Information Sharing: DHS Has Demonstrated Leadership and Progress, but Additional Actions Could Help Sustain and Strengthen Efforts
Highlights
What GAO Found
The Department of Homeland Security (DHS) has made progress in achieving its information-sharing mission, but could take additional steps to improve its efforts. Specifically, DHS has demonstrated leadership commitment by establishing a governance board to serve as the decision-making body for DHS information-sharing issues. The board has enhanced collaboration among DHS components and identified a list of key information-sharing initiatives. The board has also developed and documented a process to prioritize some of the initiatives for additional oversight and support. However, because DHS has not revised its policies and guidance to include processes for identifying information-sharing gaps and the results; analyzing root causes of those gaps; and identifying, assessing, and mitigating risks of removing incomplete initiatives from its list, it does not have an institutional record that would help it replicate and sustain those information-sharing efforts. Overall, DHSs key information-sharing initiatives have progressed, and most have met interim milestones. However, progress has slowed for half of the 18 key initiatives, in part because of funding constraints. For example, 5 of DHSs top 8 priority information-sharing initiatives currently face funding shortfalls. The board has not been able to secure additional funds for these initiatives because they ultimately compete for funding within the budgets of individual components, but DHS officials noted that the boards involvement has kept some initiatives from experiencing funding cuts. DHS is also developing plans that will be important in managing its information-sharing efforts, such as a revised strategy for information sharing and a related implementation plan.
DHS has taken steps to track its information-sharing efforts, but has not yet fully assessed how they have improved sharing. Specifically, DHS is tracking the implementation progress of key information-sharing initiatives, but the department does not maintain completion dates and does not fully assess the impact initiatives are having on sharing. Determining and documenting initiative completion dates and how initiatives affect sharing, where feasible, would help the board better track progress in implementing the initiatives and make any necessary course corrections if completion dates are delayed. Further, DHS has begun to assess the extent to which its technology programs, systems, and initiativeswhich include the key information-sharing initiativeshave implemented critical information-sharing capabilities, such as secure user access authorization. However, DHS has not yet determined the specific capabilities each particular program must implement for DHS to conclude that it has improved information sharing enough to achieve its information-sharing vision for 2015. Establishing the level of capabilities programs must implement could help DHS prioritize programs, and track and assess progress toward its vision. In addition, DHS is in the process of implementing customer feedback measures on the usefulness of information provided and has taken steps to assess customers information needs. DHS has not yet developed measures that determine the impact of its information-sharing efforts on homeland security, but plans to develop ways to assess information-sharing results toward achieving its 2015 vision. DHSs time frames for completing this effort are to be included in forthcoming plans currently being developed.
Why GAO Did This Study
Recent planned and attempted acts of terrorism on U.S. soil underscore the importance of the need to ensure that terrorism-related information is shared with stakeholders across all levels of government in an effective and timely manner. DHS, through its Office of Intelligence and Analysis, has responsibility for sharing this information and has established an information-sharing vision for 2015which includes ensuring that the right information gets to the right people at the right time. GAO was asked to examine the extent to which DHS (1) has made progress in achieving its information-sharing mission, and (2) tracks and assesses information-sharing improvements. GAO analyzed relevant DHS documents, such as strategic planning documents and those related to DHSs governance structure, among others, and interviewed DHS officials.
Recommendations
GAO recommends that DHS revise its policies and guidance to include processes for identifying information-sharing gaps, analyzing root causes of those gaps, and identifying, assessing, and mitigating risks of removing incomplete initiatives from its list; better track and assess the progress of key information-sharing initiatives; and establish the level of capabilities programs must implement to meet its vision for 2015. DHS agreed with these recommendations and identified actions taken or planned to implement them.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Homeland Security | To address information-sharing gaps and risks, the Secretary of Homeland Security should direct the Information Sharing and Safeguarding Governance Board to, in either its Roadmap Implementation Guide or other related policies and procedures, document its processes for identifying information-sharing gaps and the results. |
In our September 2012 report on the Department of Homeland Security's (DHS) information sharing (GAO-12-809), we reported that DHS's efforts to identify information-sharing gaps and select initiatives to address these gaps have advanced information-sharing efforts, but DHS had not documented its process for identifying these gaps or the results of this process. We recommended that DHS document its process for identifying information-sharing gaps and the results. DHS concurred with this recommendation. In February 2014, DHS published the DHS Information Sharing and Safeguarding Strategy Implementation Plan Guide (Guide), which, according to DHS officials, was constructed based on GAO's recommendations. The Guide describes a Capabilities Mapping Tool, which is to assist the department in identifying technology gaps and shortfalls. The Guide further describes the process for identifying information sharing and safeguarding gaps through a three-step gap analysis. Moreover, the results of DHS's gap analyses are documented in the DHS Information Sharing and Safeguarding Strategy Implementation Plan (Implementation Plan). As a result, DHS now has documented its process for identifying information-sharing gaps and the results of this process, which should help DHS replicate and sustain this process in the future. We are closing this recommendation as implemented.
|
Department of Homeland Security | To address information-sharing gaps and risks, the Secretary of Homeland Security should direct the Information Sharing and Safeguarding Governance Board to, in either its Roadmap Implementation Guide or other related policies and procedures, document and implement a process for analyzing the root causes of those gaps. |
In our September 2012 report on the Department of Homeland Security's (DHS) information sharing (GAO-12-809), we reported that DHS's efforts to identify information-sharing gaps and select initiatives to address those gaps have advanced information-sharing efforts, but DHS had not analyzed the root causes of information-sharing gaps to ensure that its key initiatives target the correct problems. We recommended that DHS document and implement a process for analyzing the root causes of the information-sharing gaps it identifies. DHS concurred with this recommendation. In February 2014, DHS published the DHS Information Sharing and Safeguarding Strategy Implementation Plan Guide (Guide), which, according to DHS officials, was constructed based on GAO's recommendations. The Guide documents a four-step process for analyzing the root causes of information-sharing gaps--data collection, causal factor charting, root cause identification, and mitigation measures development--and states that such analysis will be conducted as needed when new gaps are identified. As a result, DHS now has documented and implemented a process for analyzing the root causes of the information-sharing gaps it identifies, which should help DHS ensure that it invests in the correct information-sharing solutions. We are closing this recommendation as implemented.
|
Department of Homeland Security | To address information-sharing gaps and risks, the Secretary of Homeland Security should direct the Information Sharing and Safeguarding Governance Board to, in either its Roadmap Implementation Guide or other related policies and procedures, establish and document processes for identifying and assessing risks of removing initiatives from the list, as well as determining whether other initiatives or alternative solutions are needed to mitigate any significant risks related to the relevant information-sharing gap. |
In our September 2012 report on the Department of Homeland Security's (DHS) information sharing (GAO-12-809), we reported that DHS's efforts to identify information-sharing gaps and select initiatives to address these gaps have advanced information-sharing efforts, but DHS had not established and documented a process for identifying and assessing the risks of removing an initiative from its list when the initiative does not have funding or component support, and did not have a documented process for mitigating the risk of removing incomplete initiatives. We recommended that DHS establish and document processes for identifying and assessing risks of removing initiatives from the list, as well as determining whether other initiatives or alternative solutions are needed to mitigate any significant risks related to the relevant information-sharing gap. DHS concurred with this recommendation. In February 2014, DHS published the DHS Information Sharing and Safeguarding Strategy Implementation Plan Guide (Guide), which, according to DHS officials, was constructed based on GAO's recommendations. The Guide provides a maturity model and dependency analysis plan to be used to synchronize major initiative milestones and provide insights into dependencies across the initiatives. According to DHS officials, this process will provide a tool for identifying linkages and dependencies to assess the risk of removing initiatives. Moreover, the Guide establishes processes for adding, amending, and removing Priority Objectives and initiatives. Also according to the Guide, the November 2013 DHS Information Sharing and Safeguarding Strategy Implementation Plan (Implementation Plan) contains a risk management approach for documenting and implementing a process to identify the risks of removing incomplete initiatives. In addition, the Guide notes that when the Information Sharing and Safeguarding Governance Board decides to add, remove, or significantly amend a Priority Objective, the Implementation Plan will describe the decision, reasons, and implications for the DHS Information Sharing and Safeguarding Strategy. Moreover, according to the Guide, proposed Priority Objective additions and deletions will undergo a risk assessment. As a result, DHS now has documented processes for identifying and assessing risks of removing initiatives from its list and determining whether risk mitigation is needed, which should help DHS identify the effects that removal may have on its information-sharing efforts and sustain these efforts. We are closing this recommendation as implemented.
|
Department of Homeland Security | To improve DHS's ability to track and assess key information-sharing initiatives, the Secretary of Homeland Security should direct the Information Sharing and Safeguarding Governance Board to incorporate into the board's existing tracking process milestones with time frames that initiatives must achieve to be considered complete, where feasible, and information to show the impact initiatives are having on information sharing. |
In our September 2012 report on the Department of Homeland Security's (DHS) information sharing (GAO-12-809), we reported that DHS had developed a tool to track implementation of key information-sharing initiatives, but this tool did not include information on how close the initiatives were to completion or what difference the initiatives were making in improving information sharing. We recommended that DHS incorporate--into its existing tracking process--milestones with time frames that information-sharing initiatives must achieve to be considered complete, where feasible, and information to show the impact initiatives are having on information sharing. DHS concurred with this recommendation. The November 2013 DHS Information Sharing and Safeguarding Strategy Implementation Plan (Implementation Plan)--which DHS constructed based on GAO's recommendations--includes specific milestones for achieving the initiatives as well as the anticipated impact the initiatives will have on information sharing. Specifically, the Implementation Plan describes the information-sharing initiatives that are to address identified gaps, specific milestones to close those gaps, the anticipated end state of each Priority Objective, and their impact on the information sharing and safeguarding. According to the February 2014 DHS Information Sharing and Safeguarding Strategy Implementation Plan Guide (Guide), the Information Sharing and Safeguarding Governance Board will receive quarterly updates on the initiatives' milestone status. Moreover, the Guide states that each Priority Objective plan in the Implementation Plan is to be updated annually. Furthermore, the Information Sharing and Safeguarding Governance Board approved the Performance Management Program (Program) in February 2014 that is to instill a performance-based culture across DHS's information sharing environment, according to department officials. The Program, which is based in part on GAO's recommendation, mandates the development of performance measures to show the outcomes of information-sharing initiatives. According to DHS officials, the Program establishes a standard performance measurement process, tracks performance and impact of DHS actions, and strengthens accountability. As a result, DHS now has milestones with time frames that initiatives must achieve to be considered complete, and has information to show the impact initiatives are having on information sharing, which should help DHS better track implementation progress and make course corrections, if necessary. We are closing this recommendation as implemented.
|
Department of Homeland Security | To improve DHS's ability to track and assess key information-sharing initiatives, the Secretary of Homeland Security should direct the Information Sharing and Safeguarding Governance Board and the Office of the CIO to include in the mechanism the board is developing to track programs' achievement of key capabilities the specific capabilities certain programs must implement in order to achieve the department's 2015 information-sharing vision. |
In our September 2012 report on the Department of Homeland Security's (DHS) information sharing (GAO-12-809), we reported that DHS had not yet defined the specific capabilities that initiatives and other programs must have in place to help the department achieve its information-sharing vision, which includes ensuring that the right information gets to the right people at the right time. We recommended that DHS include in its tracking mechanism the specific capabilities certain programs must implement in order to achieve the department's information-sharing vision. DHS concurred with this recommendation. In February 2014, DHS published the DHS Information Sharing and Safeguarding Strategy Implementation Plan Guide (Guide), which, according to DHS officials, was constructed based on GAO's recommendations. The Guide provides a maturity model and associated dependency analysis plan that is to be used to synchronize major initiative milestones and provide insights into dependencies across the initiatives. The maturity model is to identify annual benchmarks and major synchronization milestones. According to the Guide, through the dependency analysis--which will be conducted annually--DHS can identify the required sequencing of critical activities to achieve its information-sharing vision. Moreover, as part of the updated Information Sharing Segment Architecture, approved in January 2013, DHS committed to developing a capabilities mapping tool to support the attainment of its information sharing environment by aligning technical capabilities with information sharing capabilities. According to the Information Sharing Segment Architecture, the capabilities mapping tool allows architects, program managers, and decision makers to identify gaps, shortfalls, and redundancies across the information sharing environment. Further, the Segment Architecture states that this tool allows DHS to align the information sharing capabilities to DHS mission goals and objectives. As a result, DHS now has the capability to determine the status of information sharing programs and capabilities, as well as the interdependency of capabilities, which should help DHS prioritize programs, and track and assess progress toward its vision. We are closing this recommendation as implemented.
|