Homeland Security Department watchdogs say more oversight from the secretary and top-level leadership is going to be key to helping the agency’s multiple components improve management functions and strengthen the workforce.
DHS Inspector General John Roth said the department’s Joint Requirements Council and the creation of an undersecretary for policy position is encouraging to see when it comes to tackling the management troubles around the DHS’ “Unity of Effort.”
“I think [the policy position] is going to be a key role in figuring out how to make these components, which historically have never worked together, work together in a meaningful way,” Roth said during a Feb. 16 House Oversight and Management Efficiency Subcommittee hearing. “I think for the first time, DHS upper management will have some authority and some teeth to ride herd over the disparate components.”
Rebecca Gambler, director for GAO’s homeland security and justice issues, said top leadership attention is “critical” to ensuring effective acquisition oversight.
“One of the key findings we’ve had is the need for improved oversight and governance of those acquisitions and investments that relate to things like human resources, information technology systems, the USCIS transformation program,” Gambler said. “Across the board, it’s imperative that top leadership at the department is involved and overseeing acquisition investments through executive steering committees, through the Acquisition Review Board, through the Joint Requirements Council and so on.”
Subcommittee chairman Rep. Scott Perry (R-Pa.) said what it sounded like to him was that it was up to top management and the department secretary to bring together the various DHS component leaders, identify solution sets, time frames and progress reports.
“If you don’t complete that, if you don’t complete your mission, maybe this isn’t your life’s work or something like that,” Perry said. “That’s I think what we’re looking for.”
Capacity and progress
DHS management is just the overarching goal for DHS and its components meeting their mission.
DHS made progress in its leadership commitment, corrective action plan, and having a framework to monitor progress, Gambler said — three things an agency needs to meet if it wants to be considered for removal from the High-Risk List. But DHS did not meet criteria for capacity, and demonstrated, sustained progress.
“We found that DHS has taken actions to address some of its previous capacity shortcomings and ensure that the department has the people and resources necessary to resolve risk,” Gambler stated in her submitted testimony.
But DHS still needs to work on sustaining 30 key outcomes GAO set for the department, which include validating required acquisition documents and maintaining a clean audit for at least two consecutive years.
Attracting and retaining high-quality personnel is also an issue.
“DHS has considerable work ahead to improve employee morale,” Gambler said.
Roth included in his testimony that DHS faces challenges in meeting the administration’s order to hire 5,000 border patrol agents and 10,000 immigration officers. In fiscal 2015, it took 282 days from the day a job announcement closed to the hiring date for a border agent.
“282 days to hire a border patrol agent, that’s astounding,” Perry said, adding that he hoped Roth would bring back recommendations on how to shorten that timeframe, since people “have got to move on with their life.”
“Even half of that is twice as much as it should be,” Perry said. “It should be some reasonable amount of time.”
Roth and Gambler also highlighted cybersecurity as an ongoing issue at DHS.
Cybersecurity is a governmentwide issue, Gambler said, which is why it’s been on the High-Risk List since the late 1990s.
“With regard specifically to DHS, that’s also an area we’ve identified the need for DHS to continue to work to strengthen its own information system security,” Gambler said.
Roth said the Office of Personnel Management 2015 cyber hack “served as a wake-up call” for DHS in terms of securing its networks, and while the department still has a long way to go, it is improving on “shoring up” its systems, like nearing 100 percent compliance levels for using two-factor authentication.
“They still have a long way to go, though,” Roth said, offering an example of authority to operate. Like a certificate of airworthiness for a plane, an authority to operate means the system is secure according to government standards, Roth said.
While the number of unauthorized systems has gone down, there are still nearly 80 systems within DHS that are not locked down, he said.
Tightening travel, border security
Subcommittee members’ questions also ranged into hot-button issues, including the administration’s travel ban and the building of a wall along the country’s southern border.
Rep. Nanette Barragan (D-Calif.) asked Roth whether anyone from DHS complained “about a lack of guidance that resulted from this executive order.”
“Do you have any information on what I call the ‘botched’ rollout of this may have done for employee morale,” Barragan asked.
Roth said he did not, however, his office had started a two-pronged investigation into Customs and Border Protection’s implementation of the executive order.
“How was the executive order implemented, what were the communications like, how was it communicated in addition to the various court orders that were coming down at various times during the implementation of that; basically how it was executed,” Roth said. “Then as a separate matter we’re looking into specific allegations of misconduct with regard to various CBP or other DHS personnel, so that is ongoing right now. We are conducting interviews and looking at documents, hopefully we’ll have a report or some kind of conclusion in the near term.”
Roth said his office is working on a report about DHS’ previous Secure Border Initiative, which he hopes to have out in the next six weeks. Roth said his office is also planning its oversight of the administration’s goal to strengthen security at the southern border through a “life cycle” audit approach, which means that “we will be auditing the project throughout its lifespan, rather than waiting for the project to be completed or partially completed before looking at it.”
“In this way, we have an opportunity to stop waste and mismanagement before the money is spent,” he said, “rather than simply identifying if after the fact.”