Border Security
Key Unresolved Issues Justify Reevaluation of Border Surveillance Technology Program Gao ID: GAO-06-295 February 22, 2006In September 2004, the Department of Homeland Security (DHS) established America's Shield Initiative (ASI)--a program that included a system of sensors, cameras, and databases formerly known as the Integrated Surveillance Intelligence System (ISIS)--to detect, characterize, and deter illegal breaches to the northern and southern U.S. borders. The goals of the ASI program were to address ISIS capability limitations and support the department's antiterrorism mission. In April 2005, department officials told GAO that ISIS was subsumed within ASI. By congressional mandate, GAO reviewed the program to determine (1) the operational needs that ASI was intended to address and DHS's plans for ASI, (2) the steps that DHS had taken to ensure that ASI was aligned with the department's enterprise architecture, and (3) the actions that DHS had taken to establish the capability to effectively manage ASI. In written comments, DHS agreed with a draft of this report, stating that it was factually correct in virtually all aspects. DHS also commented that it has ceased work on ASI and redirected resources to its Secure Border Initiative. It also described program management corrective actions that it plans to implement.
The ASI program defined the operational needs it expected ASI to meet, including addressing both known limitations in the ISIS and supporting counterterrorism efforts. The program also developed key planning documents for approval by the DHS Investment Review Board that were intended to meet these needs, including a program management plan, acquisition plan, and preliminary operational requirements document. However, these plans were not approved. The Review Board recently reviewed the ASI program and found, among other things, that it was aligned with the department's enterprise architecture. However, the reviews also determined that the program had not adequately defined its relationships and dependencies with other department programs. Subsequently, the DHS Deputy Secretary directed that the program be reevaluated within the department's broader border and interior enforcement strategy, now referred to as the Secure Border Initiative. The ASI program had not established the people and process capabilities required for effective program management. As of August 2005, it had filled 30 of its 47 program office positions, and it had defined roles and responsibilities for only 3 of them. In addition, while the program had defined and begun implementing a plan to manage program risks, it had not yet defined key acquisition management processes, such as effective project planning, and contract tracking and oversight. As a result, the program risked repeating the inadequate contract management oversight that led to a number of problems in deploying, and operating and maintaining ISIS technology. DHS's decision to reevaluate ASI was justified by the existence of unresolved key issues cited above (addressing its impact on other programs, and establishing people and process capabilities required for effective program management). These issues, if not addressed, would have introduced unnecessary risk. It is important that the department's reevaluation consider all such issues that could affect program success.
GAO-06-295, Border Security: Key Unresolved Issues Justify Reevaluation of Border Surveillance Technology Program
This is the accessible text file for GAO report number GAO-06-295
entitled 'Border Security: Key Unresolved Issues Justify Reevaluation
of Border Surveillance Technology Program' which was released on
February 23, 2006.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Committees:
February 2006:
Border Security:
Key Unresolved Issues Justify Reevaluation of Border Surveillance
Technology Program:
GAO-06-295:
GAO Highlights:
Highlights of GAO-06-295, a report to the House and Senate
Subcommittees on Homeland Security, Committees on Appropriations:
Why GAO Did This Study:
In September 2004, the Department of Homeland Security (DHS)
established America‘s Shield Initiative (ASI)”a program that included a
system of sensors, cameras, and databases formerly known as the
Integrated Surveillance Intelligence System (ISIS)”to detect,
characterize, and deter illegal breaches to the northern and southern
U.S. borders. The goals of the ASI program were to address ISIS
capability limitations and support the department‘s antiterrorism
mission. In April 2005, department officials told GAO that ISIS was
subsumed within ASI.
By congressional mandate, GAO reviewed the program to determine (1) the
operational needs that ASI was intended to address and DHS‘s plans for
ASI, (2) the steps that DHS had taken to ensure that ASI was aligned
with the department‘s enterprise architecture, and (3) the actions that
DHS had taken to establish the capability to effectively manage ASI.
In written comments, DHS agreed with a draft of this report, stating
that it was factually correct in virtually all aspects. DHS also
commented that it has ceased work on ASI and redirected resources to
its Secure Border Initiative. It also described program management
corrective actions that it plans to implement.
What GAO Found:
The ASI program defined the operational needs it expected ASI to meet,
including addressing both known limitations in the ISIS and supporting
counterterrorism efforts. The program also developed key planning
documents for approval by the DHS Investment Review Board that were
intended to meet these needs, including a program management plan,
acquisition plan, and preliminary operational requirements document.
However, these plans were not approved.
The Review Board recently reviewed the ASI program and found, among
other things, that it was aligned with the department‘s enterprise
architecture. However, the reviews also determined that the program had
not adequately defined its relationships and dependencies with other
department programs. Subsequently, the DHS Deputy Secretary directed
that the program be reevaluated within the department‘s broader border
and interior enforcement strategy, now referred to as the Secure Border
Initiative.
The ASI program had not established the people and process capabilities
required for effective program management. As of August 2005, it had
filled 30 of its 47 program office positions, and it had defined roles
and responsibilities for only 3 of them. In addition, while the program
had defined and begun implementing a plan to manage program risks, it
had not yet defined key acquisition management processes, such as
effective project planning, and contract tracking and oversight. As a
result, the program risked repeating the inadequate contract management
oversight that led to a number of problems in deploying, and operating
and maintaining ISIS technology.
DHS‘s decision to reevaluate ASI was justified by the existence of
unresolved key issues cited above (addressing its impact on other
programs, and establishing people and process capabilities required for
effective program management). These issues, if not addressed, would
have introduced unnecessary risk. It is important that the department‘s
reevaluation consider all such issues that could affect program
success.
www.gao.gov/cgi-bin/getrpt?GAO-06-295.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Randolph C. Hite, (202)
512-3439, hiter@gao.gov.
[End of section]
Contents:
Letter:
Conclusions:
Agency Comments:
Appendixes:
Appendix I: Briefing to Staffs of Subcommittees on Homeland Security,
House and Senate Committees on Appropriations:
Appendix II: Comments from the U.S. Department of Homeland Security:
Appendix III: GAO Contact and Staff Acknowledgments:
Abbreviations:
ASI: America's Shield Initiative:
CBP: Customs and Border Protection:
DHS: Department of Homeland Security:
EA: Enterprise Architecture:
EAB: Enterprise Architecture Board:
FTS: Federal Technology Service:
GSA: General Services Administration:
ICAD: Intelligent Computer-Assisted Detection:
IG: Inspector General:
INS: Immigration and Naturalization Service:
IRB: Investment Review Board:
ISIS: Integrated Surveillance Intelligence System:
PMO: Program Management Office:
RVS: Remote Video Surveillance:
Letter February 21, 2006:
The Honorable Judd Gregg:
Chairman:
The Honorable Robert C. Byrd:
Ranking Minority Member:
Subcommittee on Homeland Security:
Committee on Appropriations:
United States Senate:
The Honorable Harold Rogers:
Chairman:
The Honorable Martin Olav Sabo:
Ranking Minority Member:
Subcommittee on Homeland Security:
Committee on Appropriations:
The House of Representatives:
In 1997, the Immigration and Naturalization Service (INS) deployed the
Integrated Surveillance Intelligence System (ISIS)--a system of
sensors, cameras, and databases designed to prevent smugglers and
illegal aliens from entering the United States along its northern and
southern borders. Pursuant to the Homeland Security Act of
2002,[Footnote 1]INS was absorbed into the Department of Homeland
Security (DHS), and the ISIS program was subsequently moved into the
department's Customs and Border Protection (CBP) component. In
September 2004, CBP established the America's Shield Initiative (ASI)
program. The goals of the program were to address ISIS capability
limitations and support the department's antiterrorism mission. In
April 2005, DHS officials told us that ISIS was subsumed within ASI. In
September 2005, we were told that the Deputy Secretary of Homeland
Security directed that proposed plans for the program be reevaluated.
The conference report for the Department of Homeland Security
Appropriations Act, 2005, directed us to review ISIS.[Footnote 2]Since
ISIS was subsequently subsumed into ASI, we agreed to the following
objectives: (1) determine the operational needs that ASI is intended to
address and the department's plans for ASI, (2) determine the steps
that the department has taken to ensure that ASI is aligned with the
department's enterprise architecture, and (3) determine the actions
that the department has taken to establish the capability to
effectively manage ASI.
On October 27, 2005, we briefed your staff on the results of our
review. This report transmits these results. The full briefing,
including our scope and methodology, is reprinted as appendix I. In
summary, we made three major points:
* First, the program had defined ASI operational needs and developed
planning documents for approval by DHS's Investment Review Board.
Operational needs included both addressing known limitations in ISIS
capabilities and supporting CBP counterterrorism efforts through
enhanced border surveillance capabilities. Planning documents included
a program management plan, acquisition plan, and a preliminary
operational requirements document. The review board did not approve
these planning documents.
* Second, while DHS's Investment Review Board found that the ASI
program was aligned with the department's enterprise architecture, it
also found that the program had not adequately identified its
dependencies and relationships with other department components. The
board also determined that the program needed to be integrated into the
department's broader border and interior enforcement strategy. As a
result, the Deputy Secretary directed that ASI be reevaluated within
the context of this broader strategy, now called the Secure Border
Initiative.
* Third, the program had not established key management capabilities
(people and process controls). As of August 2005, it had filled 30 of
47 program office positions and had defined roles and responsibilities
for only 3 of the 47 positions. Further, the program had not defined
key acquisition management processes, such as those for tracking and
overseeing contractors and for developing and implementing project
plans. Contract tracking and oversight is important because inadequate
contract management oversight led to a number of problems in deploying,
operating, and maintaining ISIS technology. Program officials told us
they planned to develop key acquisition processes, however plans and
timeframes for doing so had not been set. To its credit, the program
office had defined and begun implementing a risk management process,
which is one key acquisition process.
Conclusions:
DHS's decision to reevaluate the ASI program demonstrates that its
investment review process is based on relevant considerations, such as
dependencies with and impacts on related border security programs that
the department's enterprise architecture should explicitly define and
the architecture alignment analysis should demonstrate. The limitations
in the program office's people and process capabilities are another
issue supporting the department's decision to reevaluate the program.
Accordingly, the department's decision to reevaluate the program was
justified by the existence of unresolved key issues that, if not
addressed, would have introduced unnecessary and unacceptable risk. It
is thus important that this reevaluation include consideration of all
issues that could affect program success.
Agency Comments:
In written comments on a draft of this report, signed by the Director,
Department GAO/OIG Liaison Office, DHS stated that it agreed with the
overall thrust and that the report is factually correct in virtually
all aspects. The department also stated that it had decided to cease
work on ASI and that it has dismantled the ASI program office and a
subset of its personnel has been assigned to the SBI program. Further,
the department stated that in establishing SBI, it intends to implement
corrective program management measures to address the problems that
occurred on ISIS. The DHS comments are reprinted in their entirety in
appendix II.
We are sending copies of this report to the Chair and Ranking Minority
Members of other Senate and House committees that have authorization
and oversight responsibilities for homeland security. We are also
sending a copy to the Director of the Office of Management and Budget.
Copies of this report will also be available at no charge on our Web
site at [Hyperlink, http://www.gao.gov].
If you or your staff have any questions about this report, please
contact me at (202) 512-3439 or [Hyperlink, hiter@gao.gov]. Contact
points for our Offices of Congressional Relations and Public Affairs
may be found on the last page of this report. GAO staff who made major
contributions to this report are listed in appendix III.
Sincerely yours,
Signed by:
Randolph C. Hite:
Director, Information Technology Architecture and Systems Issues:
[End of section]
Appendixes:
Appendix I: Briefing to Staffs of Subcommittees on Homeland Security,
House and Senate Committees on Appropriations:
Key Unresolved Issues Justify Reevaluation of Border Surveillance
Technology Program:
Briefing to staffs of Subcommittees on Homeland Security, House and
Senate Committees on Appropriations:
October 27, 2005:
Briefing Overview:
* Introduction:
* Objectives:
* Results in Brief:
* Background:
* Observation 1: Needs Were Defined and Plans Were Developed:
* Observation 2: Enterprise Architecture Alignment Was Unclear:
* Observation 3: Program Management Capability Was Lacking:
* Conclusions:
* Attachment 1: Scope and Methodology:
Introduction:
In 1997, the former Immigration and Naturalization Service (INS)
deployed the Integrated Surveillance Intelligence System (ISIS) to
provide visibility and protection of the U.S. northern and southern
borders. The goal of ISIS was to prevent the entry of smugglers,
illegal aliens, contraband, and illegal narcotics into the country.
In March 2003, pursuant to the Homeland Security Act of 2002, [NOTE]
INS was absorbed into the Department of Homeland Security (DHS). INS's
Border Patrol is now in DHS's Customs and Border Protection (CBP)
component. In September 2004, CBP established the America's Shield
Initiative (ASI) program. The goals of ASI were to address known ISIS
capability limitations and to support DHS's antiterrorism mission,
including its need to exchange information with state, local, and
federal law enforcement organizations. In April 2005, DHS officials
told us that ISIS was subsumed within ASI. By June 2004, the House
Appropriations Committee had recommended that DHS use approximately $87
million of its CBP appropriations for ISIS and ASI in fiscal year 2005.
[NOTE 2] In September 2005, we were told that the Deputy Secretary of
Homeland Security directed that ASI be reevaluated.
NOTES:
[1] Public Law 107-296 (November 25, 2002).
[2] H.R. Report 108-541 (2004).
Objectives:
The conference report for the Department of Homeland Security
Appropriations Act, 2005, [NOTE 1] directed GAO to review DHS's ISIS
program. [NOTE 2] Since ISIS had subsequently been subsumed into ASI,
we agreed to the following objectives:
1. determine the operational needs that ASI was intended to address and
DHS's plans for ASI,
2. determine the steps that DHS had taken to ensure that ASI was
aligned with the DHS enterprise architecture, and:
3. determine the actions that DHS had taken to establish the capability
to effectively manage ASI.
In September 2005, we were told that the DHS Deputy Secretary decided
to reevaluate ASI in conjunction with development of its border and
interior enforcement strategy. This decision is reflected in the scope
of our review and this briefing.
NOTES:
[1] H.R. Conf. Report 108-774 (2004).
[2] House Report 108-541.
We performed our work at ASI offices in Washington, D.C., from April
2005 through September 2005, in accordance with generally accepted
government auditing standards. Details of our scope and methodology are
described in attachment 1 of this briefing.
Results in Brief:
Consistent with its acquisition guidance, CBP defined the operational
needs that it expects ASI to address in terms of both addressing known
limitations in ISIS capabilities and supporting CBP counterterrorism
efforts through enhanced border surveillance capabilities. During the
last 6 months, CBP told us that it had been developing plans and
documentation that DHS required for ASI to pass its next major
acquisition milestone. CBP also told us that these plans and
documentation would be made available to us after the program passed
this milestone.
ASI was to be one of many DHS programs supporting its border and
transportation security mission, and thus it was critical that ASI be
pursued within the context of a departmental enterprise architecture
that defined the interrelationships and interdependencies among these
border security programs and their supporting systems environments.
However, steps taken by DHS to ensure ASI's alignment within this
context raised questions that became more significant as the program
moved beyond program initiation. Such questions were a critical factor
in DHS's recent decision to reevaluate ASI in conjunction with
development of its border and interior enforcement strategy.
Further, CBP had yet to establish the kind of people-and process-
related program management capabilities needed to effectively execute a
program like ASI. For example, specific roles and responsibilities had
not been defined for the program staff, beyond generic position
descriptions. In addition, key acquisition processes, such as
acquisition management and contractor tracking and oversight, had yet
to be defined and implemented. Given CBP's challenges in managing its
ISIS contract, as reported by the General Services Administration's
Inspector General, [NOTE 1] the absence of such process controls was
another key open issue at the time the decision was made to reevaluate
the program.
NOTE:
[1] General Services Administration, Compendium of Audits of the
Federal Technology Service Regional Client Support Center (2004).
Background:
Within DHS, organizational responsibility for ISIS/ASI is within the
Border Patrol, which is a component of CBP.
* The Border Patrol is responsible for preventing the entry of
terrorists and their instruments of terror, illegal immigrants, and
contraband, while facilitating the legitimate flow of people, goods,
and services on which the economy depends.
* The Border Patrol is divided into 20 sectors: 17 of the sectors are
along the northern and southern borders; the remaining 3 are along the
coastal borders.
* During fiscal year 2005, CBP's ASI Program Management Office (PMO)
was responsible for the acquisition, deployment, and operations and
maintenance of ISIS legacy technology, as well as ASI planning.
Organizational Placement of ASI Program (partial DHS organization
chart):
[See PDF for image]
[End of figure]
ISIS: A Brief Description:
ISIS was initiated in 1997 to provide surveillance and protection of
the U.S. northern and southern borders. The goal of ISIS was to help
prevent the entry of smugglers, illegal aliens, contraband, and illegal
narcotics into the country. During fiscal year 2005, ISIS deployment
continued, and ISIS was subsumed into the ASI program.
System Components:
ISIS is composed of three components: sensors, databases, and cameras:
* Ground sensors detect attempts by people or vehicles to illegally
cross the U.S. borders.
- Several sensor technologies are used: radar (detect objects), motion,
infrared (heat), seismic (vibration), and magnetic (metal).
- As of August 2005, the Border Patrol reports that approximately
11,200 sensors were deployed. As of October 2005, it reports that about
10,500 sensors were operational.
* The Intelligent Computer-Assisted Detection (ICAD) databases record
information from the sensors, document the results of investigations of
border activities, and support analyses of border migration patterns.
- There is a separate ICAD database located in each sector at a Border
Patrol control center, where officials monitor the ICAD information.
- Each of the Border Patrol's 20 sectors has at least one control
center. According to ASI officials, the ICAD databases at the centers
are not integrated, and therefore, information cannot be effectively
and efficiently shared between sectors.
* Remote Video Surveillance (RVS) cameras are used to capture
information on the number and description of individuals and vehicles
attempting illegal entry.
- The cameras are remotely manipulated; current capabilities do not
enable cameras to focus automatically in response to sensor alarms. As
of September 2005, the Border Patrol reports that 255 RVS camera sites
are operational, with 2 to 4 cameras per site.
- RVS images are communicated to the control centers by microwave,
fiber optic, or terrestrial cable.
- RVS cameras are mounted either on 60-to 80-foot poles or on mounting
structures (e.g., buildings). Some mounting sites also have
communications relays.
According to ASI officials, as of August 2005, ISIS technology covered
about 4 percent of the combined northern and southern borders.
Overview of ISIS Role in Border Surveillance, Dispatch, and Reporting
Process:
When ISIS sensors detect movement (people or vehicles) crossing the
border, alarms are triggered and transmitted to the ICAD database in
the control center. Border Patrol officials are then to direct the RVS
cameras at the alarm sites to assess the images shown on the ICAD
monitor.
Using the images, the Border Patrol officials are to provide
information on the number of individuals and vehicles and the location
of the incident to Border Patrol agents, who are dispatched to the
site. The event is recorded in ICAD as a "ticket" for tracking
purposes.
The agents are to report back on the resolution of the ticket,
including whether an apprehension took place. This information is then
to be recorded in the ICAD database. ICAD information from each sector
is to be transmitted to Border Patrol headquarters, where it is to be
summarized and reported. The information is also to be analyzed to
ascertain migration patterns in each sector.
Simplified Diagram of ISIS Role in Border Process:
[See PDF for image]
[End of figure]
ISIS Contracting Issues:
In 1999, INS entered into an agreement with the General Services
Administration's (GSA) Federal Technology Service (FTS) [NOTE 1] to
manage the acquisition and deployment of the RVS program, a major
component of ISIS. In December 2004, GSA's Inspector General (IG) found
numerous problems with GSA's administration of the RVS contract,
including inadequate contractor oversight, insufficient competition,
and improper contracting actions. [NOTE 2] More specifically, the GSA's
IG identified the following problems.
Inadequate contractor oversight:
* Of 30 task orders reviewed, 18 included construction or other work
that was outside the scope of the contract.
* Costs of over $6 million were incurred for operations and maintenance
when little or no work was actually performed.
NOTES:
[1] FTS, among other things, assists federal agencies in acquiring,
deploying, and managing information technology.
[2] General Services Administration, Compendium of Audits of the
Federal Technology Service Regional Client Support Center (Dec. 14,
2004).
Insufficient competition:
* Task orders were placed without benefit of competition.
* Documentation was inadequate for the original solicitation,
evaluation, and selection.
* Costs were not reviewed for reasonableness.
Improper contracting actions:
* Modifications were made to contracts without adequate justification.
In June 2005, the GSA Deputy IG testified that many of the problems
identified with the RVS contract were attributable, in part, to GSA's
and the Border Patrol's chronic inattention to contract administration
and project management.
ASI: A Brief Description:
ASI was intended to detect, characterize, and deter illegal breaches of
the border, while providing necessary decision support information to
assist Border Patrol agents.
According to the ASI Preliminary Operational Requirements document,
ASI's goals were to:
* maintain legacy systems operations,
* provide surveillance of the entire land border between ports of
entry,
* integrate surveillance capabilities with agent operations,
* provide decision support capabilities,
* support rapid and flexible deployment of surveillance assets,
* provide reliable, all-environment, 24-hour surveillance capability,
* improve collaboration and interoperability with mission partners and
state, local, tribal, and federal enforcement officials,
* use state-of-the-market technology to create a cost-effective system,
and:
* provide open architecture solutions.
ISIS/ASI Costs:
According to the ASI program manager, the budgeted amount for ISIS and
ASI related efforts for fiscal years 1997 through 2005 was $452.4
million. As of September 2005, ASI officials report expended funds of
$340.3 million [NOTE 1] for:
* acquisition and deployment of ISIS equipment (RVS cameras, ICAD
database, sensors, and agent support equipment),
* operations and maintenance of ISIS equipment, and:
* planning for ASI.
NOTE:
[1] ASI officials stated that about $51.6 million of the fiscal year
2005 appropriated funds was still available.
Observation 1:
Needs Were Defined and Plans Were Developed:
Observation 1: ASI operational needs were defined, and plans were being
developed to justify ASI alternative solutions.
Effectively managing an acquisition generally includes, among other
things, identifying a business need/opportunity or a missing capability
required to satisfy an agency mission. Once a need or capability is
identified and defined, effective planning is important to ensure that
the need is adequately addressed and the project is effectively
managed. This generally includes the development of plans and related
documentation that, among other things, describe commitments to be met
(e.g., cost, schedule, capabilities, and benefits) and how resources
will be applied to meet them. These plans also serve as the basis for
monitoring progress and taking corrective actions, as appropriate.
CBP's acquisition guidance requires that mission needs be defined. CBP
met this requirement in developing the ASI Mission Needs Statement,
dated September 8, 2004, which states that ASI is to support the Border
Patrol's operational functions, including its expanded mission of
detecting and preventing the entry of terrorists and their associated
means of terrorism, and to address the shortfalls of ISIS.
According to DHS documents, the Border Patrol's operational functions
are as follows:
1. Detect, prevent, and characterize illegal border breaches.
2. Respond to and apprehend individuals, groups, and items of interest.
3. Process individuals in custody and items as accurately, efficiently,
and effectively as possible.
4. Transport individuals in custody and items of interest.
5. Deploy agents using effective decision support and rapid response
systems.
6. Assess threats and determine likely illegal border crossing
scenarios, methods, and locations.
7. Deter illegal entrance of individuals and items of interest.
8. Maintain continuity of operations.
9. Collaborate internally and with external organizations
(international, federal, state, local, and tribal).
The Mission Needs Statement also identified the following ISIS
shortfalls that ASI was to address:
1. limited border coverage,
2. difficult and expensive maintenance,
3. inability to provide an all-weather, all-environment 24-hour
capability,
4. inadequate mobile capability,
5. limited command, control, and situational awareness to ensure that
all mission partners have access to required information,
6. lack of integration among system components (RVS cameras, sensors,
and ICAD), and:
7. lack of automated interoperability with other law enforcement
entities.
DHS identified ASI's key capabilities and mapped them to the Border
Patrol's operational functions. As can be seen in the following table,
each of the capabilities maps to one or more of the operational
functions.
Comparison of ASI's Capabilities and Border Patrol's Operational
Functions:
[See PDF for image]
1. Detect, prevent, and characterize illegal border breaches.
2. Respond to and apprehend individuals, groups, and items of interest.
3. Process individuals in custody and items as accurately, efficiently,
and effectively as possible. 4 Transport individuals in custody and
items of interest.
5. Deploy agents using effective decision support systems and solutions
facilitating rapid response. 6. Assess threats and determine likely
illegal border crossing scenarios, methods, and locations. 7. Deter
illegal entrance of individuals and items of interest.
8. Maintain continuity of operations.
9. Collaborate internally and with external organizations
(international, federal, state, local, and tribal).
Source: DHS.
[End of table]
We compared the ASI planned capabilities to the ISIS shortfalls and
found, as shown on the following slide, that the capabilities address
all but one of the shortfalls. The capabilities do not explicitly
address the ISIS shortfall pertaining to the difficulty and expense of
maintaining ISIS. According to ASI officials, they plan to modify the
ASI requirements document to address this omission.
Comparison of ASI Capabilities and ISIS Shortfalls:
[See PDF for image]
Source: GAO based on DHS data.
[End of table]
ASI officials told us that, during the last 6 months, they were
developing key planning documents for approval by the DHS Investment
Review Board (IRB). Among others, these documents include the
following:
* program management plan-documents the activities, tasks, and
responsibilities for the program;
* acquisition plan-documents the technical, business, and management
approach for acquiring the system;
* test and evaluation plan-documents the approach for verifying that
the system meets the user's needs and system specifications;
* risk management plan-documents formal processes for identifying,
classifying, assessing, and mitigating risks; and:
* preliminary operational requirements document-describes the mission,
capabilities, and operating condition that competing solutions must
satisfy.
ASI program officials told us that their plans and related
documentation would be made available to us after the program passed
its next milestone. According to DHS officials, a milestone review for
evaluating and selecting a system solution was held before the DHS
Investment Review Board in June 2005; however, the board did not
approve milestone passage, and thus we did not receive these plans and
documents. In September 2005, the DHS Director of Program Analysis and
Evaluation told us that the DHS Deputy Secretary directed that the ASI
program be reevaluated. According to the Director, an investment
decision memorandum directing and explaining the basis for this
reevaluation has been drafted, but has yet to be approved. Further, he
said that a plan for carrying out the reevaluation is being developed.
Observation 2:
Enterprise Architecture Alignment Was Unclear:
Observation 2: Steps taken to ensure ASI's alignment with DHS's
enterprise architecture raised questions that became more pressing as
ASI moved beyond program initiation.
To effectively define, establish, and implement a program, it is
essential that the program be aligned with a corporate blueprint, or
enterprisewide frame of reference, that governs key aspects of the
program's operations. Such a frame of reference is referred to as an
enterprise architecture (EA). An EA is an authoritative description of
an entity's operations, including how operations are performed, what
information and technology are used to perform these operations, where
the operations are performed, who performs them, and when and why they
are performed. The architecture describes the entity in both logical
terms (e.g., the business functions and information flows) and
technical terms (e.g., hardware, software, communications, and security
standards). Accordingly, an EA can help to clarify and optimize the
interdependencies and relationships among an organization's business
operations and the underlying IT infrastructure and applications that
support these operations.
As a program like ASI progresses through its life cycle, ensuring that
it is explicitly aligned with an EA, and thus with other programs with
which it must interact, becomes more demanding. Since its introduction
in 2004, ASI's relationship to other programs has continued to be an
open issue.
* In August 2004, the DHS Enterprise Architecture Board (EAB) [NOTE 1]
found that the ASI program was aligned with the DHS enterprise
architecture. In August 2004, the Joint Requirements Council [NOTE 2]
review found that it was likely that ASI would impact other programs,
such as Immigration and Customs Enforcement's Office of Detention and
Removal, [NOTE 3] and that this impact should be considered in
reviewing ASI.
NOTES:
[1] DHS's Enterprise Architecture Board reviews programs for alignment
with the DHS enterprise architecture.
[2] The Joint Requirements Council supports DHS's IRB process by
identifying cross-cutting opportunities and common requirements among
DHS organizational elements.
[3] The Office of Detention and Removal is responsible for removing
unauthorized aliens from the United States.
* As a result, the IRB, in a memo dated October 5, 2004, approved the
authorization of the ASI program, but noted several issues that the
program was to address before passing the next milestone. For example,
the program was to address its impact on other DHS components, such as
US-VISIT [NOTE 1] and the Office of Detention and Removal.
* In July 2005, the DHS EAB again found that the ASI program was
aligned with the DHS enterprise architecture and recommended program
alignment approval for the alternative solution milestone. However,
during its review, the EAB raised several issues about the ASI program,
including whether the program had adequately identified other DHS
components with which it may need to share information. ASI agreed with
the EAB's issues and planned to address them. As a result, the EAB
stated that it considered the issues to be resolved.
NOTE:
[1] The United States Visitor and Immigrant Status Indicator Technology
(US-VISIT) is a governmentwide program intended to enhance the security
of U.S. citizens and visitors, facilitate 31 legitimate travel and
trade, ensure the integrity of the U.S. immigration system, and protect
the privacy of our visitors.
* On September 8, 2005, the DHS's Director of Program Analysis and
Evaluation, whose organization supports the DHS I RB, stated that the
board found that ASI, as currently defined, did not adequately identify
its dependencies and relationships within CBP and with other DHS
components, such as the Office of Detention and Removal. Further, the
Director stated that the board determined that CBP needs to integrate
ASI into the department's border and interior enforcement strategy, and
the broader departmental structure. The Director stated that as a
result the DHS Deputy Secretary, who chairs the IRB, directed that ASI
be reevaluated within the context of this broader border and interior
enforcement strategy. As mentioned earlier, an investment decision
memorandum directing the reevaluation has been drafted but has not yet
been approved, and a plan for executing the reevaluation is being
developed.
Observation 3:
Program Management Capability Was Lacking:
Observation 3: ASI program management capability (people and processes)
had not yet been established.
Our prior work and relevant guidance and leading practices show that
for program acquisitions like ASI to be successful they need to, among
other things, have (1) adequate staff to fill positions that have
clearly defined roles and responsibilities and (2) well-defined and
implemented acquisition management processes. [NOTE 1]
The ASI program office was established in September 2004. See next
slide for the ASI program office structure.
NOTE:
[1] GAO, Risks Facing Key Border and Transportation Security Program
Need to be Addressed, GAO-03-1083 (Washington, D.C.: Sept. 16, 2003).
ASI Program Office Structure:
[See PDF for image]
[End of figure]
People:
DHS had not fully staffed the ASI program office.
* According to the ASI Program Manager, the office's staffing needs
totaled 47 full-time positions (29 government and 18 contractor
personnel).
* As of August, ASI had filled 30 of the 47 positions (see table).
Personnel Government Contractor Total:
[See PDF for image]
Source: GAO based on ASI PMO data.
[End of table]
ASI has defined roles and responsibilities for only 3 of the 47 staff
positions. The roles and responsibilities for the program manager and
deputy program managers are as follows:
* ASI Program Manager-Responsibilities are to (1) manage the ASI
program and serve as its sole spokesperson, (2) secure and approve
funding, (3) obtain resources, (4) lead the program team, (5) provide
strategic direction and decisions, (6) ensure that project and program
plans are consistent, (7) ensure that solutions are defined and
accepted, (8) manage and support contract management efforts, (9)
review and approve program/project plans, (10) provide input on
technical and cost proposals, and (11) participate in cost proposal
negotiations with contractors.
* Deputy Program Manager for Technology Management-Responsibilities are
to (1) prepare documentation required to complete milestone for
alternatives analysis (e.g., operational requirements document,
analysis of alternatives), (2) develop program master schedule, and (3)
oversee contract evaluation and source selection.
* Deputy Program Manager for Acquisition Management-Responsibilities
are to (1) develop the acquisition plan, (2) develop source selection
procedures in coordination with Program Management and Technology
Management, and (3) oversee contract award and administration.
The PMO had yet to clearly define roles and responsibilities for its
other 44 staff positions. Specifically, the PMO provided us with six
position descriptions, but none of these addressed specific ASI roles
and responsibilities. For example, one position description (for a
telecommunications manager) is a generic description designed to cover
any such position within DHS. Also, a position description for a border
patrol agent described the position as a staff advisor to the Chief,
Border Patrol, and his or her assistants.
Processes:
A suite of key acquisition process areas are necessary to effectively
manage a system acquisition program. [NOTE 1] These process areas
include, among others, acquisition planning, project management,
requirements management, contract tracking and oversight, and risk
management.
The PMO had not defined and implemented these key acquisition
management processes. For example, a key practice in project management
is developing and implementing a project plan. However, the program
manager told us that ongoing ISIS acquisition and deployment
activities, which were subsumed into ASI, were not being guided by a
project plan.
According to the Deputy Program Manager for Acquisition Management, the
PMO planned to develop key acquisition processes, including processes
for managing contractors, but time frames for doing so had not been
set. As previously noted, inadequate contract management oversight
processes led to a number of problems in deploying, operating, and
maintaining ISIS technology.
NOTE:
[1] Carnegie Mellon Software Engineering Institute, Software
Acquisition Capability Maturity Model(R), version 1.03 (March 2002).
To the PMO's credit, it had defined and begun implementing a risk
management process.
* The ASI program office developed a draft risk management plan, dated
May 10, 2005. The plan addressed, among other things, a governance
structure and process for identifying, analyzing, mitigating, tracking,
and controlling risks. The governance structure included a risk owner,
management team, and risk database coordinator. As part of its process,
ASI had also developed a risk database that included a description of
each risk, its priority and severity, the individual responsible for
mitigating the risk, and a strategy for mitigating the risk.
Conclusions:
DHS's decision to reevaluate the ASI program demonstrates that its
investment review process is based on relevant considerations, such as
dependencies with and impacts on related border security programs that
the DHS enterprise architecture should explicitly define and the
architecture alignment analysis should demonstrate. The limitations in
the program office's people and process capabilities are another issue
supporting the department's decision to reevaluate the program.
Accordingly, DHS's decision to reevaluate the program was justified by
the existence of unresolved key issues that, if not addressed, would
have introduced unnecessary and unacceptable risk. It is thus important
that DHS's reevaluation include consideration of all issues that could
affect program success.
Attachment 1: Scope and Methodology:
To accomplish our objectives, we performed the following tasks:
* analyzed supporting documentation, including ASI's mission needs
statement; interviewed program officials to identify the operational
needs and DHS's plans for ASI; and performed a comparative analysis of
the plans and best practices;
* analyzed supporting documentation and interviewed DHS and program
officials to assess DHS's actions to determine ASI's alignment with the
department's enterprise architecture;
* assessed DHS's plans and ongoing efforts to establish and implement
the ASI program, including roles and responsibilities and such key
management processes as risk, requirements, and acquisition management;
and:
* analyzed ASI's risk management plan and interviewed program and
contractor officials to determine ASI's risk management process.
We performed our audit work from April to September 2005, in accordance
with generally accepted government auditing standards.
[End of slide presentation]
[End of section]
Appendix II: Comments from the U.S. Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
January 11, 2006:
Mr. Randolph C. Hite:
Director, Information Technology Architecture and Systems Issues:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Mr. Hite:
RE: Draft Report GAO-06-295, Border Security: Key Unresolved Issues
Justify Reevaluation of Border Surveillance Technology Program (GAO Job
Code 310611):
The Department of Homeland Security (DHS) appreciates the opportunity
to comment on the Government Accountability Office's (GAO) draft report
and respond to issues raised therein. We agree with the overall thrust
of the report which supports the DHS decision to reevaluate the
proposed plans for America's Shield Initiative (ASI) within the broad
context of the Department's border and interior enforcement strategy.
The ASI will be incorporated into the Secure Border Initiative (SBI),
the Department's comprehensive strategy to achieve border security and
interior enforcement goals.
Although the report contains no recommendations, it identifies key
issues regarding effective program management of ASI, along with the
measures taken by U.S. Customs and Border Protection (CBP), the DHS
Enterprise Architecture Board, and the DHS Joint Requirements Council
to address many of these issues. CBP has implemented an effective
process for program management, as described below, that will provide a
solid foundation as SBI planning proceeds toward achieving the goal of
preventing illegal entry into the United States.
The SBI is a comprehensive multi-year plan to secure our nation's
borders by taking a systematic approach to gaining operational control
of the border and improving interior enforcement. DHS has created the
SBI Program Executive Office to ensure the program is properly aligned
with DHS enterprise architecture. CBP has created a SBI Program
Management Office (PMO) in the Office of Policy and Planning, a
component of the Commissioner's Office with direct reporting
responsibility to the Commissioner. Secretary Chertoff's emphasis on
the priority of SBI is reflected in the level of daily supervision of
this effort by the CBP Acting Commissioner, and the direct management
of the relevant activities by senior CBP leaders including the Chief of
the Border Patrol, Assistant Commissioners for Information and
Technology, Finance, Field Operations, CBP Air, Human Resources
Management, Training and other offices. The Acting Commissioner and
several of these senior managers attend the weekly "War Room" meetings,
where the Secretary and other senior DHS leadership review the progress
of the SBI. This same group of CBP senior managers are members of the
SBI Executive Steering Committee, chaired by the Commissioner, which
meets monthly or more often if necessary, to discuss the overall SBI
effort and issues of cross-agency concern.
This organizational structure provides the SBI PMO with the advantage
of drawing on the full range of relevant expertise and capabilities
within CBP to ensure fully successful management of the effort. Leaders
from the operational side of the agency provide overall project
management, while the acquisition process for SBI technology and
infrastructure is supervised by highly trained and certified program
managers from the Office of Information and Technology with extensive
experience implementing major federal systems.
The initial task for the acquisition team is to draft a request for
proposal (RFP) for the private sector to provide the comprehensive
solution to the challenge of gaining operational control of the border.
We hope to have this RFP published by March 2006 with the goal of
awarding a contract by September 2006 to the successful bidder, who
will be the SBI Systems Integrator. This process will be an open
competition in full compliance with the Federal Acquisition Regulation.
Independent oversight will be provided by procurement experts on a
contract basis. We expect the private sector to provide a solution
that:
* Fully integrates and balances the tradeoffs of personnel, technology
and infrastructure requirements.
* Addresses the need to coordinate operations and share information
among all relevant DHS agencies and other federal, state, local and
tribal law enforcement, defense, legal and intelligence agencies.
* Evaluates the illegal entry threat against the current level of
resources, prioritizes the shortfalls based on areas of greatest
operational need, and provides a comprehensive road map for achieving
full operational control of the border in the shortest possible time.
* Includes a detailed and comprehensive set of performance measures to
ensure we have a robust ability to view and understand the impact of
adding resources to ensure that the expected improvements in
operational capabilities actually are occurring.
As the SBI concept evolved during the latter months of 2005, it became
clear that continuing ASI, a technology-driven approach, would provide
only a partial solution. DHS therefore decided to cease work on ASI per
se and fold ASI resources into the SBI. The ASI PMO has been dismantled
and a subset of the personnel has been assigned to the SBI PMO. The ASI
PMO over the past year was moving toward creating an effective
structure for providing the people and process capabilities to manage
the project planning, acquisition, procurement, oversight, risk
management and other tasks associated with a complex effort like
improving operational control of the border. This work will contribute
directly to accelerating the start of SBI, and, as described above, the
process to provide senior level management and oversight of the SBI
effort is already in place. Through its alignment with the DHS
Enterprise Architecture, the ASI program was beginning to address the
need to coordinate with other DHS components and relevant agencies
outside the Department. Such cross-Department and cross-government
coordination is a core concept of SBI.
We found the GAO report factually correct in virtually all respects.
However, in reviewing the problems associated with the Integrated
Surveillance Intelligence System (ISIS), an earlier program to provide
border surveillance technology, the report notes on page 16 that: "In
June 2005, the GSA [General Services Administration] Deputy IG
[Inspector General] testified that many of the problems identified with
the RVS contract were attributable, in part, to GSA's and the Border
Patrol's chronic inattention to contract administration and project
management." RVS is the Remote Video Surveillance system, a core part
of ISIS. The Office of Border Patrol (OBP) had the responsibility to
ensure the RVS contract was meeting operational needs, and made
numerous efforts to highlight problems with the RVS contract for GSA's
attention, as outlined below.
To briefly recap the history of this issue, in November 2000, the
Office of Information Resources Management (OIRM) within the Department
of Justice's former Immigration and Naturalization Service (INS)
requested that GSA enter into a Blanket Purchase Agreement (BPA) with
the International Microwave Corporation to provide surveillance and
protection of the U.S. northern and southern borders, which resulted in
the RVS contract. OIRM transferred its role in providing operational
requirements for the BPA to OBP through a Memorandum of Understanding
signed by OIRM and OBP in April 2001. At this point the contract had
already been awarded by GSA, and in 2001 as OBP assumed an overall
project management role, they learned that the contract was
experiencing many problems, such as inadequate contractor oversight,
insufficient competition, improper contracting actions, and poor
recordkeeping.
GSA functioned as the Contracting Officer (CO) and the Contracting
Officer's Technical Representative (COTR) throughout the BPA. Starting
in 2001, OBP questioned GSA regarding numerous invoices, but often did
not receive a response to those inquiries, and invoices were often paid
by GSA without attempts to resolve these questions prior to payment.
Some of the issues identified by OBP included concerns over
installation delays, defective or damaged cameras, poor performance of
cameras, and unacceptable repair time for cameras returned for repair.
OBP wrote letters directly to GSA and the contractor in attempts to
resolve the issues. Because of the continuously unresolved issues with
the contract, OBP directed that the contract be terminated in September
2004.
In the meantime OBP had been incorporated into CBP in 2003, as part of
the creation of DHS and the concurrent abolishment of INS. As the draft
GAO report notes: "In September 2004, CBP established the America's
Shield Initiative (ASI) program to address ISIS capability limitations
and support the Department's antiterrorism mission." In establishing
any major future program, like SBI, CBP intends to implement corrective
program management measures to address the problems that occurred with
the earlier ISIS effort. These measures are likely to include:
* For major programs, oversight provided by the DHS Program Executive
Office and Central Procurement Office, as well as CBP Senior
Management.
* An Independent Verification and Validation (IV&V) function within the
PMO to ensure an independent, objective assessment of acquisition and
implementation activities.
* A contractor requirement to provide a quality management plan within
60 days of contract award.
CBP and the development and integration contractor efforts to identify,
assess, track, and mitigate all risks that can potentially impact
contract cost, schedule, and performance.
* The program manager, CO, COTR, and support staff held to the highest
standards of accountability for program performance.
* Contract performance managed through the application of Earned Value
Management, program management reviews, and design and milestone
reviews.
* A CO assigned to CBP Acquisition Project Management Offices for the
duration of the program to provide effective oversight for acquisition
planning, solicitation, and contract administration activities.
* A government point of contact for the contract and associated task
orders. The point of contact will periodically audit the contractor's
implementation of its quality management plan.
* A CBP established deliverables review system to ensure timely
delivery and government inspection and acceptance of deliverables
required in the contract.
* Acceptance of each line item only after successful completion of
acceptance testing.
* The COTR review of invoices to ensure that the contractor has met all
the acceptance criteria before the approval and payment of each
invoice.
The draft report further describes very accurately the DHS decision-
making process that resulted in ASI being subsumed into the more
comprehensive SBI strategy. As previously stated, the ASI program
office has been dismantled and a subset of the personnel has joined the
CBP SBI Office. The work the ASI PMO completed on defining operational
requirements and assessing resource needs to improve operational
control of the border will be highly valuable for the SBI project.
Ongoing and planned actions are designed to address unresolved key
issues and thereby reduce unnecessary and unacceptable risk.
Sincerely,
Signed by:
Steven J. Pecinovsky:
Director:
Departmental GAO/OIG Liaison Office:
[End of section]
Appendix III: GAO Contact and Staff Acknowledgments:
GAO Contact:
Randolph C. Hite (202) 512-3439 or [Hyperlink, hiter@gao.gov]:
Staff Acknowledgments:
In addition to the contact named above, Deborah A. Davis, Assistant
Director; Barbara S. Collier; Neil J. Doherty; Sairah R. Ijaz; B. Scott
Pettis; Amos A. Tevelow; and Daniel K. Wexler made key contributions to
this report.
(310611):
FOOTNOTES
[1] Public Law 107-296 (November 2002).
[2] H.R. Conf. Report 108-774 at 40 (2004).
GAO's Mission:
The Government Accountability Office, the investigative arm of
Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office
441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director,
NelliganJ@gao.gov
(202) 512-4800
U.S. Government Accountability Office,
441 G Street NW, Room 7149
Washington, D.C. 20548:
