[House Hearing, 113 Congress] [From the U.S. Government Publishing Office] EXAMINING CHALLENGES AND WASTED TAXPAYER DOLLARS IN MODERNIZING BORDER SECURITY IT SYSTEMS ======================================================================= HEARING before the SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY of the COMMITTEE ON HOMELAND SECURITY HOUSE OF REPRESENTATIVES ONE HUNDRED THIRTEENTH CONGRESS SECOND SESSION __________ FEBRUARY 6, 2014 __________ Serial No. 113-50 __________ Printed for the use of the Committee on Homeland Security [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.gpo.gov/fdsys/ __________ U.S. GOVERNMENT PRINTING OFFICE 88-024 PDF WASHINGTON : 2014 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC 20402-0001 COMMITTEE ON HOMELAND SECURITY Michael T. McCaul, Texas, Chairman Lamar Smith, Texas Bennie G. Thompson, Mississippi Peter T. King, New York Loretta Sanchez, California Mike Rogers, Alabama Sheila Jackson Lee, Texas Paul C. Broun, Georgia Yvette D. Clarke, New York Candice S. Miller, Michigan, Vice Brian Higgins, New York Chair Cedric L. Richmond, Louisiana Patrick Meehan, Pennsylvania William R. Keating, Massachusetts Jeff Duncan, South Carolina Ron Barber, Arizona Tom Marino, Pennsylvania Dondald M. Payne, Jr., New Jersey Jason Chaffetz, Utah Beto O'Rourke, Texas Steven M. Palazzo, Mississippi Tulsi Gabbard, Hawaii Lou Barletta, Pennsylvania Filemon Vela, Texas Richard Hudson, North Carolina Steven A. Horsford, Nevada Steve Daines, Montana Eric Swalwell, California Susan W. Brooks, Indiana Scott Perry, Pennsylvania Mark Sanford, South Carolina Vacancy Vacancy, Staff Director Michael Geffroy, Deputy Staff Director/Chief Counsel Michael S. Twinchek, Chief Clerk I. Lanier Avant, Minority Staff Director ------ SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY Jeff Duncan, South Carolina, Chairman Paul C. Broun, Georgia Ron Barber, Arizona Lou Barletta, Pennsylvania Donald M. Payne, Jr., New Jersey Richard Hudson, North Carolina Beto O'Rourke, Texas Steve Daines, Montana, Vice Chair Bennie G. Thompson, Mississippi Michael T. McCaul, Texas (Ex (Ex Officio) Officio) Ryan Consaul, Subcommittee Staff Director Deborah Jordan, Subcommittee Clerk Tamla Scott, Minority Subcommittee Staff Director C O N T E N T S ---------- Page Statements The Honorable Jeff Duncan, a Representative in Congress From the State of South Carolina, and Chairman, Subcommittee on Oversight and Management Efficiency: Oral Statement................................................. 1 Prepared Statement............................................. 3 The Honorable Ron Barber, a Representative in Congress From the State of Arizona, and Ranking Member, Subcommittee on Oversight and Management Efficiency: Oral Statement................................................. 14 Prepared Statement............................................. 16 The Honorable Bennie G. Thompson, a Representative in Congress From the State of Mississippi, and Ranking Member, Committee on Homeland Security: Prepared Statement............................................. 4 Witnesses Mr. David A. Powner, Director, Information Technology Management Issues, U.S. Government Accountability Office: Oral Statement................................................. 6 Prepared Statement............................................. 7 Mr. Charles R. Armstrong, Assistant Commissioner, Office of Information and Technology, Customs and Border Protection, U.S. Department of Homeland Security: Oral Statement................................................. 17 Prepared Statement............................................. 19 Mr. Thomas P. Michelli, Chief Information Officer, Immigration and Customs Enforcement, U.S. Department of Homeland Security: Oral Statement................................................. 22 Prepared Statement............................................. 24 Appendix Questions From Chairman Jeff Duncan for David A. Powner.......... 43 Questions From Chairman Jeff Duncan for Charles R. Armstrong..... 43 Questions From Chairman Jeff Duncan for Thomas P. Michelli....... 44 EXAMINING CHALLENGES AND WASTED TAXPAYER DOLLARS IN MODERNIZING BORDER SECURITY IT SYSTEMS ---------- Thursday, February 6, 2014 U.S. House of Representatives, Subcommittee on Oversight and Management Efficiency, Committee on Homeland Security, Washington, DC. The subcommittee met, pursuant to call, at 10:02 a.m., in Room 311, Cannon House Office Building, Hon. Jeff Duncan [Chairman of the subcommittee] presiding. Present: Representatives Duncan, Barber, and O'Rourke. Also present: Representative Jackson Lee. Mr. Duncan. The Committee on Homeland Security, Subcommittee on Oversight and Management Efficiency will come to order. I will say that the Ranking Member is on his way. Attending the prayer breakfast this morning, and he is running a few minutes behind. So hopefully he will get here before I finish my opening statement. If not, we may pause and allow him to have an opening statement as we go because I think that is so important. But the purpose of this hearing is to examine DHS's attempt to modernize key information technology systems in use by the U.S. Immigration and Customs Enforcement and the U.S. Customs and Border Protection, specifically the TECS Modernization program. I now recognize myself for an opening statement. During the first half of this Congress, our subcommittee has had a laser focus on how the Department of Homeland Security spends tax dollars and how efficient and effective the Department's programs are during a time when the Nation faces unparalleled debt and fiscal challenges. As Chairman, I believe DHS must not only protect the homeland but do so in a fiscally responsible way. Yet, time and again, hearing after hearing, we have examined findings from Congressional watchdogs that show a Department with little interest in safeguarding taxpayer dollars. From duplicative programs, broken trust by airport screener misconduct, and ill-disciplined acquisition practices, effective management of DHS has consistently taken a backseat. Unfortunately, today's hearing is no different: Another program in the ditch, desperately needing a tow. Today we will examine DHS's efforts to modernize key information technology, or IT systems, used by the Customs and Border Protection and Immigration and Customs Enforcement, specifically to TECS Modernization program. Having visited the border agents along the Southwest Border and actually in Mr. Barber's district, I know first-hand how important it is for CBP officers and ICE agents to have all the tools that they need to secure the border. I know Ranking Member Barber shares that view. For the CBP officer on the border, TECS is an integral tool to secure the homeland. The system helps officers determine the admissibility of over 900,000 visitors and approximately 465,000 vehicles into the country daily, share critical information with other Federal law enforcement agencies, and alert officers to possible threats entering the United States. That is important. Nine hundred thousand visitors, 465,000 vehicles--that is an immense challenge. I get that. For the ICE agent, TECS is the primary investigative tool used to document and build cases for prosecution. A legacy system in operation since 1987, TECS has become increasingly difficult and expensive to maintain due to the system's antiquated technology and its inability to support the requirements needed by CBP and ICE personnel in the field. Despite TECS' critical importance to our security, CBP and ICE have failed to manage the modernization program effectively. As the Government Accountability Office, or GAO, recently reported, the result has been wasted taxpayer dollars, missed deadlines, and delays in fielding enhancements to CBP officers and ICE agents. For instance, despite some success deploying functional capabilities to secondary inspection locations, GAO reported that CBP has revised its schedule and cost estimates because they were unachievable. CBP expects to complete the project by 2016 for a total cost of about $700 million. GAO further found that CBP did not develop a master schedule that links work activities to the overall project schedule, despite the fact that numerous projects are being deployed concurrently. While CBP contends the remainder of its concurrent program upgrades will be operational by the beginning of 2016, I am concerned that, minus a sound master schedule, the project could be further delayed and over-budget, which could snowball into CBP officers not having the tools that they need to do their job. Of even more concern are ICE's failures. Due to unmet requirements, ICE is starting over on redeveloping its requirements after spending some $60 million and failing to produce any deliverables. After about 4 years and $60 million, ICE has little to show for its efforts, doesn't yet know the revised total cost or what the program will achieve. The stakes are high because of a looming 2015 deadline that, if not met, will force DHS to spend more taxpayer dollars to maintain the system currently in use. In addition, I am concerned that, despite numerous management layers, DHS headquarters still let the program proceed. The DHS chief information officer has increased oversight and governance of information technology by reviewing DHS component programs and acquisitions over the years. Yet the Office of Program Accountability and Risk Management, two executive steering committees, and the Office of Chief Information Officer's Enterprise Business Management Office all failed to adequately address escalating problems associated with the TECS Modernization effort. Further, the lack of complete, timely, and accurate data from the components to DHS chief information officer, as reported by the GAO, negatively affected the Department's ability to make informed and timely decisions on the program. Even the best governance framework won't improve outcomes if the senior DHS leaders don't have the discipline to enforce it. DHS must hold programs accountable, and if they fail, then we will hold DHS accountable. With the speed with which technology advances today, it shouldn't take DHS 8 years to complete an IT project. Private- sector CEOs likely wouldn't tolerate such poor performance and management; neither should DHS. It is an affront to the American taxpayer, and it is time for DHS to do better. [The statement of Chairman Duncan follows:] Statement of Chairman Jeff Duncan February 6, 2014 During the first half of this Congress, our subcommittee has had a laser focus on how the Department of Homeland Security (DHS) spends taxpayer dollars and how efficient and effective the Department's programs are during a time when the Nation faces unparalleled debt and fiscal challenges. As Chairman, I believe DHS must not only protect the homeland but do so in a fiscally responsible way. Yet time and again, hearing after hearing, we've examined findings from Congressional watchdogs that show a Department with little interest in safeguarding taxpayer dollars. From duplicative programs, broken trust by airport screener misconduct, and ill-disciplined acquisition practices, effective management of DHS has consistently taken a back seat. Unfortunately, today's hearing is no different . . . another program in the ditch desperately needing a tow. Today, we will examine DHS's efforts to modernize key information technology (IT) systems used by Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE), specifically the TECS modernization program. Having visited with border agents along the Southwest Border, I know first-hand how important it is for CBP officers and ICE agents to have the tools they need to secure the border. I know Ranking Member Barber shares that view. For the CBP officer on the border, TECS is an integral tool to secure the homeland. The system helps officers determine the admissibility of over 900,000 visitors and approximately 465,000 vehicles into the country daily, share critical information with other Federal law enforcement agencies, and alert officers to possible threats entering the United States. For the ICE agent, TECS is a primary investigative tool used to document and build cases for prosecution. A legacy system in operation since 1987, TECS has become increasingly difficult and expensive to maintain due to the system's antiquated technology and its inability to support the requirements needed by CBP and ICE personnel in the field. Despite TECS's critical importance to our security, CBP and ICE have failed to manage the modernization program effectively. As the Government Accountability Office (GAO) recently reported, the result has been wasted taxpayer dollars, missed deadlines, and delays in fielding enhancements to CBP officers and ICE agents. For instance, despite some success deploying functional capabilities to secondary inspection locations, GAO reported that CBP has revised its schedule and cost estimates because they were unachievable. CBP expects to complete the project by 2016 for a total cost of about $700 million. GAO further found that CBP did not develop a master schedule that links work activities to the overall project schedule, despite the fact that numerous projects are being developed concurrently. And while CBP contends the remainder of its concurrent program upgrades will be operational by the beginning of 2016, I am concerned that minus a sound master schedule, the project could be further delayed and over budget which could snowball into CBP officers not having the tools they need to do their job. Of even more concern are ICE's failures. Due to unmet requirements, ICE is starting over on redeveloping its requirements after spending some $60 million and failing to produce any deliverables. After about 4 years and $60 million, ICE has little to show for, doesn't yet know the revised total cost, or what the program will achieve. The stakes are high because of a looming 2015 deadline that if not met will force DHS to spend more taxpayer dollars to maintain the system currently in use. In addition, I am concerned that despite numerous management layers, DHS headquarters still let the program proceed. The DHS chief information officer has increased oversight and governance of information technology by reviewing DHS component programs and acquisitions over the years. Yet the Office of Program Accountability and Risk Management; two Executive Steering Committees; and the Office of the Chief Information Officer's Enterprise Business Management Office all failed to adequately address escalating problems associated with the TECS modernization effort. Further, the lack of complete, timely, and accurate data from the components to the DHS chief information officer as reported by the GAO negatively affected the Department's ability to make informed and timely decisions on the program. Even the best governance framework won't improve outcomes if senior DHS leaders don't have the discipline to enforce it. DHS must hold programs accountable. If they fail, then we will hold DHS accountable. With the speed with which technology advances today, it shouldn't take DHS 8 years to complete an IT project. Private-sector CEOs likely wouldn't tolerate such poor performance and management. Neither should DHS. It's an affront to the American taxpayer and it's time DHS do better. Mr. Duncan. So I will recognize the Ranking Member when he comes in. While we are waiting on him, let me just go ahead and remind Members of the subcommittee that opening statements may be submitted for the record. [The statement of Ranking Member Thompson follows:] Statement of Ranking Member Bennie G. Thompson February 6, 2014 Thank you, Chairman Duncan, for convening this hearing. I also thank the witnesses for appearing today and look forward to hearing their testimony. When the Department of Homeland Security was created in 2002, there was a merger of not only agencies and the people employed by those agencies, but also technology and the systems used by legacy agencies to keep our country safe and secure. One such technology was TECS. As the largest law enforcement tool used throughout the United States, TECS is a vital component to our homeland security efforts. It is used at the border to ensure that legitimate travelers and trade are welcomed into our country and terrorists, drugs, and weapons are prevented from entering the United States. It is also used away from the border by more than 20 Federal agencies to create and access terrorist ``lookouts,'' track financial crimes, and disseminate intelligence reports. Unfortunately, given the age of this system and the way that it is structured, it has become outdated, and, in some ways obsolete. Its inefficiency has at times hindered our border security efforts by increasing wait times and producing false positives that create further delay. Like many legacy systems now in use at DHS, TECS is currently undergoing a modernization effort that by some calculations is expected to cost more than $1.5 billion. By all accounts, an improved TECS is well overdue; however, the Department's implementation is cause for serious concern. For example, rather than having one program office, established at the Headquarters level, this major acquisition is being carried out by two separate components--Customs and Border Protection (CBP) and Immigrations and Customs Enforcement (ICE)--simultaneously. As a result, we have two separate program offices, two separate program managers, two separate funding streams and the need for a limited acquisition workforce to conduct oversight over two separate major investments. Under this structure, I am concerned that duplication, redundancy, and the inability for one hand to know what the other hand is doing. Furthermore, both components continue to face challenges that further reduce my confidence in the management of this billion-dollar- plus acquisition. CBP continues to be challenged by scheduling delays, and although it insists that the portions of TECS Modernization that have not been delivered will be ready by 2015, the program is still running without a master schedule and a clearly-defined time line for what will happen when. ICE has made the disconcerting decision to halt its efforts after operating for years without established requirements, resulting in testing failures and the expenditure of $20 million developing a system that was ultimately of no use. That is $20 million of scarce homeland security funds that can never be recovered that has simply ``gone down the drain.'' These issues and others have caused the Government Accountability Office in a recently-released report to state that: ``After spending millions of dollars and over 4 years on TECS modernization, it is unclear when it will be delivered and at what cost.'' Hopefully, today's witnesses can shed some light on how this effort can be put on a better track and inform this subcommittee on how much TECS modernization is expected to cost, when it will be delivered, and when Federal, State, and local law enforcement officials can stop relying on a 30-year-old, obsolete system while our security hangs in the balance. I yield back the balance of my time. Mr. Duncan. We are pleased to have a very distinguished panel of witnesses before us today on this important topic. Let me remind the witnesses that their entire written statement will appear in the record. I will go ahead and introduce each of you first and then recognize you for your testimony. Our first panelist is Mr. David Powner. He is the director of IT management issues at the U.S. Government Accountability Office. Mr. Powner is responsible for a large segment of GAO's information technology work, including systems development, IT investment management, health IT, and cyber critical infrastructure protection reviews. At GAO, Mr. Powner has led teams reviewing major IT modernization efforts at Cheyenne Mountain Air Force Station, the National Weather Service, the Federal Aviation Administration, and the IRS. Our second panelist is Mr. Charles Armstrong. He is the assistant commissioner for the Office of Information and Technology at U.S. Customs and Border Protection. Mr. Armstrong's responsibilities include software development, infrastructure services and support, tactical communications, research and development functions, and IT modernization initiatives. Mr. Armstrong has led the office since June 2008. He manages a budget of $184 million and a workforce of about 6,000 Federal employees and contractors. Prior to serving as assistant commissioner, Mr. Armstrong was DHS's deputy CIO, where he worked on the Department's IT initiatives for improving the agency's secure information- sharing capabilities. Mr. Armstrong has over 30 years of technology experience in the operations and management of IT. Our third panelist is Mr. Thomas Michelli. Did I pronounce that right? He is the chief information officer for U.S. Immigration and Customs Enforcement, where he is the agency's top technology administrator and responsible for critical IT initiatives, modernizing IT systems, and providing IT solutions throughout ICE. Prior to joining the Department, Mr. Michelli served as executive director of enterprise solutions for the Defense Logistics Agency. In the private sector, Mr. Michelli served as director of international IT operations and chief information officer for the real estate firm Cushman & Wakefield. He also served as chief technology officer at General Dynamics Information Technology. Folks, thank you for being here. I will now go ahead and recognize Mr. Powner to testify. Keep in mind that if Mr. Barber comes in between testimonies, I will let you finish, but then we will recognize him for a statement. So Mr. Powner can testify. STATEMENT OF DAVID A. POWNER, DIRECTOR, INFORMATION TECHNOLOGY MANAGEMENT ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE Mr. Powner. Chairman Duncan, we appreciate the opportunity to testify this morning on DHS's efforts to improve its ability to secure our borders, prevent terrorism, and enhance our intelligence functions. The primary system used for admitting persons to the United States and one of our Nation's most important law enforcement systems, known as TECS, provides CBP officers and ICE agents with critical information. This system has over 70,000 users, is accessed by 10 departments, interfaces with over 80 systems, including terrorist watch lists, and screens nearly 1 million visitors and 500,000 vehicles daily. This system is in need of a major overhaul because it is expensive to maintain, does not quickly support mission requirements, and needs major functional improvements like enhanced searches and better algorithms to match names. In 2008, CBP and ICE each pursued separate acquisitions to address these shortfalls. Collectively, these two acquisitions were to cost over $1.5 billion to build and operate. Mr. Chairman, we issued a report at your request last month on those acquisitions, which I will briefly summarize, starting with CBP. CBP planned to deploy functionality in five separate increments and, to their credit, deployed the first increment related to enhanced secondary inspections at all air and sea ports in 2011 and land ports in 2013. The remaining four increments were to be deployed concurrently in 2015, but the program is being rebaselined for the second time in the past year, meaning that what will be delivered when and at what cost is changing. When we issued our report, DHS was working on new cost and schedule estimates. We understand that DHS has a new requirements document, cost estimate, and program baseline that shows them achieving full operating capability now in 2016, and the life-cycle cost has dropped slightly to just below $700 million. CBP has spent over $225 million to date on this effort. Turning to ICE, ICE planned to deploy an initial release in December 2013 and annual releases after that but in 2010 began experiencing technical problems that led to them deferring 3,000 of the 4,300 requirements for the first release. That is 70 percent of the first release being deferred. This led to a review that determined the system was not technically viable in June 2013, and the program decided to start over. We understand there has been an independent technical assessment of the program and that a new cost estimate and baseline is expected in the April-May time frame. ICE reported only having spent about $20 million on their program when we conducted our review, but today's testimony discloses that $64 million have been spent to date. So what went wrong with the two acquisitions? Our report highlights two major areas: No. 1, poor fundamental program management; and, No. 2, ineffective governance. Both acquisitions put in place robust requirements management processes too late, and that was definitely more evident with the ICE program. In addition, both programs did not effectively escalate program risks in a timely or aggressive fashion. We thought CBP should have been addressing scheduling and contractor risks and ICE should have been identifying the requirements backlog and technical solution risks much better. Regarding governance, multiple groups are in place to oversee these acquisitions: CBP and ICE each have an executive steering committee, the CIO performs monthly ratings on these acquisitions, and the under secretary for management oversees major acquisitions. These governance bodies clearly were not getting complete information to assess programs risks, and their assessments were way too rosy. The under secretary's assessment for both acquisitions were deemed low-risk in July 2013. The latest CIO assessments were better, but not much, calling the CBP acquisition moderately low-risk and the ICE program medium- risk. It was quite clear during our review that the ICE program was high-risk at that time. Moving forward, Mr. Chairman, both programs need to establish solid baselines so that Congress clearly knows what we are spending and what exactly is being delivered when to better support our CBP officers and ICE agents. Once these decisions are made and approved, DHS needs to tighten program management processes and executive-level governance practices to deliver needed improvements and to keep these acquisitions within their cost and schedule estimates. This subcommittee's oversight will play a critical role in ensuring that the new approaches are focused on what is most needed, cost-justified, and delivered as soon as possible. Mr. Chairman and Ranking Member Barber, thank you for your leadership on these critical acquisitions, and I would be pleased to respond to questions. [The prepared statement of Mr. Powner follows:] Prepared Statement of David A. Powner February 6, 2014 gao highlights Highlights of GAO-14-3M42T, a testimony before the Subcommittee on Oversight and Management Efficiency, Committee on Homeland Security, House of Representatives. Why GAO Did This Study DHS's border enforcement system, known as TECS, is the primary system for determining admissibility of persons to the United States. It is used to prevent terrorism, and provide border security and law enforcement, case management, and intelligence functions for multiple Federal, State, and local agencies. It has become increasingly difficult and expensive to maintain and is unable to support new mission requirements. In 2008, DHS began an effort to modernize the system. It is being managed as two separate programs by CBP and ICE. In December 2013, GAO reported that DHS needed to strengthen its efforts to modernize these key enforcement systems. This statement summarizes that report. Specifically, it covers: (1) The scope and status of the two TECS Mod programs, (2) selected program management practices for TECS Mod, (3) the extent to which DHS is executing effective oversight and governance of the two TECS Mod programs, and (4) the importance of addressing our recommendations for improving DHS's development efforts. What GAO Recommends GAO is making no new recommendations in this statement. In its December 2013 report, GAO recommended that DHS improve its efforts to manage requirements and risk, as well as its governance of the TECS Mod programs. DHS agreed with all but one of GAO's eight recommendations, disagreeing with the recommendation about improving CBP's master schedule. GAO continues to believe improvements are necessary to validate schedule commitments and monitor progress. border security.--dhs needs to strengthen its efforts to modernize key enforcement systems What GAO Found The schedule and cost for the Department of Homeland Security's (DHS) border enforcement system modernization program known as TECS Mod that is managed by Customs and Border Protection's (CBP) continue to change; while the part managed in parallel by Immigration and Customs Enforcement (ICE) is undergoing major revisions to its scope, schedule, and cost after discovering that its initial solution is not technically viable. CBP's $724 million program intends to modernize the functionality, data, and aging infrastructure of legacy TECS and move it to DHS's data centers by 2016. To date, CBP has deployed functionality to improve its secondary inspection processes to air and sea ports of entry and, more recently, to land ports of entry in 2013. However, CBP is in the process of revising its schedule baseline for the second time in under a year. Further, CBP has not developed its master schedule sufficiently to reliably manage work activities or monitor program progress. These factors raise questions about the certainty of CBP's remaining schedule commitments. Regarding ICE's $818 million TECS Mod program, it is redesigning and replanning its program, having determined in June 2013 that its initial solution was not viable and could not support ICE's needs. As a result, ICE largely halted development and is now assessing design alternatives and is revising its schedule and cost estimates. Program officials stated the revisions will be complete in spring 2014. Until ICE completes the replanning effort, it is unclear what functionality it will deliver, when it will deliver it, or what it will cost to do so, thus putting it in jeopardy of not completing the modernization by its 2015 deadline. CBP and ICE have managed many risks in accordance with some leading practices, but they have had mixed results in managing requirements for their programs. In particular, neither program identified all known risks, nor escalated them for timely management review. Further, CBP's guidance reflects most leading practices for effectively managing requirements, but important requirements development activities were underway before such guidance was established. ICE, meanwhile, operated without requirements management guidance for years, and its requirements activities were mismanaged, resulting in testing failures and delays. ICE issued requirements guidance in March 2013 that is consistent with leading practices, but it has not yet been implemented. DHS's governance bodies have taken actions to oversee the two TECS Mod programs that are generally aligned with leading practices. Specifically, they have monitored TECS Mod performance and progress and have ensured that corrective actions have been identified and tracked. However, a lack of complete, timely, and accurate data have affected the ability of these governance bodies to make informed and timely decisions, thus limiting their effectiveness. Until these governance bodies base their performance reviews on timely, complete, and accurate data, they will be constrained in their ability to effectively provide oversight. Chairman Duncan, Ranking Member Barber, and Members of the subcommittee: I am pleased to be here today to discuss the Department of Homeland Security's (DHS) border enforcement system, known as TECS.\1\ TECS has been used since the 1980's for preventing terrorism, providing border security and law enforcement, and sharing information about people who are inadmissible or may pose a threat to the security of the United States, and today still provides traveler processing and screening, investigations, case management, and intelligence functions for multiple Federal, State, and local agencies. Over time, however; it has become increasingly difficult and expensive to maintain because of technology obsolescence and its inability to support new mission requirements. DHS estimates that TECS's licensing and maintenance costs are expected to be $40 million to $60 million per year in 2015. --------------------------------------------------------------------------- \1\ TECS was created as a system of the Customs Service, which was then a component within the Department of the Treasury. The term TECS initially was the abbreviation for the Treasury Enforcement Communications System. When the Customs Service became part of DHS under the Homeland Security Act, TECS became a DHS system, and thereafter has simply been known as TECS. --------------------------------------------------------------------------- In 2008 the Department initiated TECS Modernization (TECS Mod) to modernize existing system functionality, address known capability gaps, and move the program's infrastructure to DHS's new data centers. TECS Mod is managed as two separate programs working in parallel: U.S. Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) are each modernizing existing functionality specific to their respective roles and missions within the Department. Both programs had planned to be fully operational by September 2015. In December 2013, we reported that DHS needed to strengthen its efforts to modernize these key border enforcement systems.\2\ In that report, we issued multiple recommendations aimed at improving DHS's efforts to develop and implement its TECS Mod programs. My testimony today will summarize the results of that report. Specifically, I will cover: (1) The scope and status of the two TECS Mod programs, (2) selected CBP and ICE program management practices for TECS Mod, (3) the extent to which DHS is executing effective executive oversight and governance of the two TECS Mod programs, and (4) the importance of addressing our recommendations for improving DHS's development efforts. --------------------------------------------------------------------------- \2\ GAO, Border Security: DHS's Efforts to Modernize Key Enforcement Systems Could be Strengthened, GAO-14-62 (Washington, DC: Dec. 5, 2013). --------------------------------------------------------------------------- The work on which my testimony is based was conducted from December 2012 to December 2013. Further details on the scope and methodology for the previously-issued report are available within that published product. In addition, we analyzed recently-received documentation from DHS on the status of the two TECS Mod programs. All work on which this testimony is based was performed in accordance with generally accepted Government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. background TECS is an information technology (IT) and data management system that supports DHS's core border enforcement mission. According to CBP, it is one of the largest, most important law enforcement systems currently in use, and is the primary system available to CBP officers and agents from other departments for use in determining the admissibility of persons wishing to enter the country. In addition, it provides an investigative case management function for activities carried out by ICE agents, including money-laundering tracking and reporting; telephone data analysis; and intelligence reporting and dissemination. Over time, TECS has evolved into a multi-faceted computing platform that CBP describes as a system of systems. This mainframe-based system dates back to the 1980s and interfaces with over 80 other systems from within DHS, other Federal departments and their component agencies, as well as State, local, and foreign governments. It contains over 350 database tables, queries, and reports (e.g., querying law enforcement records to determine if a traveler appears on a terrorist watch list), and multiple applications (e.g., ICE's existing investigative case management system). CBP agents and other users access TECS via dedicated terminals. The system is managed by CBP's Office of Passenger Systems Program Office and is currently hosted at CBP's data center. On a daily basis, the system is used by over 70,000 users and handles more than 2 million transactions--including the screening of over 900,000 visitors and approximately 465,000 vehicles every day. In addition, Federal, State, local, and international law enforcement entities use TECS to create and disseminate alerts and other law enforcement information about ``persons of interest.'' Ten Federal departments and their numerous component agencies access the system to perform a part of their missions. The current TECS system uses obsolete technology, which combined with expanding mission requirements, have posed operational challenges for CBP and others. For example, users may need to access and navigate among several different systems to investigate, resolve, and document an encounter with a passenger. In addition, CBP identified that TECS's search algorithms do not adequately match names from foreign alphabets. TECS's obsolescence also makes it difficult and expensive to maintain and support. Specifically, DHS estimates that TECS's licensing and maintenance costs are expected to be $40 million to $60 million per year in 2015. In 2008, DHS initiated efforts to modernize TECS by replacing the mainframe technology, developing new applications, and enhancing existing applications to address expanding traveler screening mission needs, improving data integration to provide enhanced search and case management capabilities, and improving user interface and data access. DHS's plan was to migrate away from the existing TECS mainframe by September 2015 to avoid significantly escalating support costs. The modernization effort is managed by two program offices--one at CBP and the other at ICE--working in parallel, with each having assumed responsibility for modernizing the parts of the system aligned with their respective missions. CBP expects that its modernization efforts will yield certain improvements over the existing system, including the following.Enhancements to TECS's search algorithms to better match names from foreign alphabets; address gaps in current processes that could result in missing a person of interest. This includes an improved ability for inspectors to update information on travelers at air and sea borders at the time of encounter. Improvements in the flow and integration of data between CBP and its partner agencies and organizations. This is intended to aid the agency's inspectors by providing timely, complete, and accurate information about a traveler during the secondary inspection process. CBP planned to develop, deploy, and implement these capabilities incrementally across five projects from 2008 to 2015. Secondary Inspection.--This project is to support processing of travelers referred from primary inspection for either enforcement or administrative reasons. According to CBP, this project's functionality was fully deployed to all air and sea ports of entry in 2011, and was fully deployed to all land ports of entry in 2013. High Performance Primary Query and Manifest Processing.-- This project is intended to improve TECS data search results in order to expedite the processing of manifests from individuals traveling to the United States on commercial or private aircraft, and commercial vessels. It is to be fully operational by March 2015. Travel Document and Encounter Data.--This project is intended to improve CBP's ability to query and validate travel documentation for both passengers and their means of conveyance. It is to be fully operational by March 2015. Lookout Record Data and Services.--This project is intended to improve the efficiency of existing data screening and analyses capabilities. It is to be fully operational by March 2015. Primary Inspection Processes.--This project is intended to modernize the overall inspection process and provide support for additional or random screening and communication functions. It is to be fully operational by March 2015. As part of each of these projects, CBP is also developing an on- line access portal, called TECS Portal, for authorized users to access information remotely using a modern web browser, along with security and infrastructure improvements, and the migration of data from the current system to databases in the new environment at the DHS data center. Ultimately, TECS Mod functionality is to be deployed to over 340 ports of entry across the United States. ICE's TECS Mod effort is to focus on specific law enforcement and criminal justice functions; tools to support ICE officers' collection of information, data analysis, and management operations; enhanced capabilities to access and create data linkages with information resources from elsewhere in DHS and other law enforcement agencies; and capabilities to better enable investigative and intelligence operations, corresponding management activities, and information sharing. Similar to CBP, ICE intended to deliver functionality in multiple phases: Phase 1: Core Case Management.--This phase was to encompass all case management functions currently residing in the existing TECS system. ICE planned to develop and deploy these functions in three releases beginning in 2009, and was scheduled to deploy Release 1 by December 2013, with additional releases following about every 12 months, in order to achieve independence from the existing TECS platform by September 2015. Specific capabilities that were to be provided include: Basic electronic case management functions, including opening cases, performing supervisory review of cases, and closing cases within the system; Development of reports for use as evidentiary material in court proceedings arising from ICE agents' investigations; Maintenance of records relating to the subjects of ICE investigations; and, Audit capabilities to monitor system usage. Phase 2: Comprehensive Case Management.--This phase was to expand on the features delivered as part of Phase 1 and to be delivered in four increments starting in 2016, with an estimated completion date in fiscal year 2017. DHS Oversight of Major IT Programs DHS's Office of the Chief Information Officer (CIO) and the Office of the Under Secretary for Management are to play key roles in overseeing major acquisition programs like TECS Mod. For example, the CIO's responsibilities include setting Departmental IT policies, processes, and standards; and ensuring that IT acquisitions comply with DHS IT management processes, technical requirements, and approved enterprise architecture, among other things. Within the Office of the CIO, the Enterprise Business Management Office has been given primary responsibility for ensuring that the Department's IT investments align with its missions and objectives. As part of its responsibilities, this office periodically assesses IT investments like TECS Mod to gauge how well they are performing through a review of program risk, human capital, cost and schedule, and requirements. In October 2011, DHS's under secretary for management established the Office of Program Accountability and Risk Management. This office is to ensure the effectiveness of the overall program execution governance process and has the responsibility for developing and maintaining DHS's Acquisition Management Directive.\3\ It is also responsible for periodically providing independent assessments of major investment programs--called Quarterly Program Accountability Reports-- as well as identifying emerging risks and issues that DHS needs to address. --------------------------------------------------------------------------- \3\ The Acquisition Management Directive provides the overall policy and structure for acquisition management within the Department and is used in planning and executing acquisitions. --------------------------------------------------------------------------- In December 2011, DHS introduced a new initiative to improve and streamline the Department's IT program governance. This initiative established a tiered governance structure for program execution. Among other things, this new structure includes a series of governance bodies, each chartered with specific decision-making responsibilities for each major investment. Among these are executive steering committees, which serve as the primary decision-making authorities for DHS's major acquisition programs. ICE chartered its steering committee in September 2011 and it has been meeting since December of that year. CBP established its steering committee in early 2013 and it held its first meeting in February. schedule and cost of both tecs modernization programs are unclear CBP has begun delivering functionality to its users; however, its schedule and cost commitments continue to change and are still being revised. Specifically, CBP intends to modernize the functionality, data, and aging infrastructure of legacy TECS and move it to DHS's data centers. CBP plans call for developing, deploying, and implementing these capabilities in five distinct projects that are to be delivered by 2015. To date, CBP has completed one of these five projects, having completed its deployment of functionality to improve its secondary inspection processes to air, sea, and land ports of entry in 2013. CBP is in the process of revising its schedule baseline for the second time in under a year, making it unclear when the program ultimately intends to deliver needed functionality. Exacerbating this situation is the fact that CBP has not developed its master schedule sufficiently to effectively manage work activities or monitor the program's progress.\4\ Specifically, the program has not linked all the work activities in the individual project schedules, nor has it defined dependencies that exist between projects in the master schedule: Approximately 65 percent of CBP's remaining work activities were not linked with other associated work activities. Thus, any delays early in the schedule do not ``ripple'' (i.e., transmit delays) to activities later in the schedule, meaning that management will be challenged to determine how a slip in the completion date of a particular task may affect the overall schedule. In our report, we also noted that CBP had not yet developed a detailed schedule for significant portions of the program. CBP reported in January 2014 that it has now completed that work. --------------------------------------------------------------------------- \4\ Our research has identified, among other things, that a key element associated with a complete and useful schedule or roadmap for executing a program such as TECS Mod is to logically sequence all work activities so that start and finish dates of future activities, as well as key events based on the status of completed and in-progress activities, can be reliably forecasted. See GAO, GAO Schedule Assessment Guide: Best Practices for Project Schedules, Exposure Draft, GAO-12-120G (Washington, DC: May 2012). --------------------------------------------------------------------------- Program officials stated these deficiencies existed because the program has only two staff members with skills needed to properly develop and maintain the schedules, and that fully documenting all the dependencies would be time-consuming, and in their view, not sufficiently important to warrant the additional resources necessary to complete them. However, without a complete and integrated master schedule that includes all program work activities and associated dependencies, CBP is not in a position to accurately determine the amount of time required to complete its TECS modernization effort and develop realistic milestones. The program's cost estimates have also changed as a result of rebaselining and are also being revised. The program's baselined life- cycle cost estimate \5\ was approximately $724 million, including $31 million for planning management, $212 million for development, and $481 million for operations and maintenance. As of August 2013, the program reported that it had expended about $226 million. However, as previously stated, the program is in the process of revising its estimate, and thus, it is unclear how much it will cost to complete the program. In January 2014, CBP reported that its revised estimates should be approved internally and submitted to DHS for its approval by the end of January 2014. --------------------------------------------------------------------------- \5\ This estimate is in the program's November 2012 acquisition program baseline. --------------------------------------------------------------------------- Meanwhile, ICE is replanning its $818 million TECS Mod program, having determined in June 2013 that the system under development was not technically viable and could not support ICE's needs--this coming after having already reduced the scope of its initial program installment by about 70 percent due to protracted technical difficulties and schedule delays. Specifically, ICE determined that, after spending approximately $19 million, the system under development could not be fielded as part of ICE's eventual solution due to on-going technical difficulties with the user interface, access controls, and case-related data management. Instead of continuing with the existing technical solution, the program manager explained that ICE would scrap a significant portion of the work done to date and start over. As a result, ICE halted most development work in June 2013 and has since been assessing different design and technical alternatives. In January 2014, ICE reported that it had rebaselined its program requirements and that it anticipates having its revised cost and schedule estimates finalized this coming spring. Nevertheless, given the time lost in developing the current technical solution, as well as the already- reduced program scope, ICE cannot say what specific features it will release to users, when this functionality will be delivered, or how much such efforts will cost. As such, ICE is at significant risk of not achieving independence from the existing system by 2015. tecs modernization's risk management is generally consistent with leading practices, but requirements management has had mixed results Both CBP and ICE implemented risk management practices that are generally--though not fully--consistent with leading practices, and both had mixed results in managing program requirements. Of four leading practices associated with effective risk management, CBP and ICE each fully implemented two (establishing documented risk management processes and assigning roles and responsibilities for managing risks) and partially implemented the other two (capturing all known risks and managing risk mitigation efforts through to completion). Specifically, neither program identified all known risks, nor escalated them for timely review by senior management. Further, of four leading practices for managing program requirements, CBP fully implemented three (establishing a requirements management process, assigning roles and responsibilities for requirements development and management activities, and defining a change control process) while partially implementing the one other (eliciting user needs). However, CBP began executing key requirements activities before such practices were established, and as a result, CBP officials reported that some TECS Mod requirements were not as consistently well-formed or detailed because their process during that time lacked rigor. In ICE's case, management weaknesses and the lack of appropriate guidance for the program's requirements management process led to technical issues, testing failures, and ultimately, the deferral and/or deletion of about 70 percent of the program's original requirements. ICE issued new requirements guidance for the program in March 2013 that is consistent with leading practices, but has yet to demonstrate that these have been fully implemented. dhs's governance bodies have taken actions aligned with leading practices, but incomplete and inaccurate data have limited their effectiveness DHS's governance bodies have taken actions to oversee the two TECS Mod programs that are generally aligned with leading practices. Specifically, they have monitored TECS Mod performance and progress and have ensured that corrective actions have been identified and tracked. However, a lack of complete, timely, and accurate data have affected the ability of these governance bodies to make informed and timely decisions, thus limiting their effectiveness. For example: Steering committees.--In an April 2013 meeting, the CBP program manager briefed the steering committee on its target milestone dates; even though the agency told us a month later that it had not fully defined its schedule, raising questions about the completeness and accuracy of the proposed milestone dates upon which the committee based its oversight decisions. The Office of the CIO.--In its most recent program health assessments, the Enterprise Business Management Office partially based its rating of moderately low-risk on CBP's use of earned value management; however, the program manager stated to us that the CBP program is not utilizing earned value management because neither it nor its development contractor had the capability to do so. Similarly, even though ICE had not reported recent cost or schedule data for its program--an issue that may signal a significant problem--the Office of the CIO rated ICE's program as medium-risk. The reliance on incomplete and inaccurate data raises questions about the validity of the risk ratings. Office of Program Accountability and Risk Management.--In the July 2013 Quarterly Program Accountability Report, DHS's Office of Program Accountability and Risk Management rated both TECS Mod programs as high-value with low risk. However, CBP's low-risk rating was based in part on the quality of the program's master schedule and acquisition program baseline; however, as we stated earlier, problems with the agency's schedule raise questions about the validity and quality of those milestones. Further, the low-risk rating it issued for ICE was based, in part, on its assessment of ICE's performance between April and September 2012, which rated the program's cost performance with the lowest possible risk score. Yet, during that same time period, program documents show that ICE TECS Mod's cost and schedule performance was declining and varied significantly from its baseline. For example, program documents show that, as of June 2012, ICE TECS Mod had variances of 20 percent from its cost baseline and 13 percent from its schedule baseline. Moreover, the Quarterly Program Accountability Report is not issued in a timely basis, and as such, is not an effective tool for decision-makers. For example, the most recent report was published on July 7, 2013, over 9 months after the reporting period ended and therefore did not reflect that, since then, ICE has experienced the issues with its technical solution described earlier in this report. As discussed, these issues have caused the program to halt development and replan its entire acquisition. Consequently, the newly-issued report is not reflective of ICE's current status, and thus is not an effective tool for management's use in providing oversight. Until these governance bodies base their reviews of performance on timely, complete, and accurate data, they will be limited in their ability to effectively provide oversight and to make timely decisions. implementation of recommendations could improve dhs's efforts to develop and implement its tecs mod programs In our report, we made several recommendations to improve DHS's efforts to develop and implement its TECS Mod programs. Specifically, we recommended that the Secretary of Homeland Security direct the CBP commissioner to: (1) Develop an integrated master schedule that accurately reflects all of the program's work activities, as well as the timing, sequencing, and dependencies between them; (2) ensure that all significant risks associated with the TECS Mod acquisition are documented in the program's risk and issue inventory--including acquisition risks mentioned in our report--and are briefed to senior management, as appropriate; (3) revise and implement the TECS Mod program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management, and implement as appropriate; and (4) revise and implement the TECS Mod program's requirements management guidance to include the validation of requirements to ensure that each is unique, unambiguous, and testable. In January 2014, CBP provided documentation that it had taken steps to begin addressing the second, third, and fourth recommendations. We further recommended that the Secretary of Homeland Security direct the Acting Director of ICE to: (1) Ensure that all significant risks associated with the TECS Mod acquisition are documented in the program's risk and issue inventory--including the acquisition risks mentioned in our report--and briefed to senior management, as appropriate; (2) revise and implement the TECS Mod program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management, and implement as appropriate; and (3) ensure that the newly-developed requirements management guidance and recently revised guidance for controlling changes to requirements are fully implemented. We also recommended that the Secretary of Homeland Security direct the under secretary for management and acting chief information officer to ensure that data used by the Department's governance and oversight bodies to assess the progress and performance of major IT acquisition programs are complete, timely, and accurate. DHS concurred with all but one of our recommendations, disagreeing with the recommendation regarding the weaknesses in CBP's schedule. In response, DHS stated that CBP's scheduling efforts for TECS Mod were sound. However, given the weaknesses in CBP's master schedule, we continue to believe that management will be unable to determine how a slip in the completion date of a particular task may affect the overall project or program schedule, and thus, absent any changes, continuing to use it as a tool to track progress will remain ineffective. In conclusion, after spending nearly a quarter billion dollars and over 4 years on its two TECS Mod programs, it remains unclear when DHS will deliver them and at what cost. While CBP's program has delivered one of the five major projects that comprise the program, its commitments are being revised again and the master schedule used by the program to manage its work and monitor progress has not been fully developed. Moreover, ICE's program has made little progress in deploying its system, and is now completely overhauling its original design and program commitments, placing the program in serious jeopardy of not meeting the 2015 deadline and delaying system's deployment. The importance of having updated cost and schedule estimates for both the CBP and ICE programs cannot be understated, as this important management information will provide Congress and DHS with visibility into the performance of these vital border security investments. Further, while both agencies have defined key practices for managing risks and requirements, it is important that the programs fully implement these critical practices to help ensure that they deliver the functionally needed to meet mission requirements and minimize the potential for additional costly rework. Finally, until DHS's governance bodies are regularly provided complete and accurate data for use in their performance monitoring and oversight duties, their decisions may be flawed or of limited effectiveness. Chairman Duncan, Ranking Member Barber, and Members of the subcommittee, this concludes my statement. I would be happy to answer any questions at this time. Mr. Duncan. Yeah. Thank you, Mr. Powner. We are going to pause, and I am going to recognize the gentleman from Arizona, Mr. Barber, the Ranking Member, for his opening statement. Mr. Barber. Well, good morning. I apologize for being late. All the streets get closed down, you know, when the President is moving around. So I just came from the National Prayer Breakfast and ran a little bit late, so I appreciate your indulgence on that. I want to thank the Chairman for convening this hearing on a very important topic. We frequently talk here about the many systems that are part of the infrastructure at DHS, and today we are going to be talking about one that is critical and on which myself and the Chairman wrote a letter last month expressing our concerns about where we are. Technology, infrastructure, and personnel are obviously three key elements in securing our borders and ensuring the safe and legal entry of people and goods into the United States. I can tell you, from my perspective as 1 of the 9 Members from a Southwest Border district, that we have significant problems in processing, expediting people coming into the country, particularly at our ports of entry in Nogales, which is a neighboring district, in my own district at the Douglas port of entry, partly due to the lack of numbers of Customs agents, but, also, I believe, due to the cumbersome nature of the technology that is used by our personnel in DHS to process people into the country. Employees from U.S. Customs and Border Protection and ICE utilize, as you know, many different types of technology to carry out their mission. One of the largest IT systems currently in use is TECS, which is the primary border enforcement system supporting the screening of travelers entering the United States. As you also know, the use of TECS goes well beyond CBP and ICE. It is currently used by over 20 Federal agencies, resulting in over 70,000 users conducting more than 2,000 transactions each and every day. According to the CBP, which maintains TECS, it is the largest and most important law enforcement system currently in use by the Federal, State, and local law enforcement agents. It supports law enforcement lookouts, border screening, reporting for CBP primary and secondary inspection processes, money- laundering tracking, and reporting telephone and data analysis and intelligence reporting and dissemination. In sum, TECS is a vital asset to homeland security. However, TECS is a legacy system that has been plagued with problems based upon both the age of the system and the outdated and, I would say, obsolete technology. As a result, the Department of Homeland Security is in the process of modernizing this 34-year-old border security tool through a multi-billion-dollar project known as TECS Mod. Given the importance of TECS and its widespread use throughout the law enforcement community at every level, I support the modernization and look forward to the day when it can actually be used with speed, efficiency, and reduced likelihood of false positives, which are also frequent. Unfortunately, 4 years after beginning the TECS Mod, ICE is not much closer to developing a solution than it was on Day 1. Not only that, but CBP is still unable to determine its costs or schedule with sufficient detail. Furthermore, DHS's management of this project and the lack of stated requirements have led to the waste of millions of dollars of scarce Homeland Security funds--not very good stewardship of the taxpayers' money. This concerns me because, as Ranking Member of this subcommittee, it is my responsibility, as it is all of our responsibilities, to ensure that the Department is spending taxpayer dollars efficiently and that its programs are actually doing what they are supposed to do and are keeping southern Arizonans and all Americans safe. Ultimately, the Department of Homeland Security is at risk of spending an additional $45 million to $60 million per year to maintain the aging system due to its outdated technology and exorbitant maintenance costs. CBP is the Nation's largest law enforcement entity, and its thousands of law enforcement officials or agents across the United States rely on this system. Yet they rely on it in order to get their jobs done and keep us safe from harm, and it just doesn't work very well. Our Border Patrol agents and Customs officers and other border security officials in the field are doing their part every single day to keep our country safe and secure, and we owe it to these front-line personnel to provide them with the technological tools they need to carry out their mission. At present, TECS Mod is being managed under the direction of two separate program offices within DHS: ICE and CBP. Although we have been advised that these offices coordinate-- and the initial decision may have made sense on paper, to divide the mission--I am very concerned that this decision has and will result in duplication, unnecessary costs, and uneven results, which ultimately affect the end-user. When you put two separate components in charge of the same program, it is difficult to determine who should be held accountable. When more than one person is in charge, then essentially no one is in charge. This could lead to jurisdiction conflict or, worse, the inability to track accountability. According to the GAO, the schedule and costs of both programs are still unclear, making it much more difficult for those who rely on TECS to do their jobs. CBP states that the project will be completed in 2015, but the GAO report casts doubt on that as a possibility. ICE cannot determine the date because it has halted all work on TECS until an independent contractor can determine the life-cycle costs and the necessary requirements. As a result, the 2015 completion date is in serious doubt. In sum, Mr. Chairman, the Department has work to do to turn this effort around and put it on the right track. I look forward to hearing both from CBP and ICE on how they plan to move TECS Mod forward effectively and efficiently, including how they will define key requirements and identify and manage risks and accurately estimate the completion date for full modernization. This is essential to our Nation and to the mission of the Department. Thank you, Mr. Chairman. I yield back. [The statement of Ranking Member Barber follows:] Statement of Ranking Member Ron Barber February 6, 2014 Technology, infrastructure, and personnel are three key elements to securing our borders and ensuring the safe and legal entry of people and goods into the United States. Employees from the U.S. Customs and Border Protection (CBP) and Immigrations and Customs Enforcement (ICE) utilize many different types of technology to carry out their mission. One of the largest IT systems currently in use is TECS, which is the primary border enforcement system supporting the screening of travelers entering the United States. The use of TECS goes well beyond CBP and ICE. TECS is currently accessed by over 20 Federal agencies; resulting in over 70,000 users conducting more than 2,000 transactions each and every day. According to CBP, which maintains TECS, it is the largest, most important law enforcement system currently in use by Federal, State, and local law enforcement agents. It supports law enforcement ``lookouts,'' border screening, reporting for CBP's primary and secondary inspection processes, money- laundering tracking and reporting, telephone and data analysis, and intelligence reporting and dissemination. In sum, TECS is a vital asset to homeland security. However, TECS is a legacy system that has been plagued with problems based on the age of the system and its outdated technology. As a result, the Department of Homeland Security is in the process of modernizing this 34-year-old border security tool, through a multi- billion dollar project known as TECS Mod. Given the importance of TECS and its widespread use throughout the law enforcement community at every level, I support its modernization and look forward to the day when it can be used with speed, efficiency, and a reduced likelihood of false positives. Unfortunately, 4 years after the beginning of TECS Mod, ICE is not much closer to developing a solution than it was on Day 1. Not only that, but CBP is still unable to determine its costs or schedule with sufficient detail. Furthermore, DHS's management of this project and the lack of stated requirements have led to the waste of millions of scarce homeland security funds. This concerns me because, as Ranking Member of this subcommittee, it is my responsibility to ensure that the Department is spending taxpayer dollars efficiently and that its programs are actually doing what they were intended to do and are keeping Southern Arizonans safe. Ultimately, the Department of Homeland Security is at risk of spending an additional $45 to $60 million per year to maintain the aging system due to its outdated technology and exorbitant maintenance costs. CBP, the Nation's largest law enforcement entity and its thousands of law enforcement agents across the United States rely on this system. They rely on it in order to do their jobs and keep us safe from harm. Our Border Patrol agents and Customs officers and other border security officials in the field are doing their part to keep our country secure. We owe it to these front-line personnel to provide them the technological tools they need to carry out their mission. At present, TECS Mod is being managed under the direction of two separate program offices--one at ICE and the other at CBP. Although we have been advised that these offices coordinate and the initial decision may have made sense ``on paper,'' I am concerned that this decision will result in duplication, unnecessary costs, and uneven results, which will ultimately affect the end-user. When you put two separate components in charge of the same program, it is difficult to determine who should be held accountable for its results. This could lead to jurisdiction conflict or worse, the inability to track accountability. According to GAO, the schedule and cost for both programs are unclear, making it more difficult for those who rely on TECS to do their jobs. CBP states that the project will be complete in 2015, but GAO doubts that is possible. ICE cannot determine a date because it has halted all work on TECS until an independent contractor can determine the life-cycle costs and the necessary requirements. As a result, the 2015 is in doubt. In sum, the Department has work to do to turn this effort around and put it on the right track. I look forward to hearing from both CBP and ICE on how they plan to move TECS Mod forward, including how they will define key requirements, identify and manage risks, and accurately estimate a completion date for full modernization. Mr. Duncan. I thank the Ranking Member. We will go ahead and get back on track. I will recognize Mr. Armstrong for his testimony for 5 minutes. STATEMENT OF CHARLES R. ARMSTRONG, ASSISTANT COMMISSIONER, OFFICE OF INFORMATION AND TECHNOLOGY, CUSTOMS AND BORDER PROTECTION, U.S. DEPARTMENT OF HOMELAND SECURITY Mr. Armstrong. Good morning, Chairman Duncan, Ranking Member Barber, and distinguished Members of the subcommittee. Thank you for the opportunity to appear before you to discuss U.S. Customs and Border Protection's efforts to modernize our aging information technology systems. I appreciate the subcommittee's leadership and your continued efforts to support the security of the American people. Today I will discuss efforts we are making at CBP to continue effective delivery, within budget, of our TECS Modernization program. TECS is a vital border security system supporting the vetting of travelers entering the United States who may be inadmissible or may pose a threat. TECS provides for the creation and query of lookout records and has more than 70,000 users from over 20 Federal agencies. Approximately 1 million travelers a day are vetted through TECS when entering the United States. TECS is over 25 years old and uses data technology that is difficult to enhance and expensive to maintain. As part of an overarching strategy, TECS is migrating to a new enterprise architecture that will provide a solid foundation for the future, enhance capabilities, maintain high performance and availability, and align with other DHS modernization activities. CBP began its TECS Mod effort in fiscal year 2008. TECS Mod functionality is concurrently and incrementally developed and deployed through five projects that focus on major functional areas. CBP's TECS Mod effort is led by a program management office that has successfully delivered other high-profile border security systems. I chair the CBP TECS Modernization Executive Steering Committee, which provides program oversight and monitors cost, schedule, performance, and risk-management activities. The committee includes representation from CBP, ICE, and DHS offices. I also hold monthly program management reviews and regular meetings with Mr. Michelli to provide additional oversight and coordination of the TECS Modernization activities. CBP and ICE program staffs meet frequently for detailed collaboration on the program. CBP TECS Modernization has delivered functionality in four of the five projects. Secondary inspection has been fully deployed to all ports of entry. Officers have better information available to determine admissibility, spent less time navigating multiple screens and more time focusing their attention on the traveler. CBP has also deployed a modernized query engine for Advance Passenger Information and for primary at air and sea ports. The modernized query provides a fast response to lookout record queries, informing officers if a traveler is of interest to CBP or other Federal agencies. TECS portal enhanced queries of lookout records, cross-data, and travel documents. Because of the budget uncertainty during fiscal year 2013, the final TECS Modernization project primary inspection process, PIP, was paused. As a result, the TECS Modernization schedule was revised to restart the PIP in late second quarter of 2014 and move the program completion date from the end of fiscal year 2015 to mid-fiscal year 2016. GAO's recent report contained four recommendations for CBP. CBP concurred with and has already implemented three of the recommendations concerning risk and requirements management. CBP did not concur with GAO's recommendation on our schedule process. I believe our established process has proven effective and aligns with our continuing effort to move to agile development. The CBP TECS Modernization program has stayed within budget since it began in 2008 and has made significant progress, achieved many milestones, and the program is in good overall health. Mr. Michelli and I are committed to the successful delivery of the program. I thank you for the opportunity to testify today, and I look forward to answering your questions. [The prepared statement of Mr. Armstrong follows:] Prepared Statement of Charles R. Armstrong February 6, 2014 Chairman Duncan, Ranking Member Barber, and distinguished Members of the subcommittee, thank you for the opportunity to appear before you on behalf of the dedicated men and women of U.S. Customs and Border Protection (CBP) to discuss our efforts to modernize aging information technology systems in support of our border security mission. We appreciate the subcommittee's leadership and your continued efforts to ensure the security of the American people. As the unified border security agency of the United States, CBP is responsible for securing our Nation's borders while facilitating the flow of legitimate international travel and trade that is so vital to our Nation's economy. Within this broad responsibility, our priority mission remains to prevent terrorists and terrorist weapons from entering the United States. Today, I will discuss efforts we are making at CBP to continue effective delivery, within budget, of TECS Modernization, one of our key border security systems to support the missions of CBP, DHS, and other Federal law enforcement agencies. background TECS (no longer an acronym) is a key border enforcement system supporting the vetting of travelers entering the United States and the requirements of other Federal agencies used for law enforcement and immigration benefit purposes. TECS supports the sharing of information about people who are inadmissible or may pose a threat to the security of the United States through the creation and query of ``lookout records.'' TECS is used by more than 70,000 users, including users from more than 20 Federal agencies that use TECS in furtherance of their missions. TECS receives and processes traveler manifests from carriers and supports primary and secondary inspections for almost a million travelers and almost half a million vehicles at United States ports of entry (POEs) each day. TECS not only collects and creates border security information, but also shares that data with other systems and agencies. TECS also provides access to National Criminal Information Center (NCIC) and the International Justice and Public Safety Network (Nlets), as appropriate. TECS provides security and privacy controls to ensure users can only run transactions and access data to which they are authorized. TECS also includes extensive auditing of user actions for internal control purposes. A typical ``TECS Check'' regarding a particular individual provides authorized users information on: Lookout records; Entries into and exits from the United States; Previous secondary inspections; and NCIC wants and warrants. Because TECS is over 25 years old and uses dated architecture and technology that are difficult to enhance and expensive to maintain, TECS is migrating to a new enterprise architecture that will provide a solid foundation for the future, enable enhanced capabilities, maintain high performance and availability, and align with other DHS modernization activities. The program provides for highly-scalable functionality that meets constantly-emerging user requirements. The modernization of the legacy TECS system is being accomplished through two separate but coordinated programs, one within CBP and the other within U.S. Immigration and Customs Enforcement (ICE). Each is funded and being executed separately in support of each agency's mission requirements. While both modernization programs remain focused on continued support of each agency's unique mission, both programs coordinate closely on common interests regarding planning, development, and data migration efforts. cbp's tecs mod program CBP began its 8-year TECS Modernization or ``TECS Mod'' efforts in fiscal year 2008. A specific challenge to CBP's modernization effort is that modifications cannot interrupt existing TECS functionality or availability. CBP's TECS system must be available to support border crossing operations 24 hours a day, 7 days a week. The need for high availability requires redundant hardware and failover processes to allow system maintenance with little or no interruption to end users of the system. CBP's TECS Mod program is transitioning functionality incrementally with five projects, focusing on major functional areas to decrease risk and to continue providing existing capabilities to the end-user until modernization is complete. In addition to the five functional area projects, CBP TECS Mod also includes two overarching efforts to address infrastructure and security. The program includes migration of data from the legacy source system to the target databases, developing services for interfaces, and deploying a modernized web-based user interface (portal) to support TECS on-line users, ensuring compliance with security and privacy policies. The five functional area projects are: Secondary Inspection (SI).--This project supports processing of travelers referred from primary inspection and creates a modernized graphical user interface. High Performance Primary Query and Manifest Processing (HPPQ).--This project focuses on modernizing services and functionalities essential for primary inspection (person/ vehicle) query functions. HPPQ also modernizes Advance Passenger Information System (APIS) receipt and processing of arriving and departing international traveler manifests. Travel Document and Encounter Data (TDED).--This project manages travel document data from the Department of State, U.S. Citizenship and Immigration Services, and State, Provincial, and Tribal governments. TDED also modernizes the way encounter data, which include person and vehicle crossing (entry/exit) data, I-94 arrival/departure data, and Currency and Monetary Instrument Report data, are made available for TECS on-line users and primary and secondary inspections. Lookout Record Data and Screening Services (LRDS).--This project will modernize the creation, maintenance, and query of lookout records for on-line users and interfaces with other systems. LRDS will also provide TECS data query capabilities and services to the law enforcement community via system-to- system interfaces or services. Additionally, the LRDS project will support current query capabilities for DHS component users with authorization to access NCIC, Nlets, and criminal history information. Primary Inspection Processes (PIP).--This project will modernize primary inspections (Air, Sea, and Land) user interfaces, services and processes. PIP will also modernize current Alternate Inspection (AI) processing which includes any inspection that is not conducted at an air, sea, vehicle, or pedestrian primary booth. Program Governance and Oversight The CBP TECS Modernization Executive Steering Committee (ESC) provides oversight of the TECS modernization effort. As CBP's chief information officer and Office of Information and Technology (OIT) assistant commissioner, I chair the ESC, which includes members from CBP offices; DHS's under secretary for science and technology, chief information officer, and chief financial officer; representatives from stakeholder groups; and ICE's TECS Mod program manager. The ESC, which meets every 2 months, monitors the program's cost, schedule, and performance, reviews risk management mitigation activities, and ensures corrective actions are identified. Additional oversight and governance of CBP's TECS Mod program is provided by existing policies and guidance from DHS's Office of the Chief Information Officer (OCIO), Office of the Under Secretary for Management, and the director of operational test and evaluation. All three offices play key roles in overseeing DHS's major acquisition programs and are very involved with CBP TECS Mod. Further, DHS's Office of Program Accountability and Risk Management (PARM) works to ensure the effectiveness of the overall program execution governance process by providing independent assessments of major investment programs, and by identifying emerging risks and issues that DHS and its components need to address. I hold a monthly Program Management Review (PMR), attended by OCIO and PARM representatives, which covers schedule, cost, risks/issues, and other topics. In addition to these formal meetings, Mr. Thomas Michelli, ICE's chief information officer, and I hold regular meetings to coordinate TECS Mod activities, and our program staffs meet frequently for detailed collaboration. Program Management CBP's TECS Mod effort is led by the TECS Mod Program Management Office (PMO) within OIT's Passenger Systems Program Directorate (PSPD). PSPD manages applications which support CBP's traveler vetting and processing systems at U.S. ports of entry. It has successfully delivered several high-profile border security systems, including Trusted Traveler, Electronic System for Travel Authorization (ESTA), and Western Hemisphere Travel Initiative (WHTI). Vital aspects of CBP TECS Mod's strong program governance and program management are the risk and requirements management processes. CBP TECS Mod's risk management processes include a strategy outlining techniques and procedures for identifying sources of risks, and how to categorize, analyze, and prioritize identified risks. Additionally, each of CBP's five TECS Mod projects have a Government Project Manager whose responsibilities include identifying, verifying, analyzing, documenting, and tracking project risks, as well as communicating risk issues to the TECS Mod Program Risk Manager. CBP's TECS Mod requirements management process was revised and improved in 2012, resulting in better organization, tracking, analysis, and communication of program requirements. These practices include a standardized plan to identify requirement types, such as operational, functional, or technical, and to attribute mandatory and optional traits for each requirement, such as source, date certified, and status. Requirements are elicited at user sessions, supported by key users identified by the CBP Office of Field Operations (OFO) and additional user communities within CBP, DHS, and/or partnering Government agencies (PGAs). Once functionality is developed, it undergoes rigorous developmental and user acceptance testing, followed by independent operational testing to ensure that the functionality is consistent with the approved requirements and satisfies user needs. Program Schedule and Cost The TECS Mod Acquisition Program Baseline (APB), the program's guiding document, provides the program milestones for key schedule events, including objective dates and threshold dates. The APB also specifies program cost objectives and thresholds to ensure the program stays within budget. The CBP TECS Mod program has stayed within budget since it began in fiscal year 2008. The PMO collaborated with the DHS Cost Center of Excellence in March 2012 to refine the Life Cycle Cost Estimate (LCCE) to ensure risk sensitivity was addressed and to validate the accuracy and approach of the LCCE. The LCCE has recently been updated to reflect actual costs for fiscal year 2012 and fiscal year 2013 as well as the impact of the pause of the PIP project. The current LCCE is $692.557 million (threshold level) covering planning, development, and maintenance costs from fiscal year 2008 through fiscal year 2021. The TECS Mod master schedule provides visibility into program and project activities aligning with the APB. The schedule is reviewed and maintained by the TECS Mod Project Schedule Manager. CBP TECS Mod is continually improving and refining information in the schedule as a result of project and program maturity. The detailed schedule is reviewed biweekly and progress of major milestones is tracked. Despite challenges such as the size, detail, and complexity of a schedule with over 20,000 tasks, the current process allows the Program Manager to monitor the APB milestones, decision gates, and major deliverables and to ensure successful project management and delivery within planned dates. The CBP TECS Mod scheduling process has helped the program deliver timely incremental functionality and stay on track for completion of the total program. Because of fiscal year 2013 budget uncertainty and sequestration, the CBP ESC decided to pause PIP, the last project under TECS Mod. As a result, the CBP TECS Mod schedule was recently revised to restart PIP late in the second quarter of fiscal year 2014 and to move the program completion date from the end of fiscal year 2015 to mid-fiscal year 2016. The APB has been updated with the revised schedule and is currently going through the approval process within CBP and DHS. Program Performance Some CBP TECS Mod functionalities have already been delivered, such as the modernized Secondary Inspection application, which is being used successfully at air, land, and sea ports of entry. The modernized High Performance Primary Query Service was made operational in 2012 and is now being used by the Advance Passenger Information System. In fiscal year 2013, TECS Mod delivered additional functionality such as implementing TECS portal, a web-based interface which will replace the current terminal-only access, for the TDED and LRDS projects. The first phase of this user-facing functionality includes lookout and travel document queries. In fiscal year 2014, TECS Mod will deliver new functionality such as enhancements to query and lookout applications. CBP has made significant progress with our TECS Mod Program to date, and we anticipate completion of program development and Full Operational Capability (FOC) in mid-fiscal year 2016. While 6 milestones were not met early in the program, by incorporating additional operational capabilities and adjusting to address technology implementation challenges, we have met all other major milestones and have been delivering modernized functionality incrementally as planned. Program planning and execution can always be improved; however, CBP TECS Mod has strong schedule, risk, and requirements management practices in place, which have facilitated delivery of required functionality on schedule and within budget. The PMO has grown in staff and matured its management processes since the program began in 2008. The CBP TECS Mod program has made significant progress, reached many milestones, and the program is in good overall health. GAO report GAO-14-62, DHS's Efforts to Modernize Key Enforcement Systems Could be Strengthened, published December 5, 2013, contained four recommendations for CBP's TECS Mod program. DHS and CBP concurred with three of the recommendations and is in the process of resolving and implementing these recommendations. Although CBP did not concur with GAO's recommended changes to our schedule process based on the fact that our established process has proven to be effective and efficient, we will continue to refine and improve upon our current model. conclusion CBP is working hard to continue incrementally delivering TECS Mod functionality and completing the program within budget by mid-fiscal year 2016. We are continuing to improve the management of all our programs by ensuring effective oversight, and by harnessing best practices in how we run those diverse programs. These efforts enhance CBP's multi-layered approach to vetting and identifying potential travelers to the United States who may pose a threat to the homeland. Thank you for allowing me the opportunity to testify before you today. I look forward to answering your questions. Mr. Duncan. Thank you for your testimony. Mr. Michelli, you are recognized for 5 minutes. STATEMENT OF THOMAS P. MICHELLI, CHIEF INFORMATION OFFICER, IMMIGRATION AND CUSTOMS ENFORCEMENT, U.S. DEPARTMENT OF HOMELAND SECURITY Mr. Michelli. Chairman Duncan, Ranking Member Barber, Congressman O'Rourke, I thank you for the opportunity to discuss ICE's efforts to improve TECS and the findings of GAO's recently-released report. We appreciate GAO's work conducting the review of TECS Modernization, and we look forward to working with Mr. Powner and GAO on this important program. Today I would like to provide some background on ICE TECS Mod and to outline the actions we have taken to manage our program, as well as respond to GAO's findings and recommendations. As you have mentioned, TECS supports ICE's investigative case management, including documenting subjects of criminal investigation in the form of records and reports, which is the basis for criminal prosecution. TECS Mod is a coordinated initiative by ICE and CBP to replace the portions of legacy TECS that align with our respective core missions. ICE's goal is to relocate the system from an expensive mainframe by the end of September 2015 by developing a modernized and comprehensive investigative case management system that will support the investigative mission of ICE's Homeland Security investigations. Subsequent to a full and open competition in 2011, ICE awarded a best-value, cost-plus contract for a custom-developed investigative case management system. Much work progressed well, including programmatic management improvements, requirements refinement, development and delivery of data synchronization with the legacy system, interfaces to required systems, and robust development in test environments. What did not progress well was core case management design and development. Many of the issues we identified causing this lack of progress were subsequently included within the findings in the GAO report. Our Government and contractor team worked diligently to remedy these issues before, during, and following the GAO study. As we work to improve program performance, we apprise and receive direction from the appropriate executive steering committees, which included DHS, ICE, and CBP senior leadership. We made program decisions based on business analysis of trade- offs of cost, schedule, and performance consistent with our overall goal to be off the legacy TECS mainframe by September 2015. In June 2013, after a diligent effort to bring the core case management development back on track, ICE concluded, in collaboration with the vendor, that the core technical architecture was insufficient. In an effort to independently validate our concerns, ICE commissioned a brief independent verification and validation analysis of the system's status and viability, which confirmed that the existing technical architecture was not viable. Once ICE confirmed nonviability of the technical solution, we acted immediately to change the direction of the program. Based on the recommendation from the IV&V, a subsequent market research assessment, as well as the conclusions reached in conjunction with our governing bodies, ICE is pursuing procurement of a commercial off-the-shelf, or COTS, -based solution for investigative case management. All indications based on recent market research are that we will be able to procure, deploy, and successfully be off the mainframe by September 2015, while also achieving lower life- cycle costs. GAO's findings related to ICE focused on two key deficiencies: Risk management and requirements management. We concur with all three recommendations offered by GAO to aid in overcoming these deficiencies and have completed the appropriate documentation and implemented processes and procedures to fulfill these recommendations. ICE initiated new status reporting methods based on leading practices, providing management with a more immediate picture of program progress. The program has overhauled its reporting structure and established integrated project teams that report status and coordinate dependencies weekly. We now track all known risks, not just those considered significant. We have revised our risk threshold to ensure risks are identified and are properly raised to leadership in a timelier manner. The program has also implemented a method to mitigate each elevated risk over a period of time. Both the revised risk threshold escalation and the method to mitigate risk have been incorporated into Government oversight process and will be in the scope of work for the new contracts for a future ICE TECS Mod solution. The ICE TECS Mod program has completed a detailed evaluation and comprehensive analysis of our system requirements. The program identified and eliminated overly prescriptive, technically outdated, and redundant requirements. This refinement resulted in a reduction in excess of 75 percent of system requirements without compromising capability. We have validated our new requirements baseline and confirmed that they are in line with other Federal law enforcement investigative case management programs. ICE has established new guidelines related to requirement management and established strict change control processes, which is consistent with GAO's recommendation. ICE remains committed to working in a coordinated effort with DHS and CBP to remedy any issues that have arisen during our modernization effort. We will continue to coordinate with stakeholders as we move forward to rebaseline the program and restart development work. In closing, both Mr. Armstrong and I are committed to the success of this program. Thank you again for the opportunity to appear before you today, and I would be pleased to answer any questions. [The prepared statement of Mr. Michelli follows:] Prepared Statement of Thomas P. Michelli February 6, 2014 introduction Chairman Duncan, Ranking Member Barber, and distinguished Members of the subcommittee: On behalf of Secretary Johnson and Acting Director Sandweg, thank you for inviting me to appear before you today to discuss efforts of U.S. Immigration and Customs Enforcement (ICE) to improve TECS and the findings of a report released in December 2013 by the Government Accountability Office (GAO) entitled ``DHS's Efforts to Modernize Key Enforcement Systems Could Be Strengthened.'' The U.S. Department of Homeland Security (DHS) and ICE appreciate GAO's work conducting the review of TECS Modernization and issuing this report, and I am grateful for the opportunity to provide background on ICE TECS Modernization (ICE TECS MOD) and outline the actions we have taken relating to GAO's findings and our continued collaboration with U.S. Customs and Border Protection (CBP) to address the recommendations offered by GAO. history of tecs and modernization efforts TECS is a mainframe system that is the primary system of both ICE and CBP, initially developed in the 1980s. TECS was previously known as the Treasury Enforcement Communications System when it was managed by the former U.S. Customs Service (which previously encompassed portions of both CBP and ICE functions). The system, which is currently managed by CBP, supports primary and secondary inspection processes for CBP and Federal agencies vetting for law enforcement and immigration benefits purposes. TECS also supports ICE's investigative case management including documenting subjects of criminal investigation in the form of records and reports, forming the basis for criminal prosecutions. The TECS modernization effort (TECS MOD) is a coordinated initiative by ICE and CBP to replace our respective portions of legacy TECS. Currently, our agencies are engaged in efforts to modernize the system into products that fit both specific and mutual needs and to migrate the legacy TECS system from the outdated CBP mainframe computer system (ICE TECS MOD and CBP TECS MOD programs, respectively). ICE's initial goal was to relocate the system from the prohibitively expensive mainframe by September 30, 2015 by developing a comprehensive law enforcement investigative case management system that will support the investigative mission of ICE's Homeland Security Investigations (HSI) and its shared mission with CBP to protect the homeland. Subsequent to the award of a best-value, cost-plus contract, ICE concluded, in collaboration with the vendor, that the core technical architecture was technically insufficient in June 2013. In an effort to independently validate our concerns, ICE commissioned a brief Independent Verification and Validation (IV&V) analysis. ICE used the IV&V to conduct an assessment of the system's status and viability. Following an abbreviated examination, the IV&V confirmed that the utilization of existing architecture would not be technically viable to support system needs. The IV&V also indicated that there were significant technical and management process deficiencies that would make meeting the September 30, 2015 deadline highly improbable. In consideration of the collective conclusions of ICE, the vendor, and the IV&V, it was determined that the ICE TECS MOD program required restructuring in order to ensure accountability and the ability to address deficiencies in technical oversight and requirements management. Accordingly, ICE restructured the program by increasing executive oversight, establishing integrated project teams and Government personnel accountability, identifying alternative technical options, and began the process of identifying a new prime contractor. prior and future funding The ICE TECS Modernization Life Cycle Cost Estimate (LCCE) was finalized on September 6, 2011, at $818 million for all acquisition and sustainment costs, assuming a life cycle for the program extending to 2024. Prior to the award of the Design/Development contract in September 2011, the program received $55.4 million in automation modernization funding and expended $22 million in support of requirements analysis, data migration, and acquisition activities. Between fiscal year 2012 and fiscal year 2013, the program received $36.9 million in automation modernization funding, expending $21.2 million on the Design/Development effort that was curtailed in July 2013, and expending $17.8 million on ancillary contracts including data migration, training, and communications and program support. In fiscal year 2014, the program's automation modernization budget is $23 million. In total, ICE TECS Modernization has received $115.3 million in funding, and we have expended $63.9 million to date. The program is in the process of revising its LCCE to be in line with its future plans for the program, and anticipates the full LCCE to be less than the original $818 million due in large part to an increased use of commercial, off-the-shelf products (COTS) that will require less custom development and on-going support. Once the revised LCCE is complete, the program will be able to adjust future automation modernization funding requests, and account for both funds received but not expended, as well as lower anticipated costs. gao's findings and ice's response and actions According to GAO, its objective during its review was to determine the scope and status of CBP's and ICE's TECS MOD programs, assess selected program management practices for TECS MOD, and assess the extent to which DHS is executing effective executive oversight and governance of the two TECS MOD programs. In order to accomplish these objectives, GAO reviewed requirement documents, as well as cost and schedule estimates to determine the current scope, completion dates, and life-cycle expenditures. In addition, GAO reviewed risk management and requirement management plans, as well as the meeting minutes of the governance bodies. The report highlights that ICE's initial efforts were determined to be ineffective, resulting in the need for the program to restart. It is pivotal to note that ICE made the determination itself based on identified risks, schedule slips, and poor quality of interim deliverables, which ultimately led to the final determination that the current technical solution would not be able to support the mission needs of ICE. Based on this determination, ICE took steps to verify this conclusion through an independent third party, as well as improve management oversight. Once ICE confirmed non-viability of the technical solution, we acted immediately to change the direction of the program. Our action included an external evaluation, which predated the GAO report. Upon receipt of this independent evaluation, ICE undertook major course corrections that are in line with those ultimately recommended by GAO. GAO's findings highlighted the status of ICE's efforts to modernize our portion of legacy TECS, focusing on two key deficiencies: Risk management and requirements management. We concur with the three recommendations offered by GAO for executive action directly linked to ICE. The following are highlights of ICE's responses and actions taken: risk management GAO recommended that the Secretary of Homeland Security direct the acting ICE director to ensure that all significant risks associated with the TECS MOD acquisition are documented in the program's risk and issue inventory--including acquisition risks--and briefed to senior management, as appropriate. ICE initiated new status reporting methods based on leading practices, providing management with a more immediate picture of program progress. The program has overhauled its reporting structure and established Integrated Project Teams that report status and coordinate dependencies weekly. In addition to the other programmatic risk changes, we also concur and have adopted the GAO's recommendation to add and track all known risks. For example, the ICE TECS MOD program has documented in the risk inventory a new acquisition risk that accounts for the aggressive time lines associated with the revised program strategy. This risk, as with all identified risks, has been reviewed by the program's Risk Advisory Board and elevated to ICE and DHS senior leadership. GAO also recommended that the Secretary of Homeland Security direct the acting ICE director to ensure that the appropriate individuals revise and implement the TECS MOD program's risk management strategy and guidance to include clear thresholds for when to escalate risks to senior management. The ICE TECS MOD program currently has a set of conditions that must be met for a risk to be elevated. We are revising our risk threshold to ensure risks are identified and appropriately raised to leadership in a timelier manner. The program is also identifying detailed activities that will help to mitigate each elevated risk over a period of time. Both the revised risk threshold escalation and the method to mitigate risk are being incorporated into the Government oversight process and will be in the scope of work for new contracts for the future ICE TECS MOD solution. requirements management In addition, GAO recommended that the Secretary of Homeland Security direct the acting ICE director to ensure that the newly- developed requirements management guidance and recently revised guidance for controlling changes to requirements are fully implemented. The ICE TECS MOD program has completed a detailed evaluation and a comprehensive analysis of our functional requirements. The program identified and eliminated overly prescriptive, technically outdated, and redundant requirements. This refinement resulted in a reduction in excess of 75 percent of functional requirements without compromising capability. Additionally, the program has validated its new requirements baseline against other Federal law enforcement investigative case management programs. ICE has established new guidelines related to requirement management and strict change control processes, which is consistent with GAO's recommendation. coordination with key stakeholders Throughout this effort, we have been committed to open and consistent communication with the DHS Office of the Under Secretary for Management. As it became apparent that the technical solution under development would not support the objectives of the program, ICE increased the frequency of its meetings with DHS to provide more regular and timely reporting of program issues and proposed resolutions. Additionally, ICE notified DHS after learning the program would not meet the revised baseline date of December 2013. The program is currently working with DHS's Office of Program Accountability and Risk Management to establish a new revised program baseline. This baseline will be formally reviewed and approved by DHS per the Acquisition Decision-102 guidance, before the program can restart development. In a similar manner, we have maintained on-going collaboration and coordination with CBP, our key mission partner. CBP serves as a voting member on the ICE Executive Steering Committee (ESC), which is responsible for oversight of the ICE TECS Modernization effort, and ICE serves as a voting member on the corresponding CBP ESC. In addition, both ICE and CBP participate as partners through the coordination of delivery schedules, technical solutions, and risk/issue resolution. We recognize that close coordination is vital to the joint success of both programs, and will continue to take the steps necessary to maintain that coordination going forward. conclusion ICE remains committed to working in a coordinated effort with DHS and CBP to remedy any issues that have arisen during our modernization efforts. The ICE TECS MOD effort has taken a variety of steps to ensure that the program not only stays on track, but that there is careful oversight of the acquisition and development process while utilizing independent authorities to assist with validation of our collective efforts. ICE will continue to coordinate with stakeholders as we move forward with efforts to re-baseline the program and restart development work to become independent of the costly legacy system as soon as a viable modernized system can be deployed. Thank you again for the opportunity to appear before you today and for your continued support of ICE and its law enforcement mission. I would be pleased to answer any questions. Mr. Duncan. Thank you, gentlemen, for your opening statements. I will now recognize myself for 5 minutes for questions. Let me just say, I will reiterate what I said earlier. I understand the immense challenge of the number of vehicles and persons entering the country every day. I probably don't understand it as much as the gentlemen from El Paso or Arizona do, but I do comprehend that we need to facilitate the flow of commerce and activity across the border in these border communities like El Paso. I will leave those comments for my friend from Texas. But when I think about it from a private-sector standpoint and I look at the fact that we just spent $60 million in taxpayer funds--taxpayer dollars, taken from hardworking Americans that work hard to earn that money, taken from them through taxation--and we spent that over a 4-year period of time, and I don't know that we are far enough down the road to where we need to be. I am not going to say that 100 percent of that $60 million was wasted, because you learned from those efforts, you actually built a platform that you can take the next step from, so I am not saying that at all. But I am concerned, because I know in the private sector there are not many firms, if any, that could invest that kind of money for very little result. I don't know many private-sector firms that actually would. They would hold someone accountable in year 1, year 2, and probably a lot quicker. So it seems that the requirements process broke down within both CBP and ICE regarding the TECS program. Given the requirements process has been a problem in past DHS failures, and I point specifically to SBInet, explain to me why CBP and ICE weren't able to get this right this time. You know, what were some of the obstacles that, after spending $6 million, you say, you know, we are going to have to start over? I will address that first off to Mr. Armstrong, and then I will come back to the GAO. I want to hear your take on it. Mr. Armstrong. Mr. Armstrong. Well, first off, I mean---- Mr. Duncan. Microphone. There you go. Mr. Armstrong. First off, you know, I don't believe we had any complete failures in our requirements process. Our requirements process did have some challenges that could have been better, but I will say that one of the lessons learned, you know, since you asked, I mean, one of the lessons learned we have picked up from other programs is we are trying to move to more of an iterative process where we are prototyping functionality and not doing a big, monolithic build of functionality before we deploy something. So our officers and agents actually get to see the functionality early on before we spend a lot of money to go then build it. Then, after we build it, then we go out to some test ports, and then we prototype that in the actual live environment. That gives the officers and agents an opportunity to work with the system and gives our program office an opportunity to make sure that we have the requirements right before we fully deploy the system. So we iterate back through that; we roll that back into sub-releases. Then, once that is in a, kind-of, final stage, it goes through a control gate, where then the user signs off on it and we start to deploy that out to more locations. So I think that those are the big lessons learned that we got out of other programs. I feel like we are on track. Mr. Duncan. Thank you for that. Before I come to the GAO, it just hit me that, you know, in the private sector, there is a finite amount of money that a company has to spend. Sometimes that is money that they have saved over the course of business practices for a number of years, anticipating the need for further investment, regardless of whether it is IT or capital improvements or whatnot, or they borrow money, or they raise money through stock initiatives, but it is still a finite amount. But it seems to me, when we see where we are with this kind of money being spent, that elements within the Government don't believe there is a finite amount, they believe that there is an unlimited supply. You know, we are $17.5 trillion in debt because we have had that mentality in this Nation that we can just continue spending without the kind of accountability that you would see in the private sector. So, Mr. Powner, the GAO has looked at this. That is your responsibility. How can we be better stewards of taxpayer dollars, and how can we ensure that these agencies actually don't wait till 4 years out, that they actually have more checks and balances going forward? Mr. Barber mentioned the two different groups' almost duplicative efforts and how you have accountability with that. So I would love for you to speak to that, if you will. Mr. Powner. So, a couple points, starting with requirements. I think from a requirements perspective, both programs, I would say they have fairly solid requirements management processes in place now. Those were put in place late. I think it was most evident in the ICE program. I mean, Mr. Michelli's comments about the requirements resulting in a 75 percent reduction in requirements, that is a big change. I am glad that we are getting it together now, but a lot of this is coming too late. The other thing that I would like to mention in addition to the program management on requirements and the risk that we need to do a better job at, not just here at DHS but in a the lot of pockets of the Federal Government, is executive leadership. These executive steering committees that were put in place, chaired by both these individuals, are now in place, and I think they are working more effectively now. But it sure would have been nice to have those in place sooner. Mr. Duncan. Okay. My staff just reminded me, you know, I am talking about $60 million, but CBP has spent a quarter of a billion dollars since 2008, and the only project fully completed is secondary inspection. You have a long ways to go. That is a heck of a lot of taxpayer dollars that were spent--a quarter of a billion dollars. I am going to stop because I need to let my blood pressure calm down a little bit as we move forward, and I am going to recognize the Ranking Member. Mr. Barber. The Chairman is passing his blood pressure problem along to me. Very good. I appreciate it. I, too, am worried and concerned, as the Chairman is. Let me start, Mr. Armstrong, by asking you this question. Last month, on January 10 to be precise, the Chairman and I wrote a letter to the under secretary for management, Mr. Borras, expressing our concern over CBP's decision to take corrective action on the procurement efforts for the TECS Mod and asking for an update on when the final request for proposals will be complete. The contract, as you may know, is currently operating on a series of 3-month extensions. Such short-term contracting, I think without question, has created uncertainty among those individuals who are responsible for the TECS Mod update. To my knowledge, my office--and perhaps the Chairman has, but I don't know that he has, because I think we would both receive the response at the same time--we have not yet received a response from the Department. It has been almost 30 days. So, two questions: No. 1, when can we expect the office to respond to our inquiry? How is DHS providing direction and clarity to stakeholders throughout the TECS Mod process, including any decision to recompete the TECS Mod contract? Mr. Armstrong. Mr. Armstrong. First of all, I don't control the Departmental clearance process. So, I mean, we are prepared to give them--I mean, we have the information that they would need to respond to you. That would need to be cleared by the Department. We would be more than happy to come up and do a, kind-of, closed-door briefing on the acquisition. But since a lot of that is procurement-sensitive, I really don't feel comfortable, kind-of, commenting on all that here today. But more than happy to come back with our contracting officers and go through, kind-of, where we are on the acquisition for you. Mr. Barber. Certainly. Contact my office as soon as you can, and we will arrange for that meeting. Could you, within the Department, ask of the people you have to deal with on the clearance process when we might expect an answer to the questions that we phrased? Let me next move to some questions for Mr. Powner. You know, I have only been on this committee for a year- and-a-half, and one of the things that I think troubles me a lot is how many GAO reports we get regarding DHS. Perhaps other agencies get as many, but I have a feeling we are a little bit on the high end here. So, as you know, Mr. Powner, TECS is used by CBP and ICE, of course, and it is also used by over 20 other Federal agencies, as I have mentioned in my opening remarks, including FBI; Alcohol, Tobacco, and Firearms; and the Terrorist Screening Center; as well as Departments of State and Treasury. These are accessing TECS on a daily basis. When you looked at the TECS Mod process, Mr. Powner, did it reveal to you the level of consultation that DHS had or the interactions it had with other users of the TECS from other Federal agencies to get their feedback on suggested requirements? I mean, critical, I think, in any development of any system, new system or revised system, that the end-user have some input on the process and what they expect to get out of the end product. Could you tell us what you found in your inquiries, if you looked at this? Mr. Powner. Well, when you look at the requirements-setting process, I mean, clearly, you know, when they put a system in place, the primary user is DHS, but that process does touch with the other stakeholders in the program and the other departments and agencies. I mentioned in my opening statement 10 departments use this system. So that is part of the process. It is important as part of the process going forward that when we validate these new requirements, as these programs are being rebaselined, that we continue to get feedback from those stakeholders. I assume-- like Mr. Michelli talked about, discover the requirements--I assume there was a process to vet that with some external stakeholders. Mr. Barber. Well, perhaps, Mr. Michelli, you could comment on that in terms of consultation with other departments. Can you tell us to what extent that was done as you are moving forward? Mr. Michelli. Congressman, I don't know for sure what the extent was, and I can get back to you on that. I do know that we have an entity within ICE that conducts information-sharing requirements generation with other entities, and I will find out what they have done. Mr. Barber. I am running out of time, but, Mr. Chairman, if you can indulge me a few more seconds here. Just two quick questions for Mr. Armstrong. Basically the same question that I just asked of Mr. Michelli and Mr. Powner, but in a different context. Again, when the end-user is consulted in any IT project, you get a better outcome. Unfortunately, all too often, they are not considered. So can you tell us, were CBP officers and agents involved in the development and setting of requirements for TECS Mod? Mr. Armstrong. Sir, they were absolutely involved. We have a requirements board that worked with our officers and agents and worked with other stakeholders throughout the Federal Government. I can tell you that even in our first deliveries of secondary processing, we got feedback from other agencies complimenting us on the efficiency by which the system worked. So, absolutely. We have been doing this for a long time with other agencies. We have a lot of experience in doing requirements management with other agencies. So we believe that it is working efficiently. Mr. Barber. My last question to you, Mr. Armstrong, has to do with something I mentioned earlier, and that is the delays that people have coming into our country for legal commerce, tourism, produce, products from Mexico and all the rest. The lines that are waiting at the ports of entry, particularly in my district and the adjoining district, sometimes can be 2, 2\1/2\ hours. This directly speaks to the economic issue that my State and the country faces; when we could expedite trade, we get economic development and growth. I want to ask you if you can comment on to what extent you think the TECS system, which is cumbersome and obsolete, has impacted on these delays. I know we have a problem with the number of agents we need, but is TECS a part of the problem, do you think? Mr. Armstrong. Well, I would say the biggest issue in terms of TECS and wait times at the border has been the stability of the old system. So the new system is going to allow for a lot more redundancy within the system, and it will reduce the amount of outages we have to take for maintenance. So I think, coupled together, the availability is going to go up. That is certainly the platform that we put together. It will also reduce those outages, those planned outages that we normally take at least once a month. So I believe it will improve things. Then, also, kind-of parallel to this, you know that we have been moving to other technologies at the ports that will help expedite especially the pedestrian traffic, so things like ready lanes and allowing more self-service in those areas. The new system, I believe, will allow us to avail ourselves of some of these technologies as they become available much quicker than the old mainframe system. So, as our officers continue to work on process improvement, looking at throughput in the ports not just from the physical standpoint but also from the time it takes to get people through primary and/or through secondary, I believe the new system will definitely expedite that processing downstream. Mr. Barber. Well, thank you, Mr. Armstrong. Mr. Chairman, before I yield, I would like to ask unanimous consent that Congresswoman Sheila Jackson Lee, who is a Member of the full committee and Ranking Member of the Border Subcommittee, be allowed to join the panel and ask questions when time is allowed. Mr. Duncan. Without objection, so ordered. The Chairman will now recognize Mr. O'Rourke for 5 minutes. Mr. O'Rourke. Thank you, Mr. Chairman. I want to commend you for your focus on issues of accountability, especially when it comes to purchasing and contracting within DHS. I feel that, when it comes to technology solutions, we can become enamored of quick fixes, blinded by the difficulty of understanding the specifics involved. When we have the kind of blunders that it seems that the GAO has uncovered here, the boondoggles like SBInet that you pointed to, as a whole, as a body, Congress, I think, oftentimes turns a blind eye. So I really appreciate the focus, the attention, and the drive for accountability. I also want to refer to the numbers that you gave us: A quarter of a billion dollars for CBP's five-step program, only one of which, one of those steps, has been achieved. You mentioned $60 million earlier; $20 million on the Raytheon mistake with the TECS Mod where we are cutting 75 percent--or 70 percent of the requirements, had delays of nearly a year, and are having to redesign from the beginning the whole process. You compare those numbers to $140,000, which is what it costs to fully train, hire, and move a CBP officer to where he will be employed. That officer will contribute nearly $2 million to the economy, will help create 22 additional jobs in the U.S. economy throughout every State in the Union. So, while I certainly understand, as Mr. Armstrong said, the time savings that we might be able to see if we can successfully implement some of these technology initiatives, and I certainly want us to do that, I also think that we have some much lower-hanging fruit, including spending and deploying those assets much more wisely. I would start with our human assets, those CBP officers, who have some of the most dangerous, difficult, and most critically important jobs when it comes to our economy, the safety and security of our country. I would urge CBP and DHS to focus more attention on that. To Mr. Powner, you mentioned SBInet, which really seemed like a contractors-gone-wild episode, where Boeing is designing the scope of the project, they are responsible for defining the milestones and the measurements, and we saw, you know, hundreds of millions of dollars later, that we had a system that we could not use, that was a waste of taxpayer money, and that we had to scrap completely. We looked at the Raytheon TECS Mod project, begun in September 2011: A delay of 7 months, 70 percent of the requirements were removed from the project, and $20 million later, it sounds like we are starting over again. Do we have--and you mentioned a deficiency in your opening statement of core case management and development. Is there some kind of brain drain within the Federal Government that does not allow us to properly manage these projects? Should we be doing more of this in-house and not allowing the Boeings and the Raytheons of the world to design these projects, and should we be doing more of that work in-house? Then, when it comes to actually implementing, programming, testing, holding to account those who are working on this, should we be doing more of that in-house, as well? Mr. Powner. Well, there are very few pockets in the Federal Government that can do a lot of this, in terms of the development. There are limited pockets. I will give you IRS as one example; they have pockets where they do their own development. But we contract this out. I think the key is, there are responsibilities that the Government has and responsibilities that the contractors have. In the requirements-setting process, let's start with that, that is the responsibility of the Federal Government to define what we want. Too often with a lot of these programs, you are absolutely right, Representative O'Rourke, that we have contractors get involved in defining how we are going to do things, so that we need a real clear line of delineation there. I think these two gentlemen are getting--that is actually improving with both these programs. That is very important. Then, once we get those contracts in place, the contractor oversight that needs to occur needs to be rigorous. We need to know what is being delivered in terms of productivity and quality. A lot of these programs, when you go in and you ask, is the contractor delivering, how is the quality and productivity, we don't get the right answers from the Government when we look at it. That is why I would say these executive steering committees are very important in ensuring that we have the appropriate contractor oversight and we are holding contractors' feet to the fire. I would say, on both these programs, in addition to our recommendations, one very important thing is we are in the process of putting contractors in place on both programs. I believe the ICE program has an award date for this summer, and I believe that is the same with CBP. It is very important that we get those contractors in place, the right contractors, as soon as we possibly can so that we can make progress. Mr. O'Rourke. Mr. Armstrong and Mr. Michelli have done a good job of walking us and taking us through process improvements, oversight committees, means by which we are sharing information across silos. But given SBInet, given what we have just described from the Members of the committee and what we read in the GAO report, what is going to give me confidence in terms of the human resources that we have within DHS, that we are not going to have a repeat of these problems going forward? In other words, do we have the right structure, the right line of accountability within DHS to ensure that we don't have this again, either within ICE or CBP or some other aspect of DHS? I am out of time, so I will ask Mr. Armstrong and Mr. Michelli to just very quickly address that question. Mr. Armstrong. Well, you know, I would say, at the current staffing level, I feel confident that we can provide the correct oversight on the program. I think what concerns me and part of why I am still here in the Government is, you know, the budget issues that are going on today across the Government and the desire to, kind-of, start to downsize some of these mission support areas in order to save money. So what I can't speak to is what is going to happen in the following years, in terms of staffing and our ability to replace people as they retire and go on to other things in their life. I will tell you that a large part of my staff, more than I would like, is retirement-eligible. They stick around because they enjoy the work that they do and they feel like the value they deliver to those front-line officers is very important to them. But that is going to soon come to an end because they can't stay around forever. So our ability to attract and bring new talent into the Government to be able to pick up with the new technologies greatly concerns me. Mr. O'Rourke. You know, Mr. Chairman, with your indulgence, point well-taken that, when we have the sequester, when we have Government shutdowns, we are not allocating resources wisely. It affects you and your ability to retain the best and brightest within your organizations. But I will also note that, since 1986, we have seen a 1,400 percent increase in spending on border security solutions. So when we look at SBInet, when we look at TECS Mod, when we look at a potential biometric exit system, I understand that we need to resource appropriately from the Congressional level, but, at the same time, you have unparalleled, unprecedented resources at your disposal today. Maybe what we are both saying is that more of that could be spent on our human resources, on the talent that we have there, recruiting and retaining, and less on flashy new ideas like SBInet, like a biometric exit system, when our greatest single asset is the people who protect our borders, serve the trade and the crossers coming across, and potentially design and oversee these systems that we are talking about. Mr. Michelli, any thoughts on that? Mr. Michelli. Yes. In ICE, after day-to-day mission, cybersecurity, and public officer safety, ICE TECS Mod is the No. 1 priority. We are putting our best and brightest on TECS Mod. When we did the requirements refinement in our ESC, which has an HSI, Homeland Security Investigator chair, realized that we could use additional help, he has put his best and brightest on the project, as well. I do have concerns as we progress into a commercial off- the-shelf program that we have the right technical skills for oversight for that. So, as part of the contract action, we have gone out with an FFRDC to get that expertise in-house so we will have that technical oversight. So I believe we are staged to have the right human skills, both on the technical side and on the mission side, to have success. Mr. O'Rourke. I hope so. We need to make sure that that is the case. Thank you, Mr. Chairman. Mr. Duncan. Thank you. Great questioning. Before I recognize the gentlelady from Texas, I had looked up some comparison numbers of a system known as Iron Dome deployed by Israel, very effectively I may add, a system that was developed from drawing board to combat-readiness in less than 4 years, a system that is effective at shooting down an airborne rocket traveling at a very high rate of speed, for the cost of $210 million. Rafael corporation did that. So, you know, the reason I say that is, we have put this in context, with the amount of money we are spending and what we are spending the money on--it is not hardware; to some degree, it is a software and hardware blend, I understand that--but what one group of people were able to do in less than 4 years for a lot less money than the numbers we are talking about today. So, with that, I will recognize the gentlelady from Texas, Ms. Jackson Lee, for 5 minutes. Ms. Jackson Lee. Let me thank the Chairman, Mr. Duncan, and Mr. Barber, the Ranking Member, for their courtesies for allowing me, as a Member of the full committee, to sit on this committee. Let me thank the witnesses very much for their service. Allow me just to make two points before I offer some questions that I think we all are concerned about--the operations of a very, very, very important agency. I first want to say that I am very grateful for the breakthrough that we have heard over the last couple of weeks, or last week, regarding our Republican friends in the United States Congress on the idea of comprehensive immigration reform and their own principles that have been enunciated, and to thank them for that. One of the key elements, which I want to put on record, where there is not a divide is the idea of border security. This hearing obviously plays a very large role, I believe, in the moving forward of comprehensive immigration reform. We truly believe here on the Homeland Security that we have crafted a thoughtful legislative framework in H.R. 1417 that may avoid prospectively some of the defaults of this TECS Mod program. H.R. 1417 thoughtfully lays out a roadmap, seeks the input of the Department of Homeland Security ahead of the strategies being articulated, and soundly commits to the security of the Northern Border, which I always want to mention, and the Southern Border. Mr. Chairman and Mr. Ranking Member, I think the oversight work that you are doing complements where we need to be if we move forward as Republicans and Democrats on what I hope will be not listening to the naysayers who are countering my optimism that we will reach a point where we have an effective construct. With that in mind, we will need the kind of technological forceful structure that works because that is part of the compliment of H.R. 1417. The last statement I want to make is that I hope that we can work out CBP--this is on the record--the issues with how CBP officers are dealing with overtime. We recognize that there are some unfortunate incidences that have occurred, but I support them. I would like to see their overtime reinstated or a process reinstated for them to be fairly compensated for both their work and their sacrifice, along with ICE and others. I want to quickly move to Mr. Powner and indicate if I could what can you give us, give the committee an effective, efficient, and modernized tech system, what if you could just concisely throw out what it would be? I know you gave us a number of suggestions, and unfortunately, it looks as if they were not followed. Then would you also suggest how it would be managed? Can it effectively be managed with multiple partners or multiple leaders? I will just pose that question to you. I will quickly go to Mr. Armstrong and Mr. Michelli, if you can be prepared to tell me what you actually got out of the $60 million in 4 years program that was halted. Mr. Powner, can you answer what would be an efficient tech system? Mr. Powner. So, first, when you look at the process for delivering the tech system, I think the requirements are getting laid out in increments. I will reiterate the importance of having strong program management, risk and requirements and having the executive-level governance. I will add this. When we look at successful IT acquisitions, they go small increments. When we try to go big, we have failures time and time again. We always have these failures, and what happens to fix it? We go with smaller increments, so I think the more we can go with small increments and even smaller increments going forward, that is what will be very successful going forward. Ms. Jackson Lee. When you say ``executive,'' what do you mean by that? Mr. Powner. Having the right executive-level oversight. What I mean by that is when something fails, we typically point at the poor program manager and blame the program manager when, in fact, it needs to be executives who own the project. Ms. Jackson Lee. How far up do you go when you say executive? Secretary of Homeland Security? Mr. Powner. Well, clearly, these guys run the executive steering committee, so they're key players. But then it ought to go up the CIO of the Department, and it ought to go up to the under secretary for management, clearly, if this is an important project for the Department. Ms. Jackson Lee. I think these are important instructions. Can I quickly ask you to ask us, just you, did we gain anything from the present system that we had? Mr. Powner. We sure did. I mean, if you look at what CBP, with the secondary inspections, clearly there was value in-- delivered with that. We had $225 million spent on that piece, so there was some value derived there. To Chairman Duncan's comment about $64 million spent, you are right; we did learn a little bit, but there was some money wasted there, Mr. Chairman. Ms. Jackson Lee. To the two gentlemen who, agents or groups who were the co-managers, I guess, of this, what did your boots on the ground, what did you think your particular entity, CBP and ICE, gain from the present program that was halted, and how can you learn going forward? Mr. Armstrong. Well, certainly, as Mr. Powner said, our officers have gained greatly from the secondary inspection consolidation because that allowed us to reduce the number of lookups and screens they had to go to and gave them more opportunity to focus on the person in front of them and less time toggling through screens. It also, and certainly in an airport environment, where there may be different parts of secondary located physically separate, it allowed for kind-of a consolidated view from the different officers within secondary so they would all know exactly what the status was of that particular traveler and anything that they may be bringing in with them. Also, I do want to point out that we have delivery in our high-performance primary query that was not completed at the time of this report, but that is now up and running. That brings together a lot of our queries, and we're running that in parallel with our old system. The big advantage there is once we get that fully deployed, that gets what we call rapid response out to all of our officers. Rapid response does a lot more criminal history checks than what the old tech system did. So just to highlight, we have gotten significant value so far. Ms. Jackson Lee. Mr. Chairman, if you would indulge me, I would ask Mr. Michelli to give me the same answer. If he might just respond, what is the name of that the system, Mr. Armstrong, that you just spoke of, what is that operating under right now? Mr. Armstrong. It is one of the five projects that was delivered as part of TECS Modernization, and it is our high- performance primary query. Ms. Jackson Lee. That one is operating? Mr. Armstrong. Yes. Ms. Jackson Lee. And is still under funding; is that what you are telling me? It is still being funded? Mr. Armstrong. Yes. It is part of the $240 million. Ms. Jackson Lee. All right. Mr. Michelli. Mr. Michelli. Congresswoman, we have programmatic management improvements, requirements refinement, development and delivery of data synchronization with the legacy system, in other words a new database, interfaces to required systems. We have our development and test environments. This may not seem like a lot, but it actually is. This is equivalent to if you are building a skyscraper, the foundation. It is something that most people don't see, but it is very fundamental for any new system. We have that in hand. What we don't have is the first floor. So, of the $60 million that we spent, about $20 million was for co-development. We made the decision, after receiving at least one, that it was not a sustainable solution, and we had to look at other alternatives. So what we did learn from that is when we went out to do the market research, that the market has changed and that there are commercial off-the-shelf programs that we can now use. Our HSI agents are excited at what they see. In fact, by using from the custom code development to a commercial off-the-shelf solution, early estimates, very early estimates in the market research is we could save money over the life-cycle cost estimate of the system. Ms. Jackson Lee. Let me, Mr. Chairman, thank you. If I might just say to the committee, it is very obvious that hardware of the 1970s or 1980s is so different from what we have now. Technology changes so rapidly, and as this committee does its very able work, I think some of the questions that we need to hear answered is a whole new construct as to how acquisition is done, what kind of thoughtfulness is put into it. I think what Mr. Powner said strikes me so strongly is, be measured and small. When you try to get into the ocean and just grab everything, you may have serious issues of those elements working together. I am hoping the whole committee can look at your work and maybe work, looking at a whole, I would say a whole new approach. We have been doing acquisition issues and issues dealing with purchases by this Department for as long as I have been on this committee. Mr. Duncan. I want to thank I the gentlelady for that. We are working on an acquisition bill, and it is a bipartisan with Ranking Member Thompson and Ranking Member Barber and others on your side of the aisle. Hopefully, we will be bringing that forward soon. I would love to have you look at it, Ms. Jackson Lee, and love to have your support because it does a lot of the things that we are talking about today and the great comment about the ocean and thinking, you know, small steps and small parameters so we scan have measurable activities, and we can actually measure it on a very timely basis. So I look forward to that. Ms. Jackson Lee. Well, let me then thank you and Mr. Barber for allowing me to be on and to listen to the proposal. I look forward to looking at the legislation. Let me thank the witnesses. I yield back. Mr. Duncan. Thank you for your interest. In the essence of time, because they are going to call votes in 15 minutes, and much to the chagrin of my staff, I am going to yield some time to the gentleman from the Southwest for the remaining time we have here because this is an issue that is closer to home to you guys. I have got all kinds of questions I could ask, but I want to make sure that we ask the right questions if you all bring some personal local experience to the table. So, with that, I yield to the Ranking Member, Mr. Barber, for a question. Mr. Barber. Thank you, Mr. Chairman. Again, I want to thank the witnesses. I know that we have asked some tough questions of you today, and I just wanted to express that it is frustration on a broader level. As I said, I have been on this committee now for, on the subcommittee, for a year and a month and on the full committee for a little longer. But it is really frustrating for me to go home to the people I represent and to tell them once again we have another issue with expenditures with apparent waste of taxpayer dollars. We are not making much progress. I absolutely recognize and appreciate that bringing together 22 legacy agencies is no small task. In fact, I have said before that I think actually, given the scope of this job and the importance of this job to the safety of our country, this Department is probably one of the, if not the top in priority department in the Federal Government, and certainly the job of Secretary is enormous. I met recently--he came to my district with the new Secretary, and I am hopeful that he can bring some greater efficiency and effectiveness to some of these matters. Let me just pose a question, a similar question, to both Mr. Armstrong and Mr. Michelli. Mr. Armstrong, as you know, the GAO states that CBP's Office of Information Technology lacks a sufficiently-detailed master program schedule to complete major portions of the TECS Mod project and that 65 percent of its work activities apparently remain unconnected. This has led to delays and cost overruns. This obviously creates uncertainty for users of the system in the Department and for those involved in modifications of the program itself. To date, only the secondary inspection, as you mentioned, project to process travelers has actually been deployed to all air, sea, and land ports of entry. So I would like to ask you, Mr. Armstrong, if you could outline for the committee how and when the Department plans to complete a sufficiently-detailed master program schedule for the modernization. A similar question if I might to Mr. Michelli. You know, there apparently is no clear designed framework estimate of how much the project is going to cost, why it costs the amount it does and why it is in the interest of the Government to pay the amount requested. Then also, of course, with ICE TECS Mod's component, these are vital determinations that cannot be made because ICE cannot state with any specificity what it will deliver and how much what it will deliver will cost. So, to both gentlemen, could you please respond to these questions? When are we going to see this level of detail which we can use as a road map to see where we are going and when we are going to get there and what it is going to cost? Mr. Armstrong. Sir, I think that, from our perspective, there is kind of a misunderstanding in terms of what actually lays out a master schedule. We have a 20,000-line master schedule in place today. The issue that GAO brought up is that we don't have all of our predecessor tasks tied together at a low level. You know, in concert with an agile development process, we wouldn't have this tied together. We would deal with those more from the iterative process that we go through. This program meets weekly to go through essentially immigration and risk issues within the program. As we move more and more to an agile environment, that process will become almost daily. So the idea is that we are not going to be building out schedules for 3 years from now when we don't know exactly what all those tasks are going to be. We are going to build them out to that degree and scope when we are actually getting ready to do the work. I think to the point earlier about some of these big programs that have failed, they have spent a lot of time and money building out schedules for years and then found that when they get to that point, the schedules aren't valid, and they have to go back and rework all those schedules. So we did have some schedule issues early on in the program. Some of those were the result of some technical problems that we had, not within the scheduling, but getting technology to work. So, therefore, it took us a little bit longer to get some of our technology that allows us to keep both the old system and the new system in sync because we are building a plane and flying it at the same time. So the commercial off-the-shelf software that was out there at the point in time we started the program could not keep up with the rapid pace of which we needed to be able to process people through the border. So we had to work very closely with the vendors to get that software tuned and get it working right. So that did cause us a little bit of schedule issues. We have now learned some lessons from that. That is part of our iterative development process to talk about those much more rapidly and get those escalated quicker. So I feel like we have got a schedule and a schedule process that works, and I think that, from my perspective and from the direction from the Department, we need to focus more on this iteration through the requirements and getting stuff deployed in smaller chunks quicker. Mr. Duncan. Mr. Michelli. Mr. Michelli. Congressman, yes. We have a very broad schedule now because at week-end we are going out to a new procurement. We met our first goal yesterday when we went out with a solicitation or an RFI for a commercial off-the-shelf solution. Our next target date is June, when we hope to make an award at that time because we don't want to tell the winning vendor how to do their business. We want to work with them collaboratively to ensure that we are off the mainframe by September 2015. We will work with them to get the more refined schedule out. As far as to cost, preliminary market research shows that with a commercial off-the-shelf solution, we anticipate a 10 to 20 percent lower cost in the total life-cycle of the solution. Mr. Barber. I want to thank the Chairman again for convening the hearing, the witnesses for coming. I just hope that we can get these processes moving faster, more efficiently, and be better stewards--I think we all need to be--of the taxpayers' money. I know you are working hard at this, but we need to succeed, and we need to do it soon and in a very cost-effective way. I wish you the best of luck, and thank you for coming here today. Mr. Duncan. Thank the Ranking Member, and I will recognize for the last questions, because they are calling votes as we speak, for 5 minutes, and then we will wrap it up. The gentleman from Texas. Mr. O'Rourke. Thank you. I want to get to the issue of accountability and, again, always view issues through the perspective of being a resident of the border and through the eyes of my constituents, one of the poorest communities in this country, a community that has 22 million crossings across our border every year. Those crossings are fundamental to economic opportunity and job creation that have in El Paso and paramount to a quality of life that we want to maintain there. So I appreciate the efforts to improve that through faster crossing times, implementing technologies that will allow for that. But it is also hard to go back to those folks in El Paso who are really struggling to get by, who are waiting in these long border lines, and tell them that we have spent $240 million so far to achieve it now turns out two of the five steps that we need to achieve, that we have wasted money without much accountability to it. So a couple of questions. First, to Mr. Armstrong, $240 million has bought us secondary inspection and high-performance primary query. When it comes to these modifications to the TECS system, how much will it cost us to deliver the three remaining parts of that 5-step process? Mr. Armstrong. So we have spent $240 million to date, and let me point out that it is not just on those two pieces of functionality. I talk about those in terms of the results that we have achieved. We have actually done work in all five areas. Even in the PIP process, we have done requirements development, but we did not go on to start building things because there was budget uncertainty. So each one of the five projects, there has been work going on concurrently. Mr. O'Rourke. Understood, but just in the essence of time, how much will it cost us when we are done? Mr. Armstrong. So the current life-cycle cost estimate, which was just completed, is $693 million. Mr. O'Rourke. Thank you. What are the--to Mr. Armstrong, to Mr. Michelli, if we have time, I would love to hear from the representative from the GAO--what are the consequences when we miss our budget targets, when we spend more than we committed to spending? What are the consequences to the contractors? What are the consequences to you and the people who work for you? What is the accountability that we have in DHS for these mistakes that have been made so far? I will ask Mr. Armstrong first and then turn to Mr. Michelli. Mr. Armstrong. Well, you know, all of these objectives are laid out in the performance plans for my program managers. So both my program manager over this program, my executive director that oversees all of our passenger processing, myself, my deputy, we all have performance milestones within our performance plans with respect to the delivery of this program. Part of the re-compete of the contract is the old contract didn't have a whole lot of avenues for accountability in it. I am hopeful that the new one will and that we can hold the vendor more accountable for delivery. To the point that you asked me earlier, we have a lot more Government staff on-board now than we did, say, 10 years ago; so the mix of Government- to-contract employees overseeing this program is much greater than it was in the past. So I am confident that we are going to deliver within our budget and there hasn't been more than a $7 million swing in any of our life-cycle cost estimates by the middle of fiscal year 2016. Mr. O'Rourke. For Mr. Michelli, and I believe I am quoting from the GAO report. In September 2011, ICE entered into a contract with Raytheon to serve as a prime contractor for TECS Mod. In 2012, the program began to experience technical issues, which resulted in a delay of approximately 7 months and the decision to defer or remove approximately 70 percent of the requirements Raytheon was hired to complete. What are the consequences to Raytheon? Mr. Michelli. So, for any vendor, we provide a CPARS, which is a rating on the performance, so we would rate them appropriately. They also in their contract have an award fee, and we would adjust that award fee appropriately based on the requirements of the---- Mr. O'Rourke. Can you tell us how we have adjusted downward the award fee to Raytheon due to their performance? Mr. Michelli. I would be happy to get back to you once I consult with the contracting office. I am not sure what the sensitivity of that is. Mr. O'Rourke. Okay. For the last word, I have got 10 seconds, Mr. Powner. Anything on that theme that you would like to comment on? Mr. Powner. Yeah, I think you are spot-on. I think there needs to be more accountability, not only within the Department of Homeland Security, but with those contractors. I think a best practice up-front is you sit down with the contractor and demand a meeting at a very high level and talk about what a priority this is for the Department of Homeland Security with folks probably even above these two individuals' levels, because you get the A team men if you are the squeaky wheel. They are going to be competing with a lot of programs in the Federal Government. Those contractors have a lot of other Federal contracts. The program that is the squeaky wheel, that you get a very high-level individual saying that I am on top of this, and I am going to watch the performance of this contract and how things are going, that would help. Mr. O'Rourke. Thank you. I appreciate that. Mr. Chairman, thank you. Mr. Duncan. I want to thank the witnesses, Mr. Powner, Mr. Armstrong, Mr. Michelli, for your valuable testimony today. I apologize that the hearing is going to be cut short due to votes. There are a lot of other questions that we have as we pursue how we proceed from here and make sure that we are good stewards. You know, these hearings aren't the grooviest topics. They are not the Benghazis or the IRS targeting or all of that, but I think it is important, as you have seen today, on both sides of the aisle, we are very concerned about how taxpayer dollars are being spent, to make sure that we are getting the most bang for the buck and that we don't go so far down the road, have to stop, retrace our steps and start over. So I want to thank the Members of the subcommittee for their questions and participation. The Members of the subcommittee may have additional questions for you guys, and we will ask those witnesses if they will respond to those questions in writing. So, without objection, the subcommittee will stand adjourned. [Whereupon, at 11:23 a.m., the subcommittee was adjourned.] A P P E N D I X ---------- Questions From Chairman Jeff Duncan for David A. Powner Question 1. The DHS chief information officer rated the TECS Mod program for ICE as medium-risk and CBP as moderately low-risk. In addition, the Program Accountability and Risk Management Office rated the program as high-value, low-risk. Do you believe the Department needs to reevaluate the criteria by which it considers these large-scale IT projects high-risk and in need of a TechStat review or health assessment? Answer. Response was not received at the time of publication. Question 2. One of the subcommittee's biggest concerns with the review process for an IT project of the size of TECS is that the appropriate risks were never identified, whether it is with identifying the appropriate requirements needed or that smaller problems snowballed and were never identified until the whole program was put on hold. How would you recommend these risks be corrected so that we don't end up in this situation again in the future? Answer. Response was not received at the time of publication. Question 3. What grade (A,B,C,D,F) would you give CBP and ICE in their development and implementation of major IT programs based on their ability to meet mission needs, cost, and schedule? How would you rate DHS's performance in delivering IT systems against other Federal agencies? Answer. Response was not received at the time of publication. Questions From Chairman Jeff Duncan for Charles R. Armstrong Question 1. If DHS had conducted a TechStat review of the TECS modernization effort, could that have helped to identify performance lapses and recommend corrective actions to get the modernization effort back on track? What steps have you taken to ensure that high-risk, high-value IT programs like TECS Mod will be identified as such in the future? Answer. Response was not received at the time of publication. Question 2a. According to a copy of the Acquisition Program Baseline CBP recently submitted to DHS that was provided to the subcommittee, TECS Mod's costs have decreased by about $30 million, while the end-date for the program has been pushed out to the middle of 2016. Can you explain how the program will cost less but take longer to complete? Do CBP's revised plans for TECS Mod envision a reduction in functionality--and if so, what does the reduction consist of? Answer. Response was not received at the time of publication. Question 2b. In that same revised APB, CBP altered, or in some cases removed key TECS Mod performance parameters. In practical terms, please explain what these changes will mean for the overall performance of the system, especially for the CBP officer at a port of entry. Answer. Response was not received at the time of publication. Question 3. The current request for proposal has been protested by three of the four competitors and, it is my understanding, that the CBP withdrew the award before the GAO could rule. After more than a year, it is my understanding that the CBP is going to simply recomplete the contract based on the same RFP. To what extent has CBP considered extending the current contract? Answer. Response was not received at the time of publication. Question 4a. According to the GAO report, the TECS modernization effort should result in the ability to better match names from foreign alphabets and improve the flow and integration of data between CBP and its partner agencies. Looking back at the tragic Boston marathon bombings, are there capabilities that may help prevent similar events from occurring in the future? Answer. Response was not received at the time of publication. Question 4b. If TECS had been modernized fully last year, could TECS have increased the alert and awareness on Tamerlan Tsarnaev? Answer. Response was not received at the time of publication. Questions From Chairman Jeff Duncan for Thomas P. Michelli Question 1a. Did anyone within your office at ICE reach out to the DHS CIO to initiate a TechStat review of your TECS Mod efforts in order to identify performance lapses and recommend corrective actions to get the modernization effort back on track? Question 1b. What steps have you taken to ensure that high-risk, high-value IT programs like TECS Mod will be identified as such in the future? Answer. Response was not received at the time of publication. Question 2. The cost of the ICE TECS Mod program before the rebaseline was $800 million. What will the new life-cycle cost be? Answer. Response was not received at the time of publication. Question 3. ICE recently commissioned a technical assessment by MITRE to identify potential commercial-off-the-shelf solutions for its TECS Mod program. Please describe the results of this study and how ICE intends to incorporate those results in its planning moving forward? Will you please provide the results of this assessment to the subcommittee? Answer. Response was not received at the time of publication. Question 4. Do you believe you are using the DHS OCIO's risk management processes effectively? Do you think problems with your portion of TECS Mod could have been escalated earlier on to address them? Answer. Response was not received at the time of publication. Question 5a. According to your statement, ICE ``anticipates the full life-cycle cost to be less than the original $818 million due in large part to an increased use of commercial off-the-shelf products that will require less custom development and on-going support.'' Whether it is SBINet or high-cost IT programs, the committee has heard that COTS products alone will reduce costs but this seems rarely the case because there's usually more work needed to adapt the technologies to operational needs. What assurance does the taxpayer have that use of COTS in this case will reduce costs? What concrete evidence do you have to show that COTS in this type of IT environment will result in cost savings? Answer. Response was not received at the time of publication. Question 5b. Will a single COTS product satisfy all of ICE's requirements? If not, what additional functionality will be required and how will that functionality be delivered? Answer. Response was not received at the time of publication. Question 6. You mentioned during the hearing that ICE's ``preliminary market research shows that with a commercial off-the- shelf solution, [ICE] anticipate[s] a 10 to 20 percent lower cost in the total life cycle of the solution.'' Can you explain where these savings are coming from and why these savings were not identified in the original APB? Answer. Response was not received at the time of publication. [all]