Secure Border Initiative:

DHS Needs to Address Significant Risks in Delivering Key Technology Investment

GAO-08-1086: Published: Sep 22, 2008. Publicly Released: Sep 22, 2008.

Additional Materials:

Contact:

Randolph C. Hite
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Department of Homeland Security's (DHS) Secure Border Initiative (SBI) is a multiyear, multibillion-dollar program to secure the nation's borders through, among other things, new technology, increased staffing, and new fencing and barriers. The technology component of SBI, which is known as SBInet, involves the acquisition, development, integration, and deployment of surveillance systems and command, control, communications, and intelligence technologies. GAO was asked to determine whether DHS (1) has defined the scope and timing of SBInet capabilities and how these capabilities will be developed and deployed, (2) is effectively defining and managing SBInet requirements, and (3) is effectively managing SBInet testing. To do so, GAO reviewed key program documentation and interviewed program officials, analyzed a random sample of requirements, and observed operations of a pilot project.

Important aspects of SBInet remain ambiguous and in a continued state of flux, making it unclear and uncertain what technology capabilities will be delivered, when and where they will be delivered, and how they will be delivered. For example, the scope and timing of planned SBInet deployments and capabilities have continued to change since the program began and, even now, are unclear. Further, the program office does not have an approved integrated master schedule to guide the execution of the program, and GAO's assimilation of available information indicates that the schedule has continued to change. This schedule-related risk is exacerbated by the continuous change in and the absence of a clear definition of the approach that is being used to define, develop, acquire, test, and deploy SBInet. The absence of clarity and stability in these key aspects of SBInet impairs the ability of the Congress to oversee the program and hold DHS accountable for program results, and it hampers DHS's ability to measure program progress. SBInet requirements have not been effectively defined and managed. While the program office recently issued guidance that defines key practices associated with effectively developing and managing requirements, such as eliciting user needs and ensuring that different levels of requirements and associated verification methods are properly aligned with one another, the guidance was developed after several key activities had been completed. In the absence of this guidance, the program has not effectively performed key requirements definition and management practices. For example, it has not ensured that different levels of requirements are properly aligned, as evidenced by GAO's analysis of a random probability sample of component requirements showing that a large percentage of them could not be traced to higher-level system and operational requirements. Also, some of SBInet's operational requirements, which are the basis for all lower-level requirements, were found by an independent DHS review to be unaffordable and unverifiable, thus casting doubt on the quality of lower-level requirements that are derived from them. As a result, the risk of SBInet not meeting mission needs and performing as intended is increased, as are the chances of expensive and time-consuming system rework. SBInet testing has not been effectively managed. For example, the program office has not tested the individual system components to be deployed to the initial deployment locations, even though the contractor initiated integration testing of these components with other system components and subsystems in June 2008. Further, while a test management strategy was drafted in May 2008, it has not been finalized and approved, and it does not contain, among other things, a clear definition of testing roles and responsibilities; a high-level master schedule of SBInet test activities; or sufficient detail to effectively guide project-specific test planning, such as milestones and metrics for specific project testing. Without a structured and disciplined approach to testing, the risk that SBInet will not satisfy user needs and operational requirements, thus requiring system rework, is increased.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Secretary of Homeland Security should direct the CBP Commissioner to have the Acting SBInet Program Manager implement key test management practices to include (1) developing and documenting test plans prior to the start of testing; (2) conducting appropriate component level testing prior to integrating system components; and (3) approving a test management strategy that, at a minimum, includes a relevant testing schedule, establishes accountability for testing activities by clearly defining testing roles and responsibilities, and includes sufficient detail to allow for testing and oversight activities to be clearly understood and communicated to test stakeholders.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: In January 2010, the Secretary of Homeland Security initiated an assessment of the SBInet program. The assessment was motivated in part by continuing delays in the development and deployment of SBInet capabilities and concerns that the SBInet system had not been adequately justified by a quantitative assessment of cost and benefits. Between January 2010 and January 2011, we reported on a variety of management weaknesses that contributed to the Secretary's concerns, including inadequate acquisition management practices -- test management, requirements management, and risk management -- shrinking system capabilities, and the lack of effective contractor oversight and economic justification for the program; and we made associated recommendations with which DHS largely agreed. In January 2011, DHS completed its assessment and decided to end SBInet as originally conceived. We consider DHS's decision to discontinue the SBInet program a prudent course of action, and responsive to the many recommendations we made to address the wide array of identified weaknesses.

    Recommendation: The Secretary of Homeland Security should direct the CBP Commissioner to have the Acting SBInet Program Manager implement key requirements development and management practices to include (1) baselining requirements before system design and development efforts begin; (2) analyzing requirements prior to being baselined to ensure that they are complete, achievable, and verifiable; and (3) tracing requirements to higher-level requirements, lower-level requirements, and test cases.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: In January 2010, the Secretary of Homeland Security initiated an assessment of the SBInet program. The assessment was motivated in part by continuing delays in the development and deployment of SBInet capabilities and concerns that the SBInet system had not been adequately justified by a quantitative assessment of cost and benefits. Between January 2010 and January 2011, we reported on a variety of management weaknesses that contributed to the Secretary's concerns, including inadequate acquisition management practices -- test management, requirements management, and risk management -- shrinking system capabilities, and the lack of effective contractor oversight and economic justification for the program; and we made associated recommendations with which DHS largely agreed. In January 2011, DHS completed its assessment and decided to end SBInet as originally conceived. We consider DHS's decision to discontinue the SBInet program a prudent course of action, and responsive to the many recommendations we made to address the wide array of identified weaknesses.

    Recommendation: The Secretary of Homeland Security should direct the CBP Commissioner to have the Acting SBInet Program Manager ensure that the revised and approved life cycle management approach is fully implemented.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: In January 2010, the Secretary of Homeland Security initiated an assessment of the SBInet program. The assessment was motivated in part by continuing delays in the development and deployment of SBInet capabilities and concerns that the SBInet system had not been adequately justified by a quantitative assessment of cost and benefits. Between January 2010 and January 2011, we reported on a variety of management weaknesses that contributed to the Secretary's concerns, including inadequate acquisition management practices -- test management, requirements management, and risk management -- shrinking system capabilities, and the lack of effective contractor oversight and economic justification for the program; and we made associated recommendations with which DHS largely agreed. In January 2011, DHS completed its assessment and decided to end SBInet as originally conceived. We consider DHS's decision to discontinue the SBInet program a prudent course of action, and responsive to the many recommendations we made to address the wide array of identified weaknesses.

    Recommendation: The Secretary of Homeland Security should direct the CBP Commissioner to have the Acting SBInet Program Manager revise and approve versions of the SBInet life cycle management approach, including the draft Systems Engineering Plan and draft Test and Evaluation Management Plan, and in doing so, ensure that these revised and approved versions are consistent with one another, reflect program officials' recently described changes to the engineering and testing approaches, and reflect relevant federal guidance and associated leading practices.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: The Systems Engineering Plan (SEP) and Test and Evaluation Management Plan (TEMP) were revised and approved in November 2008, and these documents are largely consistent with one another. In addition, the SEP and TEMP reflect the program officials' described changes to its engineering and testing approaches. The revised SEP and TEMP also reflect many aspects of relevant guidance and leading practices, such as the DHS Acquisition Instruction/Guidebook and the IEEE Standard for Application and Management of the Systems Engineering Process. For example, the SEP defines a number of gate reviews to guide system development and operations, such as initial planning reviews, requirements reviews, system design reviews, and test reviews. In addition, it requires key artifacts and program documents such as a concept of operations, an operational requirements document, a deployment plan, a risk management plan, a life cycle cost estimate, requirements documentation, and test plans. Further, the TEMP describes the program's test strategy, scope, and resource requirements.

    Recommendation: The Secretary of Homeland Security should direct the CBP Commissioner to have the Acting SBInet Program Manager finalize and approve an integrated master schedule that reflects the timing and sequencing of the work needed to achieve these commitments.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: In January 2010, the Secretary of Homeland Security initiated an assessment of the SBInet program. The assessment was motivated in part by continuing delays in the development and deployment of SBInet capabilities and concerns that the SBInet system had not been adequately justified by a quantitative assessment of cost and benefits. Between January 2010 and January 2011, we reported on a variety of management weaknesses that contributed to the Secretary's concerns, including inadequate acquisition management practices -- test management, requirements management, and risk management -- shrinking system capabilities, and the lack of effective contractor oversight and economic justification for the program; and we made associated recommendations with which DHS largely agreed. In January 2011, DHS completed its assessment and decided to end SBInet as originally conceived. We consider DHS's decision to discontinue the SBInet program a prudent course of action, and responsive to the many recommendations we made to address the wide array of identified weaknesses.

    Recommendation: The Secretary of Homeland Security should direct the CBP Commissioner to have the Acting SBInet Program Manager establish and baseline the specific program commitments, including the specific system functional and performance capabilities that are to be deployed to the Tucson, Yuma, and El Paso Sectors, and establish when these capabilities are to be deployed and are to be operational.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: DHS has committed to deploying SBInet to only two locations in the Tucson sector, known as TUS-1 and AJO-a. Further, the SBInet System Program Office (SPO) established and baselined program commitments for these two locations, including the system's functional and performance capabilities to be deployed and the timing of their deployment and operational use. For example, as of July 2010, the TUS-1 and AJO-1 deployments were scheduled for acceptance by the government in September 2010 and December 2010, respectively.

    Recommendation: To improve DHS's efforts to acquire and implement SBInet and to permit meaningful measurement and oversight of and accountability for the program, the Secretary of Homeland Security should direct the U.S. Customs and Border Protection (CBP) Commissioner to ensure that the risks associated with planned SBInet acquisition, development, testing, and deployment activities are immediately assessed.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: According to agency documentation, shortly after receiving our draft report, the SBInet Program Office met with the Department of Homeland Security (DHS) Acquisition Review Board to formally discuss program risks and agree on courses of action to best mitigate them. Further, consistent with our September 2008 report, and with this recommendation, the DHS Secretary, in January 2012, ordered a department-wide assessment of the SBInet program to address, in part, the program's risk of not performing as intended. Based on the results of the assessment, the Secretary decided to end SBInet as originally conceived. We consider DHS's decision to discontinue the SBInet program a prudent course of action, and therefore consider this recommendation closed, implemented.

    Recommendation: To improve DHS's efforts to acquire and implement SBInet and to permit meaningful measurement and oversight of and accountability for the program, the Secretary of Homeland Security should direct the U.S. Customs and Border Protection (CBP) Commissioner to ensure that the results, including proposed alternative courses of action for mitigating the risks, are provided to the Commissioner and DHS's senior leadership, as well as to the department's congressional authorization and appropriation committees.

    Agency Affected: Department of Homeland Security

    Status: Closed - Not Implemented

    Comments: The SBInet System Program Office (SPO) did not immediately brief key decision makers on the risks facing the program and alternative courses of action for mitigating them. While program officials told us that they briefed key congressional committees on key program risks, they were unable to provide documentation to support this statement. Further, House Homeland Security Committee staff told us that while they received several briefings on SBInet during the fall of 2008, they were not specifically briefed on program risks.

    Jul 24, 2014

    Jul 16, 2014

    Jun 27, 2014

    Jun 24, 2014

    Jun 23, 2014

    Jun 18, 2014

    Jun 16, 2014

    Jun 11, 2014

    Looking for more? Browse all our products here