Homeland IT added to GAO's high-risk list

The Homeland Security Department in general and its IT operations in particular are new areas of high risk for failure, the General Accounting Office and the leaders of the Senate Governmental Affairs and House Government Reform committees said this morning.

"A lot of this risk is related to systems," Rep. Tom Davis (R-Va.), chairman of the House committee, said at a press conference this morning. "We are operating with too many stovepiped systems. One of the reasons the Homeland Security Department was put together was to get people talking to each other."

Davis said the federal government's systems difficulties would take "two, four or six years to solve" because they present complicated problems with major systems. As an example of the stovepipe problem, Davis said, "You wind up with the Department of Commerce having a system that doesn't talk with" other federal systems.

Sen. Susan Collins (R-Maine), chairman of the Senate committee, and Davis jointly unveiled a GAO survey that highlights areas of the federal government that are especially vulnerable to waste, fraud, abuse or mismanagement. "Wasteful spending of taxpayer dollars is never acceptable, but it is particularly unacceptable when we face pressing needs in health care, education and homeland security," Collins said.

GAO cited 25 high-risk areas in the federal government, of which only four were new to the survey. The audit agency this year removed two programs from the high-risk list.

The agency added the category of "Protecting Information Systems Supporting the Federal Government and the Nation's Critical Infrastructures" to the high-risk list in 1997, and it remains on the list. GAO said it continues to find "significant, pervasive weaknesses in the controls over computerized federal operations. Moreover, related risks continue to escalate, in part due to the government's increasing reliance on the Internet and on commercially available information technology."

GAO cited the Federal Information Security Management Act of 2002, which Davis wrote, as an essential step to correcting federal information security weaknesses. That law requires federal agencies to devote resources to information security, routinely report on IT security and expand research on system protection.

After the press conference, Davis said he planned to follow up on the passage of FISMA by holding hearings and pressing for House approval of the Services Acquisition Reform Act to reform the federal procurement process. Davis snapped his fingers to indicate the speed with which he planned to push the bill through the House.

"We buy $140 billion of services each year," Davis said. "If you could save just 10 percent of that, you'd save $14 billion." He added, "We know that tens of billions of dollars have gone out for systems [that have failed]. This administration is taking steps?but it will take a long time."

Davis also said that the House Select Committee on Homeland Security, of which he is a member, likely would hold oversight hearings on the new department next month.

Comptroller General David M. Walker, head of the GAO, said problems with stovepiped systems exist "not only just between departments and agencies, but within departments such as the Department of Defense, which has thousands of systems which don't talk to each other."

GAO said the HSD sits on the high-risk list because it is an enormous undertaking?the agencies to be folded into the new department already face problems and the consequences of homeland security failures could be severe.