on behalf of our 
Nation.
    To that end, I am eager to hear from Inspector General Roth 
regarding what happens to his audit staff that produce the 
recommendations that result in the savings for the taxpayer in 
the event of a lapse in funding in the Department.
    Regarding recommendations in DHS's progress, I also look 
forward to hearing from Inspector General Roth regarding how 
the number of open unresolved recommendations decreased from 
691 to 94 between 2011 and 2014, and how the improvement 
corresponds to the Department's proactive interactions with the 
Office of Inspector General.
    I look forward to hearing from Ms. Gambler regarding GAO's 
assessment of the Department's improvement in the areas of 
greater commitment by its leadership, senior leadership, and 
the implementation of a corrective action plan to address these 
long-standing management issues.
    I, as I know my colleagues on the committee are, I am 
committed to seeing that DHS's management functions are removed 
from GAO's high-risk list. Ms. Gambler and her team have 
provided the road map for DHS to be removed from the high-risk 
list. It is now up to the Department to implement the reforms 
and policies we know are needed. It is also up to Congress to 
provide the Department the funds and support necessary to stay 
on track.
    Given Dr. Gerstein's recent opinion piece in Politico, I am 
eager to hear him share his views on how the Department can 
build on the success of its response to Superstorm Sandy in 
2012. I am also interested in hearing Dr. Gerstein's 
perspective on the Secretary's Unity of Effort initiative and 
what he believes Congress can do to aid the Department in its 
mission.
    With that, Mr. Chairman, I thank you again for holding this 
hearing today and for not letting a little bit of snow delay 
our work.
    With that, I yield back the balance of my time. Thank you.
    [The statement of Ranking Member Watson Coleman follows:]
           Statement of Ranking Member Bonnie Watson Coleman
                           February 26, 2015
    Thank you Mr. Chairman for holding this important hearing today. I 
look forward to working with you during the 114th Congress to ensure 
that the Department of Homeland Security has the direction and 
resources it needs to perform its critical mission as efficiently and 
effectively as possible.
    I also extend my gratitude to our distinguished panel of witnesses 
for appearing before the subcommittee today.
    During the hearing, I will be especially interested to hear the 
witnesses' perspectives on the impact a lapse in funding for Department 
of Homeland Security would have on DHS' ability to implement the 
recommendations we will be discussing.
    Given that the Department endured the challenges of a lapse in 
funding less than 2 years ago and the dangers another shutdown of DHS 
would pose to our Nation's security, I sincerely hope that my 
Republican colleagues will realize the error of their ways and pass a 
full year funding measure for the Department without strings attached. 
The women and men who so ably work for the Department deserve 
guarantees that they will continue to be compensated for their service 
on behalf of our Nation.
    To that end, I am eager to hear from Inspector General Roth 
regarding what happens to his audit staff that produce recommendations 
that result in savings for the taxpayer in the event of a lapse in 
funding for the Department.
    Regarding recommendations and DHS' progress, I also look forward to 
hearing from Inspector General Roth regarding how the number of open, 
unresolved recommendations, decreased from 691 to 94 between 2011 and 
2014, and how the improvement corresponds to the Department's proactive 
interactions with the Office of the Inspector General.
    I look forward to hearing from Ms. Gambler regarding GAO's 
assessment of the Department's improvement in the areas of greater 
commitment by its senior leadership, and the implementation of a 
corrective action plan to address its longstanding management issues.
    I, as I know my colleagues on the committee are, am committed to 
seeing that DHS' management functions are removed from GAO's high-risk 
list. Ms. Gambler and her team have provided the road map for DHS to be 
removed from the high-risk list. It is now up to the Department to 
implement the reforms and policies we know are needed.
    It is also up to Congress to provide the Department the funds and 
support necessary to stay on track. Given Dr. Gerstein's recent opinion 
piece in Politico, I am eager to hear him share his views on how the 
Department can build on the success of its response to Superstorm Sandy 
in 2012.
    I am also interested in hearing Dr. Gerstein's perspective on the 
Secretary's Unity of Effort initiative and what he believes Congress 
can do to aid the Department in its mission.
    With that Mr. Chairman, I thank you again for holding this hearing 
today and for not letting a little bit of snow delay our work.

    Mr. Perry. Other Members of the subcommittee are reminded 
that opening statements may be submitted for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                           February 26, 2015
    Thank you, Mr. Chairman.
    And thank you for holding the Subcommittee on Oversight and 
Management Efficiency's first hearing of the 114th Congress.
    I look forward to seeing this subcommittee, with you and Ranking 
Member Watson Coleman at the helm, conduct vigilant and bipartisan 
oversight of the Department of Homeland Security.
    I would also like to thank the panel of witnesses for appearing 
today.
    I look forward to hearing from each of you about your 
recommendations for how the Department of Homeland Security can become 
more efficient and effective in its mission of securing the homeland.
    Unfortunately, as we meet today to discuss recommendations for DHS, 
Republicans in the House continue to put partisan politics and 
pandering to their fringe ahead of funding the Department responsible 
for keeping the homeland secure.
    They are doing so at a time of increased security concerns both at 
home and abroad.
    This week, rather than focusing on implementing recommendations 
issued by GAO and the Inspector General, among their other important 
duties, DHS employees are being forced to prepare for furloughs and the 
stress that accompanies working without knowing when your next paycheck 
may come.
    With that in mind, I have a recommendation for my Republican 
colleagues regarding homeland security--fully fund the Department 
without strings attached so that DHS and its dedicated employees can 
focus on their mission.
    Regrettably, damage has already been done by the Republican 
brinksmanship regarding funding for DHS.
    As Dr. Gerstein points out in his written testimony, even just the 
specter of a lapse in funding for the Department of Homeland Security 
has costs and is a signification distraction.
    While I remain hopeful that my Republican colleagues will recognize 
the error of their ways on this issue, any confidence I had in their 
ability to govern responsibly has been further eroded.
    Turning to recommendations for DHS, I look forward to hearing from 
Inspector General Roth regarding his new initiative for verification 
reviews to ensure recommendations are fully implemented by the 
Department and that the actions taken had the intended effect.
    While we are pleased when DHS concurs with a recommendation, the 
real benefit is found in the implementation, not the mere 
acknowledgement that there is a problem.
    I am also eager to hear from the Inspector General regarding his 
concerns with the Transportation Security Administration's use, and 
what he believes to be misuse, of the Sensitive Security Information 
designation.
    Regarding TSA, I have questions for Ms. Gambler of GAO about the 
agency's expedited passenger screening program and continued use of 
behavior detection as a method for screening passengers.
    Given Dr. Gerstein's time in senior positions within DHS, I look 
forward to hearing his insider's perspective on how he believes the 
Department can become more effective and efficient.
    Before yielding back, I would like to acknowledge the good work of 
Stephen Caldwell who recently retired after more than 30 years of 
service with GAO.
    His work on security issues was invaluable to both this committee 
and the Department of Homeland Security.
    With that Mr. Chairman, I yield back the balance of my time.

    Mr. Perry. We are pleased to have a distinguished panel of 
witnesses before us today, and this important topic.
    Let me remind the witnesses that their entire written 
statement will appear in the record, and that I will introduce 
each of you first and then recognize you individually for your 
testimony.
    The Honorable John Roth assumed the post of inspector 
general for the Department of Homeland Security in March 2014. 
Previously, Mr. Roth served as the director of the Office of 
Criminal Investigations at the Food and Drug Administration, 
and as an assistant U.S. attorney for the Eastern District of 
Michigan.
    Ms. Rebecca Gambler is a director of homeland security and 
justice issues with the Government Accountability Office, the 
GAO. Ms. Gambler leads GAO's work related to border security 
and immigration, as well as DHS's management issues.
    Dr. Daniel Gerstein is a senior policy researcher with the 
RAND Corporation. Prior to joining RAND, Dr. Gerstein was the 
acting under secretary and deputy under secretary for DHS's 
Science and Technology Directorate, where he managed efforts 
related to cybersecurity, biodefense, and other issues. Dr. 
Gerstein also served in several positions in the Defense 
Department.
    Thank you all for being here today.
    The Chairman now recognizes Mr. Roth for your testimony.

 STATEMENT OF JOHN ROTH, INSPECTOR GENERAL, U.S. DEPARTMENT OF 
                       HOMELAND SECURITY

    Mr. Roth. Thank you.
    Chairman Perry, Ranking Member Watson Coleman, and Members 
of the subcommittee, thank you for the invitation here to 
discuss our recommendations to improve Homeland Security.
    I have submitted a more detailed written statement for the 
record, but for my oral statement I would like to focus on the 
Department's continued challenges in the area of acquisition 
and program management.
    Acquisition and program management at DHS is inherently 
complex and high-risk. It is further challenged by the 
magnitude and diversity of the Department's procurements. DHS 
acquires more than $25 billion worth of goods and services 
every year. Although DHS has improved its acquisition process, 
many major acquisition programs lack the management controls 
necessary to manage risk and measure performance. Components do 
not always follow Department acquisition guidance, which leads 
to cost overruns, missed schedules, and mediocre acquisition 
performance. All of these have an effect on budget, security, 
and the efficient use of resources.
    I will give three examples today. First, we conducted an 
audit on the acquisition of housing units in Ajo, Arizona, in 
which DHS spent about $680,000 for each of the houses that they 
built. This is in an area where the average home price was 
about $86,000. We identified about $4.6 million that CBP spent 
on the project that could have been put to better use.
    A second example, in a recent management advisory we 
brought to the Department's attention an issue related to CBP's 
National aviation maintenance contract. In 2009, CBP awarded a 
$938 million contract to an outside vendor to maintain about 
265 aircraft which were to fly approximately 100,000 hours per 
year. During the course of the contract, the number of CBP 
aircraft maintained, the annual flight hours, and the average 
age of the aircraft fleet all decreased. As a result, we would 
have expected that the maintenance costs would decrease as 
well. In fact, the contract costs actually increased at a rate 
of about 9 percent per year.
    We did an audit, and we attempted to compare the labor-hour 
data being used by the contractor to that being kept by CBP, in 
an attempt to understand whether we were being charged for work 
that was actually performed. Unfortunately, because of 
inconsistent and unreliable data kept by both CBP and the 
contractor, we were unable to do so. This means we don't know 
whether we received what we paid for. It is a pretty 
fundamental thing to understand in a billion-dollar maintenance 
contract.
    Third, as a third example, we recently reported that 
although CBP's unmanned drone program contributes to border 
security, after 8 years CBP cannot prove that the program is 
effective because it has not developed performance measures. 
The program has also not achieved the results they had 
established when they started the program. The aircraft are not 
meeting flight-hour goals, and we found little or no evidence 
that CBP met its program expectations.
    CBP anticipated using the unmanned aircraft to patrol more 
than 23,000 hours per year, but in fact the aircraft logged 
only a combined total of about 5,100 hours per year, about 80 
percent less than what was anticipated. As a result, CBP has 
invested significant funds, about $360 million over the course 
of 8 years, in a program that has not achieved the expected 
results and it cannot demonstrate how much the program has 
improved border security.
    The $443 million CBP plans to spend on program expansion 
could be put to better use by investing in alternatives such as 
manned aircraft and ground surveillance assets.
    As we conduct our work for fiscal 2015, we began with two 
priorities, to aid the Department in achieving its critical 
missions and priorities, and to ensure that they engaged in 
proper stewardship and integrity of taxpayer dollars.
    We also conduct, of course, legislatively mandated work and 
make an earnest effort to address the concerns of Congress and 
the Department along with our other stakeholders. We attempt to 
be transparent in our work. Our annual performance plan and our 
current list of on-going projects are published on our website 
to better inform the Congress and the public regarding our 
work.
    Mr. Chairman, this concludes my remarks. I welcome any 
questions you or any other Members of the committee have.
    [The prepared statement of Mr. Roth follows:]
                    Prepared Statement of John Roth
                           February 26, 2015
    Chairman Perry, Ranking Member Watson Coleman, and Members of the 
subcommittee: Thank you for inviting me here today to discuss our 
recommendations to improve homeland security. I am pleased to have the 
opportunity to share our efforts to improve DHS through our independent 
audits and inspections, as well as our efforts to ensure the integrity 
of the DHS workforce and its operations.
    I would like to focus on some of DHS' challenges, many of which we 
highlighted in our fiscal year 2014 report on major management 
challenges, and some of which at times hamper our efforts to improve 
the Department's programs and operations. My testimony today will focus 
on recent and upcoming audits in four areas: Unity of Effort, 
acquisition management, IT management, and financial management.
                        recent and upcoming work
Unity of Effort
    Given its history as a group of very diverse agencies and its 
complex, multi-faceted mission, it is not surprising that the 
Department continues to face challenges transforming itself into a 
cohesive single agency. To accomplish its mission, DHS must have a 
strong, yet flexible, central authority that is able to ensure the 
components collaborate for maximum effectiveness and cost efficiency. A 
unified culture within DHS is necessary for better homeland security, 
as well as deriving efficiencies from the integration of operations. 
The Secretary's April 2014 Unity of Effort initiative is a positive 
step towards achieving that change. In addition, DHS must strengthen 
its efforts to integrate management operations under an authoritative 
governing structure capable of effectively overseeing and managing 
programs that cross component lines.
    We have observed that the components often have similar 
responsibilities and challenges, but many times operate independently 
and do not unify their efforts, cooperate, or share information. This 
situation is sometimes exacerbated by components' disregard for DHS' 
policies. Together, these problems hamper operations and lead to 
wasteful spending; for instance,
   Last year, we found that DHS did not adequately manage or 
        have the enforcement authority over its components' vehicle 
        fleet operations to ensure right-sizing, that is, to make 
        certain the motor vehicle fleet includes the correct number and 
        type of vehicles. Without a centralized fleet management 
        information system, the Department has to rely on multiple 
        systems that contain inaccurate and incomplete vehicle data. 
        Additionally, each component manages its own vehicle fleet, 
        making it difficult for the DHS Fleet Manager to provide 
        adequate oversight and ensure the components comply with 
        Federal laws, regulations, policies, and directives. We found 
        that the components were operating underused vehicles, which in 
        fiscal year 2012, cost DHS from $35 to $49 million. (DHS Does 
        Not Adequately Mange or Have Enforcement Authority Over its 
        Component's Vehicle Fleet Operations, OIG 14-126)
   The Department's failure to adequately plan and manage 
        programs and ensure compliance was also evident in our audit of 
        DHS' preparedness for a pandemic. We found that the Department 
        did not develop and implement stockpile replenishment plans, 
        sufficient inventory controls to monitor stockpiles, or have 
        adequate contract oversight processes; DHS also did not ensure 
        compliance with its guidelines. Thus, DHS was not effectively 
        managing its stockpile of pandemic equipment and antiviral 
        medications, and components were maintaining inaccurate 
        inventories of pandemic preparedness supplies. Consequently, 
        the Department cannot be certain it has sufficient equipment 
        and medical countermeasures to respond to a pandemic. (DHS Has 
        Not Effectively Managed Pandemic Personal Protective Equipment 
        and Antiviral Medical Countermeasures, OIG 14-129)
    In fiscal year 2015, we will continue to monitor the Department's 
efforts toward achieving Unity of Effort; for example,
   DHS operates a number of training centers to meet the demand 
        for specialized skills across the Department. We have just 
        begun an audit to determine whether DHS' oversight of its 
        training centers ensures the most cost-effective use of 
        resources. Although the Department has made great strides in 
        improving both the quality and availability of training, we 
        believe there may be opportunities to reduce overall cost by 
        identifying redundant capacity.
   Another forthcoming audit focuses on whether DHS has the 
        information it needs to effectively manage its warehouses. 
        Until recently, the components managed their own warehouse 
        needs with little or no joint effort. We expect to publish the 
        final report by June 2015.
Acquisition Management
    Acquisition management at DHS is inherently complex and high-risk. 
It is further challenged by the magnitude and diversity of the 
Department's procurements. DHS acquires more than $25 billion \1\ worth 
of goods and services each year. Although DHS has improved its 
acquisition processes, many major acquisition programs lack the 
foundational documents and management controls necessary to manage 
risks and measure performance. Components do not always follow 
Departmental acquisition guidance, which leads to cost overruns, missed 
schedules, and mediocre acquisition performance. All of these have an 
effect on budget, security, and efficient use of resources; for 
example,
---------------------------------------------------------------------------
    \1\ According to DHS' Fiscal Year 2014 Agency Financial Report, the 
Department's fiscal year 2014 obligations for ``Contractual Services 
and Supplies'' were about $22.6 billion and its obligations for 
``Acquisition of Assets'' were about $3.1 billion.
---------------------------------------------------------------------------
   U.S. Customs and Border Protection (CBP) did not effectively 
        plan and manage employee housing in Ajo, Arizona, and made 
        decisions that resulted in additional costs to the Federal 
        Government, spending about $680,000 for each house that was 
        built, which was significantly more than the Ajo average home 
        price of $86,500. We identified about $4.6 million CBP spent on 
        the project that could have been put to better use. (CBP Did 
        Not Effectively Plan and Manage Employee Housing in Ajo, 
        Arizona (Revised), OIG-14-131)
   We recently reported that although CBP's Unmanned Aircraft 
        System program contributes to border security, after 8 years, 
        CBP cannot prove that the program is effective because it has 
        not developed performance measures. The program has also not 
        achieved the expected results--the aircraft are not meeting 
        flight-hour goals, and we found little or no evidence CBP has 
        met its program expectations. CBP anticipated using the 
        unmanned aircraft to patrol more than 23,000 hours per year, 
        but the aircraft logged only a combined total of 5,102 hours, 
        or about 80 percent less than what was anticipated. As a 
        result, CBP has invested significant funds in a program that 
        has not achieved the expected results, and it cannot 
        demonstrate how much the program has improved border security. 
        The $443 million CBP plans to spend on program expansion could 
        be put to better use by investing in alternatives, such as 
        manned aircraft and ground surveillance assets. (U.S. Customs 
        and Border Protection's Unmanned Aircraft System Program Does 
        Not Achieve Intended Results or Recognize All Costs of 
        Operations, OIG-15-17)
   In a recent management advisory, we brought to the 
        Department's attention an issue related to CBP's National 
        Aviation Maintenance contract. In 2009, CBP awarded a $938 
        million contract to Defense Support Services, LLC to maintain 
        about 265 aircraft to fly approximately 100,000 hours per year. 
        Since the contract was awarded, however, the number of CBP 
        aircraft maintained, annual flight hours, and the average age 
        of the aircraft fleet have decreased, while contract costs 
        increased. We were not able to reconcile maintenance labor 
        hours with the hours the contractor charged CBP because of 
        inconsistent and unreliable data. (U.S. Customs and Border 
        Protection's Management of National Aviation Maintenance 
        Activities, Management Advisory)
    Given the magnitude and risks of the Department's acquisitions, we 
will continue to invest resources in this critical area; for instance,
   In fiscal year 2015, we plan to audit CBP's acquisition of 
        an integrated fixed tower (IFT) system. IFT systems are 
        intended to assist agents in detecting, tracking, identifying, 
        and classifying items of interest along our borders through a 
        series of fixed-sensor towers. In February 2014, CBP awarded 
        $145 million to begin work on the IFT acquisition program, a 
        spin-off of CBP's $1 billion SBInet acquisition. The 
        acquisition is currently in schedule breach. An audit at this 
        point in the program's life cycle will be useful in identifying 
        program challenges and may help prevent further schedule 
        breaches.
   We are also planning an audit to determine whether the USCG 
        is effectively managing the acquisition of eight Legend-class 
        National Security Cutters, which will replace its 1960s-era 
        High-Endurance Cutters. In 2012, GAO reported that the cost of 
        the USCG's plan to acquire the final two cutters is not covered 
        by the USCG's current 5-year budget plan. Thus, there may be a 
        significant mismatch between expected capital investment 
        funding and the estimated life-cycle costs for the project.
    As these examples illustrate, we are moving towards a more 
proactive approach by performing audits throughout the acquisition 
process. This approach would allow for course corrections early in the 
acquisition life cycle before full investment in a program occurs--
addressing cost, schedule, and performance problems as they occur, thus 
protecting a long-term investment.
Cybersecurity and IT Management
    DHS continues to face challenges in protecting its IT 
infrastructure, as well as ensuring that its infrastructure supports 
its mission needs and operates efficiently. Recent audits highlight 
some of these challenges:
   As we reported in December 2014, the Department made 
        progress in improving its information security program. 
        Although it has transitioned to a risk-based approach for 
        managing IT security, the components' lack of compliance with 
        existing security policies and weaknesses in DHS' oversight and 
        enforcement of these policies undermines the Department's 
        efforts. Additionally, DHS and its components continued to 
        operate information systems without the proper authority, 
        hindering protection of sensitive information. There are some 
        indications that DHS may not be properly inventorying its 
        systems or that components may be procuring or developing new 
        systems independently. Components also did not mitigate 
        security vulnerabilities in a timely manner. (Evaluation of 
        DHS' Information Security Program for Fiscal Year 2014, OIG-15-
        16)
   In July 2014, the National Protection and Programs 
        Directorate (NPPD) made progress expanding its Enhanced 
        Cybersecurity program to share cyber threat information with 
        qualified Commercial Service Providers and ultimately to 16 
        critical infrastructure sectors. But NPPD's limited outreach 
        and resources slowed the expansion. NPPD also relied on manual 
        reviews and analyses to share cyber threat information, which 
        led to inconsistent quality in cyber threat indicators. 
        (Implementation Status of Enhanced Cybersecurity Services 
        Program, OIG-14-119)
   We reported on problems with the Electronic Immigration 
        System (ELIS), which U.S. Citizenship and Immigration Services 
        (USCIS) uses in its adjudication process. The system's 29 
        commercial software products make it difficult to make changes 
        in the system. Although ELIS was designed to improve 
        efficiency, time studies showed that adjudicating using paper-
        based processes was faster than using the complex computer 
        system. USCIS staff also said it takes longer to process 
        adjudications using the Enterprise Document Management System 
        (EDMS), which they use to view and search electronic copies of 
        paper-based immigration case files. Although digitizing files 
        reduces document delivery time, staff said using EDMS is 
        burdensome. (U.S. Citizenship and Immigration Services 
        Information Technology Management Progress and Challenges, OIG-
        14-112)
   In March 2014, we reported on EINSTEIN 3 Accelerated 
        (E\3\A), an automated process for collecting network security 
        information from participating Federal agencies. NPPD has begun 
        deploying E\3\A and expects to reach full operating capability 
        by the end of fiscal year 2015. However, we concluded that NPPD 
        needs to strengthen its monitoring of E\3\A's implementation 
        and improve its ability to handle personally identifiable 
        information as the program matures. (Implementation Status of 
        EINSTEIN 3 Accelerated, OIG-14-52)
Financial Management
            Financial statement audits
    Congress and the public must be confident that DHS is properly 
managing its finances to make informed decisions, manage Government 
programs, and implement its policies. In fiscal year 2014, DHS obtained 
an unmodified (clean) opinion on all financial statements for the first 
time in its history. This was a significant achievement that built on 
previous years' successes; yet, it required considerable manual effort 
to overcome deficiencies in internal control and a lack of financial IT 
systems functionality.
    Many key DHS financial systems do not comply with Federal financial 
management system requirements. Limitations in financial systems 
functionality add substantially to the Department's challenge in 
addressing systemic internal control weaknesses and limit its ability 
to leverage IT systems to process and report financial data efficiently 
and effectively. In fiscal year 2015 and beyond, DHS will need to 
sustain its progress in achieving an unmodified opinion on its 
financial statements and work toward building a solid financial 
management internal control structure.
            Grant Management (FEMA)
    FEMA continues to experience challenges managing the immense and 
risky disaster assistance program. Currently, every State and most of 
the U.S. possessions have open disasters that include more than 100,000 
grant applicants spending more than $50 billion on more than 600,000 
disaster assistance projects. Last year, we issued Capping Report: FY 
2013 FEMA Public Assistance and Hazard Mitigation Grant and Subgrant 
Audits (OIG-14-102-D), which summarized the results of our disaster 
assistance audits for the last 5 years. Of the $5.9 billion we audited, 
disaster assistance recipients did not properly spend $1.36 billion, or 
an average of 23 percent, of the disaster assistance grants.
    The Department also provides Homeland Security Grant Program (HSGP) 
funds to State, territory, local, and Tribal governments to enhance 
their ability to respond to terrorist attacks and other disasters. 
Since 2005, we have conducted 74 separate audits covering more than $7 
billion in HSGP funds awarded to all 50 States, 6 urban areas, 5 U.S. 
territories, and the District of Columbia. Although we determined that 
in most instances the States complied with applicable laws and 
regulations, we issued more than 600 recommendations for improvement to 
FEMA, almost 90 percent of which have been resolved. Most of the 
recommendations were related to strategic homeland security planning, 
timely obligation of grant funds, financial management and reporting, 
and sub-grantee compliance monitoring.
    We will continue to look for ways to help FEMA improve grant 
management in fiscal year 2015. For instance, we are currently 
undertaking a capstone review to measure the impact of FEMA's 
corrective actions as they specifically address these recurring 
challenges. We anticipate that our assessment will further strengthen 
the level of National preparedness by helping to better inform the 
agency's future administration and investment of taxpayer dollars.
    We are also conducting an audit of approximately $2 billion awarded 
through FEMA's Assistance to Firefighters Grant and Staffing for 
Adequate Fire and Emergency Response Grants programs. These grants are 
awarded directly to fire departments (volunteer, combination, and 
career), unaffiliated Emergency Medical Service (EMS) organizations, or 
volunteer firefighter interest organizations. The audit will determine 
if FEMA ensures that these grant funds are expended appropriately.
                               challenges
Meeting the Risk
    We must focus our limited resources on issues that make a 
difference, especially those that may have a significant impact on the 
Department's ability to fulfill its strategic missions. At the 
beginning of each year, we initiate a risk-based planning process by 
identifying high-impact programs and operations that are critical to 
the Department's mission or integrity. Once we identify the high-impact 
areas, we evaluate all the projects that have been proposed throughout 
the previous year.
    As we planned our work for fiscal year 2015, we began with two 
priorities: To aid the Department in achieving its critical missions 
and priorities and to ensure the proper stewardship and integrity of 
Department programs and resources. We also conduct legislatively-
mandated work and make an earnest effort to address the concerns of 
Congress and the Department, along with our other stakeholders. In 
fiscal year 2015, our work will focus on determining the effectiveness 
of the Department's efforts to: (1) Prevent terrorism and enhance 
security; (2) enforce and administer our immigration laws; (3) secure 
and manage our borders; (4) strengthen National preparedness and 
resilience to disasters; and (5) safeguard and secure the Nation's 
cyber space. We will also continue our efforts to promote management 
stewardship and ensure program integrity.
    Our Annual Performance Plan and our current list of Ongoing 
Projects are published on our website to better inform the Congress and 
the public regarding our work.
Audit Follow-up
    Audit follow-up is an integral part of good management; it is a 
shared responsibility of both auditors and agency management officials. 
The Department has made great strides in closing recommendations. For 
example, as shown in the following chart and attachment 1, DHS reduced 
the number of unresolved, open recommendations more than 6 months old 
from a high of 691 in fiscal year 2011 to 94 in fiscal year 2014. In 
parallel, the number of recommendations categorized as ``resolved-
open'' (recommendations that the Department agreed to but has not yet 
implemented) steadily declined from a high of 1,663 in fiscal year 2011 
to 736 in fiscal year 2014. DHS's goal is to have zero financial 
statement-related recommendations categorized as ``open-unresolved'' by 
March 30, 2015. This progress largely results from increased focus by 
the Department through the audit liaisons and increased communication 
with our office; we sincerely appreciate the personnel and resources 
the Department has dedicated to this effort. In addition, we recently 
began publishing a quarterly report of open recommendations over 6 
months old on our public website in an effort to make this process more 
transparent to Congress and the public.


    We need to do more to ensure that Department and component 
management fully implements corrective actions. To that end, we are 
initiating ``verification reviews.'' These limited-scope reviews will 
focus on our most crucial recommendations, examining whether the 
recommendations were implemented and whether the actions taken had the 
intended effect; for example,
   One of our verification reviews will determine if USCG 
        implemented recommendations from our 2012 audit on the USCG's 
        Sentinel Class Fast Response Cutter (FRC). In September 2008, 
        the USCG awarded an $88.2 million fixed-price contract for the 
        detailed design and construction of the lead FRC. The estimated 
        $1.5 billion contract contains 6 options to build a maximum of 
        34 cutters. We found that USCG's schedule-driven strategy 
        allowed construction of the FRCs to start before operational, 
        design, and technical risks were resolved. Consequently, six 
        FRCs under construction needed modification, which increased 
        the total cost of the acquisition by $6.9 million and caused 
        schedule delays of at least 270 days for each cutter. This 
        aggressive acquisition strategy also allowed the USCG to 
        procure 12 FRCs before testing in actual operations. We made 
        four recommendations designed to eliminate this risk in future 
        acquisitions and one recommendation to address the current FRC 
        acquisition. (U.S. Coast Guard's Acquisition of the Sentinel 
        Class--Fast Response Cutter, OIG-12-68)
   We will also follow up on the recommendations from our 
        report on DHS' oversight of interoperable communications. 
        During the audit, we tested DHS radios to determine whether DHS 
        components could talk to each other in the event of an 
        emergency. They could not. Only 1 of 479 radio users we 
        tested--or less than 1 percent--could access and use the 
        specified common channel to communicate. Further, of the 382 
        radios tested, only 20 percent (78) contained all the correct 
        program settings for the common channel. In our verification 
        review, we will determine whether the Department created a 
        structure with the necessary authority to ensure that the 
        components achieve interoperability, as well as policies and 
        procedures to standardize Department-wide radio activities. 
        (DHS' Oversight of Interoperable Communications, OIG-13-06)
    We believe verification reviews such as these will result in 
increased commitment by the components to enact change.
Transparency of Reports
    The Inspector General Act contemplates that my reports, to the 
greatest possible extent, be available to the public. Openness and 
transparency are critical to good government, and the Act allows me to 
publish my reports except in three narrow circumstances: First, where 
disclosure of the information is specifically prohibited by law; 
second, where specifically prohibited from disclosure by Executive 
Order in the interest of National defense, National security, or in the 
conduct of foreign affairs; and third, where part of an on-going 
criminal investigation.
    The Department often raises objections to the publication of 
certain information in our reports, often marking parts of our reports 
as ``For Official Use Only'' or ``Law Enforcement Sensitive.'' These 
designations are not recognized in the law, and in my experience they 
risk being used to attempt to avoid revealing information that is 
embarrassing to the agency involved. However, sometimes such 
information, if disclosed, could cause harm to DHS programs and 
operations.
    In those situations, I use my discretion to redact information in 
our public report. However, in order to properly exercise my discretion 
in an informed and responsible manner, I require such requests to come 
from the component or agency head, coupled with an articulation of the 
actual, specific harm that would result from disclosure. Too often, the 
fear of harm is highly speculative, and fails to balance the need for 
transparency against the risks of disclosure.
    Recently, we have had issues with the Transportation Security 
Administration (TSA) designating certain material as ``Sensitive 
Security Information'' (SSI) within an audit report concerning the 
information technology operations at John F. Kennedy airport in New 
York. The designation of SSI is in the absolute and unreviewable 
discretion of the administrator of TSA and improper disclosure of it 
carries with it civil and administrative penalties. What was especially 
troubling about this episode, in my view, was the length of time it 
took--nearly 6 months--to get a resolution of the issue, the fact that 
my security experts who wrote the report were confident that the 
general and non-specific manner in which they wrote the report would 
not compromise TSA's computer security, and that the similar 
information had been published in previous audit reports without 
objection.
    The SSI designation is a useful tool to protect sensitive 
transportation security information in a manner that gives some 
flexibility to TSA. However, I am worried that SSI can be misused, as I 
believe it has been here, to prevent embarrassment. We intend to 
conduct a formal review of TSA's administration of the SSI program, and 
report those results to the Secretary and the Congressional committees 
with oversight over the program.
Resources
    The budget for our office is relatively tiny--we represent just 
0.23 percent of the DHS budget, yet we have an outsize impact on the 
operation of the Department.
    For every dollar given to the OIG, we return more than $7 in 
savings, as reflected by the statutory performance measures set forth 
in the Inspector General Act. This vastly understates our performance, 
because much of our best work--audit and inspections reports that shed 
light on problematic aspects of programs, for example--don't carry with 
it a cost savings, but the value to the American taxpayer is 
incalculable.
    Notwithstanding the demonstrated contributions of our office, our 
budget has actually shrunk by about 1 percent since fiscal year 2012. 
As a result, our on-board strength from fiscal year 2012 to this year 
has decreased by about 15 percent. We have been forced to cut training 
to less than a third of what we have determined to be appropriate, 
reducing our ability to do our job and decreasing morale. This includes 
training for our auditors necessary under the Inspector General Act, as 
well as training for our Special Agents to keep them safe.
    Yet, during this same time, DHS' authorized workforce grew by about 
5,000, representing a 2.3 percent increase. The Department continues to 
grow, but the Inspector General's office--the one entity within the 
Department designed to save money and create efficiency--shrinks.
    This, I believe, represents a false economy.
                         working with congress
    We are proud of our work and the success we have had pointing out 
challenges the Department needs to overcome and recommending ways to 
resolve issues and improve programs and operations. However, it is your 
legislative efforts that enhance the significance of our work and 
create an even greater impact on the Department. By introducing and 
passing legislation, you show that you trust in us and have faith in 
our work. This validation spurs those who need to act to ensure we 
protect this Nation and use taxpayer dollars effectively; for example,
   S. 159, which was referred to the Senate Committee on 
        Homeland Security and Government Affairs on January 13, 2015, 
        resulted from our recent report on CBP's Unmanned Aircraft 
        System (UAS) Program. The bill requires DHS to use its UAS for 
        surveillance of the entire Southern Border and report 
        performance indicators such as flight hours, detections, 
        apprehensions, and seizures. It also prevents DHS from 
        procuring additional UAS until it operates its current fleet 
        for at least 23,000 hours annually. (U.S. Customs and Border 
        Protection's Unmanned Aircraft System Program Does Not Achieve 
        Intended Results or Recognize All Costs of Operations, OIG-15-
        17)
   H.R. 719, the TSA Office of Inspection Accountability Act of 
        2015, which passed the House on February 10, 2015, resulted 
        from our report on TSA's Office of Inspection. It requires TSA 
        to reclassify criminal investigators if less than 50 percent of 
        their time is spent performing criminal investigative duties. 
        The bill also requires the assistant secretary to estimate the 
        cost savings to the Federal Government resulting from such 
        reclassification. (Transportation Security Administration 
        Office of Inspection's Efforts To Enhance Transportation 
        Security, OIG-13-123)
   H.R. 615, which passed the House on February 2, 2015, 
        resulted from our report on DHS's Oversight of Interoperable 
        Communications. This bill would amend the Homeland Security Act 
        of 2002 to require the Department to take administrative action 
        to achieve and maintain interoperable communications 
        capabilities among its components. (DHS' Oversight of 
        Interoperable Communications, OIG-13-06)
    We appreciate your efforts and hope that we can continue to count 
on you in the future. For our part, we intend to continue accomplishing 
our mission to the best of our ability.
    Mr. Chairman, this concludes my prepared statement. I welcome any 
questions you or other Members of the subcommittee may have.
             attachment 1.--status of oig recommendations 




* Includes performance, financial statement, and grant-related disaster 
assistance.
        attachment 2.--oig reports referenced in this testimony
DHS Does Not Adequately Manage or Have Enforcement Authority Over its 
Component's Vehicle Fleet Operations, OIG 14-126, August 2014
DHS Has Not Effectively Managed Pandemic Personal Protective Equipment 
and Antiviral Medical Countermeasures, OIG 14-129, August 2014
CBP Did Not Effectively Plan and Manage Employee Housing in Ajo, 
Arizona (Revised), OIG-14-131, September 2014
U.S. Customs and Border Protection's Unmanned Aircraft System Program 
Does Not Achieve Intended Results or Recognize All Costs of Operations, 
OIG-15-17, December 2014
U.S. Customs and Border Protection's Management of National Aviation 
Maintenance Activities, CBP Management Advisory, January 2015
Evaluation of DHS' Information Security Program for Fiscal Year 2014, 
OIG-15-16, December 2014
Implementation Status of Enhanced Cybersecurity Services Program, OIG-
14-119, July 2014
U.S. Citizenship and Immigration Services Information Technology 
Management Progress and Challenges, OIG-14-112, July 2014
Implementation Status of EINSTEIN 3 Accelerated, OIG-14-52, March 2014
Capping Report: FY 2013 FEMA Public Assistance and Hazard Mitigation 
Grant and Subgrant Audits, OIG-14-102-D, June 2014
U.S. Coast Guard's Acquisition of the Sentinel Class--Fast Response 
Cutter, OIG-12-68, August 2012
DHS' Oversight of Interoperable Communications, OIG-13-06, November 
2012
Transportation Security Administration Office of Inspection's Efforts 
To Enhance Transportation Security, OIG-13-123, September 2013

    Mr. Perry. Thank you, Mr. Roth.
    Chairman now recognizes Ms. Gambler for your testimony.

 STATEMENT OF REBECCA GAMBLER, DIRECTOR, HOMELAND SECURITY AND 
     JUSTICE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Gambler. Good morning, Chairman Perry, Ranking Member 
Watson Coleman, and Members of the subcommittee. I appreciate 
the opportunity to testify at today's hearing to discuss GAO's 
work on DHS's efforts to strengthen and integrate its 
management functions.
    Since 2003, GAO has issued hundreds of reports addressing 
the range of DHS's mission and management functions, and we 
have made about 2,200 recommendations to strengthen the 
Department's management and performance measurement, among 
other things. DHS has implemented more than 69 percent of these 
recommendations, and has actions under way to address others.
    GAO also regularly reports to Congress on Government 
operations that we have identified as high-risk because of 
their greater vulnerability to fraud, waste, abuse, and 
mismanagement or the need for transformation. In 2003, we 
designated implementing and transforming DHS as high-risk 
because the Department had to transform 22 agencies into one 
Department, and the failure to address associated risks could 
have serious consequences for U.S., National, and economic 
security.
    With DHS's maturation and evolution, in our 2013 high-risk 
update, we narrowed the scope of the high-risk area to focus on 
strengthening DHS management functions. These functions include 
human capital, acquisition, information technology, and 
financial management. We also changed the name of the area to 
strengthening DHS management functions.
    My remarks today will focus on two areas, DHS's progress 
and remaining actions to strengthen its management functions 
and cross-cutting issues or themes that have affected DHS's 
efforts to implement its missions.
    First, DHS has made progress in meeting our criteria for 
removal from the high-risk list. Specifically in our 2015 high-
risk update, which we issued earlier this month, we found that 
DHS has met two of our criteria, demonstrating leadership 
commitment and having a corrective action plan. DHS has 
partially met the other three criteria, having the capacity to 
resolve the risks, a framework to monitor progress, and 
demonstrated sustained progress.
    GAO and DHS have agreed to 30 actions and outcomes across 
DHS's management functions that the Department must meet to 
address the high-risk designation. DHS has fully or mostly 
addressed just less than half of these actions and outcomes and 
has partially addressed or initiated activities to address the 
others.
    For example, within acquisition management, the Department 
has taken action to establish effective component-level 
acquisition capability, but more work is needed to demonstrate 
that major acquisition programs are on track to achieve cost, 
schedule, and capability goals.
    Further, within human capital management, DHS has developed 
and made progress in implementing a strategic human capital 
plan. However, DHS has considerable work ahead to improve 
employee morale.
    Overall, while DHS has made progress in addressing those 
issues that contribute to its designation as high-risk, DHS 
needs to continue to demonstrate measurable and sustainable 
progress in implementing corrective actions and achieving those 
actions and outcomes that we and the Department have 
identified.
    Second, we have identified various themes that have 
impacted DHS's progress in implementing its mission functions. 
Those themes include leading and coordinating the Homeland 
Security Enterprise, and strategically managing risks and 
assessing Homeland Security efforts.
    While DHS has made important progress in these themes, they 
continue to affect the Department's implementation efforts. For 
example, while DHS has made important strides in coordinating 
efforts with Homeland Security partners in various mission 
areas, our work has shown that DHS could further improve its 
coordination and outreach with Federal, State, local, and other 
partners, and with the public, such as in how DHS handles and 
processes FOIA requests.
    Further, DHS and its components have strengthened their 
risk and performance assessments of various programs and 
initiatives. However, opportunities exist for the Department 
and its components to improve their risk assessment efforts in 
such areas as covert testing along the border and to strengthen 
their planning efforts in such areas as St. Elizabeths 
headquarters consolidation project.
    GAO has made recommendations to the Department in all of 
these areas and others, and as DHS continues to implement 
actions in response to these recommendations, we will monitor 
the Department's progress.
    This concludes my prepared statement, and I would be happy 
to answer any questions that Members may have.
    [The prepared statement of Ms. Gambler follows:]
                 Prepared Statement of Rebecca Gambler
                           February 26, 2015
    Chairman Perry, Ranking Member Watson Coleman, and Members of the 
subcommittee: Thank you for the opportunity to discuss the Department 
of Homeland Security's (DHS) on-going efforts to strengthen and 
integrate its management functions. In the 12 years since the 
Department's creation, DHS has implemented key homeland security 
operations, achieved important goals and milestones, and grown to more 
than 240,000 employees and approximately $60 billion in budget 
authority. We have issued hundreds of reports addressing the range of 
DHS's missions and management functions, and our work has identified 
gaps and weaknesses in the Department's operational and implementation 
efforts, as well as opportunities to strengthen their efficiency and 
effectiveness. Since 2003, we have made approximately 2,200 
recommendations to DHS to strengthen program management, performance 
measurement efforts, and management processes, among other things. DHS 
has implemented more than 69 percent of these recommendations and has 
actions under way to address others.
    We also report regularly to Congress on Government operations that 
we identified as high-risk because of their increased vulnerability to 
fraud, waste, abuse, and mismanagement, or the need for transformation 
to address economy, efficiency, or effectiveness challenges. In 2003, 
we designated implementing and transforming DHS as high-risk because 
DHS had to transform 22 agencies--several with major management 
challenges--into one department, and failure to address associated 
risks could have serious consequences for U.S. National and economic 
security.\1\ Given the significant effort required to build and 
integrate a department as large and complex as DHS, our initial high-
risk designation addressed the Department's initial transformation and 
subsequent implementation efforts, to include associated management and 
programmatic challenges.\2\
---------------------------------------------------------------------------
    \1\ GAO, High-Risk Series: An Update, GAO-03-119 (Washington, DC: 
January 2003).
    \2\ DHS also has responsibility for other areas we have designated 
as high-risk. Specifically, in 2005, we designated establishing 
effective mechanisms for sharing and managing terrorism-related 
information to protect the homeland as high-risk, involving a number of 
Federal departments, to include DHS. In 2006, we identified the 
National Flood Insurance Program as high-risk. Further, in 2003, we 
expanded the scope of the high-risk area involving Federal information 
security, which was initially designated as high-risk in 1997, to 
include the protection of the Nation's computer-reliant critical 
infrastructure. See GAO, High-Risk Series: An Update, GAO-09-271 
(Washington, DC: January 2009); High-Risk Series: An Update, GAO-07-310 
(Washington, DC: January 2007); and High-Risk Series: An Update, GAO-
05-207 (Washington, DC: January 2005).
---------------------------------------------------------------------------
    Since 2003, the focus of the Implementing and Transforming DHS 
high-risk area has evolved in tandem with DHS's maturation and 
evolution. In September 2011, we reported in our assessment of DHS's 
progress and challenges 10 years after the terrorist attacks of 
September 11, 2001, (9/11) that the Department had implemented key 
homeland security operations and achieved important goals in many areas 
to create and strengthen a foundation to reach its potential.\3\ 
However, we also reported that continuing weaknesses in DHS's 
management functions had been a key theme impacting the Department's 
implementation efforts. While challenges remain for DHS across its 
range of missions, the Department has made considerable progress in 
transforming its original component agencies into a single Cabinet-
level department and positioning itself to achieve its full potential. 
As a result, in our 2013 high-risk update, we narrowed the scope of the 
high-risk area to focus on strengthening DHS management functions 
(human capital, acquisition, financial management, and information 
technology [IT]), and changed the name from Implementing and 
Transforming DHS to Strengthening DHS Management Functions to reflect 
this focus. We also reported in our 2013 update that the Department 
needs to demonstrate continued progress in implementing and 
strengthening key management initiatives and addressing corrective 
actions and outcomes in order to mitigate the risks that management 
weaknesses pose to mission accomplishment and the efficient and 
effective use of the Department's resources.\4\
---------------------------------------------------------------------------
    \3\ GAO, Department of Homeland Security: Progress Made and Work 
Remaining in Implementing Homeland Security Missions 10 Years after 9/
11, GAO-11-881 (Washington, DC: Sept. 7, 2011).
    \4\ GAO, High-Risk Series: An Update, GAO-13-283 (Washington, DC: 
February 2013).
---------------------------------------------------------------------------
    In November 2000, we published our criteria for removing areas from 
the high-risk list.\5\ Specifically, agencies must have: (1) A 
demonstrated strong commitment and top leadership support to address 
the risks; (2) a corrective action plan that identifies the root 
causes, identifies effective solutions, and provides for substantially 
completing corrective measures in the near term, including but not 
limited to steps necessary to implement solutions we recommended; (3) 
the capacity (that is, the people and other resources) to resolve the 
risks; (4) a program instituted to monitor and independently validate 
the effectiveness and sustainability of corrective measures; and (5) 
the ability to demonstrate progress in implementing corrective 
measures.
---------------------------------------------------------------------------
    \5\ GAO, Determining Performance and Accountability Challenges and 
High Risks, GAO-01-159SP (Washington, DC: November 2000).
---------------------------------------------------------------------------
    As requested, my statement discusses:
   DHS's progress and actions remaining in strengthening and 
        integrating its management functions, and
   cross-cutting issues that have affected DHS's progress in 
        implementing its mission functions.
    This statement is based on GAO's 2015 high-risk update report as 
well as reports and testimonies we issued from September 2011 through 
February 2015.\6\ For the past products, among other things, we 
analyzed DHS strategies and other documents related to the Department's 
efforts to address its high-risk areas, reviewed our past reports 
issued since DHS began its operations in March 2003, and interviewed 
DHS officials. More detailed information on the scope and methodology 
of our prior work can be found within each specific report. We 
conducted the work on which this statement is based in accordance with 
generally-accepted Government auditing standards. Those standards 
require that we plan and perform the audit to obtain sufficient, 
appropriate evidence to provide a reasonable basis for our findings and 
conclusions based on our audit objectives. We believe that the evidence 
obtained provides a reasonable basis for our findings and conclusions 
based on our audit objectives.
---------------------------------------------------------------------------
    \6\ GAO, High-Risk Series: An Update, GAO-15-290 (Washington, DC: 
February 2015). See also the related GAO products list at the end of 
this statement.
---------------------------------------------------------------------------
 dhs has made progress in strengthening its management functions, but 
                       considerable work remains
DHS Progress in Meeting Criteria for Removal From the High-Risk List
    DHS's efforts to strengthen and integrate its management functions 
have resulted in progress addressing our criteria for removal from the 
high-risk list. In particular, in our 2015 high-risk update report, 
which we released earlier this month, we found that DHS has met two 
criteria and partially met the remaining three criteria, as shown in 
table 1.

 TABLE 1.--ASSESSMENT OF DEPARTMENT OF HOMELAND SECURITY (DHS) PROGRESS
IN ADDRESSING THE STRENGTHENING DHS MANAGEMENT FUNCTIONS HIGH-RISK AREA,
                           AS OF FEBRUARY 2015
------------------------------------------------------------------------
Criterion For Removal From High-Risk               Partially    Not met
                List                     Met *      met **        ***
------------------------------------------------------------------------
Leadership commitment...............          X   ..........  ..........
Corrective action plan..............          X   ..........  ..........
Capacity............................  ..........          X   ..........
Framework to monitor progress.......  ..........          X   ..........
Demonstrated, sustained progress....  ..........          X   ..........
                                     -----------------------------------
      Total.........................          2           3          0
------------------------------------------------------------------------
Source.--GAO analysis of DHS documents, interviews, and prior GAO
  reports. GAO 15-388T
* ``Met''.--There are no significant actions that need to be taken to
  further address this criterion.
** ``Partially met''.--Some but not all actions necessary to generally
  meet the criterion have been taken.
*** ``Not met''.--Few, if any, actions toward meeting the criterion have
  been taken.

    Leadership commitment (met).--In our 2015 report, we found that the 
Secretary and deputy secretary of Homeland Security, the under 
secretary for management at DHS, and other senior officials have 
continued to demonstrate commitment and top leadership support for 
addressing the Department's management challenges. We also found that 
they have taken actions to institutionalize this commitment to help 
ensure the long-term success of the Department's efforts. For example, 
in April 2014, the Secretary of Homeland Security issued a memorandum 
entitled Strengthening Departmental Unity of Effort, committing to, 
among other things, improving DHS's planning, programming, budgeting, 
and execution processes through strengthened Departmental structures 
and increased capability.\7\ Senior DHS officials, including the deputy 
secretary and under secretary for management, have also routinely met 
with us over the past 6 years to discuss the Department's plans and 
progress in addressing this high-risk area. During this time, we 
provided specific feedback on the Department's efforts. We concluded 
that it will be important for DHS to maintain its current level of top 
leadership support and commitment to ensure continued progress in 
successfully executing its corrective actions through completion.
---------------------------------------------------------------------------
    \7\ DHS, Secretary of Homeland Security, Strengthening Departmental 
Unity of Effort, Memorandum for DHS Leadership (Washington, DC: Apr. 
22, 2014).
---------------------------------------------------------------------------
    Corrective action plan (met).--We found that DHS has established a 
plan for addressing this high-risk area. Specifically, in a September 
2010 letter to DHS, we identified and DHS agreed to achieve 31 actions 
and outcomes that are critical to addressing the challenges within the 
Department's management areas and in integrating those functions across 
the Department. In March 2014, we updated the actions and outcomes in 
collaboration with DHS to reduce overlap and ensure their continued 
relevance and appropriateness. These updates resulted in a reduction 
from 31 to 30 total actions and outcomes. Toward achieving the actions 
and outcomes, DHS issued its initial Integrated Strategy for High-Risk 
Management in January 2011 and has since provided updates to its 
strategy in seven later versions, most recently in October 2014. The 
integrated strategy includes key management initiatives and related 
corrective actions plans for addressing DHS's management challenges and 
the actions and outcomes we identified. For example, the October 2014 
strategy update includes an initiative focused on financial systems 
improvement and modernization and an initiative focused on IT human 
capital management. These initiatives support various actions and 
outcomes, such as modernizing the U.S. Coast Guard's financial 
management system and implementing an IT human capital strategic plan, 
respectively. We concluded in our 2015 report that DHS's strategy and 
approach to continuously refining actionable steps to implementing the 
outcomes, if implemented effectively and sustained, should provide a 
path for DHS to be removed from our high-risk list.
    Capacity (partially met).--In October 2014, DHS identified that it 
had resources needed to implement 7 of the 11 initiatives the 
Department had under way to achieve the actions and outcomes, but did 
not identify sufficient resources for the 4 remaining initiatives. In 
addition, our prior work has identified specific capacity gaps that 
could undermine achievement of management outcomes. For example, in 
April 2014, we reported that DHS needed to increase its cost-estimating 
capacity and that the Department had not approved baselines for 21 of 
46 major acquisition programs.\8\ These baselines--which establish 
cost, schedule, and capability parameters--are necessary to accurately 
assess program performance. Thus, in our 2015 report, we concluded that 
DHS needs to continue to identify resources for the remaining 
initiatives; work to mitigate shortfalls and prioritize initiatives, as 
needed; and communicate to senior leadership critical resource gaps.
---------------------------------------------------------------------------
    \8\ GAO, Homeland Security Acquisitions: DHS Could Better Manage 
Its Portfolio to Address Funding Gaps and Improve Communications with 
Congress, GAO-14-332 (Washington, DC: Apr. 17, 2014).
---------------------------------------------------------------------------
    Framework to monitor progress (partially met).--In our 2015 report 
we found that DHS established a framework for monitoring its progress 
in implementing the integrated strategy it identified for addressing 
the 30 actions and outcomes. In the June 2012 update to the Integrated 
Strategy for High-Risk Management, DHS included, for the first time, 
performance measures to track its progress in implementing all of its 
key management initiatives. DHS continued to include performance 
measures in its October 2014 update. However, we also found that the 
Department can strengthen this framework for monitoring a certain area. 
In particular, according to DHS officials, as of November 2014, they 
were establishing a monitoring program that will include assessing 
whether financial management systems modernization projects for key 
components that DHS plans to complete in 2019 are following industry 
best practices and meet users' needs. Effective implementation of these 
modernization projects is important because, until they are complete, 
the Department's current systems will not effectively support financial 
management operations. As we concluded in our 2015 report, moving 
forward, DHS will need to closely track and independently validate the 
effectiveness and sustainability of its corrective actions and make 
mid-course adjustments, as needed.
    Demonstrated, sustained progress (partially met).--We found in our 
2015 report that DHS has made important progress in strengthening its 
management functions, but needs to demonstrate sustainable, measurable 
progress in addressing key challenges that remain within and across 
these functions. In particular, we found that DHS has implemented a 
number of actions demonstrating the Department's progress in 
strengthening its management functions. For example, DHS has 
strengthened its enterprise architecture program (or blueprint) to 
guide and constrain IT acquisitions and obtained a clean opinion on its 
financial statements for 2 consecutive years, fiscal years 2013 and 
2014. However, we also found that DHS continues to face significant 
management challenges that hinder the Department's ability to 
accomplish its missions. For example, DHS does not have the acquisition 
management tools in place to consistently demonstrate whether its major 
acquisition programs are on track to achieve their cost, schedule, and 
capability goals. In addition, DHS does not have modernized financial 
management systems. This affects its ability to have ready access to 
reliable information for informed decision making. As we concluded in 
our 2015 report, addressing these and other management challenges will 
be a significant undertaking that will likely require several years, 
but will be critical for the Department to mitigate the risks that 
management weaknesses pose to mission accomplishment.
DHS Progress in Achieving Key High-Risk Actions and Outcomes
    Key to addressing the Department's management challenges is DHS 
demonstrating the ability to achieve sustained progress across the 30 
actions and outcomes we identified and DHS agreed were needed to 
address the high-risk area. In our 2015 report, we found that DHS has 
fully implemented 9 of these actions and outcomes, with additional work 
remaining to fully address the remaining 21. Achieving sustained 
progress across the actions and outcomes, in turn, requires leadership 
commitment, effective corrective action planning, adequate capacity 
(that is, the people and other resources), and monitoring the 
effectiveness and sustainability of supporting initiatives. The 30 key 
actions and outcomes include, among others, validating required 
acquisition documents in accordance with a Department-approved, 
knowledge-based acquisition process, and sustaining clean audit 
opinions for at least 2 consecutive years on Department-wide financial 
statements and internal controls.
    We further found that DHS has made important progress across all of 
its management functions and significant progress in the area of 
management integration. In particular, DHS has made important progress 
in several areas to fully address 9 actions and outcomes, 5 of which it 
has sustained as fully implemented for at least 2 years. For instance, 
DHS fully met 1 outcome for the first time by obtaining a clean opinion 
on its financial statements for 2 consecutive years and fully met 
another outcome by establishing sufficient component-level acquisition 
capability. It also sustained full implementation of another outcome by 
continuing to use performance measures to assess progress made in 
achieving Department-wide management integration. DHS has also mostly 
addressed an additional 5 actions and outcomes, meaning that a small 
amount of work remains to fully address them.
    We also found that considerable work remains, however, in several 
areas for DHS to fully achieve the remaining actions and outcomes and 
thereby strengthen its management functions. Specifically, DHS has 
partially addressed 12 and initiated 4 of the actions and outcomes. As 
previously mentioned, addressing some of these actions and outcomes, 
such as modernizing the Department's financial management systems and 
improving employee morale, are significant undertakings that will 
likely require multi-year efforts. Table 2 summarizes DHS's progress in 
addressing the 30 actions and outcomes and is followed by selected 
examples.

    TABLE 2.--GAO ASSESSMENT OF DEPARTMENT OF HOMELAND SECURITY (DHS) PROGRESS IN ADDRESSING KEY ACTIONS AND
                                          OUTCOMES, AS OF FEBRUARY 2015
----------------------------------------------------------------------------------------------------------------
                                                                                 Partially
                                                             Fully      Mostly              Initiated
                       Key Outcome                         addressed  addressed  addressed     ****      Total
                                                                *         **         ***
----------------------------------------------------------------------------------------------------------------
Acquisition management...................................          1  .........          3          1          5
Information technology management........................          2          3          1  .........          6
Financial management *****...............................          2  .........          3          3          8
Human capital management.................................          1          2          4  .........          7
Management integration...................................          3  .........          1  .........          4
                                                          ------------------------------------------------------
      Total..............................................          9          5         12          4        30
----------------------------------------------------------------------------------------------------------------
Source.--GAO analysis of DHS documents, interviews, and prior GAO reports. GAO 15-388T
* ``Fully addressed''.--Outcome is fully addressed.
** ``Mostly addressed''.--Progress is significant and a small amount of work remains.
*** ``Partially addressed''.--Progress is measurable, but significant work remains.
**** ``Initiated''.--Activities have been initiated to address the outcome, but it is too early to report
  progress.
***** Although March 2014 updates to most functional areas were minor, there were more significant revisions to
  the financial management actions and outcomes, with some outcomes revised or dropped and others added. These
  revisions prevent the financial management actions and outcomes from being comparable on a one-for-one basis
  with those of prior years. Accordingly, our ratings of DHS's progress in addressing financial management
  actions and outcomes are not an indication of a downgrade to the Department's progress.

    Acquisition management.--In our 2015 report, we found that DHS has 
fully addressed 1 of the 5 acquisition management outcomes, partially 
addressed 3 outcomes, and initiated actions to address the remaining 
outcome. For example, DHS has recently taken a number of actions to 
fully address establishing effective component-level acquisition 
capability. These actions include initiating: (1) Monthly Component 
Acquisition Executive staff forums in March 2014 to provide guidance 
and share best practices and (2) assessments of component policies and 
processes for managing acquisitions. DHS has also initiated efforts to 
validate required acquisition documents in accordance with a knowledge-
based acquisition process, but this remains a major challenge for the 
Department. A knowledge-based approach provides developers with 
information needed to make sound investment decisions, and it would 
help DHS address significant challenges we have identified across its 
acquisition programs.\9\ DHS's acquisition policy largely reflects key 
acquisition management practices, but the Department has not 
implemented it consistently. For example, in March 2014, we found that 
U.S. Customs and Border Protection (CBP) had not fully followed DHS 
policy regarding testing for the integrated fixed towers being deployed 
on the Arizona border. As a result, DHS does not have complete 
information on how the towers will operate once they are fully 
deployed.\10\
---------------------------------------------------------------------------
    \9\ In our past work examining weapon acquisition issues and best 
practices for product development, we have found that leading 
commercial firms pursue an acquisition approach that is anchored in 
knowledge, whereby high levels of product knowledge are demonstrated by 
critical points in the acquisition process. See GAO, Defense 
Acquisitions: Assessments of Selected Weapon Programs, GAO-11-233SP 
(Washington, DC: March 29, 2011).
    \10\ GAO, Arizona Border Surveillance Technology Plan: Additional 
Actions Needed to Strengthen Management and Assess Effectiveness, GAO-
14-368 (Washington, DC: Mar. 3, 2014).
---------------------------------------------------------------------------
    In addition, in our 2015 report we found that DHS continues to 
assess and address whether appropriate numbers of trained acquisition 
personnel are in place at the Department and component levels, an 
outcome it has partially addressed. Further, while DHS has initiated 
efforts to demonstrate that major acquisition programs are on track to 
achieve their cost, schedule, and capability goals, DHS officials have 
acknowledged it will be years before this outcome has been fully 
addressed. Much of the necessary program information is not yet 
consistently available or up-to-date.
    IT management.--In our 2015 report, we found that DHS has fully 
addressed 2 of the 6 IT management outcomes, mostly addressed another 
3, and partially addressed the remaining 1. For example, DHS has 
finalized a directive to establish its tiered governance and portfolio 
management structure for overseeing and managing its IT investments, 
and annually reviews each of its portfolios and the associated 
investments to determine the most efficient allocation of resources 
within each of the portfolios. DHS has also implemented its IT 
Strategic Human Capital Plan at the enterprise level. This includes 
developing an IT specialist leadership competency gap workforce 
analysis and a DHS IT career path pilot. However, as DHS has not yet 
determined the extent to which the component chief information officers 
have implemented the enterprise human capital plan's objectives and 
goals, DHS's capacity to achieve this outcome is unclear. Additionally, 
we found that DHS continues to take steps to enhance its information 
security program. However, while the Department obtained a clean 
opinion on its financial statements, in November 2014, the Department's 
financial statement auditor reported that continued flaws in security 
controls such as those for access controls, configuration management, 
and segregation of duties were a material weakness for fiscal year 2014 
financial reporting.\11\ Thus, the Department needs to remediate the 
material weakness in information security controls reported by its 
financial statement auditor.
---------------------------------------------------------------------------
    \11\ A material weakness is a deficiency, or a combination of 
deficiencies, in internal control such that there is a reasonable 
possibility that a material misstatement of the entity's financial 
statements will not be prevented, or detected and corrected, on a 
timely basis. A significant deficiency is a deficiency, or combination 
of deficiencies, in internal control that is less severe than a 
material weakness, but is important enough to merit attention by those 
charged with governance.
---------------------------------------------------------------------------
    Financial management.--In our 2015 report, we found that DHS has 
fully addressed 2 financial management outcomes, partially addressed 3, 
and initiated 3.\12\ Most notably, DHS received a clean audit opinion 
on its financial statements for 2 consecutive years, fiscal years 2013 
and 2014, fully addressing 2 outcomes. As of November 2014, DHS was 
working toward addressing a third outcome--establishing effective 
internal control over financial reporting. We reported in September 
2013 that DHS needs to eliminate all material weaknesses at the 
Department level, including weaknesses related to financial management 
systems, before its financial auditor can affirm that controls are 
effective.\13\ However, as we reported in our 2015 report, DHS has yet 
to identify and commit the resources needed for remediating the 
remaining material weaknesses. As we reported in September 2013, 
according to DHS's auditors, the existence of these material weaknesses 
limits DHS's ability to process, store, and report financial data in a 
manner that ensures accuracy, confidentiality, integrity, and 
availability of data without substantial manual intervention. This, in 
turn, increases the risk that human error may cause material 
misstatements in the financial statements.\14\
---------------------------------------------------------------------------
    \12\ As previously discussed, in March 2014, we updated the actions 
and outcomes in collaboration with DHS to reduce overlap and ensure 
their continued relevance and appropriateness. These updates resulted 
in a reduction from 9 to 8 total financial management actions and 
outcomes.
    \13\ GAO, DHS Financial Management: Additional Efforts Needed to 
Resolve Deficiencies in Internal Controls and Financial Management 
Systems, GAO-13-561 (Washington, DC: Sept. 30, 2013).
    \14\ GAO-13-561.
---------------------------------------------------------------------------
    We also found in our 2015 report that DHS needs to modernize key 
components' financial management systems and comply with financial 
management system requirements. The components' financial management 
system modernization efforts are at various stages due, in part, to a 
bid protest and the need to resolve critical stability issues with a 
legacy financial system before moving forward with system modernization 
efforts. For fiscal year 2014, auditors reported that persistent and 
pervasive financial system functionality conditions exist at multiple 
components and that DHS continues to rely on compensating controls and 
complex manual work-arounds due to serious legacy financial system 
issues.\15\ We concluded that without sound controls and systems, DHS 
faces long-term challenges in obtaining and sustaining a clean audit 
opinion on internal control over financial reporting, and ensuring its 
financial management systems generate reliable, useful, and timely 
information for day-to-day decision making.
---------------------------------------------------------------------------
    \15\ Department of Homeland Security, Office of Inspector General, 
Independent Auditors' Report on DHS' FY 2014 Financial Statements and 
Internal Control Over Financial Reporting, OIG-15-10 (Washington, DC: 
Nov. 14, 2014).
---------------------------------------------------------------------------
    Human capital management.--In our 2015 report, we found that DHS 
has fully addressed 1 human capital management outcome, mostly 
addressed 2, and partially addressed the remaining 4. For example, the 
Secretary of Homeland Security signed a human capital strategic plan in 
2011 that DHS has since made sustained progress in implementing, fully 
addressing this outcome. We also found that DHS has actions under way 
to identify current and future human capital needs. However, DHS has 
considerable work ahead to improve employee morale. For example, the 
Office of Personnel Management's 2014 Federal Employee Viewpoint Survey 
data showed that DHS's scores continued to decrease in all four 
dimensions of the survey's index for human capital accountability and 
assessment--job satisfaction, talent management, leadership and 
knowledge management, and results-oriented performance culture. DHS has 
taken steps to identify where it has the most significant employee 
satisfaction problems and developed plans to address those problems. In 
September 2012, we recommended, among other things, that DHS improve 
its root-cause analysis efforts related to these plans.\16\ In December 
2014, DHS reported actions under way to address our recommendations but 
had not fully implemented them. Given the sustained decrease in DHS 
employee morale indicated by Federal Employee Viewpoint Survey data, as 
we concluded in our 2015 report, it is particularly important that DHS 
implement these recommendations and thereby help identify appropriate 
actions to take to improve morale within its components and Department-
wide.
---------------------------------------------------------------------------
    \16\ GAO, Department of Homeland Security: Taking Further Action to 
Better Determine Causes of Morale Problems Would Assist in Targeting 
Action Plans, GAO-12-940 (Washington, DC: Sept. 28, 2012).
---------------------------------------------------------------------------
    We have also found that DHS has developed and implemented 
mechanisms to assess training programs but could take additional 
actions. For example, in September 2014, we found that DHS had 
implemented component-specific and Department-wide training 
programs.\17\ We also found that the five DHS components in our review 
all had documented processes to evaluate their training programs. For 
example, we found that DHS had established a five-tier, Department-wide 
Leader Development Framework to build leadership skills across all 
staff levels and implemented programs in support of two of the tiers. 
Nonetheless, we found that various actions could better position the 
Department to maximize the impact of its training efforts. For 
instance, we found that while component officials generally identified 
the Leader Development Framework as beneficial, DHS management could 
benefit from improved information for identifying the need for and 
making program improvements. In support of the Leader Development 
Framework, we recommended, among other things, that DHS clearly 
identify Leader Development Program goals and ensure program 
performance measures reflect key attributes. DHS agreed and implemented 
this recommendation in December 2014. However, to fully achieve this 
outcome, DHS also needs to develop and make sustained progress in 
implementing a formal training strategy, as well as issue Department-
wide policies on training and development, among other things.
---------------------------------------------------------------------------
    \17\ GAO, DHS Training: Improved Documentation, Resource Tracking, 
and Performance Measurement Could Strengthen Efforts, GAO-14-688 
(Washington, DC: Sept. 10, 2014).
---------------------------------------------------------------------------
    Management integration.--In our 2015 report, we found that DHS has 
sustained its progress in fully addressing 3 of 4 outcomes we 
identified and agreed they are key to the Department's management 
integration efforts. For example, in January 2011, DHS issued an 
initial action plan to guide its management integration efforts--the 
Integrated Strategy for High-Risk Management. Since then, DHS has 
generally made improvements to the strategy with each update based on 
feedback we provided. DHS has also shown important progress in 
addressing the last and most significant management integration 
outcome--to implement actions and outcomes in each management area to 
develop consistent or consolidated processes and systems within and 
across its management functional areas--but we found that considerable 
work remains. For example, the Secretary's April 2014 Strengthening 
Departmental Unity of Effort memorandum highlighted a number of 
initiatives designed to allow the Department to operate in a more 
integrated fashion, such as the Integrated Investment Life-Cycle 
Management initiative, to manage investments across the Department's 
components and management functions. DHS completed its pilot for a 
portion of this initiative in March 2014 and, according to DHS's 
Executive Director for Management Integration, has begun expanding its 
application to new portfolios, such as border security and information 
sharing, among others. However, given that these main management 
integration initiatives are in the early stages of implementation and 
contingent upon DHS following through with its plans, it is too early 
to assess their impact. To achieve this outcome, we concluded that DHS 
needs to continue to demonstrate sustainable progress integrating its 
management functions within and across the Department and its 
components.
    In our 2015 report, we further concluded that in the coming years, 
DHS needs to continue implementing its Integrated Strategy for High-
Risk Management and show measurable, sustainable progress in 
implementing its key management initiatives and corrective actions and 
achieving outcomes. In doing so, it will be important for DHS to:
   maintain its current level of top leadership support and 
        sustained commitment to ensure continued progress in executing 
        its corrective actions through completion;
   continue to implement its plan for addressing this high-risk 
        area and periodically report its progress to us and Congress;
   identify and work to mitigate any resource gaps, and 
        prioritize initiatives as needed to ensure it can implement and 
        sustain its corrective actions;
   closely track and independently validate the effectiveness 
        and sustainability of its corrective actions and make mid-
        course adjustments as needed; and
   make continued progress in achieving the 21 actions and 
        outcomes it has not fully addressed and demonstrate that 
        systems, personnel, and policies are in place to ensure that 
        progress can be sustained over time.
    We will continue to monitor DHS's efforts in this high-risk area to 
determine if the actions and outcomes are achieved and sustained over 
the long term.
   key themes continue to impact dhs's progress in implementing its 
                           mission functions
    In September 2011, we reported that our work had identified three 
key themes that had impacted DHS's progress in implementing its mission 
functions since it began operations: (1) Executing and integrating its 
management functions for results, (2) leading and coordinating the 
homeland security enterprise, and (3) strategically managing risks and 
assessing homeland security efforts.\18\ As previously discussed, DHS 
has made important progress with respect to the first theme by 
strengthening and integrating its management functions, but 
considerable work remains. Our recent work indicates that DHS has 
similarly made progress related to the other two themes of leading and 
coordinating the Homeland Security Enterprise and strategically 
managing risk and assessing homeland security efforts, but that these 
two themes continue to impact the Department's progress in implementing 
its mission functions.
---------------------------------------------------------------------------
    \18\ GAO-11-881.
---------------------------------------------------------------------------
    Leading and coordinating the homeland security enterprise.--As we 
reported in September 2011, while DHS is one of a number of entities 
with a role in securing the homeland, it has significant leadership and 
coordination responsibilities for managing efforts across the homeland 
security enterprise.\19\ To satisfy these responsibilities, it is 
critically important that DHS develop, maintain, and leverage effective 
partnerships with its stakeholders while at the same time addressing 
DHS-specific responsibilities in satisfying its missions. Before DHS 
began operations, we reported that to secure the Nation, DHS must form 
effective and sustained partnerships among components and also with a 
range of other entities, including Federal agencies, State and local 
governments, the private and nonprofit sectors, and international 
partners.\20\ DHS has made important strides in providing leadership 
and coordinating efforts. For example, in June 2014, we reported on DHS 
efforts to enhance border security by using collaborative mechanisms 
such as the Alliance to Combat Transnational Threats to coordinate 
border security efforts. Specifically, we reported that DHS and CBP had 
coordinated border security efforts in: (1) Information sharing, (2) 
resource targeting and prioritization, and (3) leveraging of assets. 
For example, through the Alliance to Combat Transnational Threats, 
interagency partners--including CBP, the Arizona Department of Public 
Safety, and the Bureau of Land Management, among others--worked jointly 
to target individuals and criminal organizations involved in illegal 
cross-border activity.\21\
---------------------------------------------------------------------------
    \19\ GAO-11-881.
    \20\ GAO, Department of Homeland Security: Progress Report on 
Implementation of Mission and Management Functions, GAO-07-454 
(Washington, DC: Aug. 17, 2007).
    \21\ GAO, Border Security: Opportunities Exist to Strengthen 
Collaborative Mechanisms Along the Southwest Border, GAO-14-494 
(Washington, DC: June 27, 2014).
---------------------------------------------------------------------------
    However, our recent work has also identified opportunities for DHS 
to improve its partnerships. For example, with respect to DHS's efforts 
to enhance border security using collaborative mechanisms, in June 
2014, we found that DHS had established performance measures and 
reporting processes for the mechanisms, but opportunities existed to 
strengthen the mechanisms. For instance, we found that establishing 
written agreements with its Federal, State, local, and Tribal partners 
could help DHS address coordination challenges, such as limited 
resource commitments and lack of common objectives, and recommended 
that DHS establish such agreements. DHS concurred and stated that it 
planned to develop memoranda of understanding to better facilitate its 
partnerships. Further, in November 2014, we reported on DHS's 
processing of Freedom of Information Act requests.\22\ We found, among 
other things, that DHS lacked an important mechanism for effectively 
facilitating public interaction with the Department on the handling of 
Freedom of Information Act requests because the Department did not have 
an updated regulation reflecting changes in how it processes these 
requests.\23\ We recommended that DHS finalize and issue an updated DHS 
Freedom of Information Act regulation. DHS concurred and reported 
planned actions to implement this recommendation by April 2015.
---------------------------------------------------------------------------
    \22\ GAO, Freedom of Information Act: DHS Should Take Steps to 
Improve Cost Reporting and Eliminate Duplicate Processing, GAO-15-82 
(Washington, DC: Nov. 19, 2014). In general, the Freedom of Information 
Act requires Federal agencies to provide the public with access to 
Government information on the basis of the principles of openness and 
accountability in Government. 5 U.S.C.  552.
    \23\ Pursuant to the Freedom of Information Act, DHS issued an 
interim final rule in January 2003 establishing its procedures for 
implementing the act. See generally 6 C.F.R. pt. 5. However, as we 
reported in November 2014, important changes have occurred in how DHS 
processes Freedom of Information Act requests since the Department 
issued its regulation in 2003, and the regulation has not been updated 
to reflect those changes.
---------------------------------------------------------------------------
    Strategically managing risks and assessing homeland security 
efforts.--As we reported in September 2011, risk management has been 
widely supported by Congress and DHS as a management approach for 
homeland security, enhancing the Department's ability to make informed 
decisions and prioritize resource investments.\24\ Since DHS does not 
have unlimited resources and cannot protect the Nation from every 
conceivable threat, it must make risk-informed decisions regarding its 
homeland security approaches and strategies. As we have previously 
reported, DHS issued the National Infrastructure Protection Plan in 
2006 to provide the overarching approach for integrating the Nation's 
critical infrastructure security and resilience activities into a 
single National effort. This plan, which DHS updated in 2009 and 2013, 
sets forth a risk management framework and outlines the roles and 
responsibilities of DHS with regard to critical infrastructure security 
and resilience.\25\ Our recent work has further found that DHS offices 
and components have continued to engage in risk management activities. 
For example, in September 2014, we reported that during fiscal years 
2011 to 2013, DHS offices and components conducted or required 
thousands of vulnerability assessments of critical infrastructure. 
These assessments can identify factors that render an asset or facility 
susceptible to threats and hazards. However, we also found that DHS is 
not well-positioned to integrate relevant assessments to, among other 
things, support Nation-wide comparative risk assessments, because the 
assessment tools and methods used vary in length, detail, and areas 
assessed.\26\ In addition, our recent work has identified opportunities 
for components to better strategically manage risks in various 
programs. For example, in September 2014, we reported that CBP had a $1 
million budget for covert operations of various activities--including 
nuclear and radiological testing--covering fiscal years 2009 through 
2013.\27\ We found that DHS had established a policy that requires that 
components with limited resources make risk-informed decisions, but 
that CBP testing did not inform capabilities across all border 
locations, and CBP had not conducted a risk assessment that could 
inform and prioritize the locations, materials, and technologies to be 
tested through covert operations. We recommended that--to help ensure 
that resources for covert operations provide reasonable assurance that 
efforts to detect and interdict nuclear and radiological material 
smuggled across the border are working as intended and appropriately 
targeted--DHS conduct or use a risk assessment to inform the 
Department's priorities for covert operations. DHS concurred and 
reported that it plans to implement this recommendation in July 2015.
---------------------------------------------------------------------------
    \24\ GAO-11-881.
    \25\ GAO, Critical Infrastructure Protection: DHS Action Needed to 
Enhance Integration and Coordination of Vulnerability Assessment 
Efforts, GAO-14-507 (Washington, DC: Sept. 15, 2014).
    \26\ GAO-14-507.
    \27\ GAO, Combating Nuclear Smuggling: Risk-Informed Covert 
Assessments and Oversight of Corrective Actions Could Strengthen 
Capabilities at the Border, GAO-14-826 (Washington, DC: Sept. 22, 
2014).
---------------------------------------------------------------------------
    In September 2011, we reported that limited strategic and program 
planning, as well as assessment and evaluation to inform approaches and 
investment decisions, had contributed to DHS programs not meeting 
strategic needs or doing so effectively and efficiently.\28\ Our recent 
work has indicated that strategic and program planning challenges 
continue to affect implementation of some DHS programs. For example, in 
September 2014, we reported on DHS headquarters consolidation efforts 
and their management by DHS and the General Services Administration 
(GSA).\29\ We found that DHS and GSA's planning for the consolidation 
did not fully conform with leading capital decision-making practices 
intended to help agencies effectively plan and procure assets. DHS and 
GSA officials reported that they had taken some initial actions that 
may facilitate consolidation planning in a manner consistent with 
leading practices, but consolidation plans, which were finalized 
between 2006 and 2009, had not been updated to reflect these changes. 
According to DHS and GSA officials, the funding gap between what was 
requested and what was received from fiscal years 2009 through 2014 was 
over $1.6 billion. According to these officials, this gap had escalated 
estimated costs by over $1 billion--from $3.3 billion to $4.5 billion--
and delayed scheduled completion by over 10 years, from an original 
completion date of 2015 to the current estimate of 2026. However, DHS 
and GSA had not conducted a comprehensive assessment of current needs, 
identified capability gaps, or evaluated and prioritized alternatives 
to help them adapt consolidation plans to changing conditions and 
address funding issues as reflected in leading practices. We 
recommended that DHS and GSA work jointly to assess these needs. DHS 
and GSA concurred, and DHS reported in February 2015 that the agencies 
had drafted an enhanced consolidation plan. We will assess this plan 
when it and any additional supporting analyses are made available to 
us.
---------------------------------------------------------------------------
    \28\ GAO-11-881.
    \29\ GAO, Federal Real Property: DHS and GSA Need to Strengthen the 
Management of DHS Headquarters Consolidation, GAO-14-648 (Washington, 
DC: Sept. 19, 2014).
---------------------------------------------------------------------------
    We also recently found that DHS had taken preliminary steps to 
begin to understand the cyber risk to building and access controls 
systems in Federal facilities, but that significant work remained, such 
as developing a strategy to guide these efforts. In particular, in 
December 2014, we found that DHS lacked a strategy that: (1) Defines 
the problem, (2) identifies roles and responsibilities, (3) analyzes 
the resources needed, and (4) identifies a methodology for assessing 
cyber risk to building and access controls systems in Federal 
facilities.\30\ We concluded that the absence of a strategy that 
clearly defines the roles and responsibilities of key components within 
DHS had contributed to a lack of action within the Department. For 
example, we found that no one within DHS was assessing or addressing 
cyber risk to building and access control systems particularly at the 
nearly 9,000 Federal facilities protected by the Federal Protective 
Service as of October 2014. We recommended that DHS, in consultation 
with GSA, develop and implement a strategy to address cyber risk to 
building and access control systems. DHS concurred and identified steps 
it plans to take to develop a strategy by May 2015.
---------------------------------------------------------------------------
    \24\ GAO, Federal Facility Cybersecurity: DHS and GSA Should 
Address Cyber Risk to Building and Access Control Systems, GAO-15-6 
(Washington, DC: Dec. 12, 2014).
---------------------------------------------------------------------------
    Chairman Perry, Ranking Member Watson Coleman, and Members of the 
subcommittee, this completes my prepared statement. I would be happy to 
respond to any questions you may have at this time.

    Mr. Perry. Thank you, Ms. Gambler.
    The Chairman now recognizes Dr. Gerstein for your 
testimony, sir.

STATEMENT OF DANIEL M. GERSTEIN, SENIOR POLICY RESEARCHER, THE 
                        RAND CORPORATION

    Mr. Gerstein. Thank you, Mr. Chairman, Ranking Member 
Watson Coleman, and distinguished Members of the subcommittee.
    I thank you for the opportunity to testify today on the 
Department of Homeland Security, specifically on 
recommendations to improve the Department and the Homeland 
Security enterprise.
    In the aftermath of terrorist attacks of 9/11, the 
Department of Homeland Security was formed. With the Homeland 
Security Act of 2002, the third-largest Cabinet-level 
Department, composed of 22 disparate agencies, was established. 
The legislation provided rationale for the Department but left 
many of the operational specifics for a later date. Some of the 
decisions made in haste did not translate well into 
implementation and should be reconsidered as part of a 
comprehensive reform effort.
    In considering the case for change, it is worth noting that 
under the leadership of Secretary Johnson the Department has 
committed to building the capacities and institutions that will 
be required. To this end, the Department is undertaking a Unity 
of Effort campaign to address many of the deficiencies noted 
over the Department's short history. These efforts are vital 
and should be encouraged and enthusiastically supported.
    Now, in my written testimony I make five recommendations 
across critical areas: Authorities and responsibilities; 
legislation and oversight; strategy formulation, planning, 
effectiveness operations, and resource allocation; personnel 
management, DHS identity, and culture; and, finally, management 
and administration.
    I would like to highlight several of the recommendations 
this morning. So let me make three main points.
    First, a comprehensive review of the Department is in 
order. I call it a roles, missions, and functions review that 
would result in an overarching framework for authorizing 
legislation for DHS. This is essential given that today many of 
the Department's authorities and responsibilities are 
overlapping, have gaps between them, or are unclear. This 
roles, missions, and functions analysis must also consider the 
Homeland Security Enterprise which is that umbrella term that 
encompasses the Department, its components, State, local, 
Tribal, territorial entities, first responders and law 
enforcement communities, and the private-sector bodies 
responsible for managing critical infrastructure.
    Second, in moving forward with reform and building on the 
Unity of Effort initiative, some of the necessary changes can 
be made from within the Department of Homeland Security, but 
others will require external support and direction from 
Congress and the White House. Hard but necessary decisions will 
need to be made. The Congressional oversight process must be 
streamlined. Today, over 120 committees, subcommittees, 
caucuses, and commissions claim some degree of jurisdiction 
over DHS. Legislation in key areas such as privacy, immigration 
reform, and cybersecurity must be provided.
    Additionally, authorizing legislation for the Department 
must be developed to institutionalize the change that is 
currently under way. Failure to do so risks losing the momentum 
for DHS reform with a change of administrations.
    Finally, third: Several process reforms are also needed. 
Additional emphasis must be made to link strategy, planning, 
operations, and resources through the identification of key 
mission areas and development of comprehensive strategies to 
satisfy operational requirements. This requires developing a 
systems approach to these mission areas, identifying seams and 
gaps, and applying appropriate resources to close these gaps 
and build necessary capabilities.
    Establishing clearer links between strategy and resources 
should also include the development and submission to Congress 
of what I call a Future Year Homeland Security Plan, or FYHSP, 
similar to the future year defense plan submitted by DOD. The 
use of a FYHSP would ensure greater stability in DHS budgets 
and programs. Acquisition reform will be important here as 
well. Research, development, and acquisition within the 
Department must be fully linked.
    In making recommendations for comprehensive reform of DHS, 
I remain mindful that change will be difficult but very 
necessary to strengthen and mature the enterprise and allow the 
dedicated men and women who serve within the Department and 
within the Homeland Security Enterprise to reach their full 
potential.
    I appreciate the opportunity to discuss recommendations to 
improve the Department, and thereby the homeland security of 
our Nation, and I look forward to your questions.
    Thank you.
    [The prepared statement of Mr. Gerstein follows:]
            Prepared Statement of Daniel M. Gerstein \1\ \2\
---------------------------------------------------------------------------
    \1\ The opinions and conclusions expressed in this testimony are 
the author's alone and should not be interpreted as representing those 
of RAND or any of the sponsors of its research. This product is part of 
the RAND Corporation testimony series. RAND testimonies record 
testimony presented by RAND associates to Federal, State, or local 
legislative committees; Government-appointed commissions and panels; 
and private review and oversight bodies. The RAND Corporation is a non-
profit research organization providing objective analysis and effective 
solutions that address the challenges facing the public and private 
sectors around the world. RAND's publications do not necessarily 
reflect the opinions of its research clients and sponsors.
    \2\ This testimony is available for free download at http://
www.rand.org/pubs/testimonies/CT424.html.
---------------------------------------------------------------------------
                             February 2014
                              introduction
    Good morning, Chairman Perry, Ranking Member Coleman, and 
distinguished Members of the subcommittee. I thank you for the 
opportunity to testify today about the Department of Homeland Security 
(DHS), specifically about recommendations to improve the Department and 
the Homeland Security Enterprise (HSE).
    In the aftermath of the terrorist attacks of 9/11, the Department 
of Homeland Security was formed. With the Homeland Security Act of 
2002, the third-largest Cabinet-level Department, composed of 22 
disparate agencies, was established. Given the rapidity with which the 
Department was formed, it should be no surprise that the result was a 
loose confederation of components--such as the Transportation Security 
Administration, Secret Service, Federal Emergency Management Agency 
(FEMA), and U.S. Coast Guard, to name a few--overseen by a relatively 
small number of underresourced Departmental staff. The Homeland 
Security Act of 2002 provided the rationale for the Department but left 
the many of the operational specifics for later. Some of the decisions 
made in haste did not translate well into implementation and should be 
reconsidered as part of a comprehensive reform effort. These include 
internal DHS and interagency conflicts with respect to several key 
homeland security issues.
    While the Nation developed significant preparedness and response 
capabilities since the establishment of the Department, more can and 
must be done. The largely smooth response to Superstorm Sandy in 
November 2012 stands in stark contrast to the earlier preparedness and 
response during Hurricane Katrina. The successful management of the 
surge in the flow of illegal aliens--especially unaccompanied minors--
across the Southwestern Border in the summer of 2014 demonstrated an 
important ability to coordinate across the Government and 
internationally. Close collaboration between the private sector and the 
National Cybersecurity and Communications Integration Center (NCCIC) on 
emerging cybersecurity issues in several critical infrastructure 
areas--including in the financial and energy sectors--also demonstrates 
how far the Department has come.
    Yet we continue to see evidence of both the complexity and the lack 
of National preparedness across key mission spaces. The response to the 
Ebola outbreak provides evidence of the lack of National preparedness 
with respect to biodefense, in terms of either naturally infectious 
disease or deliberate use of biological weapons. The fire in a 
Washington Metro station several weeks ago continues to highlight 
critical shortfalls in first responder and law enforcement 
communications and situational awareness during emergencies. The 
growing numbers of cybersecurity incidents demonstrate that the 
Department is playing catch-up in this mission space. The continued 
proliferation of technology is allowing State-like capabilities to fall 
into the hands of small groups and even individuals; we should expect 
these trends to continue.
    In considering the case for change, it is worth noting that under 
the leadership of Secretary Johnson, the Department has committed to 
building the capacities and institutions that will be required. Under 
his direction, the Department is undertaking a ``Unity of Effort'' 
campaign to address many of the deficiencies noted over the 
Department's short history, including a greater emphasis on strategy 
and collaboration among operational components. These efforts are 
critical and must continue. Therefore, my testimony today is both to 
reinforce these efforts and to identify additional opportunities for 
reform.
    In thinking of the potential for DHS reform, it is useful to 
consider another Governmental reform effort that is now almost 3 
decades old. The 1986 Goldwater-Nichols Act made the broadest and most 
sweeping changes to the Pentagon since its establishment by the 
National Security Act of 1947. In the years since, it has stood as the 
embodiment of the best type of legislative oversight--implementing 
thoughtful, serious, and reasoned reforms to address specific 
bureaucratic failures and identifying inefficiencies and service 
rivalries within the Department of Defense (DoD). The act worked and, 
as a result, improved the functioning of the largest Department in the 
Federal Government. The same spirit should be applied to reforming DHS 
and the HSE.
    The use of the Goldwater-Nichols analogy is not to imply that the 
DoD model can or should be directly applied to DHS. In fact, DHS reform 
is actually far more complex. Unlike DoD, which has a strict 
hierarchical command structure, DHS leads through guidance, use of 
standards, and developing coalitions between Federal, State, local, 
Tribal, and territorial entities, as well as industry, other non-
Governmental organizations, and international actors. It cannot direct 
these elements, but must rely on them to collaboratively implement 
homeland security initiatives. As a result, DHS reform can apply many 
of the lessons learned in Goldwater-Nichols, but must develop a unique 
outlook toward reform.
                            recommendations
    My recommendations for DHS reform focus on five critical areas: (1) 
Authorities and responsibilities; (2) legislation and oversight; (3) 
strategy formulation, planning, effectiveness of operations, and 
resource allocation; (4) personnel management, DHS identity, and 
culture; and (5) management and administration. Some of these changes 
can be made from within DHS, but others will require external support 
and direction from Congress and the White House. Additionally, while 
some recommendations could be implemented directly, in other cases 
innovative alternatives must be developed and compared before a course 
of action is determined.
    Authorities and responsibilities must be clarified.--This begins 
with a comprehensive analysis of the roles, missions, and functions of 
the Department and the HSE. Today, many of the authorities and 
responsibilities are overlapping, have gaps between them, or are 
unclear. Over the past decade, legislation has been appliqued onto the 
original Homeland Security Act in an uncoordinated manner. This must be 
rectified through comprehensive authorizing legislation, something that 
the Department has not had since its inception in 2002. In addition, 
the role of the Department versus FEMA in a crisis is another issue 
that must be reconsidered. Having FEMA with a direct report to the 
President in times of crisis confuses lines of authority and affects 
all aspects of preparedness and response, from planning to operations 
on the ground. Authorities and responsibilities reform must also 
institutionalize the change that is on-going in the Department through 
the ``Unity of Effort'' initiative; this must be done through 
comprehensive legislation. Without such legislation, the ``Unity of 
Effort'' initiative will likely lose momentum, as other attempts at DHS 
reform have done during transitional periods.
    Oversight challenges and legislation shortfalls require several 
important initiatives to be implemented.--The Congressional oversight 
process must be streamlined; today, more than 120 committees, 
subcommittees, caucuses, and commissions claim some degree of 
jurisdiction over DHS. This fractured oversight results in conflicting 
guidance, micromanagement on low-level issues, a lack of strategic 
direction, and overreporting. Legislation serves to guide the efforts 
of the Department. In areas such as cybersecurity, technology policy, 
and privacy, having a legal basis for developing policies, programs, 
and regulations is essential. In many of these emerging contentious 
issues, this legislation is lacking.
    Legislation would also be useful for enhancing the relationship 
between the Department and State Governors. While the Stafford Act does 
provide a systemic means for providing Federal natural disaster 
assistance for State and local governments, other coordination 
activities between the Federal and State governments could also be 
formalized through legislation. Another useful addition to assist 
Congress in its oversight process would be the requirement for DHS to 
provide an annual submission (similar to the annual Secretary of 
Defense Report required under Goldwater-Nichols); such a requirement 
would institutionalize a strategy-to-resources discussion of ends, 
ways, and means on a more regular basis than the 4-year Quadrennial 
Homeland Security Review (QHSR).
    In considering a strategy to resources framework, several important 
reforms should be considered.--The ``Unity of Effort'' initiative and 
the accompanying Joint Requirements Council (JRC) are important first 
steps. Additional emphasis must be made to link strategy, planning, 
operations, and resources through the identification of key mission 
areas and the development of comprehensive strategies to satisfy 
operational requirements. This requires developing a systems approach 
to these mission areas, identifying seams and gaps, and applying 
appropriate resources to close these gaps and build necessary 
capabilities. In such a systems approach, there must be a strong 
reliance on analysis to guide key decisions. Establishing clearer links 
between strategy and resources should also include the development and 
submission to Congress of a Future-Year Homeland Security Plan (FYHSP), 
similar to the Future-Year Defense Plan (FYDP) submitted by DoD. The 
use of a FYHSP would ensure greater stability in DHS budgets and 
programs.
    Acquisition reform will be important as well. Research, 
development, and acquisition within the Department must be linked. 
Today, research and development is the purview of the Science and 
Technology Directorate, while the under secretary for management 
manages the acquisition system. This creates a natural gap between 
research and development (R&D) and acquisition, rather than having a 
natural linkage between the three areas. The result is a requirements-
generation process that is largely disconnected from Departmental 
acquisition programs. Another important initiative would be developing 
a Department-wide approach to strategic resourcing in areas such as 
screening and vetting, cybersecurity, and aviation; this shortfall has 
been recognized within the Department, but additional support and 
resources for this effort will be important to prospects for long-term 
incorporation into DHS.
    Improvements in personnel management and developing a DHS identity 
and culture are essential for enhancing the effectiveness and 
efficiency of the Department, as well as addressing employee morale and 
satisfaction.--Central to this effort would be the development of a 
Homeland Security Personnel System (HSPS) charged with the development 
of leaders in the Department and within the components, as well as 
assisting State, local, Tribal, and territorial (SLTT) entities with 
developing their professional homeland security workforce. Career maps 
should be developed that assist in the management of personnel, 
including guidance on training requirements, operational assignments, 
and educational opportunities. Promotions to Senior Executive Service 
(SES) and flag rank for components should be based on developing 
personal and professional competence through service in a variety of 
challenging and broadening assignments, including service on the DHS 
staff. For DHS staff personnel, promotion to SES and flag rank should 
likewise be tied to successful service on a component staff.
    Concerning management and administration, reform is necessary to 
improve the effectiveness and efficiency of the Department.--The roles, 
missions, and functions analysis recommended earlier in my testimony 
would undoubtedly identify opportunities for streamlining activities, 
consolidating staffs and functions, and aligning roles and missions. 
Examples of several reform initiatives are provided below; however, 
these should not be considered to be comprehensive, but rather 
illustrative.
   The JRC must be formalized with appropriate legislation, as 
        should the Department Management Action Group (DMAG) and Senior 
        Leader Group (SLG), which provide senior leader direction for 
        the Department. These forums have already demonstrated utility 
        in taking on weighty topics such as aviation security and the 
        growing Islamic State of Iraq and Syria (ISIS) threat. Such 
        legislation would ensure that these entities survive into the 
        next administration.
   A combined staff should be developed that rotates in 
        talented Homeland Security professionals from across the HSE to 
        serve on 2-year assignments at DHS headquarters. This would 
        have the benefit of infusing the DHS staff with operationally-
        oriented personnel who would also grow immeasurably through the 
        opportunity.
   Organizational reform will also be required, such as 
        elevating the assistant secretary for policy to an under 
        secretary and combining the research, development, and 
        acquisition functions into a single organization.
   Finally, the Department is plagued with span of control 
        issues exacerbated by the distribution of headquarters 
        throughout the Washington, DC, area and the number of direct 
        reports to the Secretary and deputy secretary; a concerted 
        effort to consolidate several headquarters would be a useful 
        outcome.
    Many of these management and administrative reforms will require 
appropriate support and resourcing to fully implement, but they will be 
essential to the achieving desired outcomes.
    During my time serving in the Department, the failure to have 
stable budgets resulted in significant opportunity costs.--Uneven 
spending profiles throughout a budget cycle during 1 fiscal year 
resulted in 80 percent of a budget being spent in the last 3 months. 
The lost momentum associated with sequestration and the Federal 
workforce furlough hindered progress in the execution of key 
Departmental programs. The lost man-hours associated with preparing for 
and recovering from the furlough was also a significant distraction and 
squandering of resources. The effect on the workforce was palpable.
                              conclusions
    I have made a number of recommendations in this testimony. However, 
this is not to imply that the Department has not already been making 
progress in many of these areas. Rather, it is to highlight that these 
efforts must be well-reasoned, coordinated, and comprehensive; further, 
they will require both internal and external support. It is also useful 
to remember that other DHS reform efforts have been attempted in the 
past, and despite promising rhetoric, none has yet taken hold. A 
significant cause of the failures has been not codifying these changes 
through legislation.
    The time for reexamining the Department and streamlining our 
Nation's homeland security efforts is now. The range of challenges 
facing the Department and the HSE will continue to evolve and, in many 
cases, grow. Ensuring that preparedness and response capabilities will 
keep pace necessitates a comprehensive review, followed by vigorous 
implementation.
    In making recommendations for comprehensive reform of the 
Department of Homeland Security, I remain mindful that change will be 
difficult, but they are very necessary to strengthen and mature the 
enterprise, and to allow the dedicated men and women who serve in the 
Department and within the HSE to reach their full potential.
    I appreciate the opportunity to discuss recommendations to improve 
the Department, and thereby the homeland security of our Nation, and 
look forward to your questions.

    Mr. Perry. Thank you, Dr. Gerstein.
    The Chairman now recognizes himself for questions.
    First set of questions will go to the inspector general, 
Mr. Roth. The Secure our Borders Act which was recently passed 
by the committee requires CBP to fly unmanned aircraft 16 hours 
each day every day of the year. However, the IG's report stated 
that the Office of Air and Marine only flew them about 22 
percent of the anticipated number of hours.
    Now, according to CBP, this occurred because of budget 
constraints and bad weather, both of which limited total flight 
time.
    Now, last year there were several reports of CBP loaning 
out its unmanned aircraft to State and local agencies for 
assistance.
    To what extent is this still occurring, if you can tell me? 
Has the loaning out of these aircraft to the State and local 
authorities limited CBP's ability to fly them more frequently? 
Does it create additional wear and tear that leads to otherwise 
unneeded maintenance?
    Mr. Roth. Thank you, Mr. Chairman.
    When we looked at the CBP's use of drones, it was basically 
an audit exercise in which we took a look at how often they 
were used. We did not look at whether they were loaned out, 
what purpose that they were used. We simply used the records 
that they had, which, as you indicated, showed that it was 
about 20 percent of what it is that they thought they were 
going to use when they started the program. I believe other 
entities--in fact, I believe the GAO may have done some work in 
this area, but we have not.
    Mr. Perry. Ms. Gambler, can you comment?
    Ms. Gambler. GAO has not specifically looked at the use of 
UAS for border security. We did issue a report last year in 
response to a mandate that asked us to review a report that the 
DHS privacy office did on use of UAS along the border, but our 
report and that report did not address use for border security. 
We do, and are happy to do some additional work in that area as 
well, and do have some plans to do so.
    Mr. Perry. All right. Although the CBP had previously 
reported that its unmanned aircraft operate over the entire 
Southwest Border, the IG reported that CBP data showed that the 
time spent flying over the border States varied significantly 
by State. In fact, the IG said unmanned aircraft appeared to 
only fly over some areas of the border because they were en 
route to other missions.
    How does CBP explain the lack of flight hours, if you know, 
over certain portions of the Southwest Border, and what, if 
any, vulnerabilities might this expose according to your 
research?
    Mr. Roth. As you know, the Southwest Border is about 2,000 
miles long. What our audit showed is that that vast majority of 
the flights were over a 170-mile sector in Texas and Arizona, 
and as a result, of course, that means that CBP is blind, does 
not have the ability to have the kinds of visibility that a 
drone would give in those other areas.
    What CBP tells us is that when they say they fly across the 
entire Southwest Border means that they have permission from 
the FAA to fly across the entire Southwest Border, but in fact 
they only sort of isolate their flight times to this 170-mile 
corridor.
    Mr. Perry. Now, you said, I think in your testimony, that 
they used 22 percent of the allocation based on the cost. Was 
that correct?
    Mr. Roth. We took a look at what the cost was per flight 
hour, and we looked at the total cost of the program, which is 
what the guidance requires us to do, both there is OMB guidance 
as well as GSA guidance as to how it is that you account for 
costs of aircraft. What we found was that is was about $12,000 
an hour to fly aircraft. Their calculation was considerably 
less than that, about $2,400 per hour. So we disagreed with 
each other by a factor of 6.
    Mr. Perry. Either way, it is significantly down. I mean, 
the usage is significantly down. I mean, we are going to hear 
testimony that says that, you know, any shutdown is going to be 
horrifically detrimental, and many of us agree that it will 
have a significant impact, but at the same time, you can see 
just by the usage of the UAS, money is being wasted where it 
could be reallocated even in times where there is potential 
shutdown.
    In the remaining time that I have, understanding that 
neither GAO or IG has delved into the possible overreach 
associated with this program, I just want to bring this to 
light for your further review if it appears to be in concert 
with your duties.
    An incident occurred in 2012 when a North Dakota district 
judge upheld the first-ever use of DHS unmanned aerial systems 
to assist in the arrest of an American citizen. A farmer was 
herding cattle, and local authorities thought he may be armed 
and dangerous, and asked the DHS to fly the UAS over this 
individual's home.
    In the future, I would like to know if--again, if it is 
within the purview of either of your jurisdictions to find out 
if that, you know, results or indicates evidence of the 
program's potential abuse of its power and working outside its 
granted authority, and if there are in fact controls in place 
to manage that authority?
    With that, I appreciate your testimony.
    Now, I would like to recognize the Ranking Member, Ms. 
Watson Coleman, for questioning.
    Mrs. Watson Coleman. Thank you, Mr. Chairman.
    You know, from all that I have been hearing in the various 
hearings about the Department of Homeland Security, it is a 
relatively new Department in the history of the United States 
of America. It was formulated in response to a crisis. It has 
done remarkable things, but it has so many more things to do in 
order to be able to achieve its mission, ensure our Homeland 
Security, and operate efficiently and effectively.
    I also know that there are significant watchdogs, and the 
two of you, Inspector General, and GAO. In that realm, Mr. 
Gerstein, you, from your experience, have observations that I 
found very helpful.
    I am wondering, Inspector General Roth, and, Ms. Gambler, 
in reviewing the materials today it seems that there has been 
some overlapping of issues. Do you in any way coordinate or 
sort-of interact to ensure that the work that is being done by 
both of you is not duplicative and that there is sort-of no 
gaps in what should be identified?
    Mr. Roth. We are coordinating our answer.
    Yes. We coordinate continuously. In fact, before we ever 
start an audit, one of our first things that we do is that we 
call GAO to ensure, No. 1, to ask what sort of work they have 
done in the past, and, No. 2, to make sure that we are not 
stepping on something that they are already doing. So there is 
a lot of coordination that takes place on the sort of 
programmatic level.
    Additionally, I speak with GAO all the time, my counterpart 
over there who is in charge of the homeland security and 
justice issues. We have a very good sort of working 
relationship, and I would note that the Inspector General Act 
requires me, in fact, to coordinate with GAO, and so we take 
that very seriously.
    Mrs. Watson Coleman. Have you all encountered any 
situations where there has been conflict in--a similarity in a 
finding and a conflict in a recommendation?
    Mr. Roth. I am not aware of such a thing. I mean sometimes 
we look at the same program. For example, we have both looked 
at the drone program, but we have looked at different aspects 
of it. So I think it is actually highly complementary, but I 
will let GAO speak for themselves.
    Ms. Gambler. I would just add we have the same process, 
where at the start of each GAO review we contact the DHS, OIG 
staff to ensure that we are not doing duplicative or 
overlapping work. We also, I think, regularly exchange lists of 
on-going reviews between the two entities, and we also, as 
Inspector General Roth indicated, meet periodically to talk 
about the work that we are doing. In cases where there may be 
overlap or duplication of effort, we work and collaborate to 
ensure that maybe we look at different aspects of the program 
or something like that.
    Mrs. Watson Coleman. Thank you.
    Mr. Roth, your audits save money, your audits 
programmatically should--probably ensure that they are 
achieving the mission that we are providing the safety to the 
homeland and the security. So your audit function is extremely 
important.
    What happens if we fail--if Congress fails to send a 
Homeland Security Funding Initiative to your auditing function 
or your whole office or any part of your office?
    Mr. Roth. Sure. As you know, in a lapse of appropriation, 
we can only do two things. We can work to do things necessary 
to save life and property, and we can use money that may have 
been appropriated under a different source. In other words, not 
a current appropriation. Our law enforcement staff, these are 
the folks who are largely on the Southwest Border, but 
elsewhere, that are sort of the internal affairs component, 
they are the watchers of the CBP and ICE, they will continue to 
work because there has been the assessment that this is 
necessary to preserve life and safety.
    We have an audit staff that works on the disaster relief 
fund, the FEMA work, basically, in which we have a small amount 
of money left over from last year. That appropriation never 
lapsed. So we are able to continue to have those folks work.
    But our audit staff will obviously be furloughed. We have 
about 60 audits in process currently that will have to be 
stopped and then obviously picked back up when we receive 
funding.
    Mrs. Watson Coleman. Thank you.
    Ms. Gambler, even though there has been this recognition 
that under the leadership of Secretary Johnson things have 
improved tremendously, is there any single most important 
action that the Department's leadership should take to ensure 
they remain on track to have these issues removed from the 
high-risk list? What role do the resources play in addressing 
these issues raised by the high-risk list?
    Ms. Gambler. What is critical for DHS to address our high-
risk designation going forward is that they continue to show 
measurable and sustainable progress across their management 
areas. What that means, to give you an example, is within 
acquisition management, we have found that they have a good 
knowledge-based process and policy for managing acquisitions, 
and we have recognized that, and that is to the Department's 
credit. But what we need to see now is that the Department can 
consistently apply that process to its individual acquisition 
programs and demonstrate that those programs are on track to 
meet cost schedule and performance expectations.
    In terms of resources, one of GAO's five criteria for 
removal from the high-risk list is that agencies have the 
capacity to resolve the risks, and when we say capacity, we 
mean that they have the people and other resources. DHS has 
identified resource needs and has identified their capacity for 
a number of initiatives they have under way to address our 
high-risk designation, but there are other initiatives for 
which they are continuing to work to identify what resources 
are needed.
    Mrs. Watson Coleman. I am going to yield my time back.
    Thank you very much, but I hope we have a second round of 
questioning because I certainly have a lot of questions.
    Mr. Perry. Absolutely. The Chairman thanks the Ranking 
Member.
    Just remind everybody that the House bill funded OIG at 
$142 million for fiscal year 2015, above the fiscal year 2014 
requirement, which appears that the House did indeed do its 
job.
    With that, the Chairman would now recognize the gentleman 
from Florida, Mr. Clawson.
    Mr. Clawson. Thank you.
    Thanks for coming you all. Thanks for your service to our 
country.
    I am going to go back in time a little bit and ask you to 
put your thinking caps on for a minute, put yourself in my 
position, and help me think a little bit about how we should 
view, measure the Department.
    Since I have come here starting last summer, the story that 
is told from other folks prior to you all coming here, and this 
is good for you all to be here because you are looking at 
accountability and measurables, and I want to lift that up a 
little bit and so that I know a little bit more about what you 
know.
    We are told that things are better, that more and more 
folks are being stopped on the border, and that things are 
getting better throughout the Department, but that we also need 
more resources. We were asked for capital expenditure resources 
as well as operational resources. So far so good. Right?
    But then after that most of the data that we get here is 
rather anecdotal. I can't tell you as a Member of this 
committee what the goals and metrics are by function, by 
region. I hear some data, but I couldn't really roll it up. So, 
therefore, for me to get a return on investment, if you will, 
for the taxpayer, I can't tell you what it is. I haven't seen 
any capex data since 2010, and yet I am asked to approve more 
capex data when I haven't seen anything on a macro level about 
how we are doing with our money, with the shareholder, or in 
this case the taxpayer money.
    So I don't know what the current goals are by area on a 
macro basis, and I don't know what the current spending is for 
each one of those areas, and, therefore, it is hard for me to 
make any decisions without a bigger picture on how we are doing 
with the resources that we currently have.
    Now, you three tell me. You are auditors. Your business is 
to dig into the forest level, but it is also to lift above to 
30,000 feet as well. Am I missing something here? Are there 
goals on a functional level so that we can see how the 
Department is doing? If there is goals, and if there is actual 
operational data, is there a way we can get it?
    I don't have a negative opinion, but neither do I have a 
positive opinion. I don't have enough data to have an informed 
opinion, and you all are auditors. Am I missing something here? 
We seem to wrestle around with what this thing is doing, what 
that is doing, without any big picture view of what is really 
going on in terms of outputs versus inputs.
    I don't know who to direct it to first, but I will let you 
start, Honorable Mr. Roth.
    Mr. Roth. I think you raise a very good and fundamental 
question. I mean, certainly when we look at some of the audits 
that we have done, for example, I think on the drone report, 
that is one in which we really pushed them and said: What does 
success look like? What are your metrics? How is it that you 
can justify a $360 million expense over the course of, you 
know, 5 years? How is it that you justify that? Is it the 
number of aliens that you caught? Is it the number of drugs you 
have seized? What is the metric? They do not have a metric. So 
it is a very frustrating aspect to me, and I can go through 
audit after audit after audit.
    The TSA's SPOT Program, their Behavior Analysis Program. It 
is, like, what are your performance metrics and how do you know 
whether or not you meet those performance metrics? In other 
words, for a $200 million program a year, what is it about that 
that gives some comfort to us that that is money well spent? 
They couldn't answer that question. It is a very frustrating 
thing for us as auditors who attempt to try to get some 
precision in sort-of effectiveness in Government programs when 
they simply don't measure it. So I share your frustration.
    Mr. Clawson. Do the other two guests share in that--it is a 
rather frightening observation, and I am not partisan on this, 
to spend this amount of money and not have goals and, 
therefore, not knowing whether we are wasting taxpayer money or 
not. How do the two of you feel about it?
    Ms. Gambler. So your question gets at a key theme of our 
work as well, which is that DHS has performance measures for 
some programs but not all programs, and that, you know, sort of 
across the DHS spectrum that the Department and components 
could strengthen their use of metrics and their use of data for 
measuring progress and results.
    I would also add that DHS has a Quadrennial Homeland 
Security Review and a strategic plan, and we have on-going work 
for the subcommittee right now looking at that higher-level 
strategy that DHS has to securing the homeland and will be 
reporting out to the subcommittee on that going forward.
    Mr. Gerstein. So I would like to pick up on the theme and 
take it a little bit further and talk a little bit more from an 
analytical perspective.
    I think it has been recognized across the Department that 
there was a lack of metrics, a lack of strategy, a lack of 
planning, a lack of operational ability to understand where 
certain issues were with respect to solving problems.
    So in the Quadrennial Homeland Security Review, they did 
identify--the Department identified five basic mission areas, 
and for each of those there were, if you will, metrics. They 
are high-level metrics, but they are metrics.
    Mr. Clawson. Can we see those metrics?
    Mr. Gerstein. Absolutely. The Quadrennial Homeland Security 
Review is a public document.
    The other thing I would add is that Secretary Johnson 
recognized this, and on top of the Homeland Security review has 
put in place the Unity of Effort which is designed to get at 
this very issue. In fact, what the Unity of Effort is trying to 
do is to pick areas so one area is cybersecurity, another is 
aviation commonality, which the IG spoke about in his remarks.
    Another is dealing with common vetting and screening. So 
what they are trying to do in these particular areas is 
identify what are the requirements in these areas, what are the 
metrics that we are measuring against, where are the capability 
gaps, and then satisfy them through either business process 
reforms, through acquisitions, through a variety of measures.
    So I think that it is certainly something that has been 
thought about and understood.
    The Joint Requirements Council that was discussed in my 
written testimony is also at the lower level, and the 
adaptation of what went on with the Unity of Effort and the 
Quadrennial Homeland Security Review.
    Mr. Clawson. I want to apologize to the----
    Mr. Perry. The Chairman thanks the gentleman.
    Mr. Clawson [continuing]. Folks on the other side for 
taking----
    Mr. Perry. The Chairman now recognizes the gentlelady from 
California, Mrs. Torres.
    Mrs. Torres. Thank you, Mr. Chairman.
    I have a question for each of you, starting with Ms. 
Gambler. Last September the GAO issued a report on Customs and 
Border Protection's covert assessments of their ability to 
detect nuclear materials at their ports of entry.
    Given the proximity of the district I represent to the Port 
of LA and Long Beach, and its impact on the labor market of my 
district, this is an issue of great interest to me and my 
constituents. I noted in the report that the number of covert 
tests conducted at seaports has declined from eight in 2010 to 
just three in 2013.
    Does CBP have the resources to conduct the number of covert 
tests needed to fully assess their ability to combat nuclear 
smuggling at seaports?
    Ms. Gambler. Congresswoman, your question gets at a key 
finding that we had in that report, which is that CBP has not 
conducted a risk assessment for its covert testing operations. 
Such a risk assessment would help CBP better allocate the 
resources it has to conducting those covert operations.
    What we pointed out in our report was that such a risk 
assessment could include looking at the locations for testing, 
the types of material to be tested, and the types of technology 
to be tested. So we have recommended that CPB conduct that risk 
assessment to prioritize and make best use of the resources it 
has.
    Mrs. Torres. I would encourage you to continue that work. 
This is a critical issue for us. We are not talking about human 
beings crossing, but, you know, these are weapons that could be 
utilized and create mass chaos in our communities.
    Inspector General Roth, in a recent report your office 
estimated that it costs approximately $12,255 per hour to 
operate CBP Air and Marine's unmanned aircraft system, UAS, 
program. However, the office of Air and Marine calculated a 
cost of $2,468 per flight hour because they did not include 
operating costs such as the cost of pilots, equipment, and 
overhead. The OIG made a recommendation which CPB concurred 
with, but only in principle.
    Can you explain to us all of the factors that should be 
taken into account when determining the cost per hour for 
operating UAS, and are you confident that CBP will implement 
your recommendations at this point?
    Mr. Roth. Thank you. As you note, they did not include many 
of the costs that we believe ought to be included, including 
the cost of the pilots, the cost of the sort of satellite 
uplink, for example, the cost to--the overhead on the runways, 
the cost of the pilots, those kinds of things, the cost of 
depreciation. In other words, the wear and tear on the 
aircraft. Those are the kinds of things that the Office of 
Management and Budget and GSA require that a program count so 
we understand what the full cost of the operation are. I always 
like to use the analogy of my teenage son who wants to buy a 
car, and, you know, it is not just the cost of the car. You 
have to have your insurance, you have to have your gas, you 
have to figure out where you are going to park it. You have to 
put some money away for maintenance when you need that. That is 
what CBP has not done here, and that was the basis of one of 
our more significant objections.
    We are in a 90-day period in which they are assessing our 
recommendations, and they are going to come back to us with 
what it is that they say that they are going to do. I can't 
predict what they are ultimately going to say about our fairly 
strong recommendation that all of the costs be accounted for, 
but we will certainly keep this committee apprised as we go.
    Mrs. Torres. Thank you.
    Mr. Gerstein, in your prepared testimony you cite to some 
of the problems that arise from the distribution of the 
Department of Homeland Security's headquarter staff throughout 
the Washington, DC area. Having served in leadership positions 
with the Department of Homeland Security, what is your opinion 
of the benefits that would be derived from completing the 
consolidated headquarters project, and will doing so have 
benefits for both operations, and most importantly to me, 
workforce morale?
    Mr. Gerstein. Thanks. Well, I am not going to take an exact 
position on St. Elizabeths, if you don't mind, but I would like 
to talk about building a culture and an identity within the 
Department of Homeland Security. What it feels like having 
worked there for a number of years, and served in leadership 
positions, building this identity, a common way of moving 
forward is really important. It is based on personal 
relationships. It is based on having this common identity.
    Right now the Department is spread out over 20 different 
sites within--20 large sites within the Washington area alone, 
and that makes it very difficult to bring people together. 
While modern technology helps, there still needs to be more in 
terms of bringing people into a common area.
    On the St. Elizabeths, I know that, you know, it is a great 
facility. The Coast Guard is there now, but it is my 
understanding that it would not be large enough to house the 
entire Department staff in that single facility.
    Mrs. Torres. Thank you.
    I would yield back my time to Mrs. Watson Coleman if she 
needs extra time.
    Mr. Perry. The Chairman thanks the gentlewoman, and now 
recognizes the gentleman from Georgia, Mr. Loudermilk.
    Mr. Loudermilk. Thank you, Mr. Chairman.
    I would like to go back to the cost of flying the unmanned 
aircraft. I believe the IG reported the cost of $12,255 per 
hour to operate the aircraft. As an aviator, I find that 
astounding that--especially an unmanned aircraft, you know, 
where the CBP estimated, you know, I think $2,468 per flight 
hour.
    Why is there such a differential and why is the cost per 
man hour so high, especially for an unmanned aerial vehicle?
    Mr. Roth. There is a couple things. The differential is 
that we simply are bound by our auditing standards. We are 
outside auditors. We go in. We don't have a dog in the fight, 
as it were. It is not our program. We simply look at the 
program in an objective way. We use the standards that are 
already out there that are set by OMB and GSA, and this is the 
number we came up with, and we are fairly transparent as to how 
we got that number. It is on page 8 of our report, if you would 
like to see it.
    Now, because they fly the aircraft so few hours, that means 
the cost per hour is high. Of course, if they fly it more, then 
the cost per hour will decrease. So that is one of our 
recommendations, of course, just like because if Southwest 
Airlines, you can guarantee when they buy an aircraft, they use 
it, and they use it to its full potential, and that is 
certainly one of our recommendations. If you use these to the 
full potential like you said you were going to do in your 
concept of operations when you purchased it, then the cost per 
hour is going to go down.
    Mr. Loudermilk. So to follow up, you are basically--you are 
taking the full cost, including the salary, benefits of the 
pilot, the camera operator, or that is included in the cost per 
hour of operation?
    Mr. Roth. Correct. You know, there is a loaded cost for 
each personnel. So, for example, CBP did not have the cost of 
the pilots because in their sort of thinking, well, that is 
being paid for out of a separate pot. They didn't include, for 
example, what it costs the Coast Guard to, you know, assist in 
these missions, particularly the over water missions.
    They didn't talk about their office of intelligence and law 
enforcement liaison because that is in a different budget sort-
of line, which is all sort-of valid except it all comes out of 
the taxpayer's pocket anyway. So we need to count everything so 
when the Secretary looks at the program he can understand 
what--or Congress looks at the program, you can understand 
truly what it costs and is this the right investment of money.
    Mr. Loudermilk. How many flight hours does an average pilot 
have? I mean, are you talking about increasing the number of 
hours that we fly, which from my trip to the border we see the 
effectiveness of the UAVs.
    Are our pilots--do they have subsequent down time that they 
are not flying that they could fly more hours without us hiring 
more unmanned pilots?
    Mr. Roth. I don't know the answer to that question. It is 
not reflected in our report. I can certainly get back to you 
and see if that is something that we looked at as far as 
whether or not it is scalable. In other words, to be able to 
fly five times as many hours, do we need X number more pilots?
    I will say that according to our analysis, they spend about 
$11 million a year on pilot salaries for the UAV program.
    Mr. Loudermilk. So with that--if we had to hire more 
pilots, then we wouldn't necessarily see a decline in the cost 
per hour because we are going to be incurring the cost of more 
pilots. That is what I am getting at. Somewhere there is a 
differential, I think, beyond just the cost of the pilots in 
there, and that is what I was trying to get to because if--it 
makes sense if we have the pilots are not flying their full 
allotted hours or their capability, whatever the regulation 
says you can fly this many hours in a week or time frame.
    So that is kind-of where I was getting at. Is it an 
accounting difference, or are we spending a lot more on these 
unmanned vehicles? Is there some areas that we can save money 
without affecting the operation and our capabilities?
    Mr. Roth. I understand your question now. Is it linear, in 
other words----
    Mr. Loudermilk. Right. Exactly.
    Mr. Roth [continuing]. Or not and certainly some of the 
issues--certainly fuel would be linear, cost of pilots would be 
linear. Some of the other would not be linear. The 
depreciation, for example. The overhead of the program 
management, which is about $5 million a year, that is going to 
be the case whether you are flying or not flying. The overhead 
on the facilities itself, the runways and the--that kind of 
facility would not be linear.
    So there are no--I know there are fixed costs that could be 
distributed over greater flight hours, but I don't have the 
specific data.
    Mr. Loudermilk. I appreciate that. Thank you.
    I yield back.
    Mr. Perry. Chairman thanks the gentleman.
    Now Chairman recognizes the gentleman from Louisiana, Mr. 
Richmond.
    Mr. Richmond. Thank you, Mr. Chairman.
    My first question would be directed to Mr. Roth, and our 
committee, and especially through our Ranking Member, we have 
been trying to get the Department of Homeland Security to give 
us information regarding its suspension and disbarment program 
in terms of contractors. We have asked them for a number of 
things, especially when one of their components recommends a 
disbarment or suspension and they don't do it.
    So in that sense, has the Office of Inspector General 
recently conducted a review of the suspension and disbarment 
process at DHS?
    Mr. Roth. We have not published any audit reports on that. 
I think we are doing some preliminary work on that issue. I 
share with you the concern. My prior background is as a 
criminal prosecutor and we have done a number of cases on sort 
of acquisition fraud kinds of work, and I understand the 
strength that can occur as a result of a very vigorous 
suspension and debarment program.
    Sometimes you can't make a criminal case or you can't even 
make a false claims case, and yet you could do something to 
ensure that those folks aren't in fact selling to the 
Government anymore. I think it has an enormous deterrent effect 
when used properly.
    So I share your concerns with regard to our program, but we 
haven't any published reports on that.
    Mr. Richmond. Off-hand would you know any rules, 
regulations, or statutes that would give them the ability to 
deny us access to the recommendations from their components or 
the list of people who were recommended for debarment or 
suspension and then their ultimate action?
    Would you know of anything that would give them privilege 
or keep them from giving us that information in writing?
    Mr. Roth. You know, off the top of my head, I am not aware 
of it, but, candidly, I haven't done any analysis of that 
issue.
    Mr. Richmond. Well, good that is my last question.
    Mr. Roth. Okay.
    Mr. Richmond. Which is, would you be open to conducting 
such a review to ensure decisions are being arrived at upon--in 
a consistent and equitable manner?
    Mr. Roth. I would like to take that back to my auditors and 
see what it is that we could in that area. What I would like to 
do is perhaps have our staffs meet to get a better sense of 
what it is that you are looking at and see whether or not there 
can be work that could be done.
    Mr. Richmond. Thank you.
    The next question would be for Ms. Gambler. I know that 
last December you all issued a report on Federal facilities 
cybersecurity that stated that DHS and GSA should address cyber 
risks to building and access control systems. In the course of 
its audit, GAO found that DHS lacks a comprehensive strategy 
for addressing the issue. So given GAO's recent work in this 
area, could you please elaborate for the subcommittee on the 
actions DHS and GSA need to take to ensure that our Federal 
facilities are hardened against a cyber attack?
    Ms. Gambler. Sure. Thank you for the question. As you 
noted, we recommended in that report that DHS work with GSA to 
come up with a strategy for assessing cyber risks to building 
and access control systems in Federal facilities. We 
specifically recommended that that strategy include a 
definition of what the problem is, assigns roles and 
responsibilities, identifies a methodology for assessing that 
risk, and some other things as well.
    We also recommended through our report that the Interagency 
Security Committee, which is housed within DHS and among other 
things, provide some guidelines and guidance for Federal 
facility security standards, that they should include some 
information in their documents and their guidance about what 
the threat is from cyber risk and that that information would 
help Federal agencies better assess what their risks are.
    Mr. Richmond. Thank you.
    I will try to squeeze in one last question. Back to Mr. 
Roth. Last Congress, as Ranking Member of the Subcommittee on 
Transportation Security, we worked on addressing TSA's 
acquisition policies. I noted in your testimony that your 
office will be working with DHS acquisitions in the near term. 
So is the problem with DHS's acquisition management derived 
from the Department not having clear policies and procedures in 
place for the components? Or is that the components all too 
often disregard the policies that are in place?
    Mr. Roth. Congressman, it is a little bit of both. 
Certainly for a long time there had not been the right kinds of 
procedures and policies in place. I think that Secretary 
Johnson has made a very strong effort in the time that he has 
been Secretary to put some rationality and some function behind 
sort-of a unified effort to do acquisition management. But we 
have also seen instances in which the components simply 
disregard what the Department has asked to do. There really 
hasn't been any consequences for that disobedience.
    One of the things that I worry about is that 
notwithstanding Mr. Johnson's efforts, he will be at some point 
gone, and whether or not I will be here in 2 years asking 
whether or not the same kinds of issues are taking place. In 
other words, are there the right kinds of policies and 
procedures in place and is there someone there who is actually 
enforcing them? Certainly the kinds of legislation that we have 
seen come out of the House I think has been a very welcome 
development.
    Last term I know that the House passed the Acquisition 
Accountability and Efficiency Act, which I thought was a good 
development. I look forward to those kinds of pieces of 
legislation in ensuring that the acquisition management 
function at DHS continues beyond this administration.
    Mr. Richmond. Thank you.
    Thank you, Mr. Chairman.
    Mr. Perry. The Chairmman thanks the gentleman.
    The Chairman now recognizes himself for the beginning of 
the second round, or the beginning of the second round.
    The first question will go to Ms. Gambler. The GAO recently 
reported that DHS had such a large backlog of Freedom of 
Information Act, or FOIA, requests that it set a goal of 
reducing them by 15 percent each year since 2011. However, 
although there was initial progress in fiscal year 2012, the 
number of backlog requests nearly doubled in fiscal year 2013 
with over 23,000, 23,000 more unfulfilled FOIA requests in 
fiscal year 2013 than in the prior year. I mean, that is 
astounding this agency is that far behind in answering the 
hard-working taxpayers that are paying for it and their 
legitimate requests.
    The question to you is: Has the DHS done enough to 
realistically believe that they would be able to tackle the 
backlog of requests from the taxpayers?
    Ms. Gambler. There were a few key recommendations that we 
made in our report, Chairman, which we believe would help DHS 
improve its processing and handling of FOIA requests.
    One is for them to update their Department-wide FOIA 
regulation, it hasn't been updated since 2003, to make sure 
that regulation takes account of everything that has changed in 
the FOIA environment since that time. We have also recommended 
that DHS and the components do a better of job of taking 
account of and tracking and fully tracking the costs that they 
spend responding to FOIA requests.
    Finally, in doing our work, we found that there was the 
potential for some overlap in the processing of immigration-
related FOIA requests, which is a large number of the requests 
that DHS gets. So we recommended, to help reduce that 
duplication and overlap and help to insert some efficiency, 
that DHS and the two components involved, ICE and USCIS, should 
look at coming to an agreement about how to process those more 
efficiently.
    Mr. Perry. I think you said that DHS's Privacy Office has 
not updated its FOIA regulations in more than 10 years despite 
updates to the policy. Do I have that correct?
    Ms. Gambler. That is right. Their FOIA regulation has not 
been updated since 2003. There has been some changes 
Government-wide to FOIA requirements and policies since that 
time.
    Mr. Perry. Do you think that a lack of transparency in the 
Privacy Office has exacerbated that backlog?
    Ms. Gambler. Chairman, that wasn't something that we 
specifically looked at in the report. But we did find and 
describe in the report that the FOIA processing is, you know, 
sort-of specific to the components. It is the components' 
responsibility to respond to FOIA requests. So our 
recommendations were geared to helping the Department provide 
some oversight for how FOIA requests are handled and processed.
    Mr. Perry. So each department would have its own separate 
staff to deal with the FOIA requests for that department, is 
that essentially correct?
    Ms. Gambler. Each component, yes, sir.
    Mr. Perry. Each component. I imagine the size of that 
varies per component, the administrative size I mean, is that 
your understanding?
    Ms. Gambler. I believe so, yes. The components I think get 
different numbers of FOIA requests.
    Mr. Perry. Dr. Gerstein, maybe you can shed--as you have 
looked at the organizational structure, do you have anything to 
add regarding the efficiency or trying to clear up this 
backlog, that what you studied might be germane?
    Mr. Gerstein. I just know from the S&T perspective, Science 
and Technology Directorate, that we were working very hard to 
get at the backlogs. I will say there were a couple of FOIA 
requests that were very, very complex and required a great deal 
of work to be able to dig out literally thousands of emails to 
be able to provide on a particular request. So it is not a 
trivial process to provide this information.
    Mr. Perry. Okay, thank you.
    Then moving on to my final questioning for the round is to 
find out if there is anybody on the panel that is familiar with 
what is known as the single point of failure in the Amtrak 
corridor? This relates to cybersecurity and the construction of 
an alternate petabyte pathway, where Homeland Security was the 
initial impetus for demand of a diverse broadband pathway from 
the blast zones associated with the major thoroughfares of 
Philadelphia, New York, Baltimore, and the District of Columbia 
and where we stand on that. Can anybody speak to that? Or is 
that something that you are unfamiliar with?
    Ms. Gambler. For GAO, I am not sure, but we would be 
happy--I would be happy to check and get back with you and your 
staff.
    Mr. Perry. All right. I would appreciate it if you would.
    At this time, I yield time for the second round to the 
Ranking Member, Ms. Watson Coleman.
    Mrs. Watson Coleman. Thank you, Mr. Chairman.
    Mr. Gerstein, I keep reading that morale is the big issue 
in this Department. I guess to some extent it does impact the 
Department's ability to accomplish its mission and do the 
things that GAO and the inspector general is concerned about. I 
also understand that there have been a number of contracts let 
to study, to survey the issues of morale.
    So I am wondering with your experience and your knowledge, 
whatever happened to the recommendations, the findings and the 
recommendations and why are they still doing them? Have they 
ever implemented any of them?
    Mr. Gerstein. So the impetus for a lot of the employee 
viewpoint studies is really the OPM, the Office of Personnel 
Management, study that comes out on an annual basis. It is 
administered in April to June. It comes out in November. Then, 
of course, you know, there is efforts by leadership to respond 
and be able to think through the issues.
    So the question really before us is why then, if you are 
doing an annual survey, do you need other surveys to augment 
those? The answer is actually fairly straightforward. You know, 
when we got our results to the Science and Technology 
Directorate, the annual survey, it lacked the granularity to be 
able to understand at what level of leadership, for example, 
there were criticisms. So we asked for an internal study to be 
done, an internal survey that looked specifically and tried to 
identify specifically at what levels we might have shortfalls 
in the leadership.
    There were some things that came out of the survey that 
made a great deal of sense. For example, one of the great 
criticisms within the piece that directly was related to the 
Science and Technology Directorate had to do with shortfalls in 
funding. So many people answered very negatively about science 
and technology resourcing. Of course, that is the year, in 2011 
and 2012, in which the Department and Science and Technology 
Directorate in particular saw a 56 percent reduction in 
research and development. So no surprise that the workforce 
would be signaling in that way.
    Now, on the other question of what are done with all the 
surveys, I guess I would say that I think there are a number of 
subordinate organizations, components, who do their own 
internal surveys much like the Science and Technology 
Directorate did. Then at the Department level, there is a lot 
of effort to try to understand what the survey results are 
actually yielding.
    So that is the impetus for doing these surveys.
    Mrs. Watson Coleman. Is anyone contacting these external 
organizations who do these surveys to make the final 
recommendations? Then does the Department implement any of 
them?
    Mr. Gerstein. Well, for example, in Science and Technology, 
we used an outside organization to help us. You know, we looked 
at the results and we are working to implement change.
    So, yes, I do think that they are helpful in trying to 
identify areas and provide more granularity.
    Mrs. Watson Coleman. Thank you.
    This is actually for both Mr. Roth and Ms. Gambler, because 
it has to do with the TSA. To the extent you can discuss 
findings which you have with regard to the management 
conclusion, findings which rely heavily on the behavior 
detection policies has fundamental flaws to introduce 
unnecessary security risks into the aviation environment.
    If, in fact, we are talking about the sort of profiling 
that has no scientific basis, Ms. Gambler, has the Department 
implemented any of your recommendations with regard to having 
less reliance on that, as opposed to expanding its inclusion?
    Thank you.
    Mr. Perry. Mr. Roth.
    Mr. Roth. Thank you.
    As you know, the report that we issued with regard to the 
PreCheck program is classified both at the SSI and Secret 
level. So it is very difficult in this environment to give you 
an answer to that question. I would say that we have some very 
deep concerns as to some of the decisions that TSA has made 
with regard to the Managed Inclusion and PreCheck program.
    Mrs. Watson Coleman. So we can have a, then sort-of closed-
door discussion on this at some point in the very near future?
    Mr. Roth. We welcome a briefing. We can describe exactly 
what our concerns are in a closed briefing.
    Mrs. Watson Coleman. Thank you, Mr. Roth.
    GAO has also acknowledged that this is not a scientific-
based approach. Has the Department implemented any of your--or 
TSA implemented any of your recommendations?
    Ms. Gambler. So with regard to the most recent 
recommendation we made about the behavioral detection program, 
we had recommended that TSA should limit funding for the 
program until they were able to show scientifically-validated 
evidence that behaviors can be used to detect--or behavioral 
indicators can be used to detect threats.
    TSA disagreed with our recommendation on that report. In 
doing our follow-up on our recommendations, we understand that 
TSA is reviewing the program. That is under way right now. So 
at this point, it is unclear the extent to which that will meet 
the intent of our recommendation.
    Mrs. Watson Coleman. Thank you, Mr. Chairman.
    Thank you.
    Mr. Perry. The Chairman thanks the gentlewoman.
    The Chairman recognizes the gentleman from Florida, Mr. 
Clawson.
    Mr. Clawson. Okay. So let's go back to what we were 
speaking about earlier and maybe you all can help me a little 
bit.
    A strategy always flows from current situation and tactics 
flow from strategy. I personally don't have enough data yet to 
have an overall view of what the current situation is. So if 
you all could do me a favor, maybe get together with my team 
and I, somebody, who would it be that I could get the very 
basic, top-level data about what is going on in the Department 
and so that I can see the top-data, operational metrics, let's 
say, border, cybersecurity, whatever the area it is, and so how 
we are doing, how that data relates to the goals.
    Then, second, the capex, capital expenditures, my area, so 
that I can build just a cursory knowledge of taxpayer value 
here and how we are doing for the money that we are spending. 
You know, I don't know on the border if that means per dollar 
spent how many people we are stopping or not. I don't know what 
your metric is. I don't know how we ever stand up here and give 
opinions without metrics. It feels a little weird to me.
    So we don't even have to do it publicly. But if I could get 
some metrics, after being up here 6 or 8 months, at a top level 
by area of the Department, that would be great. You all can 
come. Inspector, you probably know where, if it is not you, you 
probably know where we can get that. So that is my request 
first of all.
    Would you like to respond to that or--because we looked at 
the Quadrennial Homeland Review. That is just more strategy to 
me. It is very few metrics by area of the Department. I want to 
know who is making their goals and who is not and why. Yes, 
sir.
    Mr. Roth. I think that is a fair request. We would welcome 
to work with you----
    Mr. Clawson. Yeah, if you all would come and be one of 
those groups that when we ask something, you actually come back 
to us. We will be responsive.
    I am not partisan about this. I am not trying to make the 
administration look bad or anybody else. I would just like to 
have an opinion on how the Department is doing. With no data, I 
just don't know how anybody ever has opinions. It is just 
rumors to me. We make mistakes when we make decisions based on 
assumptions, as opposed to separating what we assume from what 
we know.
    Before I accuse anybody of anything, I would like to have 
more than just an assumption. Does it seem reasonable you all 
what I am asking?
    Mr. Roth. Yes----
    Mr. Clawson. Then from there, hopefully I can be helpful 
and my team can be helpful even in a small way.
    Second thing, if we have just another moment, it always 
felt to me in my career that morale was driven more by 
management's ability to manage up, as opposed to senior 
management's ability to manage down. Things always come from 
Washington or whatever and they don't understand the situation 
on the ground, right? So we make rules and edicts based on what 
we think is going on. We never really know. That sends 
confusing messages to the folks that actually are trying to get 
the work done on the front lines. Sounds reasonable.
    Clearly we have a confused situation in terms of the goals 
of this Department, in Washington, with the potential shutdown 
and everything that is going on. So in my mind, I wonder to 
myself, I say if I was in senior management in this Department, 
on the one hand, what I am hearing is the confused signal from 
Washington clearly would have an impact--negative impact on 
morale, right? On the other hand, you tell me that the 
Department is getting better and better, that things are 
getting clearer because of new management.
    To me, that would override some of the concerns about 
morale. Because morale is usually more local than it is global. 
Tell me how you feel about the morale question then. Do you 
have an opinion? You are out there all the time. Any of the 
three.
    Ms. Gambler. GAO issued a report on employee morale at DHS 
a couple of years ago. I think a key take-away from that report 
is getting at your question and your thoughts, sir, which is, 
you know, that looking at sort-of what is happening within the 
individual components is, you know, an important piece of this, 
and the extent to which the components are implementing, you 
know, actions to address some of the root causes that are 
contributing to employee morale. So that was a key finding and 
recommendation from the report that GAO did several years ago 
on morale at DHS.
    Mr. Clawson. So that would say that the hiring process is 
the most important input on morale at a local basis?
    Ms. Gambler. We didn't get into sort-of specifically tying, 
you know, morale problems to sort-of different functions or 
things like that. But we did look at the sort-of differences in 
morale at the individual components. That was a key part of the 
work that we did.
    Mr. Clawson. Anybody else on the morale question?
    Mr. Roth. We haven't done any work on that. I mean, I will 
have to say I was in the Department of Justice for 25 years. 
Nineteen of those years were in the field and we didn't really 
care what was going on in Washington. What we cared about was 
did we have the tools to do our job, and did your immediate 
boss appreciate what it is that you are doing? I don't actually 
think it is very complicated. But that is just my personal 
opinion based on my experience.
    Mr. Clawson. It feels to me that we overestimate our own 
importance in Washington in this decision. That it is exactly 
what you say.
    Any input, Doctor?
    Mr. Gerstein. Well, the one thing that I would like to just 
add and it has to do with the shutdown on the impact of morale. 
I was acting under secretary the last time we had a major 
furlough. It was about 3 weeks long. I can say that this 
affected the workforce in some fairly dramatic ways.
    Mr. Clawson. I agree with that.
    Mr. Gerstein. We spent a lot of time after that talking to 
the workforce and trying to reinforce the importance of the 
jobs they are doing and that people do care about them. You 
know, as you say, a lot of what goes on in Washington just goes 
on in Washington. But, you know, you sort-of have--at the end 
of that rope are people who are depending on their paychecks. 
Some of them were working at-risk.
    Mr. Clawson. Peace on that. I mean, you take people's 
paycheck and job away, even temporarily, then the local manager 
can't do much about that.
    Mr. Gerstein. The other thing that is very interesting is 
that recovering from a furlough is a lot more time-intensive 
than just the amount of time of the furlough.
    Mr. Clawson. Right. Thank you.
    Mr. Perry. The Chairman thanks the gentleman. The Chairman 
now recognizes the gentlewoman from California, Mrs. Torres.
    Mrs. Torres. Mr. Gerstein, in your written testimony, you 
state that the lost momentum associated with sequestration and 
our Federal workforce furlough in 2013 hindered programs in the 
execution of key Departmental programs. You also stated that 
the lost man-hours associated with preparing for and recovering 
from the furloughs were also a significant distraction and 
squandering of resources.
    Now, let's go back to that statement, confused signals from 
the District of Columbia. Today, with one day left to fund the 
Department of Homeland Security, can you explain for the 
subcommittee what is going on behind the scenes at the 
Department of Homeland Security and the impact appropriations 
uncertainty is having on the workforce?
    Mr. Gerstein. Yeah. So that is a great question. We started 
planning for and thinking about the impact of a potential 
furlough back when the original discussion occurred about the 
potential for DHS not getting funded. So for a number of months 
we have been talking about that. The planning will be more 
intensive as we get closer to the furlough.
    I will use the last time as a template. But, you know, 
several weeks before, we were putting out email messages, we 
were notifying employees, we were trying to explain the impact 
to the employees. So as we lead up into it, there is a lot of 
activity. Obviously, when the furlough occurs, no work is 
supposed to occur. For the Department, that has a lot of the 
management functions, the under secretary for management, 
science, and technology, the policy office, intelligence and 
analysis, would be predominately, about 15 percent of the 
Department would be those that are most affected.
    Then, of course, when the furlough is lifted and people 
come back to work, there is, if you will, a stutter-step in 
getting back into the business of running the Department.
    One interesting area that I think is really important to 
consider as a microcosm of what actually happens is in the 
programs. So the impact on these programs is very significant. 
We don't know what the money is going to be. We don't know what 
the top line is going to be. So instead of planning your 
procurements, in our case it was the research and development, 
over the course of a year and try to front-load that in the 
early part of the year, we don't have the money, we don't know 
what our top line is going to be. So you don't actually spend 
that money. What that creates is a bow wave.
    That means in the last, if you will, 3, 4 months of a 
fiscal year, you are spending 80 percent of your resources. 
Obviously, when you are trying to put that much through the 
system at all one time, it becomes very difficult. Imagine the 
impact, for example, on contracting. Imagine how it is on 
procurement as you are trying to move vast numbers of contracts 
through the system.
    So there is a huge opportunity cost in waiting until the 
last half of the fiscal year to be able to do that. We are 
actually very quickly approaching the second part of the fiscal 
year for fiscal year 2015.
    Mrs. Torres. Thank you.
    I want to get one more question for the record. In your 
recent op-ed, you say that the Department of Homeland Security 
is in a similar position that the Department of Defense was 30 
years ago, when the Department underwent a major organizational 
restructuring. How would you compare the Department of Homeland 
Security's process to that of the Department of Defense? Is DHS 
far behind where DOD was? Or is DHS experiencing the normal 
growing pains in a relatively new, very massive organization?
    Mr. Gerstein. So I do think there are a lot of normal 
growing pains associated with bringing together so many people, 
the third largest Cabinet-level department, so rapidly.
    On the other hand, and I used the Goldwater-Nichols analogy 
not because I am trying to make the point of recreating a 
Department of Defense within the Department of Homeland 
Security, but rather the need for a very significant, 
comprehensive reform initiative. So there are a lot of 
differences between the Department of Defense and Department of 
Homeland Security, not the least of which are military missions 
versus law enforcement within the Department of Homeland 
Security.
    When you think about just the resources, it is almost an 
order of magnitude difference between the Department of Defense 
and Department of Homeland Security, something like $550 
billion versus about $60 billion for the Department of Homeland 
Security. When you look at the training time available for law 
enforcement versus people in military uniforms, that is also 
different. So there are some differences.
    But on the other hand, we really saw a vast improvement in 
the Department of Defense when they came together and worked as 
a single entity and were able to pool the resources and think 
more corporately.
    Mrs. Torres. Thank you.
    Mr. Perry. The Chairman thanks the gentlewoman.
    The Chairman now recognizes the gentleman from Georgia, Mr. 
Loudermilk.
    Mr. Loudermilk. Thank you, Mr. Chairman.
    Ms. Gambler, unfortunately DHS does have a history of 
acquisitions of technologies and programs that either turn out 
they don't meet the mission needs or they are inadequate and, 
in the case of SBInet, were inevitably pulled--which I believe 
was a Boeing contract and we spent about $1 billion for 53 
miles of surveillance.
    The other would be BioWatch, that working with the EPA to 
detect pathogens in the air and such things. What are some 
things that you recommend that we can do to better vet or run 
through a process technologies or programs before we go into an 
acquisition? It almost seems like sometimes we are actually 
going into the acquisition process to do the testing to see if 
it works, instead of putting the onus on the vendor to prove 
the viability of their program.
    Do you have some recommendations of where we could do to 
save taxpayer moneys before we waste it on programs that 
inevitably we end up pulling just like SBInet?
    Ms. Gambler. That question gets at a key point from our 
work on acquisition management at DHS, which is that many DHS 
acquisition programs don't have the basic fundamental documents 
and information in place to be able to, you know, successfully 
procure and manage those programs. Those things include having 
reliable schedules, having reliable life-cycle cost estimates, 
and having in place what are called program baselines that 
basically lay out what is the acquisition program going to do, 
at what cost is it going to be delivered, and when.
    So what we have recommended and what we need to see as part 
of the high-risk update and our monitoring of DHS's designation 
of high-risk in the acquisition management area, is that the 
Department can better ensure that its individual programs are 
adhering to acquisition management practices and have those key 
documents in place so that they can be, you know, better 
managed and monitored to be on track for schedule, cost, and 
performance.
    Mr. Loudermilk. Okay. Would any of the others like to 
comment?
    Mr. Gerstein. I would say that I am very familiar with all 
the programs that you named. When you peel back the onion on 
those, there is a, if you will, a single point of failure. It 
has to do with insufficiency in the requirements-generation 
process. In other words, you don't necessarily know what you 
are trying to achieve or you change your requirement part-way 
through the acquisition without changing the metrics, the key 
performance parameters. So requirements, requirements, 
requirements are absolutely essential to be able to have good 
procurements and good acquisition.
    Mr. Loudermilk. Mr. Roth.
    Mr. Roth. I would simply concur. I mean, certainly in 
audits that we have looked at, at this, it is--the technology 
is chasing the problem, as opposed to defining the problem and 
figuring out the solution for it.
    Mr. Loudermilk. So in the case of, let's say, SBInet, we 
were throwing a potential solution at a problem that we haven't 
really defined how we want to resolve it, is that what you are 
getting at? As we get into it, we find out that it is not 
meeting the criteria, so we change the requirements? I guess 
what I am getting at is that result in the cost overruns 
because we are chasing something without fully defining what 
the mission is or what the accomplishment is? I mean is that 
pretty much what you are stating? That we have to do a better 
job at defining what it is we want? I mean, what is the 
solution?
    Mr. Gerstein. I think when you do a requirements 
generation, you have to link your research, your development, 
and your acquisition so that they actually flow. They don't 
necessarily have to be completely linear. But you do have to do 
a certain amount of research to understand the problem and to 
help identify what potential solutions are.
    So not everything is an acquisition. You may have solutions 
that are doctrine solutions or organizational adaptations or 
training differences or acquisition. So all of that has to be 
factored in. How can I solve the operational problem that I am 
encountering? That is really the fundamental question. Then 
that would suggest then being able to lay out acquisition 
programs in a holistic manner so that you are not just 
identifying a technology, as the IG says, Mr. Roth said, you 
know, you are not just identifying a technology and saying this 
will work for our problem, but rather thinking, how it is going 
to fit into a comprehensive system?
    Mr. Loudermilk. Okay. Thank you. I yield back.
    Mr. Perry. The Chairman thanks the gentleman.
    At this time, the Chairman thanks the witnesses for their 
valuable testimony and the Members for their questions. The 
Members of the subcommittee may have some additional questions 
for the witnesses. We will ask you to respond to these 
questions in writing. Pursuant to committee rule 7E, the 
hearing record will be open for 10 days.
    Without objection, the subcommittee stands adjourned.
    
    [Whereupon, at 11:34 a.m., the subcommittee was adjourned.]

                                 [all]