The Department of Homeland Security is continuing to use mission-critical, legacy information technology systems that can jeopardize national security, public safety and privacy, officials warned in congressional testimony on Wednesday.
Kevin Walsh, director of IT and Cybersecurity for the Government Accountability Office, expressed concerns about the potentially detrimental impact of severely antiquated systems on disaster response efforts nationwide and stressed the urgent need for increased financial support and federal investments to transition from outdated technology.
He described the Federal Emergency Management Agency’s grants management modernization program as an example of one effort at DHS to replace a series of legacy IT systems “that are a burden for recipients, a burden for the agency and are slowing down the response to disasters.
“If that legacy system were to fully go off the rails, a disaster without grants from the government would be very difficult for our citizens,” Walsh added.
Several DHS components have made significant advancements in modernizing their systems and capabilities, officials told the Senate Homeland Security and Governmental Affairs subcommittee on emerging threats and spending oversight.
Yemi Ohinnaiye, chief information officer of the Transportation Security Administration, said the agency recently transitioned its Performance and Results Improvement System to a cloud platform, allowing it to “grow, scale and provide robust analytics for TSA compliance activities.”
Ohinnaiye also described how TSA used an iterative and agile approach to prototyping and implementing an improved in-flight security scheduling system that reduces the burden of manual processing and provides more rapid solutions.
DHS’ complex network of diverse IT systems has made it a challenge for the department to streamline operations, improve data sharing and embark on enterprisewide modernization journeys over the years.
To combat an evolving landscape of cybersecurity threats, border issues and emergency response needs, the department initiated a multiyear effort to promote IT modernization initiatives, adopt cloud-based computing and consolidate data centers.
A 2020 inspector general report found that several DHS components had not complied with or fully embraced the agency’s departmentwide modernization goals due to a lack of standard guidance and funding. More recently, GAO said that DHS failed to implement all of its recommendations to ensure legacy IT systems that support financial, biometric identity and grants management are successfully replaced.
DHS is expected to spend over $10 billion on its IT systems in fiscal 2023, according to GAO, with nearly $8.8 billion of that total going to maintenance operations. While DHS developed a complete plan last year to modernize one of its critical legacy systems following a report GAO published in 2019 that identified its most severely outdated technology, the agency has not yet done so for several other mission-critical legacy systems, Walsh said.
“While DHS has implemented many of our recommendations, implementing the remaining eight for modernizing financial, biometric identity and grants management systems would help ensure these critical legacy systems are successfully replaced,” he added.
DHS Chief Information Officer Eric Hysen testified that the department has transitioned in recent years to adopting “a more incremental, iterative and measured strategy” that features private sector best practices to successfully modernize critical systems and retire costly legacy technology.
“This new technical approach to legacy modernization requires an equally significant shift in approach to personnel, funding, contracting and governance to achieve success,” he said, adding that DHS has leveraged its Cybersecurity Talent Management System to onboard over 100 new employees and was planning to expand its operations to FEMA later this year.
“The department is turning a corner toward a more contemporary approach of modernizing in place,” Hysen said. “The stakes for expediting this transition could not be higher.”