[House Hearing, 117 Congress]
[From the U.S. Government Publishing Office]


                  20 YEARS AFTER 9/11: TRANSFORMING DHS TO 
                   MEET THE HOMELAND SECURITY MISSION

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                         OVERSIGHT, MANAGEMENT,
                           AND ACCOUNTABILITY

                                 OF THE

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED SEVENTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           SEPTEMBER 30, 2021

                               __________

                           Serial No. 117-31

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT] 
                                     

        Available via the World Wide Web: http://www.govinfo.gov
        
                              __________

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
46-545 PDF                 WASHINGTON : 2022                     
          
-----------------------------------------------------------------------------------   
          

                     COMMITTEE ON HOMELAND SECURITY

               Bennie G. Thompson, Mississippi, Chairman
Sheila Jackson Lee, Texas            John Katko, New York
James R. Langevin, Rhode Island      Michael T. McCaul, Texas
Donald M. Payne, Jr., New Jersey     Clay Higgins, Louisiana
J. Luis Correa, California           Michael Guest, Mississippi
Elissa Slotkin, Michigan             Dan Bishop, North Carolina
Emanuel Cleaver, Missouri            Jefferson Van Drew, New Jersey
Al Green, Texas                      Ralph Norman, South Carolina
Yvette D. Clarke, New York           Mariannette Miller-Meeks, Iowa
Eric Swalwell, California            Diana Harshbarger, Tennessee
Dina Titus, Nevada                   Andrew S. Clyde, Georgia
Bonnie Watson Coleman, New Jersey    Carlos A. Gimenez, Florida
Kathleen M. Rice, New York           Jake LaTurner, Kansas
Val Butler Demings, Florida          Peter Meijer, Michigan
Nanette Diaz Barragan, California    Kat Cammack, Florida
Josh Gottheimer, New Jersey          August Pfluger, Texas
Elaine G. Luria, Virginia            Andrew R. Garbarino, New York
Tom Malinowski, New Jersey
Ritchie Torres, New York
                       Hope Goins, Staff Director
                 Daniel Kroese, Minority Staff Director
                          Natalie Nixon, Clerk
                                 ------                                

       SUBCOMMITTEE ON OVERSIGHT, MANAGEMENT, AND ACCOUNTABILITY

                  J. Luis Correa, California, Chairman
Dina Titus, Nevada                   Peter Meijer, Michigan, Ranking 
Donald M. Payne, Jr., New Jersey         Member
Ritchie Torres, New York             Dan Bishop, North Carolina
Bennie G. Thompson, Mississippi (ex  Diana Harshbarger, Tennessee
    officio)                         John Katko, New York (ex officio)
                Lisa Canini, Subcommittee Staff Director
         Eric Heighberger, Minority Subcommittee Staff Director
                  Geremiah Lofton, Subcommittee Clerk
                            
                            
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable J. Luis Correa, a Representative in Congress From 
  the State of California, and Chairman, Subcommittee on 
  Oversight, Management, and Accountability:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable Peter Meijer, a Representative in Congress From the 
  State of Michigan, and Ranking Member, Subcommittee on 
  Oversight, Management, and Accountability:
  Oral Statement.................................................     3
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security:
  Prepared Statement.............................................     6

                               Witnesses

Mr. Chris Currie, Director, Homeland Security and Justice Team, 
  Government Accountability Office:
  Oral Statement.................................................     8
  Prepared Statement.............................................     9
Mr. Randolph ``Tex'' Alles, Acting Under Secretary for 
  Management, Department of Homeland Security:
  Oral Statement.................................................    17
  Joint Prepared Statement.......................................    19
Ms. Angela Bailey, Chief Human Capital Officer, Department of 
  Homeland Security:
  Oral Statement.................................................    23
  Joint Prepared Statement.......................................    19

 
  20 YEARS AFTER 9/11: TRANSFORMING DHS TO MEET THE HOMELAND SECURITY 
                                MISSION

                              ----------                              


                      Thursday, September 30, 2021

             U.S. House of Representatives,
                    Committee on Homeland Security,
                    Subcommittee on Oversight, Management, 
                                        and Accountability,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2:01 p.m., via 
Webex, Hon. J. Luis Correa (Chairman of the subcommittee) 
presiding.
    Present: Representatives Correa, Titus, Torres, Meijer, 
Bishop, and Harshbarger.
    Also present: Representative Langevin.
    Mr. Correa. The Subcommittee on Oversight, Management, and 
Accountability will now come to order.
    Without objection, the Chair is authorized to declare the 
subcommittee in recess at any time.
    Let me begin by thanking everyone for joining us today.
    This month, as you know, we have commemorated 20 years 
since the tragic 9/11 cowardly attack on our country that 
essentially led to the creation of the Homeland Security 
Department and this committee.
    As we look back on the last two decades, it is impossible 
to ignore how much has changed. The threats to our homeland and 
the ones we face today have grown beyond foreign terrorists to 
include cyber attacks, climate change, and domestic violent 
extremism. To meet these new threats, the Department of 
Homeland Security has evolved as well.
    A department that was once barely more than a collection of 
22 Federal agencies has matured to become more cohesive and, 
therefore, more effective. But ensuring the Department's many 
components work together, coordinated in tandem, is a daily 
effort that still needs much more work.
    Over the years, several Secretaries of Homeland Security 
have made it a priority to unify the departments and to 
consolidate management functions within a strong centralized 
headquarters. Many DHS components existed as independent 
agencies for decades before the Department was created, and 
each had its own histories and each its own cultures. Although 
these agencies have been brought together under one umbrella, 
they don't always work together as they should. DHS 
headquarters often lack the ability to adequately coordinate 
these policies, resources, and oversight as a whole.
    We have made progress. Today, DHS has created new offices 
to better coordinate information sharing, strategic planning, 
and overlapping operations. Today, I look forward to hearing 
from two representatives from DHS's Management Directorate 
about how the Department has changed and evolved over the last 
20 years and how it is taking on new and evolving challenges.
    I also look forward to hearing from the Government 
Accountability Office, which has provided consistent oversight 
over the Department since its creation, especially through its 
biannual ``High-Risk List,'' which is a report that identifies 
Government operations with significant vulnerabilities to 
fraud, waste, and abuse and mismanagement.
    When this department, DHS, was first created, GAO added 
implementing and transforming the new Department of Homeland 
Security to its ``High-Risk List.'' In 2003, GAO noted that 
such a task was, ``an enormous undertaking that will take time 
to achieve in an effective and efficient manner,'' but that 
failure to do so, ``would expose our Nation to potentially very 
serious consequences.'' DHS has transformed itself over the 
last 20 years, and its designation on the ``High-Risk List'' 
has changed as well.
    Now, GAO's recommendations are more focused on improving 
the Department's management functions. Although DHS has made 
significant progress over the years, it continues to struggle 
with integrating and strengthening the core functions that 
affect every single aspect of the agency. This includes the 
management of information technology, human capital, 
acquisition, finances--all of which are housed within the 
Department's Management Directorate.
    These remain on the list, in many ways because they are 
issues that offer the most challenges to a decentralized 
headquarters. The constant push and pull between operational 
components and headquarters have hampered the Department's 
ability to develop a strong and unified approach to these core 
issues.
    But taking on these problems is key to ensuring that DHS 
can continue to protect the homeland from all threats--those we 
faced 20 years ago and those that we are facing now and those 
that we will face in the future.
    I do look forward to hearing more about how DHS has grown 
into the agency it is today, as well as how we can help them--
we can help them continue to mature and meet these enduring and 
evolving challenges.
    With that, I thank you again, all, for joining us today.
    [The statement of Chairman Correa follows:]
                    Statement of Chairman Lou Correa
                           September 30, 2021
    This month, we commemorate 20 years since the tragic 9/11 terrorist 
attacks, which led to the creation of the Department of Homeland 
Security and this committee. As we look back on the last two decades, 
it's impossible to ignore how much has changed. The threats our 
homeland faces today have grown beyond foreign terrorists to include 
cyber attacks, climate change, and domestic violent extremism.
    To meet these new and existing threats, the Department of Homeland 
Security has evolved as well. A Department that was once barely more 
than a collection of 22 disparate Federal agencies has matured to 
become more cohesive and therefore more effective. But ensuring the 
Department's many components work in tandem is a daily effort and there 
is still much progress to be made.
    Over the years, several Secretaries of Homeland Security have made 
it a priority to unify the Department and to consolidate management 
functions within a strong, centralized headquarters. Many DHS 
components existed as independent agencies for decades before the 
Department was created, and each had their own distinct histories and 
cultures. Although these agencies had been brought together under one 
umbrella, they didn't always function as one cohesive Department. DHS 
headquarters often lacked the ability to adequately coordinate 
policies, resources, and oversight of the Department as a whole. But 
significant improvements have been made. DHS has created new offices to 
better coordinate information sharing, strategic planning, and 
overlapping operations.
    Today, I look forward to hearing from two representatives of DHS's 
Management Directorate about how the Department has evolved over the 
last 20 years and how it is tackling on-going and new challenges. I 
also look forward to hearing from the Government Accountability Office 
(GAO), which has provided consistent oversight over the Department 
since its creation, particularly through its biennial High-Risk List--a 
report which identifies Government operations with significant 
vulnerabilities to fraud, waste, abuse, and mismanagement.
    When DHS was first created, GAO added ``Implementing and 
Transforming the New Department of Homeland Security'' to its High-Risk 
List. In 2003, GAO noted that such a task was an ``enormous undertaking 
that will take time to achieve in an effective and efficient manner.'' 
But that failure to do so would ``expose the Nation to potentially very 
serious consequences.'' DHS has transformed itself over the last nearly 
20 years, and its designation on the High-Risk List has changed as 
well.
    Now, GAO's recommendations are more narrowly focused on improving 
the Department's management functions. Because although DHS has made 
significant progress over the years, it continues to struggle with 
integrating and strengthening the core functions that affect every 
single aspect of the agency. This includes the management of 
information technology, human capital, acquisition, and finances, all 
of which are housed within the Department's Management Directorate. 
They remain on the list in many ways because they are the issues that 
suffer the most from a decentralized headquarters. The constant push 
and pull between operational components and headquarters have hampered 
the Department's ability to develop a strong and unified approach to 
these core issues.
    But tackling these problems is key to ensuring that DHS can 
continue to protect the homeland from all threats, those we faced 20 
years ago and those we may face in the future. I look forward to 
hearing more about how DHS has grown into the agency it is today as 
well as how we can help them continue to mature and meet these enduring 
challenges.

    Mr. Correa. I would like to recognize the Ranking Member of 
the subcommittee, the gentleman from Michigan, Mr. Peter 
Meijer, for his opening statement.
    Mr. Meijer, welcome.
    Mr. Meijer. Thank you, Mr. Chairman, for holding this 
important hearing today.
    Thank you to our witnesses from DHS and GAO.
    This hearing comes at a critical time for the Department of 
Homeland Security. DHS was created in the wake of the most 
devastating terrorist attacks to occur on U.S. soil, and when 
we lost nearly 3,000 Americans on 9/11, we vowed as a Nation to 
prevent any such attack from occurring again.
    We passed the 20-year anniversary of 9/11 this month and 
find ourselves facing a multifaceted threat landscape that is 
constantly evolving. As new threats continue to emerge, we are 
also seeing conditions that resemble those that existed in the 
days leading up to the tragic attacks 20 years ago.
    The United States has withdrawn from Afghanistan, and there 
is real concern that the swift Taliban takeover of the country, 
coupled with the mismanaged U.S. withdrawal, has left a vacuum 
in which terrorist groups will reconstitute and proliferate.
    At the same time, DHS is leading the enormous task of 
vetting and resettling over 60,000 evacuees from Afghanistan 
into the United States. Operations Allies Welcome will be a 
complicated, time-consuming effort for the Department, and DHS 
does not have the luxury of focusing solely on this issue.
    The threat landscape has expanded beyond the actions of 
foreign terrorist organizations like al-Qaeda that served as 
the original catalyst for the creation of the Department. But, 
as a result, DHS must be prepared to handle an increasing 
number of new threats, including cyber attacks, challenges on 
the border with migrant surges, and encroachment on U.S. 
economic security as foreign actors seek unique ways to 
negatively influence our democracy. DHS must be prepared to 
handle all of these threats and more.
    We recognize and commend the dedicated work the Department 
and its employees have undertaken and all that they have 
accomplished over the past 20 years. It is no easy task to 
create a new organization, and even more difficult to combine 
22 distinct entities into 1 cohesive unit.
    Where DHS has certainly made great strides over the years, 
it remains lacking in several key areas. The Government 
Accountability Office published its most recent ``High-Risk 
List'' in March of this year. The list delineates high-risk 
Government programs and operations as well as providing a 
status report of the Government's efforts to address these 
high-risk areas.
    This year, GAO emphasized that the Department must continue 
implementing its integrated strategy for high-risk management, 
which outlines progress related to strengthening and 
integrating information technology, financial management, human 
capital management, and acquisitions.
    By GAO's assessment, DHS is still lacking in areas to build 
capacity in its acquisition programs, IT, and financial 
systems. The these areas are critical to supporting the safety 
and security of DHS's numerous missions at home and abroad.
    Specifically, of the 5 management functions GAO assesses 
for every program and operation, DHS is meeting 3 of them but 
only partially meeting 2, the 2 regarding capacity and 
demonstrated progress functions. I cannot stress how vital it 
is that DHS missions have the proper people, resources, and 
systems in place to reduce risks in its programs and 
operations.
    This could not be clearer than in DHS's efforts to help 
Afghan evacuees. DHS has appointed Bob Fenton, a regional FEMA 
administrator, to lead the interagency Unified Coordination 
Group in charge of vetting and resettling evacuees from 
Afghanistan.
    This gives DHS the incredible responsibility for the lives 
of tens of thousands of evacuees while it is still dealing with 
other domestic challenges, including the on-going COVID-19 
pandemic and the fallout from the worst hurricane season on 
record. The demands on DHS personnel are compounded by 
shortages of personnel in key areas across the Department, 
which GAO cited as limiting factors in their 2021 report.
    Before coming to Congress, I witnessed first-hand as 
countries struggled with these kinds of crises around the 
world. I led disaster-response operations both in the United 
States and abroad, assisting communities that have been 
impacted by natural disasters, and I spent close to 2 years in 
Afghanistan as a conflict analyst with the humanitarian aid 
community, working to protect aid workers who were delivering 
vital assistance to those in need.
    Without the full support of my coworkers, I would have been 
at a loss in these disaster-relief efforts. Similarly, without 
proper capacity at every level in DHS, each of its components 
will struggle for success.
    In terms of DHS's ability to demonstrate progress, I am 
interested to learn what steps DHS takes or plans to take to 
resolve these high-risk areas. It is imperative that we see the 
Department's acquisition processes, IT systems, and financial 
oversight capacity, as well as human capital and management, 
functioning at the highest possible levels. With the current 
global threat landscape in massive flux, we cannot leave 
anything to chance with the programs and operations meant to 
keep our homeland secure.
    Mr. Chairman, thank you again for holding this hearing, and 
I sincerely look forward to hearing our witnesses' testimony 
today and working closely with the Department to ensure it 
reaches its full and vital potential.
    [The statement of Ranking Member Meijer follows:]
                Statement of Ranking Member Peter Meijer
    Thank you, Mr. Chairman, for holding this important hearing today, 
and thank you to our witnesses from DHS and GAO.
    This hearing comes at a critical time for the Department of 
Homeland Security. DHS was created in the wake of the most devastating 
terrorist attacks to occur on U.S. soil. We lost nearly 3,000 Americans 
on 9/11, and we vowed as a Nation to prevent any such attack from 
occurring again.
    We passed the 20-year anniversary of 9/11 this month and find 
ourselves facing a multifaceted threat landscape that is constantly 
evolving. As new threats continue to emerge, we are also seeing 
conditions that resemble those that existed in the days leading up to 
the tragic attacks 20 years ago. The United States has withdrawn from 
Afghanistan and there is real concern that the swift Taliban takeover 
of the country, coupled with the egregiously mismanaged U.S. 
withdrawal, has left a vacuum in which terrorist groups will 
proliferate. At the same time, DHS is leading the enormous task of 
vetting and resettling over 60,000 evacuees from Afghanistan into the 
United States.
    Operation Allies Welcome will be a complicated, time-consuming 
effort for the Department, and DHS unfortunately cannot focus solely on 
this issue. The threat landscape has expanded beyond the actions of 
Foreign Terrorist Organizations like al-Qaeda that served as the 
catalyst to create the Department. As a result, DHS must be prepared to 
handle an increasing number of new threats such as cyber attacks, 
surges of migrants that undermine our Nation's border security, and 
encroachments on U.S. economic security as foreign bad actors seek 
unique ways to negatively influence our democracy.
    DHS must be prepared to handle all these threats and more. We 
recognize and commend the dedicated work the Department and its 
employees have undertaken and all they have accomplished over the past 
20 years. It is no easy task to create an entirely new organization. It 
is even more difficult to combine 22 distinct entities into one 
cohesive unit. While DHS has certainly made great strides over the 
years, it remains lacking in several key areas.
    The Government Accountability Office published its most recent 
High-Risk List in March of this year. This list delineates high-risk 
Government programs and operations as well as a status report of the 
Government's efforts to address high-risk areas. This year, GAO 
emphasized that the Department must continue implementing its 
Integrated Strategy for High-Risk Management, which outlines progress 
related to strengthening and integrating information technology, 
financial management, human capital management, and acquisitions.
    By GAO's assessment, DHS is still lacking in areas to build 
capacity in its acquisition programs, information technology, and 
financial systems management. These areas are critical to supporting 
the safety and security of DHS's numerous missions at home and abroad. 
Specifically, of the 5 management functions GAO assesses for every 
program and operation, DHS is meeting three of them, but only partially 
meeting two, the two regarding capacity and demonstrated progress 
functions.
    I cannot stress enough how vital it is to DHS missions to have the 
proper people, resources, and systems in place to reduce risks in its 
programs and operations. This couldn't be clearer than in DHS's efforts 
to help Afghan evacuees. DHS has appointed Bob Fenton, a regional FEMA 
administrator, to lead the interagency Unified Coordination Group in 
charge of vetting and resettling evacuees from Afghanistan. This gives 
DHS the incredible responsibility for the lives of tens of thousands of 
evacuees while it is still dealing with other domestic challenges, 
including the on-going COVID-19 pandemic and the fallout from the worst 
hurricane season on record. The demands on DHS personnel are compounded 
by personnel shortages in key areas across the Department, which GAO 
cited as limiting factors in their 2021 report.
    Before coming to Congress, I witnessed first-hand as communities 
struggled with these kinds of crises around the world. I led disaster 
response operations both in the United States and abroad, assisting 
communities that had been impacted by natural disasters, and I spent 2 
years in Afghanistan as a conflict analyst with the humanitarian aid 
community, working to protect aid workers who were delivering vital 
assistance to those in need. Without the full support of my coworkers, 
I would have been at a loss in those disaster relief efforts. 
Similarly, without proper capacity at every level in DHS, each of its 
components will struggle for success.
    In terms of DHS's ability to demonstrate progress, I am very 
interested to learn what steps DHS plans to take to resolve high-risk 
areas. It is imperative that we see the Department's acquisition 
processes, IT systems, financial oversight, and human capital 
management functioning at the highest possible levels. With the current 
global threat landscape in massive flux, we cannot leave anything to 
chance with the programs and operations meant to keep our homeland 
secure.
    Mr. Chairman, thank you again for holding this hearing. I am 
sincerely looking forward to hearing our witnesses' testimonies today 
and working closely with the Department to ensure it reaches its full 
potential.

    Mr. Correa. I want to thank the Ranking Member for his 
comments. I want to thank the Ranking Member also for your 
service to our country. Duly noted. Thank you very much.
    Members are also reminded the committee will operate 
according to the guidelines laid out by the Chairman and the 
Ranking Member in their February 3 colloquy regarding remote 
procedures.
    Without objection, Members on the subcommittee shall be 
permitted to sit and question the witnesses--that is, Members 
not on the subcommittee shall be permitted to sit and question 
the witnesses.
    Member statements may be submitted for the record.
    [The statement of Chairman Thompson follows:]
                Statement of Chairman Bennie G. Thompson
                           September 30, 2021
    I have been a Member of this committee since it was stood up, and I 
have witnessed the many challenges DHS has faced since it was 
established. For example, shortly after the Department's creation, it 
was placed on the Government Accountability Office's (GAO's) High-Risk 
List given the challenges associated with consolidating 22 existing 
Federal agencies into one new Department. After much progress, in 2013, 
GAO and the Department agreed to 30 specific outcomes DHS needed to 
achieve for removal from the High-Risk List.
    I am encouraged by the fact that, over the last 8 years, DHS has 
fully addressed 17 of these 30 outcomes. I look forward to hearing more 
about the Department's efforts to address the remaining challenges as 
well as any recommendations GAO has for achieving that goal.
    One exercise that assists the Department in addressing challenges 
and establishing long-term strategies is the development of the 
Quadrennial Homeland Security Review (QHSR). The QHSR is a statutorily-
required, comprehensive examination of the homeland security strategy 
of the United States. Despite several public promises from DHS 
officials that its release was imminent, the Trump administration 
failed to issue the 2017 QHSR. Unfortunately, that means it's been 7 
years since the last QHSR was issued. While the Management Directorate 
is not specifically responsible for drafting the QHSR, I sincerely hope 
that current leadership completes a timely QHSR.
    I am committed to ensuring that the Department is well-positioned 
to meet the challenges it faces today. The Trump administration left 
key DHS leadership positions vacant, undermining the Department's 
progress toward adequate coordination of policy, resources, and 
oversight.
    Accordingly, in July, I introduced the ``DHS Reform Act'' to 
improve DHS operations and address lessons learned from the 
mismanagement, waste, and abuse under President Trump. The Act promotes 
continuity and confidence in Department leadership by placing 
additional restrictions on who can serve in ``acting'' roles. It also 
authorizes the under secretary for management to serve a 5-year term, 
which will ease transitions from one administration to the next. The 
Act takes steps to codify the spirit of former-Secretary Jeh Johnson's 
``Unity of Effort'' campaign.
    For example, the legislation would centralize oversight of DHS' 
multi-billion-dollar portfolio of acquisition programs under the 
Management Directorate. Furthermore, the Act strengthens Constitutional 
protections in the Department's programs and activities by granting the 
DHS Privacy Office and Office for Civil Rights and Civil Liberties 
additional authorities and further integrating those offices with 
operational components. These are just a few of the Act's highlights, 
and I anticipate working with leadership at the Department to make 
these reforms a reality.
    I also look forward to working with the acting under secretary for 
management--who has a wealth of experience serving in many roles 
throughout the Department--as well as the chief human capital officer 
on efforts to address challenges facing the Department. Finally, I 
always appreciate the straightforward testimony offered by GAO and look 
forward to hearing from Mr. Currie.

    Mr. Correa. If I can, I would like to turn now to our panel 
of witnesses.
    First, we have Mr. Chris Currie. Mr. Currie is a director 
on the Homeland Security and Justice Team at the Government 
Accountability Office, or GAO. He leads the agency's work on 
emergency management, disaster response and recovery, and DHS 
management and high-risk issues. Mr. Currie has been with GAO 
since 2002 and has been the recipient of numerous agency 
awards, including the Meritorious Service Award in 2008.
    Welcome, Mr. Currie.
    Our second witness is Mr. Tex Alles, who serves as the 
acting under secretary for management at DHS. In this role, he 
oversees all aspects of the Department's management functions, 
including financial, human capital, information technology, 
procurement, security, and asset management. Mr. Alles has 
served in many senior leadership roles since joining the 
Department in 2012 and most recently served as director of the 
Secret Service.
    Our final witness is Ms. Angela Bailey, chief human capital 
officer at DHS. Ms. Bailey is responsible for the Department's 
human capital program, including human resource policy, 
recruitment, and hiring, and employee development. She has 
dedicated more than 40 years as a career public servant, with 
34 of those years in human resources. Ms. Bailey was appointed 
to her current position in January 2016.
    Without objection, the witnesses' full statements will be 
inserted into the record.
    I will now ask each witness to summarize his or her 
statement in 5 minutes, and I will begin with Mr. Currie.
    Welcome, sir.

  STATEMENT OF CHRIS CURRIE, DIRECTOR, HOMELAND SECURITY AND 
         JUSTICE TEAM, GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Currie. Thank you, sir. Thank you, Chairman Correa, 
Ranking Member Meijer, and others. It is honor to be here to 
discuss GAO's work on DHS.
    As you and the Ranking Member said in your opening 
statement, DHS has been on GAO's ``High-Risk List'' since it 
first opened its doors in 2003. We did this because combining 
22 separate agencies was a massive challenge. Many of its 
agencies already had major challenges from the start, and the 
effective creation was critical to National security as well.
    I think it is important in this hearing to reflect over the 
last 20 years on how DHS has evolved and the tremendous 
transformational progress they have made. There are several 
reasons for the progress, which you talked about in your 
opening statement.
    First has been leadership commitment. At GAO, we have more 
than 30 high-risk areas across Government and many more that we 
have taken off the list over the years. There is not an agency 
or a management team more committed or involved in addressing 
these issues than the ones at DHS. For example, they meet with 
us quarterly. They do a strategy twice a year. We have seen 
tremendous commitment to these issues.
    Second, DHS devotes resources to these issues and measures 
progress, which is critical. For example, dedicated teams 
manage each individual outcome area and ensure accountability 
in the agency.
    Another reason for progress has been consistent 
Congressional oversight over 20 years. Hearings like this one 
and hearings in the Senate keep the spotlight pointed on this 
issue and encourage steady progress. As a result, DHS has 
transformed from a fragmented department without a clear 
culture to the third-largest Cabinet agency with almost 250,000 
people and arguably the most diverse and difficult mission in 
all of Government. I have personally seen this over the last 19 
years working with the Department.
    However, while progress has been made, it is still the 
newest department, and more work is needed before we can take 
it off our ``High-Risk List.'' Specifically, we monitor DHS 
progress across several key areas, including human capital, IT 
management, acquisitions, and financial management. So far, DHS 
has addressed 18 of the 30 areas that we measure and is working 
to address the remaining 12.
    I would like to highlight some of the most challenging 
areas left to address.
    In the area of acquisitions, DHS continues to implement 
more disciplined processes to better manage acquisitions across 
the Department. However, in our most recent look at major 
acquisitions, we found that 10 of the 24 major acquisition 
programs we looked at did not meet cost or schedule goals. In 
some cases, this was because DHS underestimated a program's 
complexity or the requirements needed for the program.
    Financial management has been another very challenging 
area. While DHS has made progress, the initial challenge was so 
great that there is still a long way to go. To use a private-
sector analogy, you can imagine if 22 large corporations had to 
combine financial systems and processes.
    For example, DHS has now received a clean audit opinion on 
its financial statements for 8 years straight, which is a major 
achievement. However, it struggles to modernize several of its 
financial systems. Specifically, DHS needs to effectively 
implement its long-term systems modernization efforts at the 
Coast Guard and particularly at FEMA, who manages this lion's 
share of the Department's dollars and grants that go out the 
door.
    FEMA's system is over 25 years old and manages a huge well-
over-$100-billion portfolio of DHS funds, including grants. 
They have only begun steps to begin the modernization of FEMA, 
and it is going to be many more years before there is a new 
system in place.
    Last, I have to talk about employee morale. This has been a 
focus of much attention over the years, and the story is way 
more complicated than simply saying DHS ranks last among large 
departments. No issue likely frustrates the folks on this 
hearing from DHS more.
    We have seen tremendous efforts to understand the root 
causes of this issue and determine how to address it. The 
bottom line is that some DHS components have high morale scores 
and others don't. The larger components, like TSA and CBP, 
consistently rank lower and bring the collective Departmental 
scores down.
    What we have seen is that more focused oversight and 
attention is needed on the components and more accountability 
by their leadership. It is very hard for top-level DHS actions 
to trickle deep into the components and make change. Component 
heads and management are the key to making progress in their 
respective agencies, and we have recently made a number of 
recommendations to ensure this happens.
    This concludes my statement, and I look forward to the 
questions.
    [The prepared statement of Mr. Currie follows:]
                   Prepared Statement of Chris Currie
                           September 30, 2021
                               highlights
    Highlights of GAO-21-105418, a testimony before the Subcommittee on 
Oversight, Management, and Accountability, Committee on Homeland 
Security, House of Representatives.
Why GAO Did This Study
    The events of September 11, 2001, led to profound changes in 
Government agendas, policies, and structures to confront homeland 
security threats. In 2003, DHS began operations, with missions to 
prevent terrorist attacks and reduce the country's vulnerability to 
future terrorism. GAO's High-Risk List identifies programs and 
operations (such as DHS's management functions) that are vulnerable to 
waste, fraud, abuse, or mismanagement, or in need of transformation. 
GAO's 5 criteria for removing areas from the High-Risk List guide the 
assessment of DHS's progress.
    This statement addresses DHS's progress and actions needed to 
strengthen its management functions. It is based on reports in GAO's 
high-risk series, including its most recent March 2021 update, as well 
as selected updates on DHS's efforts as of September 2021. For this 
work, GAO analyzed DHS documents and data and interviewed DHS 
officials.
DHS Progress against High-Risk List Removal Criteria


     department of homeland security.--progress made strengthening 
                 management functions, but work remains
What GAO Found
    Shortly after the Department of Homeland Security (DHS) was formed, 
GAO designated implementing and transforming DHS as a high-risk area to 
the Federal Government because it had to transform 22 agencies--several 
with major management challenges--into one department.
    Progress made.--In 2013, GAO reported that challenges remained for 
DHS across its range of missions, but that the Department had made 
considerable progress transforming its original component agencies into 
a single Cabinet-level department. As a result, GAO narrowed the scope 
of the high-risk area to focus on strengthening DHS management 
functions--specifically acquisition, information technology, financial, 
and human capital management.
    DHS's efforts to strengthen and integrate its management functions 
have resulted in the Department meeting 3 of 5 criteria for removal 
from GAO's High-Risk List--demonstrating leadership commitment, having 
an action plan, and monitoring the effectiveness of its actions. DHS 
has partially met the remaining two criteria for removal--having 
sufficient capacity and demonstrating progress.
    Several factors contributed to DHS's success in narrowing the scope 
of the high-risk area. These include:
   DHS's top leaders demonstrated leadership commitment and 
        support for addressing the Department's challenges, which 
        helped ensure sustained, consistent progress in this high-risk 
        area.
   DHS consistently communicated its efforts and regularly 
        sought constructive and specific feedback from GAO on its 
        strategy and approach to addressing the high-risk area.
    Work remaining.--Continued progress for this high-risk area depends 
on DHS addressing its remaining management challenges. For example, DHS 
needs to make additional progress identifying and allocating resources 
in acquisition and financial management. For instance:
   DHS lacks acquisition support staffing plans and has not 
        clearly defined which acquisition positions are critical for 
        oversight responsibilities, limiting DHS's insight into whether 
        it has appropriate staff to carry out its duties.
   DHS's financial statement auditor identified several 
        capacity-related issues, including resource limitations and 
        inadequate staff training, resulting in material weaknesses in 
        its 2020 financial statements.
    DHS also has work remaining to demonstrate progress implementing 
corrective measures. Specifically, of the 30 outcome measures GAO uses 
to gauge the Department's progress, DHS has not yet fully addressed 12 
of 30 measures. For example, DHS needs to effectively implement its 
long-term financial systems modernization efforts and use Department-
wide training data to inform its human capital programs.
    In the coming years, DHS needs to continue implementing its 
remaining work and sustaining its progress to-date.
    Chairman Correa, Ranking Member Meijer, and Members of the 
subcommittee: I am pleased to be here today to discuss the Department 
of Homeland Security's (DHS) management challenges and its progress in 
addressing them. The Nation recently passed the 20-year anniversary of 
the September 11, 2001, terrorist attacks. The events of that day led 
to profound changes in Government agendas, policies, and structures to 
confront homeland security threats facing the Nation. Most notably, DHS 
began operations in 2003 with key missions that included preventing 
terrorist attacks from occurring in the United States, reducing the 
country's vulnerability to terrorism, and minimizing the damages from 
any attacks that may occur. This milestone provides an opportunity to 
reflect on the progress DHS has made since its establishment and 
challenges it continues to face.
    In 2003, shortly after the Department was formed, we designated 
Implementing and Transforming DHS as a high-risk area to the Federal 
Government.\1\ DHS has since taken steps to address this high-risk 
area, including implementing key homeland security operations and 
achieving important goals in many areas. For example, DHS has 
implemented 73 percent of the approximately 6,200 recommendations we 
have made since 2003, resulting in strengthened program management, 
performance measurement, and other impacts. As DHS matured and evolved, 
we narrowed the focus of this high-risk area in 2013 to Strengthening 
DHS Management Functions. This narrowing recognized DHS's progress and 
the significant challenges that remained. We continue to closely 
monitor DHS's efforts and regularly meet with DHS management to discuss 
progress.
---------------------------------------------------------------------------
    \1\ GAO's High-Risk List identifies programs and operations that 
are vulnerable to waste, fraud, abuse, or mismanagement, or in need of 
transformation. We issue an update to the High-Risk List every 2 years 
at the start of each new session of Congress. Our most recent update 
was issued in March 2021. See GAO, High-Risk Series: Dedicated 
Leadership Needed to Address Limited Progress in Most High-Risk Areas, 
GAO-21-119SP (Washington, DC: Mar. 2, 2021).
---------------------------------------------------------------------------
    Our 5 criteria for removing areas from the High-Risk List guide our 
discussions with DHS and our assessments of its progress. Specifically, 
the agency must have: (1) A demonstrated strong commitment and top 
leadership support to address the risks (leadership commitment); (2) 
the capacity--the people and other resources--to resolve the risks 
(capacity); (3) a corrective action plan that identifies the root 
causes, identifies effective solutions, and provides for substantially 
completing corrective measures in the near term, including but not 
limited to steps necessary to implement solutions we recommended 
(action plan); (4) a program instituted to monitor and independently 
validate the effectiveness and sustainability of corrective measures 
(monitoring); and (5) the ability to demonstrate progress in 
implementing corrective measures (demonstrated progress).
    My statement discusses DHS's progress addressing high-risk issues 
and remaining actions needed to strengthen and integrate its management 
functions. This statement is based on reports in our high-risk series, 
including our most recent March 2021 high-risk update, as well as 
selected updates on employee engagement as of September 2021 based on 
our on-going monitoring of DHS's efforts to address this high-risk 
area.\2\ For this work, we analyzed DHS strategies and other documents 
related to the Department's efforts to address its high-risk areas and 
interviewed DHS officials, among other actions. More detailed 
information on the scope and methodology of our prior work can be found 
within each specific report. We provided the information from our on-
going monitoring effort to DHS for review. DHS provided technical 
comments, which we incorporated as appropriate.
---------------------------------------------------------------------------
    \2\ See, for example, GAO-21-119SP; GAO, High Risk: Important 
Progress Made, but More Work Needed to Strengthen DHS Management, GAO-
19-475T (Washington, DC: Apr. 3, 2019), and High-Risk Series: An 
Update, GAO-13-283 (Washington, DC: Feb. 2013).
---------------------------------------------------------------------------
    We conducted the work on which this statement is based in 
accordance with generally accepted Government auditing standards. Those 
standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe that 
the evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives.
         dhs continues to work to address its high-risk issues
DHS's Progress Led to Narrowing the High-Risk Focus to DHS Management 
        Functions
    In 2003, we designated implementing and transforming DHS as high-
risk because DHS had to transform 22 agencies--several with major 
management challenges--into one department. Further, failure to 
effectively address DHS's management and mission risks could have 
serious consequences for U.S. National and economic security. Given the 
significant effort required to build and integrate a department as 
large and complex as DHS, our initial high-risk designation addressed 
the Department's initial transformation and subsequent implementation 
efforts.
    In 2007 and 2009, we reported that DHS made progress implementing 
its range of missions and that it needed to address various 
programmatic and management challenges. DHS's initial focus on 
implementing its mission was understandable given the critical homeland 
security needs facing the Nation at the time, as well as the unique 
challenges facing DHS in creating, integrating, and transforming the 
Department.
    In 2011, we reported in our assessment of DHS's progress and 
challenges 10 years after 9/11 that the Department had implemented key 
homeland security operations and achieved important goals in many 
areas, thus creating a foundation for reaching its potential.\3\ 
However, we also identified that DHS needed to complete more work to 
address weaknesses in its operational and implementation efforts, 
including strengthening the efficiency and effectiveness of those 
efforts. We further reported that continuing weaknesses in DHS's 
management functions had been a key theme hindering the Department's 
implementation efforts.
---------------------------------------------------------------------------
    \3\ GAO, Department of Homeland Security: Progress Made and Work 
Remaining in Implementing Homeland Security Missions 10 Years after 9/
11, GAO-11-881 (Washington, DC: Sept. 7, 2011). This report addressed 
DHS's progress in implementing its homeland security missions since it 
began operations, work remaining, and issues affecting implementation 
efforts. Drawing from over 1,000 GAO reports and Congressional 
testimony related to DHS programs and operations, and approximately 
1,500 recommendations made to strengthen mission and management 
implementation, this report addressed progress and remaining challenges 
in such areas as border security and immigration, transportation 
security, and emergency management, among others.
---------------------------------------------------------------------------
    In 2013, we reported that challenges remained for DHS across its 
range of missions, but that the Department had made considerable 
progress transforming its original component agencies into a single 
Cabinet-level department. As a result, we narrowed the scope of the 
high-risk area to focus on strengthening DHS management functions--
acquisition, information technology (IT), financial, and human capital 
management--in addition to integrating these management functions. 
Management integration requires DHS to implement actions and outcomes 
in each management area to develop consistent or consolidated processes 
and systems within and across its management functional areas (such as 
better managing investments and management functions across the 
Department's component agencies). We also changed the name of the high-
risk area to Strengthening DHS Management Functions to reflect this 
focus.\4\
---------------------------------------------------------------------------
    \4\ GAO-13-283.
---------------------------------------------------------------------------
DHS Has Made Progress in Strengthening Its Management Functions, but 
        Work Remains
    DHS's efforts to strengthen and integrate its acquisition, IT, 
financial, and human capital management functions have resulted in the 
Department meeting 3 of 5 criteria for removal from the High-Risk 
List--leadership commitment, action plan, and monitoring. DHS has 
partially met the remaining two criteria--capacity and demonstrated 
progress, as shown in figure 1.


    Leadership commitment.--DHS's top leaders have continued to 
demonstrate commitment and support for addressing the Department's 
management challenges. They have also taken actions to institutionalize 
this commitment to help ensure the success of the Department's efforts. 
For example, the deputy under secretary for management issued strategic 
guidance to DHS's component agencies encouraging investment in areas 
critical to DHS management functions, including financial system 
modernization, human resource training, and career development 
programs. Furthermore, top DHS leaders, such as the under secretary for 
management and the Department's chief executive officers, routinely 
meet with GAO management to discuss progress on this high-risk area.
    Action plan and Monitoring.--DHS's Management Directorate produced 
the Department's first Integrated Strategy for High-Risk Management in 
January 2011 and has since issued 19 updated versions. DHS's next 
update is planned for fall 2021. The most recent strategy from March 
2021 describes DHS's progress and planned corrective actions to further 
strengthen its management functions. If effectively implemented and 
sustained, the Integrated Strategy for High-Risk Management provides a 
path for DHS to be removed from our High-Risk List.
    Capacity.--DHS has partially demonstrated sufficient capacity 
(i.e., the people and other resources to resolve the identified risks) 
but needs to make additional progress identifying and allocating 
resources in acquisition and financial management. In October 2020, we 
reviewed DHS component acquisition executive (CAE) roles and 
responsibilities for oversight, policy, and acquisition workforce and 
found that not all CAEs prepared support staffing plans, and DHS has 
not clearly defined which acquisition positions are critical to carry 
out oversight responsibilities.\5\ Without complete support staffing 
plans and clearly defined critical positions--the expertise needed at 
minimum to support oversight of cost, schedule, and performance--DHS 
lacks insight into whether it has the appropriate staff to carry out 
primary oversight responsibilities. Additionally, in 2020, DHS's 
financial statement auditor identified several capacity-related issues, 
including resource limitations, inadequate management, and inadequate 
staff training as causes for the material weaknesses reported.\6\
---------------------------------------------------------------------------
    \5\ Component acquisition executives--with the exception of those 
in DHS's Management Directorate--are senior acquisition executives 
below the department level within DHS components. For example, DHS 
components include the United States Coast Guard, Customs and Border 
Protection, and the Transportation Security Administration. Component 
acquisition executives have acquisition responsibilities in four key 
areas: Oversight, policy, acquisition workforce, and acquisition data 
support. The Management Directorate differs because organizationally it 
resides at the department level, has 5 separate component acquisition 
executives (or individuals performing the duties of the component 
acquisition executive), and provides support to the DHS operational 
components. GAO, Homeland Security Acquisitions: DHS Has Opportunities 
to Improve Its Component Acquisition Oversight, GAO-21-77 (Washington, 
DC: Oct. 20, 2020).
    \6\ DHS Office of Inspector General, Independent Auditors' Report 
on DHS's Fiscal Year Financial Statements and Internal Control over 
Financial Reporting, OIG-21-08 (Washington, DC: Nov. 13, 2020).
---------------------------------------------------------------------------
    Demonstrated progress.--The final criterion, demonstrated progress 
(i.e., the ability to demonstrate progress in implementing corrective 
measures), remains partially met. In 2010, we identified 30 specific 
outcomes in the areas of acquisition management, IT management, 
financial management, human capital management, and management 
integration that are critical to addressing the Department's overall 
management challenges. DHS agreed with these outcomes, and they have 
since become the key criteria by which we gauge DHS's demonstrated 
progress. As of September 2021, DHS has fully addressed 18 of the 30 
outcomes, mostly addressed 4, partially addressed 5, and initiated 
actions to address the remaining 3, as shown in table 1.

    TABLE 1: GAO ASSESSMENT OF DEPARTMENT OF HOMELAND SECURITY (DHS) PROGRESS ACROSS MANAGEMENT AREAS, AS OF
                                                 SEPTEMBER 2021
----------------------------------------------------------------------------------------------------------------
                                              Fully          Mostly       Partially
         Key Management Function          Addressed \1\  Addressed \2\  Addressed \3\  Initiated \4\     Total
----------------------------------------------------------------------------------------------------------------
Acquisition management..................             2              3   .............  .............           5
Information technology management.......             5   .............             1   .............           6
Financial management....................             2   .............             3              3            8
Human capital management................             6              1   .............  .............           7
Management integration..................             3   .............             1   .............           4
                                         -----------------------------------------------------------------------
      Total.............................            18              4              5              3           30
----------------------------------------------------------------------------------------------------------------
Source: GAO analysis of DHS documents, interviews, and prior GAO reports./GAO-21-105418
\1\ ``Fully addressed'': Outcome is fully addressed.
\2\ ``Mostly addressed'': Progress is significant and a small amount of work remains.
\3\ ``Partially addressed'': Progress is measurable, but significant work remains.
\4\ ``Initiated'': Activities have been initiated to address the outcome, but it is too early to report
  progress.

    In recent years, DHS has made particular progress in the areas of 
IT management and human capital management. Specifically, since 2017, 
DHS has taken steps to fully address 5 outcomes across these 2 
management areas. First, DHS fully addressed 2 IT management outcomes 
by: (1) Providing on-going oversight and support to troubled IT 
investments to help improve their cost, schedule, and performance and 
(2) demonstrating significant progress in implementing its IT strategic 
workforce planning initiative. Additionally, the Department fully 
addressed 3 key human capital management outcomes by: (1) Demonstrating 
that components are basing hiring decisions and promotions on human 
capital competencies, (2) strengthening efforts to obtain employee 
input, and (3) improving its employee engagement scores as measured by 
the Office of Personnel Management's (OPM) Federal Employee Viewpoint 
Survey.\7\
---------------------------------------------------------------------------
    \7\ The Federal Employee Viewpoint Survey is a tool that measures 
employees' perceptions of whether and to what extent conditions 
characterizing successful organizations are present in their agency.
---------------------------------------------------------------------------
    Important progress and remaining work in all of the 5 management 
functions includes:
   Acquisition management.--DHS has taken steps to strengthen 
        requirements development across the Department, such as re-
        establishing the Joint Requirements Council in June 2014.\8\ 
        However, DHS continues to face challenges in effectively 
        executing its acquisition portfolio. In May 2018, we found that 
        enhancements to DHS's acquisition management, resource 
        allocation, and requirements policies largely reflected key 
        portfolio management practices. However, in January 2021, we 
        found that 10 of the 24 major acquisition programs we assessed 
        with approved schedule and cost baseline goals did not meet a 
        goal at some point in fiscal year 2020.\9\
---------------------------------------------------------------------------
    \8\ In November 2014, in response to a GAO recommendation, DHS 
reestablished the Joint Requirements Council that it had dissolved in 
2006, to review requirements submitted by DHS's component agencies 
(e.g., the Transportation Security Administration). The purpose of the 
council is to validate and prioritize operational requirements--those 
capabilities that are necessary to conduct DHS's mission--for all major 
acquisitions and to ensure that objective, analytical rigor supports 
these requirements.
    \9\ GAO, DHS Annual Assessment: Most Acquisition Programs Are 
Meeting Goals but Data Provided to Congress Lacks Context Needed for 
Effective Oversight, GAO-21-175 (Washington, DC: Jan. 19, 2021).
---------------------------------------------------------------------------
    Some of these instances were because of factors outside of a 
        program's control, such as the Coronavirus Disease 2019 
        pandemic. However, we also reported that in some instances, DHS 
        did not implement sound acquisition practices. For example, 2 
        of the 10 programs failed to meet their cost or schedule goals 
        because of an underestimation of the programs' complexity or 
        requirements. Further, we found that some of the programs that 
        were meeting their currently established goals were at risk of 
        future cost growth or schedule slips. Although the Department 
        had various assessment mechanisms to review individual program 
        progress, it had not yet established an integrated approach to 
        assess the performance of and inform oversight of its overall 
        acquisition portfolio.
   IT management.--DHS has continued to sustain and mature its 
        Department-wide Enterprise Architecture program over the past 6 
        years. For example, in response to our recommendations, the DHS 
        chief information officer developed a fiscal year 2020-2023 
        Enterprise Architecture Strategic Plan to provide strategic 
        direction for delivering IT services and solutions across the 
        Department.\10\ Further, in response to other recommendations, 
        the Department has continued to manage its IT investments using 
        an IT portfolio management approach.\11\ For example, in fiscal 
        year 2020, the Office of the Chief Information Officer (OCIO) 
        produced portfolio data and analysis related to each of the 
        Department's 7 IT portfolios. OCIO officials reported that the 
        chief information officer and other DHS leadership used this 
        information to support IT investment oversight and resource 
        allocation recommendations. This portfolio management approach 
        should enable DHS to identify potentially duplicative 
        investments and opportunities to consolidate investments, as 
        well as reduce component-specific investments.
---------------------------------------------------------------------------
    \10\ GAO, Homeland Security: DHS Enterprise Architecture Continues 
to Evolve but Improvements Needed, GAO-07-564 (Washington, DC: May 09, 
2007), and GAO, Homeland Security: Efforts Under Way to Develop 
Enterprise Architecture, but Much Work Remains, GAO-04-777 (Washington, 
DC: Aug. 06, 2004).
    \11\ GAO, Information Technology: DHS Needs to Further Define and 
Implement Its New Governance Process, GAO-12-818 (Washington, DC: July 
25, 2012).
---------------------------------------------------------------------------
    In addition, DHS has made progress implementing recommendations 
        identified in the fiscal years 2016 to 2018 DHS Office of the 
        Inspector General's (OIG) reports related to IT security 
        weaknesses. However, much work remains for DHS to enhance its 
        information security program. In September 2020, the OIG 
        reported that the Department's information security program was 
        ineffective for fiscal year 2019.\12\ Specifically, the OIG 
        identified that DHS did not have an effective strategy or 
        Department-wide approach to manage risks for all of its 
        systems, nor did it apply timely security patches and updates 
        to mitigate critical and high-risk security vulnerabilities on 
        selected components' systems, among other issues.
---------------------------------------------------------------------------
    \12\ DHS Office of Inspector General, Evaluation of DHS's 
Information Security Program for Fiscal Year 2019 (REDACTED), OIG-20-77 
(Washington, DC: Sept. 30, 2020).
---------------------------------------------------------------------------
    Additionally, in fiscal year 2020, the Department's financial 
        statement auditor identified that DHS had ineffective design 
        and implementation of controls to remediate IT findings, 
        including insufficient corrective actions to address 
        deficiencies that have existed for several years in multiple 
        information systems. Further, for the 17th consecutive year, 
        the auditor designated deficiencies in IT systems controls as a 
        material weakness for financial reporting purposes. As a 
        result, since our 2019 report, DHS has moved from a mostly 
        addressed to a partially addressed rating for one IT management 
        area outcome on IT security. OCIO officials informed us that 
        they are taking steps to address this outcome, such as 
        conducting an independent verification and validation of plans 
        of actions and milestones and performing configuration audit 
        checks for selected operating systems.
   Financial management.--DHS received an unmodified audit 
        opinion on its financial statements for 8 consecutive years--
        fiscal years 2013 to 2020.\13\ However, for fiscal years 2019 
        and 2020, DHS's financial statement auditor reported 2 material 
        weaknesses in the areas of: (1) Financial reporting, and (2) IT 
        controls and information systems, as well as instances of 
        noncompliance with laws and regulations. According to the 
        auditor, these two material weaknesses led to an adverse 
        opinion on internal controls over financial reporting. These 
        deficiencies hamper DHS's ability to provide reasonable 
        assurance that its financial reporting is reliable and the 
        Department is in compliance with applicable laws and 
        regulations. For DHS to obtain and sustain an unmodified audit 
        opinion on its internal controls over financial reporting, and 
        to achieve substantial compliance with the Federal Financial 
        Management Improvement Act of 1996, DHS needs to continue to 
        strengthen its financial management controls and ensure that 
        key controls are in place to address the auditor's findings 
        related to the two material weaknesses.
---------------------------------------------------------------------------
    \13\ An unmodified opinion, sometimes referred to as a clean 
opinion, is expressed when the auditor concludes that management has 
presented financial statements fairly and in accordance with generally 
accepted accounting principles.
---------------------------------------------------------------------------
    In addition, much work remains to modernize DHS components' 
        financial management systems and business processes. 
        Specifically, DHS needs to effectively implement its long-term 
        financial systems modernization efforts at the U.S. Coast 
        Guard, the Federal Emergency Management Agency, and U.S. 
        Immigration and Customs Enforcement. DHS also needs to ensure 
        that key controls are in place to address the auditor's 
        findings.
   Human capital management.--Since our March 2021 High-Risk 
        report, DHS has fully addressed an outcome related to its 
        employee engagement scores on OPM's Federal Employee Viewpoint 
        Survey. DHS has made continued improvements in its Employee 
        Engagement Index, which OPM calculates from the Federal 
        Employee Viewpoint Survey. Starting in 2015, DHS reversed a 5-
        year downward trend in its scores on the Employee Engagement 
        Index. After 4 consecutive years of improvements, DHS surpassed 
        its 2010 benchmark in 2019, and its Employee Engagement Index 
        in 2020 was the second consecutive year above the 2010 
        benchmark (see fig. 2).
        
        
    To address the remaining human capital management outcome, DHS must 
complete steps to use Department-wide training data to inform its human 
capital programs. DHS anticipates completing action on this outcome in 
fall 2021.
   Management integration.--Since 2019, DHS has communicated 
        management priorities through the Department planning, 
        programming, budgeting, and execution process. Specifically, in 
        fiscal year 2019, the deputy under secretary for management 
        issued strategic guidance to components encouraging investment 
        in areas critical to DHS management functions. To achieve this 
        outcome, DHS must continue to demonstrate sustainable progress 
        integrating its management functions within and across the 
        Department, as well as fully address the other 12 outcomes it 
        has not yet fully achieved.
    Significant effort is required to build and integrate a department 
as large and complex as DHS, and continued progress for this high-risk 
area depends on DHS addressing the remaining management outcomes. 
Several factors have contributed to DHS's success in narrowing the 
scope of the high-risk area so far and are helping it to make progress 
on its remaining challenges. These include top DHS leaders 
demonstrating leadership commitment and support for addressing the 
Department's challenges; consistently communicating its efforts and 
regularly seeking feedback from us on its strategy and approach to 
addressing the high-risk area; establishing an action plan for 
addressing the high-risk area; and identifying performance measures to 
monitor its progress. In the coming years, DHS needs to continue 
implementing the remaining work across its key management functions and 
sustaining its progress to date. We will continue to monitor DHS's 
efforts in this high-risk area to determine if the outcomes are 
achieved and sustained over the long term.
    Chairman Correa, Ranking Member Meijer, and Members of the 
subcommittee, this completes my prepared statement. I would be happy to 
respond to any questions you may have at this time.

    Mr. Correa. Thank you very much, Mr. Currie.
    Now I would like to recognize Mr. Alles to summarize his 
statement for 5 minutes.

STATEMENT OF RANDOLPH ``TEX'' ALLES, ACTING UNDER SECRETARY FOR 
          MANAGEMENT, DEPARTMENT OF HOMELAND SECURITY

    Mr. Alles. Good afternoon, Chairman Correa, Ranking Member 
Meijer, and distinguished Members of the subcommittee.
    It is a privilege to appear before you today along with 
Chief Human Capital Officer Angie Bailey to discuss the 
maturation of our Department of Homeland Security's management 
functions as well as some of our challenges, which Chris has 
laid out for us.
    DHS employees rise to every challenge, and the challenges 
are many. The Management Directorate provides vital mission 
support services designed to enable front-line operators to 
more effectively respond to these challenges.
    Since the founding of the Department in 2003, the challenge 
for DHS leadership has been to integrate the numerous diverse 
organizations brought together in the aftermath of 9/11. Most 
of these organizations had unique and sometimes long-standing 
management practices and systems already in place.
    Because of these challenges, the GAO designated 
implementing and transforming DHS as an area on its ``High-Risk 
List'' in 2003. After a decade of hard work, GAO acknowledged 
the Department's significant progress in 2013, narrowing the 
high-risk areas to focus on 5 key management functions: 
Acquisition and program management, information technology, 
financial management, human capital, and the integration of 
management functions across the Department.
    I am pleased to report that DHS has ``fully'' or ``mostly 
addressed'' 22 of the 30 high-risk outcomes, and GAO is a 
valued partner in this effort. In light of our demonstrated 
sustained progress, we are working closely with GAO to narrow 
and re-scope our high-risk designation for DHS's management 
functions with the goal of removal from the list in the 
relatively near future.
    So I want to highlight some of the specific challenges and 
successes.
    DHS leadership has long made supporting and strengthening 
the work force a top priority, all the more so during the 
COVID-19 pandemic. Angie Bailey, our CHCO, will discuss these 
efforts in more detail.
    As the chief acquisition officer of the Department, I 
oversee all major acquisition programs, and I recognize the 
critical role of sound acquisition management in meeting needs. 
Of the 5 acquisition outcomes, all are ``fully'' or ``mostly 
addressed.'' We are on track to close the ``mostly addressed'' 
outcomes by demonstrating sustained progress with existing 
initiatives and program staffing and oversight, specifically 
maturing and enhancing our acquisition program health 
assessment procedures.
    DHS has made substantial progress in maturing the 
Department's IT security and capabilities, and GAO has 
recognized that success by rating 5 of the 6 IT outcomes as 
``fully addressed.'' The sixth outcome, enhanced IT security, 
was previously considered ``mostly addressed,'' and, in January 
2021, GAO informed the DHS CIO of their intent to downgrade 
this rating to ``partially addressed.'' Over this last year, 
CIO has made progress toward resolution of the issues raised, 
which are highlighted in my statement for the record.
    The Department is very proud of obtaining its eighth 
consecutive clean financial audit opinion. We are optimistic 
that we will earn a ninth opinion in fiscal year 2021. Our 
remaining financial management challenges are rooted in our 
outdated financial systems, so our Financial Systems 
Modernization Program will provide components with modern, 
efficient, and compliant business systems, including financial 
procurement and asset management functions.
    The remaining financial management outcomes focus on 
modernizing procurement and asset management systems used by 
FEMA and ICE, and DHS is moving forward with a system that 
serves those components. We expect to report significant 
progress over the next 3 to 5 years.
    The Under Secretary of Management Office is responsible for 
driving progress across the directorate and in part with 
respect to management functions. So, even while dealing with 
the immediate threat of COVID, the Management Directorate has 
remained focused on long-term issues. For example, we are 
achieving significant environmental and financial benefits 
through the National Capitol Region real property strategy that 
includes consolidation of DHS organizations on St. Elizabeth's 
campus and within the National Capitol Region.
    So, further remain focused on opportunities for small 
business, and, in so doing, we have been recognized by the 
Small Business Administration with an A or A-plus grade on its 
Small Business Procurement Scorecard for the past 12 years.
    Since being placed on the ``High-Risk List,'' DHS has made 
tremendous and sustained progress in addressing the central 
issues that resulted in GAO's high-risk designation. We 
appreciate GAO's strong partnership and willingness to continue 
our discussions about re-scoping and eventually removing 
management functions from the ``High-Risk List.''
    Thank you again for this opportunity to appear before you 
to discuss the Department's management functions and 
challenges, and I will welcome any questions you have in a few 
moments. Thank you, sir.
    [The joint prepared statement of Mr. Alles and Ms. Bailey 
follows:]
Joint Prepared Statement of Randolph D. ``Tex'' Alles and Angela Bailey
                           September 30, 2021
    Chairman Correa, Ranking Member Meijer, and distinguished Members 
of the subcommittee: It is a privilege to appear before you today to 
discuss the maturation of the Department of Homeland Security's (DHS) 
management functions, as well as some of our remaining challenges.
    On a daily basis, the more than 240,000 men and women of DHS 
respond to our Nation's most serious threats. DHS employees rise to 
every challenge, and the challenges are many. DHS is aggressively 
pursuing the administration's priorities and addressing some of the 
most critical and evolving threats to the United States. We are focused 
on easing the burdens of the COVID-19 pandemic, responding to natural 
disasters such as Hurricane Ida, promoting a safe, orderly, and humane 
immigration system, combatting Domestic Violent Extremism, and 
detecting, mitigating, recovering from, and responding to, malicious 
cyber attacks.
    In his role as deputy under secretary for management, Mr. Alles 
currently leads the Management Directorate. The Directorate includes 
mission support functions designed to enable front-line operators to 
more effectively respond to these daily challenges. Having formerly 
served as director of the U.S. Secret Service and in multiple 
operational leadership positions at U.S. Customs and Border Protection, 
Mr. Alles keenly appreciates how crucial effective and efficient 
management functions are to successful mission performance.
    In her role as chief human capital officer, Ms. Bailey currently 
leads the Office of the Chief Human Capital Officer (OCHCO). She joined 
DHS in January 2016 as a career Federal executive with more than 38 
years of service, 32 of those in human resources.
                           gao high-risk list
    Passage of the Homeland Security Act of 2002 brought together 
numerous diverse organizations to form the new Department. These 
organizations had existing, unique, and sometimes long-standing 
management processes. Since 2003, the challenge for DHS leadership has 
been to integrate these disparate systems and processes, many of which 
were inefficient, costly, and did not meet basic standards of internal 
controls and security requirements. Developing these organizations into 
a cohesive team would be a challenge for a mature organization in calm 
times. For DHS, brought together in the immediate aftermath of the 9/11 
attacks with an urgent need to maximize mission focus and protect the 
country, the task of integration has been Herculean. We could not be 
prouder of how far the Department has come.
    Because of these challenges, the Government Accountability Office 
(GAO) designated ``Implementing and Transforming DHS'' an area on its 
High-Risk List in 2003. After a decade of hard work, GAO acknowledged 
the Department's significant progress and in 2013 narrowed the high-
risk area to focus on 5 key management functional areas: Acquisition 
and program management, information technology (IT) management, 
financial management, human capital management, and integration of 
management functions across the Department.
    We must emphasize what a valued partner GAO has been throughout the 
Department's maturation. The feedback provided by both GAO and the DHS 
Office of Inspector General (OIG), coupled with the sustained 
commitment by successive DHS leaders to implement this feedback, has 
materially contributed to the significant progress we have made across 
all high-risk areas. We remain dedicated to implementing and resolving 
audit recommendations as we continue to improve DHS.
    To help focus the organization on strengthening management 
functions, we developed the DHS Integrated Strategy for High Risk 
Management (Integrated Strategy). The Integrated Strategy is a detailed 
playbook that is updated biannually and defines a clear path to 
achieving GAO high-risk outcomes (GAO outcomes)--the goals DHS and GAO 
mutually agreed on as clear measures of maturation for DHS management 
functions. First issued by DHS in 2011, the Integrated Strategy is 
recognized as a best practice and is now required by statute.\1\ This 
strategy serves as a rudder to guide our progress, which is 
substantial.
---------------------------------------------------------------------------
    \1\ 6 U.S.C. 341.
---------------------------------------------------------------------------
    As assessed by GAO, DHS fully or mostly addressed roughly 73 
percent of GAO's outcomes. This leaves only 8 of 30 outcomes where GAO 
indicates a significant amount of work remains. In light of our 
demonstrated and sustained progress, we are working closely with GAO to 
narrow and re-scope the high-risk designation for DHS's management 
functions. With years of progress behind us, and external indicators to 
confirm our success--such as 8 consecutive clean financial audit 
opinions--management functions no longer represent a significant threat 
to the Department's mission execution. We have initiated discussions 
with GAO about removing the high-risk designation altogether and 
finding other avenues through which to focus GAO's continued oversight 
on areas that require sustained investment of effort and resources, 
particularly in information systems security and financial systems 
modernization.
    The following examines our progress and remaining challenges within 
the Strengthening DHS Management Functions area on the GAO High-Risk 
List and highlights additional on-going initiatives to strengthen 
Management's contributions to DHS mission execution.
                             human capital
    Supporting and strengthening the workforce has long been a top 
priority for DHS leadership. Across the Department, leadership 
continues to emphasize workforce engagement with the goal of improving 
agency-wide employee satisfaction. To attract, incentivize, and retain 
a diverse and talented workforce, DHS is implementing Department-wide 
human capital solutions to build career paths and develop a continuous 
pipeline of leaders, inspire creativity and innovation, and maximize 
employee performance while encouraging work-life balance. Through 
dedicated workplace inclusion, DHS continues to build a workforce that 
reflects our Nation to accomplish our homeland security missions.
    OCHCO is the lead organization for overseeing efforts to address 
GAO outcomes related to human capital, and every DHS organization--down 
to first-line supervisors--has a vital role to play in developing and 
maintaining a high-performing and engaged workforce.
    Seven of 30 GAO outcomes relate to human capital. Six of the 7 are 
fully addressed: (1) Implement human capital plan, (2) Link workforce 
planning to other Department planning efforts, (3) Enhance recruiting 
to meet current and long-term needs, (4) Base human capital decisions 
on competencies and performance, (5) Seek employee input to strengthen 
human capital approaches, and (6) Improve Federal Employee Viewpoint 
Survey (FEVS) scores. GAO rates the seventh outcome in human capital as 
``mostly addressed'' with only a small amount of work remaining: Assess 
and improve training, education, and development programs. These 
actions are all in advanced stages of maturity.
    With respect to the Department's FEVS scores, GAO notified DHS in 
advance of this hearing that they were upgrading this outcome from 
``mostly'' to ``fully addressed.'' We would like to thank GAO for 
acknowledging the tremendous progress DHS has made in improving 
employee engagement and overall employee satisfaction, as evidenced by 
steady, year-over-year increases since 2015 in both the Employee 
Engagement Index (EEI) and the Global Satisfaction Index (GSI). From 
2015 to 2020, the overall DHS EEI increased a total of 13 percentage 
points, a sustained trend that brings the score to 66 percent, and the 
GSI increased 14 percentage points to 61 percent.
    As an agency with many front-line workers, COVID-19 poses special 
challenges for DHS. Working with OCHCO's Workforce Health and Safety 
Division (WHS), which provides on-going guidance and policy based on 
information from the Centers for Disease Control and Prevention, 
Department of Labor, and the Safer Federal Workforce Task Force, DHS 
leadership implemented public health protections across the Department. 
WHS immediately established communication procedures to continually 
update employees and their families regarding workplace protocols and 
available resources. WHS continues to provide assistance to employees 
working in an environment shaped by the pandemic.
                         acquisition management
    The Office of Program Accountability and Risk Management (PARM) is 
the DHS executive office for acquisition program management oversight. 
PARM partners across components on governance, assessment, and support 
services for major acquisitions. With support from the Office of the 
Chief Procurement Officer (OCPO), PARM is the lead organization for 
addressing GAO high-risk recommendations and outcomes related to 
acquisition management.
    Five of the GAO high-risk outcomes relate to acquisition 
management. Two are fully addressed: (1) Timely validate required 
acquisition documents, and (2) Improve component acquisition 
capabilities. The remaining three are mostly addressed: (1) Establish 
and effectively operate the Joint Requirements Council (JRC), (2) 
Assess acquisition program staffing, and (3) Establish oversight 
mechanisms to validate that acquisitions policies are achieving goals 
and comply with Department policies.
    The JRC is effective at helping identify common gap areas across 
the DHS components and making joint requirements and commonality 
recommendations. For example, the JRC fostered unprecedented cross-
component collaboration growth in areas including Countering Unmanned 
Aircraft Systems, Next Generation Vertical Lift, Combating 
Transnational Criminal Organizations, and Document and Media 
Exploitation. Today, the JRC operates as designed and is fully 
integrated with the Department's research and development, acquisition, 
and resource allocation processes. DHS has achieved the desired end-
state--to effectively establish and operate the JRC.
    Regarding the acquisition program staffing outcome, in September 
2020, PARM undertook a comprehensive staffing analysis report providing 
recommendations to mitigate critical staffing gaps; 68 percent of 
fiscal year 2020 critical staffing gaps are now addressed. The 2021 
review/analysis began in May 2021 and is nearing completion. In 
addition to analyzing and addressing staffing gaps, PARM focuses on 
staffing plan development and implementation along with training and 
certification of the workforce to bolster effective program management. 
As of September 2021, DHS program manager certification across all 
major programs (with a life-cycle cost estimate greater than $300 
million) stands at 94 percent.
    Finally, with regard to the GAO outcome concerning acquisition 
program oversight, we have taken the following steps: (1) Closely 
monitoring programs in breach of their acquisition program baseline; 
(2) requiring program documentation such as life-cycle cost estimates, 
certifications of funds availability, and approval documents for each 
acquisition decision event in the program life cycle; (3) closely 
monitoring program health through our monthly High Visibility Program 
briefings with the Acquisition Review Board, quarterly Acquisition 
Program Health Assessments, and targeted Acquisition Review Board 
Program Reviews; and (4) enhancing program data quality and 
availability, and providing data to the Unified View of Investments, 
which provides leadership with information to support decisions on 
major acquisitions.
                         information technology
    The Office of the Chief Information Officer (OCIO) provides 
infrastructure, governance, and oversight to deliver mission 
capabilities securely, efficiently, and effectively. OCIO serves as the 
lead office for GAO high-risk recommendations and outcomes related to 
IT.
    Six of the GAO outcomes relate to IT. Five are fully addressed: (1) 
Achieve Enterprise Architecture Management Maturity Framework Stage 4, 
(2) Achieve Information Technology Investment Management Framework 
Stage 3, (3) Achieve Capability Maturity Model Integration Level 2, (4) 
Implement IT human capital, and (5) Adhere to IT program baselines.
    The sixth outcome--Enhance IT Security--was previously considered 
mostly addressed. In January 2021, GAO informed the DHS OCIO of their 
intent to downgrade their rating to partially addressed. The basis for 
this determination was primarily the DHS OIG's fiscal year 2019 Federal 
Information Security Modernization Act (FISMA) assessment and the 
fiscal year 2020 Independent Auditors' Report on DHS Financial 
Statements and Internal Control. While DHS does not concur with GAO's 
assessment, OCIO has made progress toward resolution of the issues 
raised in the FISMA assessment and the Independent Auditors' Report.
    The Chief Information Security Officer continues to coordinate with 
the OIG to ensure an effective and transparent fiscal year 2021 FISMA 
assessment. In November 2020, the OIG issued its fiscal year 2020 FISMA 
Cyberscope report that includes preliminary results for the fiscal year 
2020 FISMA assessment. In the Cyberscope report, OIG noted an 
improvement in DHS's FISMA rating giving the Department an overall 
rating of ``Effective.'' This rating was earned as a result of 
demonstrated improvement in the Department's information security 
program.
                          financial management
    The Office of the Chief Financial Officer (OCFO) is responsible for 
the Department's budget, financial reporting and policy, financial 
systems, financial assistance oversight, internal controls, cost 
analysis, program analysis and evaluation, and liaison with GAO and OIG 
auditors. OCFO serves as the lead office for GAO high-risk 
recommendations and outcomes related to financial management.
    Eight of the GAO outcomes are in financial management, five of 
which are either fully or partially addressed: (1) Obtain a clean 
financial audit opinion, (2) Sustain a clean financial audit opinion, 
(3) Obtain a clean internal control audit opinion, (4) Comply with the 
Federal Financial Management Improvement Act, and (5) the United States 
Coast Guard (USCG) Financial Systems Modernization.
    The Department is very proud of obtaining a clean financial audit 
opinion. DHS first earned this opinion at the end of fiscal year 2013 
and has sustained it since then. Based on progress to date, we are 
optimistic that we will earn a ninth consecutive clean opinion for 
fiscal year 2021.
    Progress toward the other three outcomes has been initiated: (1) 
Sustain a clean internal control audit opinion, (2) Federal Emergency 
Management Agency (FEMA) Financial Systems Modernization, and (3) U.S. 
Immigration and Customs Enforcement (ICE) Financial Systems 
Modernization.
    DHS is the only Federal department required by law to obtain an 
internal control audit opinion.\2\ This is effectively a second annual 
audit opinion that is focused strictly on controls and processes. Thus, 
even if a clean financial statement opinion is earned, the existence of 
any control weaknesses can prevent a clean internal control opinion. 
Although we believe this requirement is no longer necessary to ensure 
accurate financial reporting, we continue working toward a clean 
internal control opinion with a target of fiscal year 2024.
---------------------------------------------------------------------------
    \2\ Pub. L. 108-330, Sec. 4.
---------------------------------------------------------------------------
    Many of our remaining financial management challenges are rooted in 
outdated financial systems; our Financial Systems Modernization (FSM) 
program helps remediate these conditions. The FSM program is intended 
to provide components with modern, efficient, and compliant business 
systems, including financial, procurement, and asset management 
functions. Our first major modernization project was the USCG system. 
Two other DHS components--the Transportation Security Administration 
(TSA) and the Countering Weapons of Mass Destruction Office (CWMD)--
used USCG's legacy system and successfully transitioned to a new FSM 
solution in fiscal year 2021 and fiscal year 2016, respectively. USCG 
is on track to transition starting in October 2021 and should be in 
full production in the first quarter of fiscal year 2022, after which 
time its legacy system will begin to sunset.
    The remaining GAO outcomes focus on achieving modern integrated 
financial, procurement, and asset management systems in FEMA and ICE. 
DHS is moving forward with both systems, and we expect to report 
significant progress over the next 3 to 5 years. Our current notional 
schedule has FEMA, ICE, and smaller DHS components (which use the 
current ICE system) moving to FSM solutions in a phased approach 
starting at the end of fiscal year 2024 and continuing through the end 
of fiscal year 2026.
                         management integration
    The under secretary for management's office is responsible for 
driving progress across the Directorate and the Department with respect 
to management functions. DHS's rapid response to the COVID-19 pandemic 
demonstrated particularly well management's capacity, ability, and 
readiness to integrate key functions across our lines of business and 
components to support operations. To achieve a fully addressed outcome 
for management integration, we will continue to demonstrate sustainable 
progress integrating management functions within and across the 
Department.
    The human capital efforts discussed above dovetailed with the award 
of Department-wide and component contracts by OCPO, that included 
innovative solutions and provided critical pandemic-related supplies 
and services, all while supporting small businesses whenever possible. 
DHS is continuously focused on opportunities for small businesses that 
bring innovative solutions to bear in solving challenges, and in doing 
so, garnered DHS a letter grade of A or A+ from the Small Business 
Administration on its Small Business Procurement Scorecard for the past 
12 years.
    Even while dealing with the immediate threat of COVID-19, the 
management directorate has remained focused on long-term issues. We 
established processes and goals to reduce the effects of climate 
change, while increasing resiliency. Our Resilience Framework includes 
assessments for climate and man-made vulnerabilities in all our 
critical assets, including energy and water, facilities, information 
communication technology, and transportation. Smart buildings and 
electric vehicles are a requisite part of our strategy that we are 
actively planning.
    We will also achieve significant environmental and financial 
benefits through the National Capital Region Real Property Strategy 
that includes consolidation of DHS organizations on the St. Elizabeths 
campus and within the National Capital Region (NCR), reducing the DHS 
footprint in the NCR by over 1.2 million square feet with a cost 
avoidance of $1.3 billion over the next 30 years.
    We continue to increase not just the security of our physical 
assets, but that of our human capital as well through increasingly 
comprehensive and continuous electronic vetting and monitoring of 
potentially threatening activities from within. The Department made 
substantial progress toward fully implementing the Federal Personnel 
Vetting Core Doctrine through the Federal Government's on-going Trusted 
Workforce (TW) 2.0 efforts. On July 14, 2021, DHS finalized the TW 2.0 
Implementation Plan for the Department. In August 2021, DHS self-
certified for TW 1.25 compliance, and in the second quarter of fiscal 
year 2022, DHS intends to request certification from the Office of the 
Director of National Intelligence for TW 1.5 compliance.
    Recognizing that cybersecurity is a National security and economic 
security imperative--and with the support of Congress through 
establishing new Title VI authorities--DHS will launch the 
Cybersecurity Talent Management System (CTMS) in November to establish 
an innovative means to hire and retain the very best cyber talent. 
Through the DHS Cybersecurity Service, we will provide a competitive 
public service career experience for cybersecurity professionals with 
the opportunity for tactical compensation, exciting career development, 
and the ability to shape the future of cybersecurity.
                               conclusion
    Since being placed on the High-Risk List, DHS has made tremendous 
and sustained progress in addressing the central issues that resulted 
in GAO's high-risk designation by integrating a myriad of disparate 
organizations and functions into a cohesive and effective Department, 
one that is greater than the sum of its parts. Without a doubt, the 
areas of human capital, acquisition management, information technology, 
and financial management were high risks for the Department in its 
early years. We have made significant and sustained progress since 
then. Some challenges remain in IT and financial management; however, 
we have demonstrated significant progress in those areas and expect 
further improvement in the years ahead.
    As of March 2021, Strengthening Department of Homeland Security 
Management Functions is one of only two High-Risk areas remaining on 
the list that meet the majority of GAO's criteria for removal.\3\ We 
appreciate GAO's strong partnership and willingness to continue our 
discussions about re-scoping and removal of the Strengthening DHS 
Management Functions high-risk area to more accurately reflect the 
state of management at DHS.
---------------------------------------------------------------------------
    \3\ GAO, High-Risk Series: Dedicated Leadership Needed to Address 
Limited Progress in Most High-Risk Areas, GAO-21-119SP (Washington, DC: 
March 3, 2021), page 19. In 2021, DOD Support Infrastructure Management 
met all 5 criteria and was removed from the list.
---------------------------------------------------------------------------
    It is our honor to serve the Department and lead the remarkable 
public servants that fulfill the Management Directorate's essential 
roles in our critical homeland security mission. Thank you again for 
the opportunity to appear before you to discuss the Department's 
management functions and challenges. We welcome any questions you have.

    Mr. Correa. Thank you, Mr. Alles.
    Now I would like to recognize Ms. Angela Bailey to 
summarize her statement in 5 minutes.
    Welcome.

   STATEMENT OF ANGELA BAILEY, CHIEF HUMAN CAPITAL OFFICER, 
                DEPARTMENT OF HOMELAND SECURITY

    Ms. Bailey. Thank you, Mr. Chairman.
    Chairman Correa, Ranking Member Meijer, and distinguished 
Members of the subcommittee, it is a privilege to appear before 
you today alongside Mr. Alles, deputy under secretary for 
management, to provide additional information about our one 
remaining human capital outcome and our employee engagement 
efforts.
    I was here early last year talking to this subcommittee 
about employee engagement and morale at DHS, and I am pleased 
to report continued progress despite the tremendous challenges 
we face.
    DHS is a living, breathing organization made up of more 
than 240,000 human beings. They worry about the same things all 
Americans worry about. They struggle with student loan debt, 
child care responsibilities, taking care of sick or elderly 
family members, or missing yet another family vacation, 
birthday, or anniversary due to work obligations.
    On top of that, every day, our people perform some of the 
most difficult, dangerous, and at times heartbreaking and 
thankless work in the Nation, and they do it well. Our people 
work through holidays and nights and weekends. They are always 
vigilant and ready.
    But the work they do is often directly affected by some of 
the most critical issues facing society, like the pandemic and 
natural disasters that dominate media headlines. For example, 
over 80 percent of DHS employees worked unpaid during previous 
Government shutdowns, and 65 percent have held the front lines 
during the COVID-19 pandemic.
    We can't change the work, but we can continue to explore 
and implement ways to support our people affected by that work. 
Through our efforts on DHS initiatives like employee and family 
readiness and leadership and other developmental programs, we 
have increased support for our employees and their families 
across the Department.
    Our operational components continue working to meet 
employee and family needs through their efforts like resilience 
and suicide-prevention programs at U.S. Customs and Border 
Protection; intensive local action planning at select airports 
by the TSA; emergency back-up child care in FEMA; diversity and 
inclusion education and awareness programs within the U.S. 
Coast Guard consisting of over 100 change agents; and taking 
action to rebuild morale and provide opportunities for 
employees to voice their concerns and share feedback at USCIS 
after the furlough threat in 2020.
    We also share ideas and best practices with each other, 
leading, for example, to U.S. Immigration and Customs 
Enforcement adapting TSA's successful local action planning to 
their own organization's resources, structures, and needs, and 
headquarters implementing emergency back-up child care as well.
    Federal Employee Viewpoint Survey scores reflect the 
positive effects of these efforts. For example, CBP's Employee 
Engagement Index, otherwise known as EEI, increased 15 
percentage points since 2015. TSA's EEI has increased 11 
percentage points. The overall DHS EEI has increased 13 
percentage points. In fact, 5 of our components equal or 
surpass the Government-wide average.
    In an agency as large, diverse, and geographically 
distributed as DHS, this is significant. It is so significant 
that both OPM and GAO have recognized the hard work that has 
gone in to these positive trends. I would like to thank the GAO 
team for continuous support and its productive relationship 
that they have had with us.
    All of this hard work has really led to us being able to 
achieve ``fully addressed'' on all but one human capital 
outcome, and we are close on the one that remains. It is a very 
productive partnership.
    As Mr. Currie and DUSM Alles noted, for the remaining human 
capital outcome, the Department made significant progress with 
continued implementation and sustainment of a variety of 
programs. The remaining work is to institutionalize the use of 
DHS-wide training data to inform human capital programs in 
2022.
    Thank you again for the opportunity to testify today. The 
Department would not be successful without your support and the 
work of our brave men and women who sacrifice each day to make 
our country safe.
    I look forward to your questions.
    Mr. Correa. I want to thank again all our witnesses today 
for their time and their testimony.
    I want to remind the subcommittee that each one of us will 
have 5 minutes to ask their questions of the panelists.
    I will recognize myself now for 5 minutes of questions. 
Five minutes is not too long, so let me start out with Ms. 
Bailey.
    Great progress. It looks like we are doing some good work 
at Homeland Security.
    My question to you is focused on morale. We have talked 
about this in the past. This is what I see as an interesting 
challenge at homeland: 240,000 employees. That is bigger than 
most of my cities in California. That is big. Yet each one of 
those individuals working for you is part of that line of 
defense for the homeland.
    FBI officers, nobody can deny the fact that they should be 
paid well, they should have benefits, they should be 30-year 
career agents. They are the best of the best at what they are 
doing.
    Yet you have TSA employees at the airport, where they are, 
a lot of them, part-time. A lot of them are struggling to get 
health benefits, until recently, with TSA. Turnover is 
unbelievable. Yet those are the folks that are watching that 
monitor, that screen, looking at people, trying to figure out 
whether there is something there that can get into an airplane 
that would do us major harm.
    How can we help you, not you by yourself, but how can we as 
a legislature help you make the argument that we need to bring 
these people up to speed, need to make them professionals, we 
need to pay them well, we need to make sure that their 
attitude, you know, their--that they know that their mission--
but we pay them accordingly?
    Please.
    Ms. Bailey. Thank you for your question, Mr. Chairman.
    Yes, TSA--you raise a very important point for us and one 
that we have put a lot of attention and effort into. I know Mr. 
Pekoske is fully supportive of the efforts that we are making 
to ensure that we raise the pay of our TSOs. Because, as you 
said, in some cases, in some of our major locations, they can 
actually be paid more to work at a local retail or at a fast 
food restaurant than they can for TSA. So it is a primary 
concern of ours and something that we intend to address.
    The second issue also has to do with making sure that we 
provide them their MSPB appeal rights. I am pleased to say 
that, just this week, we were able to work a deal with MSPB to 
ensure that our employees do have those appeal rights available 
to them.
    Then with regard to their actual morale or engagement and 
their working life, some of the things that we are very pleased 
about is the initiatives that we have put into our employee and 
family readiness initiatives----
    Mr. Correa. What do we need to make those folks full-time 
instead of part-time?
    You know, flipping hamburgers, my daughter did that last 
summer, OK? She got paid well, but she wanted to get out of 
there as quickly as possible. I want to make sure that our TSA 
employees aren't there part-time and wanting to get out of that 
job for the next job that offers them a dollar more an hour.
    Ms. Bailey. Right. So that is a very good question as well, 
Mr. Chairman. One of the things that we are striving to do is 
get the balance between part-time and full-time appropriate. 
Because there are some instances where we have found where our 
employees do want part-time so that they can raise their 
families or they can continue to go to school and have 
different opportunities.
    The other thing that we really stress within TSA is that it 
is also a foot into the Federal Government, it is a foot into 
DHS. We do find that many of our TSOs have the actual 
opportunity to promote within TSA and/or to go on to CBP, 
Secret Service, and then on to ICE.
    So we have found that by having specific career progression 
for them throughout this law enforcement community is something 
that they have really valued and that they look forward to as 
putting more effort into that as well.
    Mr. Correa. So a couple of things. I would just argue that 
the typical FBI agent probably knows that they can go maybe 
part-time, or some of the other Federal agents can go part-
time, depending on the family situation.
    TSA employees, they get an opportunity to become an FBI 
agent, they move on. But how do you make it attractive for them 
to be there for 30 years?
    I have 30 seconds left. You are not going to answer that in 
30 seconds. But, you know, these are some of the issues we need 
to work on, because, again, the weakest link in the chain is 
one that will break, and we can't afford any, you know, 
failures in our defense of the homeland.
    So I look forward to working with all of you. I don't want 
to criticize you; I want to work with you to make sure it is a 
win-win situation.
    With that, I will recognize the Ranking Member for 5 
minutes of his questions.
    Welcome, sir.
    Mr. Meijer. Thank you, Mr. Chairman.
    Thank you to those statements from all of our witnesses 
here today.
    Mr. Currie, I just wanted to, I guess, follow up a little 
bit on what the Chairman was mentioning in terms of concerns on 
the employee side and on the morale side. Mr. Currie, you had 
mentioned that if you take out, I believe it was, the Coast 
Guard and TSA from the broader DHS work force that it would be 
a much different picture.
    Can you elaborate a little bit more on what is distinctive 
about the TSA and Coast Guard relative to the rest of the DHS 
work force, and also to what extent both the TSA being a wholly 
new creation with a very unique mission relative to the rest of 
DHS and also the Coast Guard having that dual role of uniformed 
defense and a quasi-military capacity depending on its 
orientation?
    Mr. Currie. Yes, sir, sure. So, actually, if I said that, I 
was incorrect. It is TSA and Customs and Border Protection, so 
CBP, are the two. But that is a great question. I will break 
that down. I think----
    Mr. Meijer. I heard ``USCG'' and not ``CBP,'' so I 
apologize. But, yes--but also just, if you could better kind-of 
truncate how you view those cultural differences.
    Mr. Currie. Well, and, actually, I think you make a great 
point, because the Coast Guard's morale is pretty high 
comparatively, because they were a legacy component well before 
DHS had a strong mission, strong tie to the Department of 
Defense, as you probably know well.
    But let me talk a little bit about TSA and CBP. I think 
there are a couple of things going on there.
    First of all, they are by far the largest components, you 
know, with, together, over 100,000 employees.
    I think, also, second, they really do represent what Ms. 
Bailey was saying, like, the front line, have to be there every 
day, day in and day out, no-break kind-of employees, protecting 
our border, scanning international passengers, scanning 
international cargo, you know, all the tough things that we 
think about at DHS.
    I have to tip my cap. I mean, we have tremendous respect 
for those folks. You know, they don't have the luxury of 
working remotely like a lot of us in the professional world 
have been able to do over the last year and a half. They have 
no choice. COVID has really impacted them hard.
    But they are the largest. I think they have the toughest 
mission. Everything they do is under constant public scrutiny. 
If you think about a lot of other Federal workers, they don't 
have somebody watching them do their job every day. So I just 
think they have a tremendously difficult mission.
    Then I think, you know, what we just talked about with TSA. 
I think this is why, in our view, it is so critical that we 
really zone in to these components and figure out how, 
culturally, we can make some changes and, frankly, hold their 
leadership accountable.
    Ms. Bailey and Mr. Alles, from the DHS standpoint, can do a 
lot, and they have. But unless the supervisors and the managers 
deep within those components feel accountable for morale, I 
don't think it is going to be a huge priority.
    Mr. Meijer. Well, thank you for that, Mr. Currie.
    I just want to, kind-of, pull up a little bit to the 
40,000-foot level. You mentioned specific things going down to 
that supervisory level. On the whole, you know, the GAO's 
``High-Risk List'' is something that DHS has been on for close 
to 20 years. Can you give a bit of a sense of how unique that 
is to DHS? I mean, are there other Federal agencies that have 
been on it for a very long time? I know DOD is sort-of in its 
own specific category there, but among, I would say, more 
comparable Executive branch agencies?
    Mr. Currie. Yes, sir. As you know well, DOD is always in a 
special category. But, yes, so there are some that have been on 
since the inaugural ``High-Risk List'' since 1990. For example, 
Medicare, improper payments in Medicare have been on there for 
that whole time. But there are others that have been on for 
less than that, 4 to 6 years, that have gone on and come back 
off. Also, there are some that have gone on, come off, and then 
go on again a couple years later because the problems came 
back.
    So I wouldn't say it is out of the realm of ordinary that 
something as big and complicated as the Department--and here is 
the other part: It is not just the management issues; it is the 
criticality for National security. I wouldn't say it is an odd 
thing that they are still on the list.
    Mr. Meijer. Thank you, Mr. Currie.
    My time is running short, so I just want to ask Mr. Alles 
real quick: GAO narrowed down their ``High-Risk List'' area in 
2013, recognizing key mission-related areas, such as the 
Quadrennial Homeland Security Review. But DHS has not published 
a QHSR since 2014, obviously 7 years ago. Any plans for 
completing that in the short-term, sir?
    Mr. Alles. Yes, sir. The Secretary has promised to produce 
that. It is produced through the Office of Plans and Policy and 
up through management. So I can direct a more specific answer 
to them to get back to you with that, if that is OK.
    Mr. Meijer. Thank you.
    Mr. Chairman, with that, I yield back.
    Mr. Correa. Thank you very much, Mr. Meijer.
    Now the Chair will now recognize other Members for 
questions that they may ask of the witnesses. In accordance 
with the guidelines laid out by the Chairman and Ranking Member 
in their February 3 colloquy, I will recognize Members in order 
of seniority, alternating between the Majority and Minority.
    Members are reminded to unmute themselves when they are 
recognized for questions.
    Let me start out with Mr. Torres from New York.
    Welcome, Mr. Torres.
    Mr. Torres. I actually think there is a more senior Member 
on, so I would be happy to defer.
    Mr. Correa. Alternating between--who is the other Member--
oh, let's see, who else do we have here? Mr. Langevin? Is that 
who you are talking about? Mr. Langevin?
    Mr. Torres. I thought I saw Congresswoman Titus, but----
    Mr. Correa. Ms. Titus, are you----
    Mr. Torres. That is who I thought.
    Mr. Correa. Ms. Titus, welcome.
    Thank you, Mr. Torres.
    Ms. Titus. Well, thank you very much, Mr. Torres. I don't 
mean to ever cut a line. I appreciate you recognizing that I am 
running back and forth.
    Thank you, Mr. Chairman.
    I would like to direct my question to Ms. Bailey, and it is 
about the diversification of the work force. I think we 
strengthen the work force if we do diversify it, and so that is 
something I have been working on. There are a number of HBCUs, 
Hispanic-serving institutions, our veterans out there. The more 
we reach out to them and try to bring them in, I think the 
stronger we become.
    I had a bill that passed out of this committee, and I thank 
the Chairman for his support of it. It passed the House, and it 
was in the NDAA that we approved, but now we have to get it out 
of the Senate. It is called the Homeland Security Acquisition 
Professional Career Program Act, and it codifies training 
programs in these institutions that I mentioned for our work 
force.
    I wonder if you would just comment on the importance of 
having qualified and diverse professionals to supply the things 
that we need to keep our country safe?
    Ms. Bailey. Yes. Thank you very much for the question. It 
is something that we have been working extremely hard at.
    One of the things that I am really proud about is that the 
DHS work force is actually 47 percent diverse. In fact, we are 
higher than the Government-wide average of 38 percent. Often I 
am asked, well, what about, you know--that is because of TSA 
and CBP. But even if you take them out, we are still 40 percent 
diverse.
    Our Hispanic population is at 22 percent. Women represent 
35 percent. In our non-LEO occupations, such as my own, we are 
up to 48 percent. In our SES, we have 31 percent women 
representation. Our veterans are at 26 percent. We have 
maintained an exemplary rating since fiscal year 2017.
    So we have put a tremendous amount of effort into 
recruiting and going out and making sure that we really seek 
talent from all segments of society. We have also put much 
effort into making sure that our leadership development 
programs really help raise up everyone within the Department so 
that they are ready, capable to be able to go into our SES 
ranks.
    So the one area that I would say that remains a challenge 
for us is our representation of women in law enforcement. Mr. 
Mayorkas has challenged us to be able to get to 30 percent by 
2023. There is an initiative that is going on within the women-
in-law-enforcement community to--I think it is 30 by 2030, but 
we have challenged ourselves to make that 30 by 2023.
    So, with that, you know, we look forward to working with 
you to ensure that we can improve our diversity even more, but 
we are really heading toward 50 percent of DHS will have some 
type of diverse representation across all of our components.
    Ms. Titus. Well, I am glad to hear those numbers.
    I would also just hope that you really target minority-
serving institutions when you do recruiting, because, often, 
they are not aware that these career opportunities exist.
    Furthermore, I don't know what your policy is on 
internships or mentorships, but those often work well to bring 
young people into some of these professions.
    Ms. Bailey. Absolutely, Congresswoman. You hit the nail on 
the head. Our internship programs--in fact, this summer, we 
just did a cyber sprint and we hired over 300 people and put 
out another 500 tentative job offers, so that is, like, 800 
people.
    We created a cyber honors program. The Secretary has 
created a Secretary's cyber honors program. With that, we have 
put folks into that as well.
    So internship programs are hugely beneficial for us. Going 
to these minority-serving institutions is where we have found 
just tremendous talent. So we are very supportive of those 
efforts.
    Ms. Titus. Well, thank you. Go over there to the Senate and 
tell them that, so they will pass this bill on the Senate side.
    Well, thank you very much.
    Thank you again, Mr. Torres.
    I will yield back.
    Mr. Correa. Mrs. Harshbarger. Yes? Welcome.
    Mrs. Harshbarger. Yes, I can hear you now. Can you hear me?
    Mr. Correa. Yes.
    Mrs. Harshbarger. Great. Thank you, Mr. Chairman, Ranking 
Member Meijer, and all the guests here today.
    You know, I have a question. I don't know who wants to 
answer this. But, you know, I live in a rural district with a 
smaller airport. You know, the President's Executive Order on 
vaccination for these Federal employees is set to take effect 
prior to Thanksgiving. You know, that is a heavy travel period 
and one of the busiest weeks of the year.
    I guess my question is, in a smaller airport like in my 
district, there is going to be a significant work force 
disadvantage to the TSA employees, and they are going to be 
laid off due to that vaccine requirement, especially if that 
area is smaller.
    Can you walk us through what plan DHS has for employees 
that are not going to be vaccinated at that time? That could be 
detrimental not just to DHS or those TSA employees but to a lot 
of different facilities. Can anybody answer that?
    Mr. Alles. Yes, ma'am. I will start off, and I will let 
Angie pitch in also.
    First off, we want to make sure we fully engage the work 
force with what the intent is of the administration on the 
vaccination program. So first off is to lay out the time line 
for those vaccinations and then make available a location where 
you can get vaccinated, which are fairly wide, even in numerous 
locations through your local pharmacies.
    So we want to start in that area there, and then, you know, 
we want to encourage them. We certainly don't want to lose 
employees over vaccination. So, I mean, that is kind-of our 
starting point as we work this down. I think really 
communicating with them and making vaccines available is a 
critical part of this effort.
    Angie, do you want to fill in more on that?
    Ms. Bailey. Yes. I would say that we had our OVOW, which is 
our Operation Vaccinate Our Workforce, where we made sure that 
we actually partnered with VA to provide as much vaccination 
support as we could to our mission-critical positions, and that 
included our TSA operations in, like, the small airport that 
you mentioned. Seventy-seven percent of those folks that were 
eligible that had requested it actually did get their 
vaccinations.
    On whole, DHS is 64 percent--we have had our employees 
respond. We are at 64 percent of our work force has been 
vaccinated. That is on par with the Nation as well.
    So, to Mr. Alles' point, we are going to put a full-court 
press on educating our work force, make sure that we get them 
as many facts as we can so that they can make an informed 
decision. We are providing them a time table of when they need 
to have their first shot and their second shot.
    We are working with OMB Privacy and Civil Rights and Civil 
Liberties to make sure that we have a reasonable accommodation 
process put in place to address anybody who has a medical or 
religious exemption.
    So we are not in the business of removing our employees. We 
are in the business of trying to make sure that we educate 
them, that we provide them every opportunity to get vaccinated 
or to put in for reasonable accommodations. Because this 
Nation's security and safety is--you know, it is a National 
security issue for us to make sure that we have every DHS 
employee that we can on board.
    Mrs. Harshbarger. Well, it is a National security risk, 
because if you have these rural areas--and that is where I am 
seeing from. You know, I am also in the Doctors Caucus, and 
when we look at these statistics Nation-wide, we see that the 
rural areas are the ones that have, I guess, a lower percentage 
of vaccination.
    So I guess my question is, again, what is the plan when we 
don't have employees to work those stations?
    You know, I push for PreCheck in a lot of rural areas. 
People don't know what they don't know, and we want them to 
know that they can go ahead, if they are a lower risk, go ahead 
and sign up for that PreCheck.
    But what are we going to do? We can't afford to close those 
smaller airports. So does DHS have a plan to fill those spots 
in case they do have to lay them off for that?
    Mr. Alles. Yes, I think I would say, as we have already 
described, ma'am, that our intent is to encourage employees in 
the vaccination. I mean, if there are shortages there in those 
airports, we will have to address those in stride through 
additional hiring or, you know, temporarily moving employees to 
keep things open.
    I think, actually, the specifics of the question may be 
best referred, though, to TSA, because I don't want to speak to 
them on how they would actually address the operations part of 
it.
    Mrs. Harshbarger. OK. Well, I know it is coming up on us 
pretty darn quick. We have about a month-and-a-half to get a 
strategy put together. But thank you for your answers.
    With that, I yield back, sir.
    Mr. Correa. Thank you, Mrs. Harshbarger.
    I will now recognize Mr. Torres. Yes?
    Mr. Torres. I am sorry, Mr. Chair, I think Mr. Langevin is 
on. Congressman Langevin is more senior.
    Mr. Correa. He is, but he is not on the committee.
    Mr. Torres. Oh, he is not?
    Mr. Correa. I want him to be on the committee, but I still 
have to send him, I guess, more flowers before he decides to.
    Mr. Torres. I just assume that I am always the least 
senior, so----
    Mr. Correa. That is right.
    Mr. Torres. I have the glimpses of seniority.
    So, as all of you know, January 6 was obviously a wake-up 
call about the depth of domestic terrorism in the United 
States, particularly within the ranks of law enforcement.
    I know DHS is the largest law enforcement agency in the 
Federal Government. Secretary Mayorkas in April said that he 
was going to conduct a review of how to best prevent, detect, 
and respond to domestic terrorism, particularly within the 
ranks of DHS, domestic extremism.
    I am curious to know, what is the status of the review, and 
when can we expect to see the findings of the review?
    That is for the under secretary.
    Mr. Alles. I will take that, sir.
    So he just testified, the Secretary, a few days ago on this 
particular topic and made the note that this is one of our most 
important missions, is to not only provide National 
intelligence about domestic violent extremists but also to 
ensure that our head---not our headquarters, but our Department 
is secure in that regard too.
    So, in that regard, we are going to increase training 
opportunities and other support to help identify individuals at 
risk of radicalization----
    Mr. Torres. Mr. Under Secretary, I asked, what is the 
status of the review, and when can we expect a report? I am 
glad it is a priority, but I am asking for----
    Mr. Alles. He did commit to providing the report to the 
committee, to the full committee. That is due back to him in 
October sometime, and, depending on his time lines, it should 
be sometime after that.
    Mr. Torres. Thank you.
    My next question is for GAO. I know, Mr. Currie, you 
identified TSA as a troubled entity within DHS, as well as 
Border Patrol. I am curious, what is your assessment of ICE?
    Mr. Currie. Well, in terms of the morale score, sir?
    Mr. Torres. Performance, morale. I mean, you classified DHS 
as a high-risk agency. If I understood your testimony 
correctly, TSA is a disproportionate driver of that. I am 
interested to know where ICE ranks.
    Mr. Currie. Yes. Well, so, under the management areas, in 
terms of ICE, there are a few critical issues.
    One, we do have some morale concerns there, them being a 
law enforcement organization within the Department that doesn't 
have as high a morale as some other components. So there is a 
concern there that needs to be addressed. It is not that I am 
less concerned about ICE than TSA or CBP; it is just, when you 
talk about overall morale of the Department, they are a little 
bit smaller.
    You know, also, obviously, they have a tremendously 
difficult mission right now too. So I am concerned about their 
work force and the morale of the work force too.
    The other thing we look at, too, in the management area is 
their financial systems too. ICE is 1 of the 3 components in 
DHS that has one of the oldest legacy financial management 
systems left over from since before the Department started, and 
they have a ways to go before they are able to modernize that 
as well. So we have concerns there.
    Mr. Torres. Does each have to have its own financial--I 
mean, why not have, like, shared or centralized systems?
    Mr. Currie. Well, that--sir----
    Mr. Torres. Administrator?
    Mr. Currie [continuing]. That question is the question on 
financial management.
    Mr. Torres. Oh, I guess under secretary. Why not have 
centralized systems for----
    Mr. Currie. No, that--yes, that was the goal from the 
beginning, was to centralize. At the very beginning, the idea 
was, we are going to take 22 legacy agencies, some were 
created, some were existing, and we are going to put all these 
together into one system. I think very quickly we saw that that 
was just not possible.
    So, right now, there is kind-of a hybrid. Some still have 
the old systems. Like I mentioned, FEMA's is over 25 years old. 
Some----
    Mr. Torres. Why isn't it possible?
    Mr. Currie. Well, and some--for example, with FEMA, it is 
just a matter of--first of all, they got started a little bit 
late, trying to modernize them. Then there are so many 
different systems just within FEMA's system. At one point, they 
were managing over 20 different grant programs with different 
systems. So they manage a ton of money. Just, it has taken a 
long time, and there has been----
    Mr. Torres. You are telling me it is impossible to create 
one centralized system that can administer all those grants, 
sir?
    Mr. Currie. You know, nothing is impossible, but I can say 
over 20 years that to do this across DHS into one system has 
been very difficult.
    Now, they have been able to do this in some components and 
be successful. I think they are just down to some of the most 
challenging components.
    Mr. Torres. I just want to quickly interject, because I 
heard a contradiction between the two testimonies.
    You identified 30 management areas, and you said DHS has 
made progress in 18 of those or has achieved its goals in 18 of 
those. But I heard the under secretary say 22.
    So I am curious to know what is the disconnect between your 
two testimonies.
    Mr. Currie. Well, there are different ratings, so what I 
was referring to is the ones that are fully addressed and 
completed. There are others that are partially. So I think that 
was the difference.
    Mr. Torres. Of everything that remains, what is the most 
urgent?
    Mr. Currie. I think, right now, the most urgent--I classify 
``urgent'' and ``challenging'' as the same, because, to me, the 
most challenging are going to be the hardest to address and 
they need the most focus and the most resources.
    I think, you know, financial management is the one that is 
going to take the longest to address across the Department and 
there is still the most work to be done. I think even DHS has 
said they are still on a horizon of it being at least probably 
5 years until some of these issues are addressed. So I am very 
concerned about that.
    But, you know, I continue to be concerned about morale too. 
You know, while we give DHS a lot of credit because there has 
been consistent steady progress and improvements last year, you 
know, almost every agency in Government improved last year.
    So I don't think anybody at DHS would say they are where 
they want to be in terms of employee morale, which has 
cascading effects, sir. You know, it affects recruitment, it 
affects retention. It just has such a huge impact on the 
mission. I think that is another major area I am concerned 
about.
    Mr. Torres. My time has expired. Long expired.
    Mr. Correa. Thank you, Mr. Torres.
    Now, Mr. Meijer, unless you object, I will go to Mr.--do 
you have any other Republican Members on your side right now?
    Mr. Meijer. Mr. Chairman, I am not seeing any of my 
colleagues on this side of the aisle, so no objection.
    Mr. Correa. Unless you object, I will go to Mr. Langevin.
    Mr. Langevin. Very good. Thank you, Mr. Chairman.
    Mr. Correa. Welcome, sir.
    Mr. Langevin. I thank you and the Ranking Member for 
allowing me to sit in on this subcommittee. I am proud to be on 
the Homeland Security Committee, but haven't had the pleasure 
of serving on this subcommittee, but maybe in the future. But 
glad I could participate in this subcommittee hearing.
    I thank the witnesses for their testimony.
    I would like to start, if I could, with Ms. Bailey.
    Ms. Bailey, what percentage of cybersecurity billets within 
the Department of Homeland Security are unfilled right now?
    Obviously, cybersecurity is the National security and 
economic security challenge of our time. We need all hands on 
deck; we need every billet filled. I know that DHS is still 
underresourced there in terms of bodies.
    Can you give me an idea of how many are unfilled right now?
    Ms. Bailey. I think we have--well, thank you for your 
question, Congressman.
    You know, I am not sure. I may have to get back to you on 
the exact number. I know we have close to 10,000 positions that 
are identified as being--as being identified as being cyber. 
One of the things that we were trying to do with our sprint was 
at least to address 10 percent of our vacancies.
    So I think that we are somewhere around 80 percent, but I 
really need to get back to you--80 percent filled, not vacant.
    Mr. Langevin. Yes.
    Ms. Bailey. So I need to get--I need to get back to you 
with regard to the exact number.
    Mr. Langevin. So you would say approximately 20 to maybe 30 
percent is a reasonable estimation?
    Ms. Bailey. I think it is around 10 to 20 percent, 
because----
    Mr. Langevin. OK.
    Ms. Bailey [continuing]. We had a really significant push 
this summer, and we far exceeded what we wanted to be. I think 
we are somewhere around 2,000 vacancies, if I am not mistaken, 
and so this summer we were able to, again, get almost 1,000 of 
those filled.
    Mr. Langevin. Well, I strongly hope that when you do look 
at the actual numbers that it is closer to the 10 percent, not 
20 percent or more. Because even at 20 percent, I would 
certainly characterize that vacancy rate as unacceptable and, 
you know, feel that it is troubling. I mean, I find it a 
troubling statistic.
    But could you please explain to the committee what you plan 
to do to address this vacancy rate going forward?
    Ms. Bailey. Certainly.
    I do want to make sure that I was clear on this. We have 
around 2,000--we had around 2,000 vacancies this summer, and we 
filled almost 800 of them, of those 2,000. So we have made 
significant progress against making sure that we have all of 
our positions filled.
    Now, with regard to some of the things that we are doing, 
one of the things that I am very pleased to say is that--and 
this is with Congress's support--we were able to implement our 
Cyber Talent Management System, which will give us an 
incredible ability to recruit and hire, pay, and retain, train 
our cyber work force in a way that we have never been able to 
do within the Federal Government.
    So that will give us the ability to, like, reach out to and 
establish partnerships with some of the minority-serving 
institutions, as well as, you know, being able to qualify folks 
who have maybe been successful at a hackathon, you know, won a 
National hackathon award.
    So, by being incredibly creative and inventive and actually 
breaking apart everything that is known as far as Civil Service 
goes, we will have the advantage of being able to, again, 
really go after the talent that is in this Nation, pay them in 
accordance with what the market is paying, and then be able to 
retain them in a way that we have never been able to before.
    Mr. Langevin. OK. Thank you. Very important.
    Let me ask you this. Congress granted DHS the authority to 
implement its Cyber Talent Management System in 2014, yet the 
Department is just now preparing to launch that system.
    So the authorities in question give the Department broad 
authority to create new positions necessary to carry out its 
responsibilities. So what roles and responsibilities does the 
Department envision CTMS helping to fill? What resources does 
the Department require to meet these hiring goals?
    Ms. Bailey. Well, we do plan to use that to fill a variety 
of our cybersecurity needs, everything from forensics, to 
network investigations, to what you would consider typical 
cybersecurity positions.
    So, in working with CISA and with our CIO, we have been 
able to really identify the kinds of skills that they need so 
that we can get the talent into those particular positions.
    We anticipate, right off the bat, of bringing in close to 
150 people and then just keep expanding it from there and, you 
know, across the board. So I think you will be pleased with 
where we are by next spring, considering that we will have it 
fully implemented and ready to recruit and hire on Day 1.
    Mr. Langevin. Thank you. Thank you.
    Mr. Chairman, I have one last question at this time, but 
if----
    Mr. Correa. Please, go ahead. Go ahead and ask it, sir.
    Mr. Langevin. Thank you. Thank you, Mr. Chairman.
    Well, basically, last question, I would like to focus now 
on the Cybersecurity and Infrastructure Security Agency. Given 
that CISA is a new agency with a critical mission, it is 
important that it be able to hire the cybersecurity talent 
necessary to execute that mission. For example, giving CISA the 
authority to grant cybersecurity fellowships that brings in 
outside talent could be very helpful.
    How is the Department supporting and empowering CISA to 
ensure it can bring on the cybersecurity talent it needs?
    Ms. Bailey. Well, one of the things that we are doing is 
working very closely--I have a very good relationship with both 
the director and the deputy director of CISA, and it gives us 
the opportunity to really dive in and figure out exactly where 
they have their needs. We are really making use--we will make 
use of our Cyber Talent Management System to address many of 
the needs that you have addressed.
    The fellowship programs or the internship programs, all of 
those will still exist as well, by the way. So, you know, we 
are not just simply going and saying CTMS is the only thing 
that we are going the do. We will make use of all the hiring 
authorities, including the Schedule A hiring authority that we 
have that helps us reach deep down in and be able to get the 
talent that we need.
    Mr. Langevin. I certainly hope so. It is a vital mission. 
So is it possible that you could come and brief us on CTMS in, 
say, December or so?
    Ms. Bailey. Yes, absolutely. Absolutely, Congressman. More 
than happy to come brief you on CTMS.
    Mr. Langevin. All right. Thank you very much.
    Mr. Chairman, I appreciate the extra time and your allowing 
me to ask questions as part of the subcommittee today. Thank 
you very much. I yield back.
    Mr. Correa. Mr. Langevin, please come by anytime. We love 
to have your sharing of your good comments on the committee and 
questions, of course.
    Are there any other Members in the committee that have not 
asked a question? Any other Members?
    Then I would ask Mr. Peter Meijer if he is interesting in 
going for a second round of questions. Are you OK with that?
    Mr. Meijer. Absolutely, Mr. Chairman.
    Mr. Correa. OK.
    I want to follow up--I will start out with 5 minutes here. 
I want to kind-of follow up with some of Mr. Langevin's 
thoughts there.
    You know, one of my prior lives, I used to chair a 
committee in Sacramento, California, that had jurisdiction over 
CalPERS and CalSTRS, some of the biggest pension funds in the 
Western world. The challenge was always trying to keep the good 
asset managers working for CalPERS and CalSTRS. Once Wall 
Street found out that they were actually really good, they were 
hired away, because we just could not afford to pay them the 
multimillion-dollar salaries that Wall Street could afford to 
pay them.
    My question to you is obvious. I mean, how do we keep the 
good cyber folks on your payroll and not having them 
essentially be taken away by the private sector?
    Mr. Alles. If I could comment, I think there are two 
aspects. One is what Angela talked about----
    Mr. Correa. Yes, Mr. Alles.
    Mr. Alles [continuing]. The Cyber Talent Management System.
    I think we discussed the other part yesterday. It is the 
appeal for the mission. In fact, I have had several people call 
me that want to work for the Department, not because it pays 
well. They want to do it because they are interested in 
protecting the Nation, and there is an appeal to them because 
of the mission of the Department. I think that is an important 
part of it that we had kind-of discussed yesterday.
    So that is a key part. You know, obviously, that is how the 
military appeals to people. They are not doing that job because 
they are getting paid a lot of money; they are doing it because 
they feel it is a service to their Nation. So I think that is a 
key part.
    Mr. Correa. Ms. Bailey.
    Ms. Bailey. I would also say, to add to what Mr. Alles 
said, one of the other things is that we completely understand 
that this is a field in which they are not going to stay with 
us for 30 years. They are not going to stay in any business, 
whether it is private, public, nonprofit, it doesn't matter. So 
what we have done is create a system in which they can come in 
and out of Federal Government in a very easy way.
    Today, under the current Civil Service rules, you can't do 
that. Like, when you come in, often--well, often what happens 
is, whenever you leave and then you come back in, you basically 
can't be paid for any of your experience or education that you 
have received, although OPM has worked to change some of those 
rules just recently.
    But when we designed CTMS, we designed it with that in mind 
knowing that this is not only a generation but it is also an 
occupation that is not going to stay with us. So we are OK with 
that.
    What we have to do is make sure that, when they are here, 
that they are given the kinds of resources and experiences that 
they are looking for and then, whenever they go back out to 
private sector, that we keep track of them and that we then, 
whenever we have new opportunities, we reach out to them and 
bring them back in.
    So it is something that we actually have planned for, 
rather than trying to assume that they are all going to want a 
30-year career.
    Mr. Correa. Thank you very much.
    With that, I will call on Mr. Peter Meijer for his 
questioning. Thank you very much, sir.
    Mr. Meijer. Thank you, Mr. Chairman.
    Ms. Bailey, I just had a brief question. During COVID, 
Congress gave agencies special Schedule A COVID hiring 
authority. Can you share a little bit more about how DHS 
utilized that hiring authority and if you think that hiring 
authority might be a positive model for the future?
    Ms. Bailey. Yes. Thank you for your question, Ranking 
Member.
    It was an important authority. I will tell you that it was 
mostly used by CISA, where they could go out and get some of 
the talent that they needed. We only actually used it for about 
52 positions, and headquarters used it for some of their 
positions as well.
    So is it important? Sure. I mean, every time we are given a 
new hiring authority, we make full use of those hiring 
authorities, I will tell you that.
    One of the things, though, that I will say that I would 
love to see us do is, rather than--because we have over 100 
special hiring authorities on the books that can be used by all 
agencies. One of the things we would really like to do is just 
net that down.
    We have our Enhanced Hiring Act that actually had made it 
into the last Congress. But one of the things that we would 
love with that is the ability to just have one streamlined 
hiring authority for our veterans and then make sure we 
maintain 20 percent veterans on board at all times within DHS 
and then have the ability to go out and make partnerships and 
relationships with all of the different academias, as well as, 
you know, the universities, as well as private sector and some 
of these different specialized groups to be able to bring that 
talent on board within DHS.
    So, you know, like, if I had my dream, that would be it, 
that we could really have our Enhanced Hiring Act be something 
that complements what we are trying to do with our Cyber Talent 
Management System.
    Mr. Meijer. Thank you, Ms. Bailey.
    Mr. Currie, just kind-of sticking a little bit on cyber but 
pivoting over to the acquisitions side of the house, I know 
that, obviously, DHS has faced challenges in effectively 
executing that portfolio. We have seen that with the Coast 
Guard cutter acquisitions and also at CISA's National 
Cybersecurity Protection System.
    The GAO report mentioned that one action that remains is 
for DHS to establish and effectively operate the Joint 
Requirements Council to review and validate component-driven 
capability requirements that drive the Department-wide 
acquisitions and also work to identify and eliminate unintended 
redundancies.
    Can you share to what extent there has been progress in 
this area and conclude with what remains to be done?
    Mr. Currie. There has been a lot of progress in this area. 
I mean, I think we have seen the JRC in existence for long 
enough to know that it is the right organization with the right 
processes to oversee the requirements development.
    I think we are pretty close to probably addressing that, 
maybe in another 6 months or so. I think we want to spend some 
time validating this, though, and actually seeing the results 
over the next 6 months.
    You know, we do still have some concerns that, while there 
is a lot more acquisition discipline and process, we still want 
to see more programs within cost and schedule, we want to see 
more successes. I just don't think we are seeing enough actual 
successes.
    Because, you know, it is not just about having the 
discipline and the processes. I mean, the whole purpose of that 
is you want to see effective implementation of these programs 
into homeland to achieve the mission. We just haven't seen 
enough of that yet to feel like that is not a high-risk issue.
    Mr. Meijer. Are there any other acquisition programs across 
the Government, whether within DOD or within more specialized 
agencies or components, that you look at as a model or, you 
know, areas that you would suggest that DHS emulate?
    Mr. Currie. Well, there is no doubt that acquisitions is 
tough across all Federal Government, I mean, especially DOD. I 
mean, it is hard for me to say DOD is better than--you know, 
they have challenges, too, as you know well.
    But I think that DHS has a unique challenge here, though, 
because a lot of times what they are trying to do is they are 
trying to apply commercially-available technologies or other 
sort of things to a very, very specific homeland application. I 
think that is where sometimes we run into some challenges.
    For example, you know, the USM and I were talking the other 
day about the biodetection system, you know, where the DHS is 
trying to implement a system that will, you know, within 
minutes, detect a bio attack on our homeland. Well, it is very, 
very difficult because the technology is just not available 
yet. So the idea is good, but, you know, it is just not ready 
to go in the homeland, whereas you may be able to use a 
technology like that on a more experimental basis in the 
warfighter scene or in theater or something like that.
    So DHS just has a number of very unique challenges.
    Mr. Meijer. Thank you, Mr. Currie.
    Mr. Chairman, my time is expiring, and I believe we also 
just had a vote call, for your awareness. With that, I yield 
back.
    Mr. Correa. Mr. Torres, did you want to ask a couple of 
questions?
    Mr. Torres. I would be able to ask a question, but if you 
feel you have to end the hearing, that is----
    Mr. Correa. Go ahead, shoot. You have about 12 minutes. Go 
ahead.
    Mr. Torres. OK.
    Well, actually, we are going to vote on one of my bills. I 
have a bill that would require the under secretary for 
management, I believe, to issue Department-wide guidance to 
require DHS contractors to submit a bill of materials 
identifying the origin of software components. The legislation 
was meant as a response to SolarWinds.
    So my question for the under secretary is, what actions has 
the agency taken to shore up our cybersecurity in the wake of 
SolarWinds?
    Mr. Alles. Yes. So, in the wake of SolarWinds, we are 
developing a Unified Cybersecurity Maturity Model, because 
SolarWinds is more complex than just looking at FISMA scores. 
In fact, those kind-of evaluate the knowns. In this case, this 
is what we call a zero-day exploit. So a lot of this is going 
to address our cybersecurity domains, access control, audit and 
accountability, risk management systems, and communication 
protections.
    It is based on the domains established in DOD's CMMC, 
Cybersecurity Maturity Model Certification, which will help 
make sure that the supply chain, which is how they got into our 
systems through the SolarWinds supply chain, through security 
issues with that contractor, will help ensure the contractors' 
networks are secure.
    It will also include implementation of a zero-trust 
architecture, a supply chain risk management system, and then 
enhance our cybersecurity provider program and our identity 
verification management systems.
    Mr. Torres. Can I ask a question about EINSTEIN in 
particular? My understanding is that EINSTEIN lacks the 
capacity to detect anomalous threats intruding----
    Mr. Alles. Right.
    Mr. Torres [continuing]. Into the Federal network. Is that 
accurate? What are we doing to address that deficiency?
    Mr. Alles. Yes, sir. EINSTEIN was formed to address known 
threats. So, by definition, a zero-day exploit is not going to 
be an EINSTEIN-protected----
    Mr. Torres. So are we creating an EINSTEIN 4 or an entirely 
new capacity to confront unknown anomalous threats?
    Mr. Alles. It would be a different capacity, as I 
mentioned--zero-trust architecture, securing your supply chain, 
making sure your contractors are secure on their side.
    Mr. Torres. One other question. What is the time line for 
finalizing that?
    Mr. Alles. For all these efforts, we are just getting them 
under way. I would give that probably a couple of years to be 
fully implemented.
    Mr. Torres. All right. That was the extent of my 
questioning. I just wanted to follow up on the supply chain 
security.
    I don't know if GAO has any thoughts on DHS's preparedness 
in relation to a supply chain attack like SolarWinds?
    Mr. Currie. Yes, sir, we do. I am not our cybersecurity 
expert, but we have definitely have done a ton of work in that 
area, and I can get you all that information.
    Mr. Torres. That would be great.
    OK. That is the extent of my questioning. Thank you, Mr. 
Chair.
    Mr. Correa. Thank you, Mr. Torres.
    Mrs. Harshbarger, I believe you are next.
    Mrs. Harshbarger. Well, I think I am good. If I have a 
question, I will just give it to you in writing.
    So thank you, Mr. Chairman.
    Mr. Correa. I want to thank all of you. I want to thank the 
witnesses for being here today and for your testimony, and 
Members for your questions.
    Members of the committee may have additional questions of 
the witnesses, and we ask that you respond expeditiously to 
them when they ask them in writing.
    The Chair reminds Members that the committee record will 
remain open for 10 business days.
    Without any further objections or business, this committee 
hearing is now adjourned.
    Thank you very much.
    [Whereupon, at 3:16 p.m., the subcommittee was adjourned.]

                                 [all]