GAO Report Finds That CBP, ICE Have No Project Management Skills, Relying On 1980s Equipment To Guard Borders

from the seems-like-a-national-security-issue,-non? dept

Another GAO report is out, this time discussing the CBP's and ICE's failed attempts at modernizing their computer systems. As I've noted before, the word "scathing" often precedes the words "GAO report," most of which detail the sort of ineptitude that only large-scale bureaucracies can achieve. As I've also noted, the operative phrase following "scathing GAO report" is more often than not, "business as usual." Most GAO reports mention previous findings that were ignored, haphazardly implemented or back-burnered indefinitely.

The latest GAO report deals with two of our favorite government entities/targets, the CBP (Border Patrol) and ICE (IP industry go-fers). Both are under the purview of the DHS and both have computer systems sorely in need of an upgrade. The good news is… well, there's really no good news in here. The explanatory note helps set the stage.

DHS’s border enforcement system, known as TECS, is the primary system for determining admissibility of persons to the United States. It is used to prevent terrorism, and provide border security and law enforcement, case management, and intelligence functions for multiple federal, state, and local agencies. It has become increasingly difficult and expensive to maintain and is unable to support new mission requirements. In 2008, DHS began an effort to modernize the system. It is being managed as two separate programs by CBP and ICE.
TECS keeps our borders safe, fights terrorism, provides support for multiple levels of law enforcement… and has been undergoing modernization for more than a half-decade. This should be disheartening enough -- an outdated system is being used to secure a nation, a system that can't even keep up with current demands. But it gets so much worse as the report goes on.
The schedule and cost for the Department of Homeland Security’s (DHS) border enforcement system modernization program known as TECS Mod that is managed by Customs and Border Protection’s (CBP) continue to change; while the part managed in parallel by Immigration and Customs Enforcement (ICE) is undergoing major revisions to its scope, schedule, and cost after discovering that its initial solution is not technically viable.

CBP’s $724 million program intends to modernize the functionality, data, and aging infrastructure of legacy TECS and move it to DHS’s data centers by 2016. To date, CBP has deployed functionality to improve its secondary inspection processes to air and sea ports of entry and, more recently, to land ports of entry in 2013. However, CBP is in the process of revising its schedule baseline for the second time in under a year. Further, CBP has not developed its master schedule sufficiently to reliably manage work activities or monitor program progress. These factors raise questions about the certainty of CBP’s remaining schedule commitments.
If everything works out according to, well, normally I'd say "plan" right here but it certainly appears that nothing resembling a "plan" is actually in place, it will be eight years from start-to-finish on the TECS modernization. And that's the CBP only. And that's only if the CBP can keep it on schedule, which at this point, appears to be something it can't actually do.

Then there's ICE, running its own parallel update to TECS, and failing just about as spectacularly as the CBP.
Regarding ICE’s $818 million TECS Mod program, it is redesigning and replanning its program, having determined in June 2013 that its initial solution was not viable and could not support ICE’s needs. As a result, ICE largely halted development and is now assessing design alternatives and is revising its schedule and cost estimates. Program officials stated the revisions will be complete in spring 2014. Until ICE completes the replanning effort, it is unclear what functionality it will deliver, when it will deliver it, or what it will cost to do so, thus putting it in jeopardy of not completing the modernization by its 2015 deadline.
Five years after TECS mods is put in motion, ICE decides the modernization won't work. Six years later, it's promising a new estimate by spring of 2014. The previous best guess was completion in seven years, but the GAO notes that this end date is highly improbable considering work has been completely halted to "assess design alternatives." A realistic scenario most likely puts modernization completion a decade out from the start date, at which point one has to wonder if the new system will be outdated before it even goes completely live.

A few pages later the GAO points out that the system being upgraded dates back to the 1980s and several government entities rely on it for mission-critical data. However, "archaic" doesn't mean "cheap." The CBP estimates licensing and maintenance on its TECS system runs $40-60 million per year. Sadly, this expensive, outdated system can't even keep up with written languages that have been around for hundreds and thousands of years.
The current TECS system uses obsolete technology, which combined with expanding mission requirements, have posed operational challenges for CBP and others. For example, users may need to access and navigate among several different systems to investigate, resolve, and document an encounter with a passenger. In addition, CBP identified that TECS’s search algorithms do not adequately match names from foreign alphabets.
Seems like a Border Control agency might need a system that can parse foreign alphabets accurately. Foreigners are its main concern. You would think an issue like this, which could lead to misidentification of innocent people as threats or vice versa would be a chief concern. (I'm sure the DHS/CBP are more concerned with the latter than the former, but it's still a big hole in their ability to "secure" the nation's borders.)

What's even sadder about this "foreign alphabet" issue is the fact that the GAO had to list it as a recommendation. This means the CBP had no current plans in place to patch this critical hole in its TECS system.

The CBP keeps promising a 2015 date for delivery of the updated system, but the more the GAO digs, the less it believes it has any chance of meeting this deadline. The agency apparently can't be bothered to follow simple best practices to help guide the modernization project to completion.
CBP is in the process of revising its schedule baseline for the second time in under a year, making it unclear when the program ultimately intends to deliver needed functionality. Exacerbating this situation is the fact that CBP has not developed its master schedule sufficiently to effectively manage work activities or monitor the program’s progress.
Not only that, but nothing's linked together in the shambolic project management the CBP has slapped together. A delay elsewhere in the project won't be reflected by current budget and date estimates, which will pretty much dump the project into the "it'll be done when it's done" category. All the while, tax dollars are being pumped in to maintain a system that can't keep up with what was asked of it a half-decade ago.

How does a project like this slip into a mismanaged mess without any cohesive guiding force? Well, if the agency behind the project feels like it isn't a job worth doing, it has plenty of ways to ensure the job will never get done.
Program officials stated these deficiencies existed because the program has only two staff members with skills needed to properly develop and maintain the schedules, and that fully documenting all the dependencies would be time consuming, and in their view, not sufficiently important to warrant the additional resources necessary to complete them.
An agency, one tasked with The Most Important Job (national security), can't even be bothered to entrust modernization of a computer system dating back to the 1980s to more than two people. And when pressed, it can't even be bothered to care that these limits will result in excess expenditures and endless delays.

Things aren't much better on the ICE side.
Instead of continuing with the existing technical solution, the program manager explained that ICE would scrap a significant portion of the work done to date and start over. As a result, ICE halted most development work in June 2013 and has since been assessing different design and technical alternatives. In January 2014, ICE reported that it had rebaselined its program requirements and that it anticipates having its revised cost and schedule estimates finalized this coming spring. Nevertheless, given the time lost in developing the current technical solution, as well as the already reduced program scope, ICE cannot say what specific features it will release to users, when this functionality will be delivered, or how much such efforts will cost. As such, ICE is at significant risk of not achieving independence from the existing system by 2015.
So, ICE has basically informed the GAO that it has no idea whether the upgraded system, if and when it arrives, will be capable of meeting the demands of the agency. It has already made one false start and scrapped that entirely, rather than used whatever gains it achieved as a new starting point. The report delves a little deeper and details just how much ICE scrapped before starting over, and why.
In ICE’s case, management weaknesses and the lack of appropriate guidance for the program’s requirements management process led to technical issues, testing failures, and ultimately, the deferral and/or deletion of about 70 percent of the program’s original requirements. ICE issued new requirements guidance for the program in March 2013 that is consistent with leading practices, but has yet to demonstrate that these have been fully implemented.
ICE will now move forward on a new modernization plan, one that looks to be handled no better than the one it scrapped in 2013. Both agencies seemingly have no idea how to run a project of this scope (and have shown little interest in doing so). If either of these agencies were private businesses, they'd already be dead and long-forgotten. Even those tasked with evaluating ICE/CBP's modernization plans seem to be unqualified to do the job.
In its most recent program health assessments, the Enterprise Business Management Office partially based its rating of moderately low risk on CBP’s use of earned value management; however, the program manager stated to us that the CBP program is not utilizing earned value management because neither it nor its development contractor had the capability to do so. Similarly, even though ICE had not reported recent cost or schedule data for its program—an issue that may signal a significant problem—the Office of the CIO rated ICE’s program as medium risk. The reliance on incomplete and inaccurate data raises questions about the validity of the risk ratings.
The GAO took its findings up the bureaucratic ladder to the DHS, which didn't seem to be very troubled by the bumbling incompetence of the agencies under its purview.
DHS concurred with all but one of our recommendations, disagreeing with the recommendation regarding the weaknesses in CBP’s schedule. In response, DHS stated that CBP’s scheduling efforts for TECS Mod were sound. However, given the weaknesses in CBP’s master schedule, we continue to believe that management will be unable to determine how a slip in the completion date of a particular task may affect the overall project or program schedule, and thus, absent any changes, continuing to use it as a tool to track progress will remain ineffective.
In conclusion, the GAO found plenty of money wasted and nothing to show for it.
[A]fter spending nearly a quarter billion dollars and over 4 years on its two TECS Mod programs, it remains unclear when DHS will deliver them and at what cost. While CBP’s program has delivered one of the five major projects that comprise the program, its commitments are being revised again and the master schedule used by the program to manage its work and monitor progress has not been fully developed.
The $250 million is more than one-quarter of the CBP's total estimated budget for its TECS overhaul. At this point, it's still basically at square one and is doing absolutely nothing to ensure the project stays on track or within budget. ICE's expenditures aren't broken out separately, but judging from its decision to scrap one attempt entirely and start over, there's little doubt that its modernization program is doomed to the same fate at the CBP's.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cbp, gao, ice


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 11 Feb 2014 @ 5:34am

    I can only describe the pace of the upgrade as... Geological.

    Which is surprising considering they should be all greedy over sharing data with the mass surveillance state as a whole. I mean, the NSA got itself a brand new data center amidst all the storm, no?

    link to this | view in chronology ]

    • icon
      Trails (profile), 11 Feb 2014 @ 7:29am

      Re:

      I don't think they lack for funding. I think the problem is more fundamental.

      If your job consists of security theatre plus Operation Intimidate the Brown People, you're essentially a self important bullshit artist.

      Software, on the other hand, deals exclusively in hard facts. It doesn't matter how awesome you think you are, how many Medals of Freedom you've been awarded, or how great a bureaucratic political operative you are, if you're in charge of a software project and you're full of shit, the project will fail.

      I've seen it countless times. Software cannot be dazzled, cajoled, double-talked at, massaged, convinced, etc... You either know the methodology and push towards delivery or you're in the way.

      ...Do I sound bitter?

      link to this | view in chronology ]

      • identicon
        Pragmatic, 11 Feb 2014 @ 7:38am

        Re: Re:

        You sound like the guy who should have got the job, Trails.

        link to this | view in chronology ]

      • icon
        Ninja (profile), 11 Feb 2014 @ 8:28am

        Re: Re:

        Absolutely. It's sheer incompetence. I failed to convey this part. The NSA example is to say that even public outrage against isn't enough to stop govt funding so they shouldn't have problems too.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Feb 2014 @ 7:22am

    Leading the way into the future, all the way from the past.

    link to this | view in chronology ]

  • identicon
    Just Sayin', 11 Feb 2014 @ 7:37am

    shocking

    Government departments not working together, not working well, and deadlines getting missed... this is news?

    The real issues here are that successive governments from each side of the aisle had funded, enabled, blocked, moved the goal posts, and done every other things in the world to make it impossible to even truly set a goal, let alone achieve it.

    Many of the changes are made to respond to political pressure, deals, and trade offs. Splitting the project in two(rather than having one main shared project) means that you have overlap and the constant push and pull of two organizations who don't exactly want or need the same things. It's a recipe for something other than success.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 11 Feb 2014 @ 11:00pm

      Re:

      It's worth repeating. Doesn't make it suddenly not news or not worth reading about.

      Why are you here if all you ever do is shit on everything, jackass?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Feb 2014 @ 5:57am

      Re: shocking

      Not a surprise, only you would celebrate the government not working well.

      link to this | view in chronology ]

  • icon
    weneedhelp (profile), 11 Feb 2014 @ 7:52am

    Stupid computer systems

    Why not just build a wall.

    link to this | view in chronology ]

    • icon
      DannyB (profile), 11 Feb 2014 @ 8:42am

      Re: Stupid computer systems

      Build a wall?

      Why not just build a walmart?

      Make it 700 miles long. Shopper entrance on one side. Worker entrance and product receiving on the other side. Profits go out the side where products enter. Customers go out the side they entered, but with money having been exchanged for products.

      link to this | view in chronology ]

      • icon
        Trails (profile), 11 Feb 2014 @ 8:52am

        Re: Re: Stupid computer systems

        Profits go out the side where products enter.


        Yeah all those Walmart fat cats in Mexico!! You know Walmart used to be called "El Mercado de los Muros" before they realised that was too ethnic and decided to change it.

        Customers go out the side they entered, but with money having been exchanged for products.


        Good god, you mean Walmart conducts... TRADE?!?!! Say it ain't so...

        link to this | view in chronology ]

  • icon
    DannyB (profile), 11 Feb 2014 @ 8:37am

    Government Competence with Technology

    Considering how tech savvy the government seems to be, as evidenced by it's mismanaged bungling of numerous IT projects, should we trust government to take actions based on its understanding of:
    * the effect (or non effect) of seizing a domain name
    * the potential scope of a domainname and collateral damage to thousands of innocent parties
    * the difference between a domain name, an IP address and a server
    * the difference between US soil and non US soil
    * the difference between linking and hosting
    * the purpose of a search engine or indexing site
    * why COX should be shut down because they are 'facilitators and enablers'

    link to this | view in chronology ]

  • icon
    cubicleslave (profile), 11 Feb 2014 @ 9:47am

    "An agency, one tasked with The Most Important Job (national security), can't even be bothered to entrust modernization of a computer system dating back to the 1980s to more than two people. "
    Wow. If you are throwing that much public money at an IT project, why not budget for some new systems which are more current/supportable than hardware of 1980's vintage??? Really? And maybe put some more staff on the project too, ya think!?!?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 11 Feb 2014 @ 10:00am

    Not giving them any excuses but just a glimpse from the other side. Working in IT in the government is exhausting. Just purchasing a single $5.00 cable requires 2 signatures of approval and processing through 3 others. If any of those steps is missed then it hangs. Since the IT department is the one to blame if it doesn't happen, the IT guys have to go figure out who didn't do their part and hound them. Since approval requires a signatures that can't be digital you have to either call or find that person to get it done as emails aren't always read or replied. It isn't a surprise that a huge system overhaul takes so long. There are so many hoops to go though for every purchase. If there is a mistake along the way then another hoop, from then on, is then required to go though in order to make sure that one mistake never happens again.

    link to this | view in chronology ]

    • icon
      ambrellite (profile), 11 Feb 2014 @ 11:10am

      Re:

      Unless, apparently, you work in the NSA or CIA.

      The lack of concern on the part of ICE and CBP about their inadequate systems leads me to suspect that they have a relationship with the NSA to fill the gaps in their capabilities. What with the NSA's data being used by the military to launch drone strikes, and by the DEA to catch drug dealers, among others, it would be unsurprising.

      The intelligence agencies don't have the same burdens as other agencies, so related tasks are delegated to them.

      link to this | view in chronology ]

  • icon
    Sunhawk (profile), 11 Feb 2014 @ 1:26pm

    [A]fter spending nearly a quarter billion dollars and over 4 years on its two TECS Mod programs


    ... okay, pay me, another three computer scientists (specializing in data processing/searching, interfaces/HCI, artificial intelligence and computer agents and one to coordinate it all) and six specialists in areas related to the objectives of the computer system 100k a year... and we could almost certainly have a good master plan in that first year *easily*.

    link to this | view in chronology ]

  • icon
    GEMont (profile), 12 Feb 2014 @ 1:46pm

    Cocaine and Hookers are expensive!!!

    Since the whole "Terrorist" thing is actually another false flag operation designed to allow a new Century of War for the War Industries benefit, with the US fed playing both sides in the fictional conflict, the agencies designated to secure the borders from the imaginary terrorist menace are merely there for PR purposes and are not at all concerned about real security.

    They are however, deeply concerned about funneling as much money from the taxpayer's pocket as they can, because when you're really just a PR Operation, you have a lot of spare time on your hands and need a lot of cocaine and hookers to get through the day.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.