The Department of Homeland Security is updating its IT strategic plan this year as the department shifts away from a “big bang” approach to technology projects, and an associated reliance on system integrators, to more iterative projects and enterprise services.
One of the key principles of DHS’s IT modernization approach going forward is “the department, not a contractor, should serve as lead integrator for any modernization effort,” DHS IT leaders told members of the Senate Homeland Security and Governmental Affairs Committee’s subcommittee on emerging threats and spending oversight.
“We still rely on our industry partners for critical expertise and services while ensuring we have strong federal staff with technical and subject matter expertise to maintain control of modernization programs throughout their lifecycles and ensure the work of contractors and internal teams comes together to deliver results,” DHS officials wrote in joint testimony for a Wednesday hearing.
DHS Chief Information Officer Eric Hysen described the department’s prior attempts at IT modernization as a “big bang approach” that often led to delays and cost overruns. He testified alongside Federal Emergency Management Agency CIO Charles Armstrong and Transportation Security Administration CIO Yemi Oshinnaiye.
“One of the results of that ‘big bang’ approach with single system integrators was that every IT system would build everything from the ground up,” Hysen said during the hearing. “They would have their own infrastructure, their own support teams, their own login systems, for example. And as we’ve moved to modernize, we’re looking to break that down and offer up common enterprise services for common pieces of functionality.”
Those principles could feature in a new DHS IT strategic plan, which Hysen confirmed is being finalized and should be released before the current four-year plan expires at the end of this fiscal year in September. The new document will outline DHS’s “overall modernization priorities,” Hysen said.
Kevin Walsh, director of information technology and cybersecurity at the Government Accountability Office, noted DHS expects to spend approximately $10 billion on IT in 2023, with about 90% of that pegged for operating and maintain existing systems.
He said DHS’s efforts to modernize its IT systems have a history of cost overruns and schedule breaches, but added that the department has taken “promising steps” to address past issues.
“They’ve halted or suspended projects that are going poorly,” Walsh said. “They’ve addressed our recommendations at a better than average rate, documented lessons learned and used modern development technologies, like agile and incremental. . . . Going forward. DHS needs to continue addressing its legacy systems by cataloging those systems, identifying what’s not performing and prioritizing the work ahead.”
DHS revising biometrics, other troubled programs
DHS is now overhauling several major headquarters programs that have faced schedule and performance issues in recent years, including the Homeland Advanced Recognition Technology (HART) system. HART was launched in 2015 to replace DHS’s legacy biometrics information sharing system, but the program has faced a series of delays and officially breached its schedule in 2020.
DHS’s acquisition review board launched a review of the program earlier this year, and the department is now embarking on a “more iterative plan to implement an architecture refresh and structural changes to better enable HART to reach initial operating capability in the next two years,” DHS’s joint testimony states.
Walsh also confirmed GAO is conducting a congressionally mandated review of the HART program.
“Our prior issued work identified a series of issues related to the HART program, and we made a total of seven recommendations,” Walsh added. “Three of those recommendations remain open. They are related to reviewing contract deliverables from contractors before accepting them, tracking and monitoring costs, and defining and monitoring stakeholder involvement.”
Hysen’s CIO team is also working with DHS’s office of the chief financial officer to transition the Financial Systems Modernization (FSM) away from “big bang thinking,” the joint testimony states, toward agile methodologies.
That shift was sparked by the Coast Guard’s troubled transition to a new financial management system last year. The Coast Guard faced monthslong delays in making certain payments after its transition to the DHS Financial Management System Modernization Solution.
DHS officials in their testimony said they are reorienting FMS to ensure the department has oversight of systems integration. They are also planning to iteratively roll out FMS improvements for new DHS components, rather than targeting one major transition date. DHS also plans to make new contract awards under the effort by the end of fiscal 2023.
Meanwhile, officials said the Homeland Security Information Network is also transitioning to an incremental modernization approach. HSIN is used to share operational information with federal, state, local, tribal, and other partners, but the system is built on outdated technology.
In 2022, DHS launched a new “DHS Intel” mobile application so those partners could access intelligence products on their phones. That app is now the “cornerstone of our broader efforts to modernize the full HSIN system iteratively over the next several years,” officials testified.
DHS contemplates ‘IT Academy’
DHS is also focused on recruiting more skilled employees across a range of technical competencies. Officials in their testimony revealed more than 100 employees have now been onboarded into DHS’s Cyber Talent Management System, which was launched in 2021. So far, only the DHS CIO’s office and the Cybersecurity and Infrastructure Security Agency have been authoried to use the CTMS, but FEMA has been approved to start using the system this year as well.
Meanwhile, DHS also brought onboard 25 employees under a “customer experience” hiring initiative launched last year. DHS is also establishing a CX directorate, and earlier this week, the department announced it reached a CX goal of reducing the amount of time the public spends accessing DHS services by 20 million hours annually.
The department is additionally considering establishing a “DHS IT Academy,” Hysen said, to provide a standard training program for new hires, as well as upskilling opportunities for existing employees in areas like data science, artificial intelligence, and human-centered design.
“The IT workforce at DHS is a tremendous asset,” Hysen said. “We have over 5,000 talented and committed professionals. And so while we’re also looking to bring in more talent from the private sector, we have opportunities and are focused on enabling our existing workforce to grow and continue to increase their impact.”