ICE to restart a key element of $800 million, multiyear IT program

Agency officials said Thursday that they will switch from a custom-built to a commercial-off-the-shelf approach to modernize TECS, a mainframe system that has b...

Officials in the Homeland Security Department’s Immigration and Customs Enforcement directorate said last week they are making a course correction on a technology modernization project the agency deemed its highest IT priority.

ICE decided a central element of its approach over the last six years was unworkable. The agency spent $64 million on developing a custom-built system.

The system in question is called TECS, and it has been around in its current form since 1987. Its primary users are ICE and Customs and Border Protection, both of which came to the conclusion several years ago that the system was becoming too costly to maintain and too technologically obsolete for mission-critical day-to- day use.

ICE and CBP decided to pursue separate acquisitions to modernize the government- developed system, and federal auditors have discovered serious problems with both.

In ICE’s case, an internal review and an outside examination determined last summer that ICE’s designs for case management — the most important element of its share of TECS modernization — were not technically viable. So, the agency said Thursday it’s pivoting from yet another custom-built software to a commercial-off-the shelf approach.

Thomas Michelli, ICE’s chief information officer, assured members of the House Homeland Security Committee Thursday that the $60 million spent thus far had not been entirely wasted. Much of the money, he said, has been spent to construct a new database system and interfaces to the more than 80 other federal systems TECS must communicate with.

The agency still hopes to make use of those advances in conjunction with whatever solution it ultimately buys.

“This is equivalent to, if you’re building a skyscraper, the foundation. It’s very fundamental for any new system, and we have that in hand,” he said. “What we don’t have is the first floor. So, of the $60 million that we spent, about $20 million was for code development. We made the decision that it was not a sustainable solution, and we have to look at other alternatives. So what we learned when we went out to do market research is that the market has changed and that there are commercial, off-the-shelf programs that we can now use. Our agents are excited at what they see. And in fact, by moving from the custom co-development to a commercial off-the-shelf solution, very early estimates are that we could save money over the life cycle cost estimate of the system.”

RFI released

ICE estimated its share of TECS would cost $818 million, and Michelli estimated switching to a commercial acquisition will shave that down by 10 to 20 percent.

On Wednesday, the agency issued a request for information in pursuit of that COTS approach. ICE wants to make a new award by June, and both CBP and ICE say they still believe they can leave their 1980s mainframe system behind by 2015.

A December review by the Government Accountability Office was highly critical of both agencies for their approaches to TECS modernization.

CBP says it has already begun to deliver capability in its $693 million program, but GAO pointed out that the agency already is rebaselining its program for the second time in the past year, changing the acquisition’s delivery dates and expected capabilities.

David Powner, GAO’s director for IT management issues, said the troubles with TECS boil down to two fundamental problems: poor program management and poor governance.

ICE and CBP, he said, were largely on their own paths, and until recently, senior officials in the agencies and at DHS had little understanding of what was actually happening in the major acquisition effort.

“These governance bodies clearly were not getting complete information to assess program risks, and their assessments were way too rosy,” Powner said. “The undersecretary [of Homeland Security’s] assessment for both acquisitions was deemed low risk in July of 2013. The latest CIO assessments were better but not much, calling the CBP acquisition moderately low risk and the ICE program medium risk. It was quite clear during our review that the ICE program was high risk at that time. Moving forward, both programs need to establish solid baselines so that Congress clearly knows what we are spending and what exactly is being delivered when, to better support our CBP officers and ICE agents.”

Powner said CBP missed the mark by not effectively managing schedule and contractor performance risks on its side of the $1.5 billion program.

Both agencies waited until they were years into the TECS modernization effort before they created reasonable ways to limit the number of requirements.

In ICE’s case, it took the agency two years to realize that its list of 4,300 separate requirements was unmanageable. After that, it cut the list down by 70 percent.

“I would say they have fairly solid requirements management processes in place now, but those were put in place late,” Powner said. “I think it was most evident in the ICE program. I mean, a 75 percent reduction in requirements is a big change. And I’m glad that we’re getting it together now, but a lot of this is coming too late. We also need to do a better job with executive leadership, not just here but across a lot of pockets of the federal government. There are executive steering committees in place now, and I think they are working more effectively. But it sure would have been nice to have those in place sooner.

Moving to agile development

For CBP’s part, Charles Armstrong, that agency’s assistant commissioner for information and technology and CIO, said it has learned lessons from other IT programs about how to better manage its schedules for capability delivery.

“We are trying to move to more of an iterative process where we’re prototyping functionality and not doing a big, monolithic build of functionality before we deploy something,” he said. “So our officers and agents actually get to see the functionality early on before we spend a lot of money to go and build it. And then after we build it, then we go out to some test ports, and then we prototype that in the actual live environment. And that gives the officers and agents an opportunity to work with the system, and gives our program office an opportunity to make sure that we’ve got the requirements right before we fully deploy the system. So I think those are the big lessons learned that we got out of other programs, and I feel like we’re on track.”

Once DHS does get rid of its old mainframe system, Armstrong said there will be concrete benefits beyond reducing the sustainment costs that go along with the upkeep of legacy hardware and software.

Border agents, he said, will be able to focus on their jobs, rather than moving between multiple applications on their computer screens. And long lines at ports of entry should begin to go down.

“The biggest issue in terms of TECS and wait times at the border has been the stability of the old system,” he said. “So the new system is going to allow for a lot more redundancy, and it will reduce the amount of outages we have to take for maintenance. So I think the availability is going to go up. That’s certainly the platform that we put together, and it will also reduce the planned outages that we normally take at least once a month. So I believe it will improve things.”

RELATED STORIES:

DHS not on track to deliver large- scale tech improvements

New details in how the feds take laptops at border

DHS satisfied with privacy safeguards in new data sharing programs

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

    Stacy Bostjanick and Jennifer Henderson

    Risk and Compliance Exchange 2024: DoD’ Stacy Bostjanick, DCMA’s Jennifer Henderson on finding ‘any means possible’ to help small biz with CMMC

    Read more
    Amelia Brust/Federal News Networkcybersecurity

    How should software producers be held accountable for shoddy cybersecurity products?

    Read more