Modernization of federal information technology (IT) system won’t necessarily result in cost savings for agencies, but new systems are more efficient, offer greater functionality and stronger security, a government audit official told a Senate panel on Wednesday.
This assessment “probably is not what you want to hear given the current fiscal environment,” Kevin Walsh, director of Information Technology and Cybersecurity at the Government Accountability Office (GAO), told a hearing of the Homeland Security and Governmental Affairs Subcommittee on Emerging Threats and Spending Oversight.
Sen. Maggie Hassan (D-N.H.), chairwoman of the subcommittee, and Sen. Mitt Romney (R-Utah), the ranking member, convened the hearing on the modernization of the Department of Homeland Security’s critical legacy IT systems.
DHS plans to spend $10.1 billion in fiscal year 2023 on IT with operations and maintenance accounting for $8.8 billion of the total, Walsh said.
Wash said that while many of the IT systems that DHS funds “are not the newest,” this “doesn’t mean they’re at risk or in need of retirement.” The focus should be on legacy systems that “are outdated or obsolete, that may have heightened security risks or aren’t meeting mission needs,” he said.
“Worryingly, the department’s efforts to modernize such systems have a history of costing more than planned and taking longer than promised,” he said. “We’ve reported that the department is on its third attempt at modernizing its financial systems, which recently breached schedule and performance goals.”
Walsh also highlighted that the DHS biometric identity management system, called IDENT, is outdated and that its replacement, the Homeland Advanced Recognition Technology program, “is years behind schedule.”
Eric Hysen, the DHS chief information officer, told the panel that for newer IT modernization efforts, the department has moved away from traditional procurement practices that mirror the way it acquires ships, which he called the “big bang approach.” This approach requires years to generate requirements and is followed by a single award to one systems integrator but has resulted in “modernization programs going over budget and behind schedule at alarming rates,” he said.
The new approach is more “iterative” and begins with a “minimum viable product” and capabilities that can be launched in months and is followed by agile software development methods that “gather requirements, build, test and launch software in rapid iterative cycles,” Hysen said.