Tom Temin: So what caused you to look at this particular database and how does the Coast Guard use it in the first place?
Nathan Anderson: Well, this database is about 20 years old, and the Coast Guard uses it for virtually everything. The Coast Guard has 11 different statutory missions, and nine of them are reflected in the use of this database. It has about 11,000 unique users. What that means is Coast Guard personnel, 11,000 members of the Coast Guard touch this system and record more than 300,000 activities each year.
Tom Temin: And the items in the database are people’s yachts and motor boats and sailboats and stuff that might come under some form of purview of the Coast Guard?
Nathan Anderson: Absolutely. These can include domestic commercial fishing vessels, they can include foreign flagged ships, they can even include more than 3,400 shoreside facilities, such as petrochemical facilities that are involved in coastwide trade.
Tom Temin: 700,000 doesn’t sound like that many when you describe everything that could be in it.
Nathan Anderson: That is true. But when you think about all of the different things that this missile system ends up resulting in, it really is a lot of different data fields. And so there might be 700,000 rows, but then there are dozens and dozens of columns across this database. And to try to kind of operationalize that for you, what that looks like in the field is coastguard personnel going out because there is a boat in distress and trying to use the information in the system to learn more about that boat, to learn more about the operator of that boat to determine whether or not the persons on that vessel have any criminal history. And when that information isn’t accurate, when there are data fields that are incomplete, it can put Coast Guard personnel at a risk quite frankly.
Tom Temin: Alright, so then what are the main issues with the database? Is it completeness or accuracy or a combination?
Nathan Anderson: A combination of what you just described, and also some additional ones. There are system design issues, and that is in trying to create a system over the years that includes all of the different activities that Coast Guard personnel may confront. There are tons and tons of data fields, and just to navigate from page to page, missile users have to fill out each one, even if they’re not relevant — and so this can result in some profound inefficiencies. Some users we spoke to said that they can sometimes spend an additional 30 minutes just filling out like an unneeded case record. So if there’s 11,000 users inputting 300,000 cases annually, and there’s 30 minutes of inefficient time, just adding that up over that many touch points, you’ve got a situation where Coast Guard personnel who would much rather be out there conducting the mission, are having to spend a lot of time in efficiently in the office.
Tom Temin: Sure. And I don’t imagine this is a cloud hosted modern type of application system in front of it either. It’s all Coast Guard mainframes — what about that aspect?
Nathan Anderson: Correct, and that’s a really an important question that underscores one of the big challenges that Coast Guard users describe to us and that is there has to be this transference of the paper records to the electronic ones. So when Coast Guard personnel are out doing, for example, marine pollution response, on the way back from that responsive end, instead of being able to enter information into like an iPad for example, they have to put all that information into paper records, come back to the shoreside facility and then re-input that information manually. Basically transferring the paper records into an electronic one, and that can also take an hour or two a day depending on how many activities and coastguard personnel were involved in. So again, from a very basic level, we have an inefficiency issue where Coast Guards human resources aren’t efficiently allocated.
Tom Temin: Wow. So it sounds like as you mentioned, they have a 20 year old system, but it sounds like they’re using 35 or 40 year old procedures.
Nathan Anderson: Well, I need to give the Coast Guard credit here. They do have policies and procedures and training in place to try to kind of confront some of these challenges. I think in a situation where this particular data system is competing with other investments like new icebreakers, or new national security cutters, the operation of the system and the challenges that bring with it, the can has been kicked down the road so to speak. And the Coast Guard has tried very hard to hold it together with duct tape and baling wire, and the Coast Guard is also very good at always making do. So they have developed processes and procedures to try to confront as many of these challenges as possible. But we’re clearly at a phase now where that’s just not enough and the most recent upgrade to the system illustrates that. The upgrade began in 2008 and tried to deal with a lot of these inefficiencies and a lot of these challenges. Took seven years to complete. And in 2015, at the end of that particular enhancement, a lot of the planned functionalities weren’t delivered, and a lot of the problems that were visible back in that 2008 timeframe were still visible today.
Tom Temin: Yeah, a classic. And so therefore, what are your recommendations for the Coast Guard?
Nathan Anderson: Well, we have four recommendations for the Coast Guard and two of them are very much directed to the data problems themselves. And one is develop root cause analysis of those data problems. If the Coast Guard is going to continue with the architecture of this system, the Coast Guard needs to know what the root cause of the data problems ultimately is. And secondly, once that root causes established, develop a corrective action plan for improving the reliability of the data. Now we have two other recommendations that I think are broader in scope. And I do want to point out that the Coast Guard concurred with all four recommendations. But the other two are to develop an updated mission needs statement to reflect system and user needs. And what this means is it really complies with best acquisition practices, know what it is you need, and use that mission need to direct your future investments. So once the mission need is understood for an information system like this, the Coast Guard needs to then conduct an analysis of alternatives and that is what alternative system either an upgrade or a new acquisition best meets those user needs. I think it’s important to point out that the Coast Guard agreed with all four recommendations. The Coast Guard in its response to our report said that they recently determined that this system does need to be replaced. And about a year from now, the ball will be rolling so that they will have an understanding of the mission needs or will be in the process of developing alternatives to this system.
Tom Temin: Yeah, I smell a human centered design cloud hosted agile devsecops operation coming down the line.
Nathan Anderson: Well, your sense of smell may indeed be a good one. I think from GAO’s perspective, we just want to make sure the Coast Guard doesn’t keep throwing good money after bad.
Tom Temin: Nathan Anderson is a director in the GAO’s Homeland Security and Justice team. Thanks so much for joining me.