The Department of Homeland Security (DHS) is in the process of updating its Information Technology Strategic Plan for fiscal years (FY) 2024-28, with an emphasis across the agency on moving away from older legacy IT systems, the agency’s chief information officer (CIO) said today.
The updated plan will set IT goals and strategies for fulfilling the mission of DHS over the course of the next four years – including legacy modernization plans. The current strategy is set to expire on Sept. 30, DHS CIO Eric Hysen said during a Senate Homeland Security and Governmental Affairs Emerging Threats and Spending Subcommittee hearing today.
“We are focused on modernizing legacy IT systems for a host of important reasons, notably strengthening information security, assisting in eliminating unnecessary spending, and better leveraging data as a strategic asset,” Hysen testified during the May 31 hearing.
“Most importantly, we modernize to deliver critical mission capabilities and improve the services government delivers to the American people more effectively,” he continued. “My colleagues and I here today and across the Department of Homeland Security work as a team to help modernize the vast array of critical missions undertaken by DHS – everything from facilitating international trade to responding to disasters to improving Federal government information security practices.”
Hysen said that, historically, DHS would partake in what he called the “big-bang” approach to IT modernization: government staff spent years gathering requirements, awarding a large contract to a single systems integrator to build to exact requirements, and then test extensively against them.
This typically led to modernization projects being over budget and behind schedule, Hysen said. The CIO referenced the Healthcare.gov launch disaster of 2013 as an example of this approach.
“At DHS today, we reject this approach in favor of a more incremental, iterative, and measured strategy based on private sector best practices that enable us to successfully modernize key services and retire costly legacy systems,” Hysen said.
“Our newly-initiated modernization programs focus on defining a Minimum Viable Product – initial functionality that can launch within months, not years,” he added. “The Department follows an agile software development methodology that gathers requirements, builds, tests, and launches software in rapid, iterative cycles rather than waiting to gather all requirements up front.”
The CIO said that the agile project management requires a new technical approach – breaking down large programs into smaller sprints and launching functionality, iteratively over time – along with a shift in personnel, funding, contracting, and governance.
Hysen explained that if aging technology at DHS falls into any of these three categories, it is prioritized for overhaul: presents cybersecurity risks; presents opportunity to improve customer experience; or if the tech can be modernized to improve employee work.
“The failure of any of these systems would have significant impact on public safety and national security,” subcommittee Chairwoman Maggie Hassan, D-N.H., said during the hearing. “That’s why it is crucial that DHS modernize these systems.”
FEMA IT Modernization on Track
The CIO for the Federal Emergency Management Agency, Charles Armstrong, said that the agency is currently consolidating eight disparate legacy systems into the FEMA Grants Outcomes System for disaster and non-disaster grants, expected to be completed by 2025.
Additionally, the National Flood Insurance Program Pivot System – which encourages communities to make wise land use decisions and makes available flood insurance that allows people to protect homes and commercial property in flood-prone areas – was an agile modernization project that reached full operational capacity in 2020.
“NFIP is a strong example of continuous modernization,” Armstrong said. “Even after the program reached FOC, it continues to deliver new technical and business functionality to meet evolving mission needs, making it less likely to be replaced by another large modernization program.”
Armstrong also highlighted that FEMA began data center migration to the cloud in 2022 and expects to finalize full cloud migration by 2024.
TSA CIO Details Legacy Modernization Progress
Yemi Oshinnaiye, CIO for the Transportation Security Administration (TSA), detailed that the Mission Scheduling and Notification System (MSNS) system – an aggregate of nine system components that enable deployment of Federal Air Marshals on flights in accordance with risk-based prioritization to protect U.S. air carriers, airports, passengers, and crews – is set to be fully modernized by the end of FY 2025.
Oshinnaiye also noted that the agency’s legacy Performance and Results Information System (PARIS) was completely migrated to the government cloud earlier this year, which allowed for improvements in user experience, data visibility, data stewardship, and customer engagement.
Kevin Walsh, the director of information technology and cybersecurity at the Government Accountability Office, testified with the CIOs, noting that while DHS still has work to do, the agency has come a long way in legacy IT modernization.
“While all is not quite right in the Land of Oz,” he continued, “DHS has been taking promising steps to address these issues. For example, they’ve halted or suspended projects that are going poorly, they’ve addressed our recommendations at a better-than-average rate, they’ve documented lessons learned, and they use modern development technologies like agile and incremental. They’ve also been working diligently to address our associated high-risk area on IT and financial management functions.”