Homeland Insecurity

The Homeland Security Dept.'s overreliance on outside contractors and insufficient management of them could leave the U.S. vulnerable
Getty Images

(Editor's note: This is the first of three stories on the challenges and opportunities faced by the Homeland Security Dept. as it develops technology aimed at keeping the U.S. safe.)

It was a game of "catch me if you can" with the U.S. Border Patrol—and the guards couldn't win. Just over a year ago, a man traveled by car along a stretch of Canadian road so close to the U.S. he could cross the border by hopping a roadside ditch. He stopped at what looked like an unmonitored area, left the car, and crossed over carrying simulated radioactive material in a red duffel bag. He walked several hundred feet into the U.S., returned to the Canadian side and waited 15 minutes for a response from law enforcement. None came.

The illegal crossing, carried out on Dec. 5, 2006, is one of three instances late last year when government investigators passed undetected into the U.S. from Canada, each time carrying packages that could have been, though weren't, contraband. All were part of a U.S. Government Accountability Office investigation into security vulnerabilities in unmonitored areas of the American border.

The Homeland Security Dept. is responsible for keeping the country safe from such breaches, and it has been spending billions of dollars on information technology to accomplish that mission. But the department's investments have come up well short of the country's needs, according to a growing chorus of critics. When you talk about the Department of Homeland Security, its not only a loss of money but it may well be a loss of our national security interests if we dont have the work done that needs to be done, says Rep. Henry Waxman (D.-Calif.), chairman of the House Committee on Oversight & Government Reform. All told, some $3 billion in information technology contracts, accounting for 60% of the agency's 2008 IT budget, are underperforming—whether because they're behind schedule, over budget, or lack a qualified project manager or definable parameters. In dollar terms, Homeland Security accounts for about half of the troubled government IT projects tracked by the Office of Management & Budget, which helps prepare the federal budget.

Those findings are based on a BusinessWeek.com examination of federal budgets, Congressional testimony, and more than 1,000 pages of government and industry reports. They also are the result of interviews with more than three dozen company executives, congressional legislators, government watchdogs, academics, and current and former agency officials.

Security Gaps Unaddressed

Critics point to an overdependence on outside contractors and a shortage of qualified program management and IT personnel at the department. Civilian shootings by Blackwater Worldwide guards have shone a spotlight on the military's reliance on contractors in Iraq, but the tendency is no less entrenched at Homeland Security, which became especially reliant on outside contractors in its haste to jump-start myriad projects in the aftermath of the September 11, 2001, terror attacks.

In many cases, contracts lack well-defined parameters and yardsticks for success, contractors are given too much leeway overseeing outside help, and many jobs are not put out for competitive bidding. The upshot: The U.S. does not yet have an effective technological means to secure the border between ports, can't keep close tabs on people who overstay visas, and has not improved a flawed system for screening airline passengers against a no-fly list. "When these contracts go awry, it's not just a question of millions of dollars or tens of millions or billions of dollars wasted, but it also means that the security gaps that those contracts are intended to address are left unaddressed," says Clark Ervin, who was the agency's Inspector General from January, 2003, to December, 2004.

Tightening Oversight

Clearly, Homeland Security has made technological strides in its four-year history, including improvements in the way it screens airline passengers and cargo and the development of a system for inspecting maritime cargo for contraband. It also has made "great progress" in integrating and standardizing IT services among its varied agencies, says spokesman Larry Orluskie.

The department acknowledges it faces numerous hurdles. "We're a new department and we've had a lot of challenges," Orluskie says. "It's obvious that the scope of programs & come with a much greater price ticket than many other programs," he notes, to explain why the department accounts for a bigger share of underperforming contracts than other agencies. It's taking remedial steps such as adding qualified program managers and tightening contract oversight.

One of the most formidable challenges relates to the border-policing effort known as the Secure Border Initiative, or SBInet. Budgeted at $1 billion for 2008, SBInet will use technology such as motion sensors, infrared cameras, and unmanned aerial vehicles to control movement across U.S. borders. President George W. Bush unveiled details of SBInet in May, 2006, calling it part of "the most technologically advanced border security initiative in American history."

Technology Ineffective

Boeing (BA) won the SBInet contract in September, 2006, and delivered the first phase in early December, 2007, a half year behind schedule. That phase is known as Project 28, a $20 million pilot effort to install sensors, cameras, radars, communications systems, and mounted laptop computers in vehicles to help border agents keep tabs on a 28-mile stretch of border near Tucson.

Rep. Bennie Thompson (D.-Miss.), the chairman of the Congressional Committee on Homeland Security, has railed publicly against the delay and remains unconvinced of the pilot project's effectiveness. "We have received recent reports from the field that strongly suggest that the 'final' Project 28 product will provide Border Patrol little, if any, functionality it did not already possess," Thompson wrote in a Dec. 6 letter to Homeland Security Secretary Michael Chertoff.

In Congressional testimony in October, Boeing said that during a test phase in June it uncovered problems getting pieces to work together. "Boeing is committed to being a good steward of taxpayer dollars," the company said in a statement to BusinessWeek.com. "Boeing, not the government, is absorbing any additional cost and risk that may have incurred as a result of program delays."

The Role of Private Business

Technology is central to border security. Even the thousands of additional Border Patrol staff being hired by the government won't be able to completely monitor the 6,900 miles of U.S. land border without technological assistance. Until Boeing can prove its technology works, the U.S. is missing an integral piece of border security, say Thompson, Ervin, and others. "You're never going to have enough people to line up every 10 to 20 yards, so you eventually have to have other things," says Gregory Kutz, a managing director at the Government Accountability Office, an independent, nonpartisan agency that provides oversight of federal programs.

It's in developing such technology that private business plays a key role. When 22 federal agencies merged to create the Homeland Security Dept. in early 2003, some agencies such as the Transportation Security Administration were given wide latitude in hiring outside vendors. Homeland Security officials say in those days it was necessary to rely on contractors as a source of innovative technology and a means of launching projects quickly. The department spends about 40% of its total budget on contracts and other contracting vehicles, according to July, 2007, Congressional testimony by the agency's Inspector General. That's up from about 12% in fiscal 2003, records show. But a much larger portion of its budget for info tech goes to outside vendors. For fiscal 2008, those contracts make up an estimated $4.8 billion of the $5.2 billion IT budget, according to consulting firm INPUT.

The problem isn't so much in using contractors but rather the lack of qualified department staff to monitor their progress. The level of oversight doesn't always ensure accountability or the ability to judge whether a contractor is performing as required. "There should be a robust partnership between government and Homeland Security in private industry to develop these technologies," says Ervin, now in charge of homeland security issues at The Aspen Institute, a nonprofit organization focused on public policy. That partnership fails, he says, without sufficient input from government employees who can "oversee these contracts to be sure there's value and to make sure these purported technologies work as intended."

Tracking Visitors With Biometrics

A project many fault for insufficient oversight and poor management is U.S. Visitor & Immigrant Status Indicator Technology, or US-VISIT. The project's goal is to collect, maintain, and share data on selected foreign nationals entering and exiting the U.S. at ports of entry. It relies on biometrics, a technology that helps identify people using unique biologic traits. The $462 million that's slated for 2008 brings the total spent on US-VISIT to about $1.8 billion since 2003.

Accenture (ACN) was awarded the contract for US-VISIT in 2004, and for the most part the program effectively tracks who's coming into the country. Each day the technology lets the department compare more than 100,000 international visitors' biometrics against a federal watch list of more than 3.2 million known or suspected terrorists, criminals, and immigration violators.

Where US-VISIT falls short is in keeping tabs on overland departures. Despite spending $160 million in pilot tests over four years, the program still does not have an efficient way to use biometric technology at on-land border exits to determine who is leaving the country due to a mix of logistical, technological, and infrastructure problems that Accenture has yet to unravel. "The technology that we have can be applied very easily and very successfully and can be integrated into the normal business process of moving through an airport," says Jim Stolarski, a managing director at Accenture. "But the land situation is a little bit different."

Finding People Who Overstay

The U.S. lacks the equipment and infrastructure to capture exit information as travelers depart on foot or by car. Accenture is investigating alternatives such as radio frequency identification (RFID). "We have visas that expire, we have people who overstay," says Rep. Thompson. "Until that person commits a crime or is somehow picked up and asked for credentials, we just don't have any way of knowing who these people are."

That was the case on September 11. The majority of the al Qaeda terrorists who were in the country illegally and responsible for the attacks and other crimes dating back to 1993 had overstayed their visas, Mark Krikorian, executive director for the Center for Immigration Studies, said at a 2006 Congressional hearing.

As contractors are entrusted with bigger slices of complex Homeland Security work, they're also becoming outsourcers themselves. Boeing, Accenture, Northrop Grumman (NOC), and General Dynamics (GD) are among companies that have won contracts and have subcontracted parts of their work to others. In that capacity, they act as so-called systems integrators, or contractors that build computing systems for clients by combining hardware and software products from multiple vendors.

On the Watch List

The more Homeland Security cedes control, the less institutional knowledge it has to determine whether contractors are performing up to snuff, critics say. For instance, 60% of the people who participated in the development of the acquisition plan for SBInet were contractors, according to a February, 2007, memo to the House Committee on Oversight & Government Reform. SBInet is currently on OMB's Management Watch List, a tally of poorly-planned projects. "There is a danger that the department may become so dependent on contractors that it simply has no in-house ability to evaluate the solutions its contractors propose or to develop options on its own accord," Senator Joseph Lieberman, an Independent from Connecticut, said during an Oct. 17 Congressional hearing on Homeland Security contracting.

Among underperforming IT projects replete with contractors is Secure Flight Program, an effort to improve how TSA screens airline passengers against a no-fly list, according to a September, 2007, GAO report. The project will cost $53 million in fiscal 2008.

Under the current system, the TSA compiles names of suspected terrorists from a larger watch list generated by the multiagency Terrorist Screening Center. The transportation agency then distributes the list to airlines electronically in a way critics say can easily end up in the wrong hands. What's more, airlines have different means for looking up names, so there's no consistent method for determining which people should remain off airplanes.

Privacy Fears

Secure Flight, first announced in August, 2004, is designed to remedy some of those shortcomings. However, it too has been plagued by technology glitches and missed key performance milestones, according to the GAO. Privacy advocates say the program surreptitiously gathers and stores personal passenger information, enabling the government to create dossiers without travelers' knowledge. They also fault the government for not keeping that information sufficiently under digital lock and key, a reflection of longstanding and widely publicized cybersecurity failings (BusinessWeek.com, 3/17/06) within Homeland Security.

The first iteration of Secure Flight was suspended in 2006. In August, 2007, Homeland Security said it would revive the program and conduct operational tests later this year using data from airlines that volunteer to participate. Lockheed Martin (LMT) had oversight of Secure Flight through 2005; the contract has since been awarded to IBM (IBM), which declined to comment for this article.

A TSA spokesperson says that agency has significantly upgraded Secure Flight to weave security and privacy considerations into all aspects of the program. TSA will collect the minimum amount of personal information necessary to conduct effective watch-list making, the spokesperson says.

Funding Without Accountability

Most worrisome for many watchdogs is the government's tendency to issue contracts without full and open competition. Without that, Homeland Security may not be getting the most competitive price, the most innovative technology, or the best contractor for a job. In fiscal 2007, about 44% of an estimated $11 billion in contracts awarded weren't available for competition, according to the department. That's up from 34.7% of contracts in 2003.

Danielle Brian, executive director of Project on Government Oversight (POGO), a nonprofit government watchdog group, says part of the reason the department is awarding big contracts to fewer players is that the workforce dedicated to overseeing contracts is dwindling. "It's a pot of gold, and Homeland Security is providing an almost endless stream of funding with little accountability," Brian says.

Homeland Security estimates about 35% of its IT workforce will be eligible for retirement between 2005 and 2010, according to a GAO report. The report also noted that in light of the continued growth in demand for experienced IT professionals and the high turnover rate, the department faces a significant risk of critical skill shortages, which could impede its mission.

A Nudge from Legislators

Efforts to redress those shortages and get underperforming projects back on track are under way. Homeland Security has taken several steps to strengthen its acquisition process and is providing training that has resulted in certification of more than 230 program managers since December, 2006, a 53% increase. Thomas Essig, acting chief procurement officer, is in the midst of an effort to "develop a superior acquisition workforce that not only puts the right contracts in place, but that also effectively manages the performance of its contractors," says spokesman Orluskie.

The department also is getting a nudge from such legislators as California's Waxman. Last year he sponsored a report outlining waste, abuse, and mismanagement of Homeland Security contracts and held a hearing in February, 2007. He also sponsored the Accountability in Contracting Act, which among other things, would limit the length of noncompetitive contracts. The bill has been passed by the House and is awaiting Senate action.

Those efforts need to reap rewards quickly lest security gaps put the nation at risk, say reform advocates. "By now, the Department of Homeland Security shouldn't be doing its procurement on auto-pilot anymore," says Charles Tiefer, professor of law at the University of Baltimore School of Law. "It should take the controls. It should plan. It should [require competition for contracts], and it's not doing that."

Before it's here, it's on the Bloomberg Terminal.