[Congressional Record Volume 160, Number 104 (Monday, July 7, 2014)]
[Senate]
[Pages S4202-S4204]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                  EXPEDITIONARY COMBAT SUPPORT SYSTEM

  Mr. McCAIN. Mr. President, at a time when vital defense programs are 
threatened due to a lack of funding, the Federal Government has wasted 
billions of dollars attempting to procure new large information 
technology systems, consistently disregarding lessons learned from past 
failures and well-established acquisition best practices.
  Even with a current annual budget of $80 billion for information 
technology projects, the Federal Government struggles to make those 
systems work. The American people can still remember the embarrassing 
failure of healthcare.gov, the Obama administration's most recent 
information technology fiasco. What they may not realize is the Health 
and Human Services' healthcare.gov mess is not unique and is, in an 
important sense, merely business as usual in how the government, 
particularly the Department of Defense, acquires large information 
technology systems.
  The Pentagon is responsible for many of the most egregious cases of 
wasted taxpayer dollars when it comes to government information 
technology programs. Lack of planning for these acquisitions within the 
Armed Forces has made the adoption of new information technology 
systems an expensive and risky endeavor. The Air Force's Expeditionary 
Combat Support System, or ECSS, is a prime example of how a system 
designed to save money can actually waste billions of taxpayer dollars 
without producing any usable capability.
  Today the Permanent Subcommittee on Investigations issued a 
bipartisan report on the failed acquisition of the ECSS, a program that 
was supposed to decrease costs and increase efficiencies by 
consolidating the Air Force's hundreds of legacy logistic systems into 
a single new system.
  It is important to recognize that what happened with ECSS is not an 
isolated case of incompetence. Unfortunately, it is one of the many 
examples that show how billions of dollars can be wasted if the 
intended acquisition is not started off right with a detailed plan that 
includes clear, stable requirements and achievable milestones supported 
by realistic original cost estimates and reliable assessments of risk.
  The subcommittee's report notes that the Air Force started the ECSS 
acquisition in 2004 with the goal of obtaining a single 
``transformational'' unified logistics and supply chain management 
system that would allow the Air Force to track all of its physical 
assets worldwide, from airplanes, to fuel, to spare parts. These types 
of computer platforms; that is, large business systems that companies 
use to make their businesses operate more efficiently, are known as 
enterprise resource planning systems or ERPs. Basically, ECSS was 
supposed to be an enterprise resource planning system that would have 
combined all of the Air Force's global logistics and its associated 
supply chain management activities under one streamlined management 
information technology system.
  As the Department of Defense's overall strategy to become fully 
auditable hinges on how successfully it procures and integrates these 
systems into its business enterprises, failures such as the ECSS are 
not only costly to the taxpayer but also disastrous to the Department's 
larger financial improvement efforts.
  To keep costs down, the Air Force intended to build its new ERP 
system using already available commercial software instead of a 
software system designed from scratch. That type of commercial 
software, however, works best when the organization using it follows 
efficient business processes. In order to take advantage of the 
commercial software that supported ECSS, the Air Force needed to 
dramatically change longstanding internal business processes that 
supported how it managed global logistics and its associated supply 
chain.
  That never happened. Unfortunately, the culture of resistance to 
change in the Air Force made it difficult to make those changes. The 
Air Force needed strong leaders who could communicate not only the 
goals of ECSS to end users and get their buy-in but also develop sound 
program management strategies to overcome resistance to change among 
those lower level personnel. Ultimately, the leaders of the ECSS 
Program did not effectively communicate with the end users. Without 
their buy-in, ECSS was doomed to fail before it even started.
  Because the Air Force had not adequately planned what needed to be 
done to procure ECSS effectively, it was easier for program managers to 
order changes in configuration that in effect customized the commercial 
software on the fly rather than alter the Air Force's own culture. That 
caused costs to skyrocket and delivery schedules to slip.
  The Air Force's eagerness for expensive customization was especially 
troubling given that as early as 2004, the Air Force identified the 
need to avoid customizing the commercial software lest costs explode. 
But in the end, it failed to heed its own advice. The subcommittee 
report finds that the Air Force's customization of the commercial 
software was a major root cause of ECSS's failure.
  Such customization could have been avoided had the Air Force fully 
and timely implemented a congressionally mandated procedure for 
improving its operations called business process reengineering. 
Business process reengineering, which is a proven private

[[Page S4203]]

sector management approach, offers a structured way to introduce major 
new changes into an organization to help it run more efficiently and 
ensures that careful planning goes into every stage. Not infrequently, 
Fortune 500 companies use business process reengineering to, for 
example, restructure existing business units to work more efficiently, 
passing resulting savings on to consumers and to absorb effectively new 
business units from companies they have acquired or merged with to 
maintain overall competitiveness in the marketplace.
  Had the Air Force actually used business process reengineering in 
connection with the ECSS; that is, redesigned those business processes 
that needed to be changed for the Air Force to absorb its commercial 
off-the-shelf software effectively, the risk identified in 2004 would 
have been consciously addressed at each stage of the procurement, not 
essentially disregarded for 8 years.
  In its 2004 risk assessment, the Air Force also identified a lack of 
stable program requirements as a risk to the program. That risk, too, 
was not accounted for. From the beginning of the ECSS procurement, the 
Air Force failed to properly define and stabilize the program's 
requirements, what the system would do, and how it would do it. Even 
those who were going to use ECSS felt as though they were in the dark. 
In 2008, 4 years later, a technician stated: ``My [number one] 
complaint is that E.C.S.S. has yet to identify . . . any time line [for 
when] we can expect to receive detailed information [or] requirements 
about what E.C.S.S. will provide.'' This user's complaint reflects the 
lack of planning that went into the Air Force's attempt to procure 
ECSS.
  To this day, the Air Force still does not know how many legacy 
systems it actually has on hand, let alone the number that ECSS was to 
replace. The Air Force's lack of knowledge about its current 
information technology systems led to confusion when it tried to 
construct a replacement. That is why I offered an amendment to the 
NDAA--the National Defense Authorization Act--for fiscal year 2015 that 
would require program personnel to have a proper understanding of 
existing legacy systems and clear goals in connection with its efforts 
to procure new information technology systems, but more has to be done.
  The subcommittee's report recommends the Department of Defense should 
also start assessing how much BPR would need to be done--and how 
feasibly it can be done--earlier in the acquisition lifecycle of these 
ERPs. Also, investment review boards, which are critically important 
governance tools used in connection with the Department's efforts to 
procure ERPs, should be integrated into the budgeting process when 
these programs begin. That would help make sure that not only is BPR 
being implemented early and effectively but also that the large 
information technology system being procured lines up with the 
Department of Defense's broader efforts to modernize its business 
systems. Collectively, these initiatives would help these programs 
start off right and allow both the Department of Defense and Congress 
to conduct better oversight and hold leadership accountable for future 
failures.
  In this case no one within the Air Force and the Department of 
Defense has been held accountable for ECSS's appalling mismanagement. 
No one has been fired and not a single government employee has been 
held responsible for wasting over $1 billion in taxpayer funds. With 
six program managers and five program executive officers over 8 years 
having transitioned in and out of the program, the Air Force has had 
trouble determining who should be held responsible. On scores of other 
failed programs, this of course is a study we are all familiar with. 
Let me repeat: Not a single government employee has been held 
responsible for wasting over $1 billion--six program managers and five 
program executive officers over 8 years in and out of the program.
  This is a chronic lack of accountability, and I think efforts in the 
National Defense Authorization Act amendments to align the tenure of 
program managers with key decision points in the acquisition process is 
badly needed. That provision would allow us to not only hold 
accountable those responsible for blunders such as ECSS but also to 
reward those involved with successful acquisition strategies.
  The subcommittee's report details many leadership failures within the 
Air Force and the Department of Defense in the ECSS Program that should 
serve as a warning for current and future information technology 
acquisitions. Since 1995 the Government Accountability Office has 
placed the Department of Defense business systems modernization 
efforts; that is, its efforts to replace its existing information 
technology systems to improve how the Department of Defense is managed, 
on its high-risk list every year. It has been on that list for many of 
the same reasons ECSS failed, including inadequate management controls 
to oversee how it acquires these large systems.
  According to the Government Accountability Office, the Department of 
Defense ``has not fully defined and established business systems 
modernization management controls.'' It further noted that these 
management controls are ``vital to ensuring that [DOD] can effectively 
and efficiently manage an undertaking with the size, complexity, and 
significance of its business systems modernization and minimize the 
associated risks.'' I challenge the new Deputy Secretary of Defense, 
who acts as the Chief Management Officer, to work with the Government 
Accountability Office to get the Department of Defense's business 
systems modernization efforts off the high-risk list, and I look 
forward to a plan from him on how he intends to do it.
  Such a plan is clearly necessary, given the current difficulties the 
Department of Defense is facing in procuring major information 
technology programs. The Army has spent roughly $1.89 billion on its 
logistics modernization programs. Yet just recently, in May of this 
year, the Department of Defense inspector general reported that the 
Army will most likely miss the congressionally mandated auditability 
deadline in September of 2017 because it failed to properly implement 
the BPR.
  Additionally, the defense enterprise accounting and management 
system, or DEAMS, is a current Air Force acquisition effort that has 
received roughly $425 million in funding and is scheduled to receive 
billions more. DEAMS has faced similar issues to those witnessed in the 
failed ECSS procurement program. For instance, similar to ECSS, the Air 
Force has been frustrated by its inability to get the buy-in it needs 
from DEAMS' intended end users for them to change their business 
processes and allow for DEAMS integration into the Air Force.
  According to a December 2013 Department of Defense internal report, 
end users at McConnell Air Force Base indicated that the training for 
this program ``did not provide them with a real understanding of the 
system and its application to their day-to-day work process.'' Sound 
familiar? In this case, the Air Force and the Department of Defense are 
again failing to properly procure and implement a program that is 
crucial to its business operations and to the Air Force becoming fully 
auditable by 2017.
  The Navy has also struggled with the procurement of large information 
technology as a program called Navy ERP illustrates. According to the 
Department of Defense's Deputy Chief Management Officer, these 
guidelines demand that program officers for information technology 
acquisitions effectively map out current legacy systems and business 
processes that need to be changed or retired and then lay out a new 
plan that would improve and transform the shortcomings of the old 
systems. These ``as is'' and ``to be'' process maps help guide the DOD 
components and agencies in how they procure large information 
technology systems.

  But when the Department of Defense inspector general asked the 
program office for Navy ERP's process maps, disturbingly, the Navy said 
no such plan existed. This is particularly unsettling because the Under 
Secretary of the Navy at the time, who is now the Deputy Secretary of 
Defense, certified that those plans were actually completed.
  In addition to the lack of process maps, the Department of Defense 
inspector general found that Navy ERP could not be used to track and 
account for the Navy's $416 billion in military equipment assets. That 
means the Navy's program would not even allow

[[Page S4204]]

the Navy to become fully auditable, as required by Congress, raising 
questions about why the Navy would spend $870 million on a program that 
would not even fulfill congressional mandates.
  This lapse in oversight is unacceptable, which is why the 
subcommittee's bipartisan report recommends that the Department of 
Defense review its internal policies to make sure information 
technology systems that receive BPR certifications on paper are 
actually implementing BPR in reality.
  These certifications are required for a reason: They help 
decisionmakers in the Department of Defense and Congress make informed 
decisions on whether a given program is ready to go further in the 
acquisition process and whether taxpayer funds should be authorized and 
appropriated for that purpose.
  As I mentioned earlier, information technology procurement is not 
only a Department of Defense problem. In November of last year, in 
response to the disastrous healthcare.gov rollout, President Obama 
himself said:

       One of the things [the Federal Government] does not do well 
     is information technology procurement. This is kind of a 
     systematic problem that we have across the board.

  I agree with him that information technology procurement in the 
Federal Government is in desperate need of reform. The White House's 
Office of Management and Budget has expressed significant concerns 
about 42 Federal information technology investments, totaling $2 
billion. According to the Government Accountability Office: ``despite 
spending hundreds of billions on I.T. since 2000, the federal 
government has experienced failed I.T. projects and has achieved little 
of the productivity improvements that private industry has realized 
from I.T.''
  The Department of Homeland Security's Secure Border Initiative 
Program, or SBInet, was another notable major IT procurement failure. 
My colleagues might remember SBInet as the high-tech surveillance 
program that, when it began in 2006, promised a single 
``transformational'' integrated security system for hundreds of miles 
of border protection on our southern border. Well, I remember SBInet as 
a system that, according to the Government Accountability Office, cost 
$1.2 billion and was on a path to spend 564 percent more than its 
initial cost estimates when it was canceled in 2010. Once again, ever-
changing requirements, a lack of internal management controls, and not 
really understanding what we were trying to procure, how hard it would 
actually be, and planning effectively for those difficulties, led to 
the Federal Government squandering over $1 billion with nothing to show 
for it.
  The Federal Government's incessant inability to procure major 
information technology systems is especially concerning since, in the 
coming months, the Department of Defense will be selecting a contractor 
to develop a centralized military health care information technology 
system. That program is supposed to provide seamless sharing of health 
data among the Department of Defense, Veterans Affairs, and private 
sector providers. In light of the recent tragic consequences stemming 
from mismanagement at the Phoenix VA Health Care System and VA 
hospitals around the country, we cannot afford to further jeopardize 
veterans' health care because of information technology failures. Yet 
any serious effort to reform how care is delivered to our veterans will 
largely turn on the effective delivery and integration of this system. 
We need to put the Department of Defense and the Department of Veterans 
Affairs on notice that we will monitor this program carefully 
throughout its acquisition.
  In closing, there is still much to be done at the Department of 
Defense and throughout the Federal Government to ensure the acquisition 
of large information technology programs is improved. If we do not want 
to repeat past failures, the Department of Defense's attempts to 
procure large business IT systems must be supported by the right 
leadership, proper planning, and a workforce that is open to changing 
``business as usual'' in order to help make sure the Department 
operates more efficiently, effectively, and transparently.
  I yield the floor.
  I suggest the absence of a quorum.
  The ACTING PRESIDENT pro tempore. The clerk will call the roll.
  The bill clerk proceeded to call the roll.
  Mr. CORNYN. I ask unanimous consent that the order for the quorum 
call be rescinded.
  The PRESIDING OFFICER (Ms. Hirono). Without objection, it is so 
ordered.

                          ____________________