Skip to main content

Information Technology: Management Improvements Needed on the Department of Homeland Security's Next Generation Information Sharing System

GAO-09-40 Published: Oct 08, 2008. Publicly Released: Oct 08, 2008.
Jump To:
Skip to Highlights

Highlights

The Department of Homeland Security (DHS) is responsible for coordinating the federal government's homeland security communications with all levels of government. In support of this mission, DHS implemented, and has been enhancing, the Homeland Security Information Network (HSIN). It also has proposed a follow-on system, called Next Generation HSIN (HSIN Next Gen). GAO was asked to determine whether (1) DHS has stopped further improvements on HSIN and if so, the department's rationale for doing so and plans for acquiring its proposed follow-on system HSIN Next Gen and (2) the department is effectively managing the HSIN Next Gen acquisition. To accomplish this, GAO analyzed documentation, interviewed officials, and compared acquisition management processes and practices defined in industry best practices with those planned and underway by DHS.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security To minimize risks to the HSIN Next Gen project, and to strengthen management of the project, the Secretary of Homeland Security should direct the Director, Office of Operations Coordination and Planning, to strengthen program management controls by staffing the program office appropriately.
Closed – Implemented
Consistent with our recommendations, DHS decided to terminate the Homeland Security Information Network (HSIN) Next Gen program. In lieu of NextGen, DHS decided to use its existing HSIN system to provide homeland security sharing capabilities. According to DHS officials, the latter effort requires IT staff with different critical skills and abilities than those required on NextGen. Accordingly, these officials performed a staffing needs assessment to identify the skills, abilities, and requisite staff critical to using the existing HSIN system and are in the process of hiring 16 such staff. As of July 2011, DHS had hired six of these staff and was in the process of hiring the other ten.
Department of Homeland Security To minimize risks to the HSIN Next Gen project, and to strengthen management of the project, the Secretary of Homeland Security should direct the Director, Office of Operations Coordination and Planning, to strengthen program management controls by identifying staff roles and responsibilities.
Closed – Implemented
In response, DHS developed a Program Management Plan (dated February 20, 2009) which identifies staff roles and responsibilities for key Homeland Security Information Network (HSIN) program officials, such as the HSIN Program Manager and Outreach Project Manager. The plan defines not only roles for strategic management activities, but also included the specific roles and responsibilities for day-to-day operations.
Department of Homeland Security To minimize risks to the HSIN Next Gen project, and to strengthen management of the project, the Secretary of Homeland Security should direct the Director, Office of Operations Coordination and Planning, to strengthen program management controls by ensuring all requirements are gathered, analyzed, and validated.
Closed – Implemented
Consistent with our recommendations, DHS decided to terminate the Homeland Security Information Network (HSIN) NextGen program. In lieu of Next Gen, DHS decided to use its existing HSIN system to provide homeland security sharing capabilities. In parallel with the latter effort, DHS has also undertaken initiatives to establish needed requirements management discipline. For example, in June 2011, the department issued a HSIN requirements management plan that specifies processes for gathering, analyzing, and validating HSIN requirements. In addition, DHS deployed an automated software tool (called SharePoint) to support the implementation of the requirements management processes. This automated tool aids program staff in, among other things, collecting, validating, analyzing requirements and tracking management approvals and related audit trail activities.
Department of Homeland Security To minimize risks to the HSIN Next Gen project, and to strengthen management of the project, the Secretary of Homeland Security should direct the Director, Office of Operations Coordination and Planning, to strengthen program management controls by developing and implementing a requirements change control process.
Closed – Implemented
Consistent with our recommendations, DHS decided to terminate the Homeland Security Information Network (HSIN) NextGen program. In lieu of Next Gen, DHS decided to use its existing HSIN system to provide homeland security sharing capabilities. In parallel with the latter effort, DHS has also undertaken initiatives to establish a requirements change control process. For example, in June 2011, the department issued a HSIN requirements management plan that calls for developing and implementing a requirements change process, including establishing a change control board to manage and oversee the process and resulting changes. DHS is in the process of establishing the board. In particular, the department has drafted a charter (dated July 2011) specifying the board's roles and responsibilities and how it is to operate. DHS plans to finalize the charter by late August 2011, at which time the board is to become operational. Until then, DHS reports that its senior leadership team is acting to oversee the process and changes to requirements.
Department of Homeland Security To minimize risks to the HSIN Next Gen project, and to strengthen management of the project, the Secretary of Homeland Security should direct the Director, Office of Operations Coordination and Planning, to strengthen program management controls by ensuring effective risk management by identifying all key risks surrounding the project and developing risk mitigation plans and completion milestones.
Closed – Implemented
Consistent with our recommendations, DHS decided to terminate the Homeland Security Information Network (HSIN) NextGen program. In lieu of Next Gen, DHS decided to use its existing HSIN system to provide homeland security sharing capabilities. In parallel with the latter effort, DHS has also untaken initiatives to put into place effective risk management. For example, in June 2011, the department developed a HSIN risk management plan that specifies effective risk management processes to be followed, including developing an inventory (e.g., log and register) of active risks, assigning staff responsibility for mitigating these risks, developing risk mitigation actions to be taken, and reporting on risk status and progress. As of July 2011, DHS had taken actions to implement the plan. For example, HSIN program officials maintain an active risk log and register using an automated tool (called SharePoint). These program officials also use this automated tool to track the status, progress, and disposition of risks and to develop weekly status reports for management review.
Department of Homeland Security The Secretary of Homeland Security should ensure that these controls are implemented before the department starts to migrate users to HSIN Next Gen's Initial Operational Capability.
Closed – Implemented
Consistent with our recommendations, DHS decided to terminate the Homeland Security Information Network (HSIN) NextGen program. In lieu of Next Gen, DHS decided to use its existing HSIN system to provide homeland security sharing capabilities. As discussed above, the department has also initiated efforts to develop and implement program management controls recommended in our report.

Full Report

Office of Public Affairs

Topics

Agency missionsBest practicesCost analysisHomeland securityInformation classificationInformation disclosureInformation infrastructureInformation managementInformation systemsInformation technologyInternal controlsPerformance measuresProcurement planningProgram evaluationRisk managementSchedule slippagesStandards evaluationStrategic information systems planningStrategic planningSystems analysisSystems evaluationCost estimatesInformation sharingStandards (information technology)