Serious deficiencies were found in virtually all aspects of the Federal Emergency Management Agency’s (FEMA) information technology enterprise — from a lack of strategic planning and architecture, to aging information technology (IT) equipment for field personnel, according to an Aug. 27 report from the Homeland Security Department’s Inspector General (IG).
Audits performed over the last 13 years have reported on FEMA’s IT deficiencies that render the agency unable “to support response and recovery operations effectively,” the IG said. They have also caused overspending, an inability to budget for long-term IT enhancements, and unnecessary IT support efforts. FEMA leadership did not dispute the findings of the report.
The report is an indictment of FEMA’s entire IT enterprise. Perhaps more astonishing is that the problems have apparently persisted for a decade or more without remedy. The criticism in the wake of severe disasters, such as Hurricane Harvey, maximize the exposure of deficiencies and increase the likelihood of modernizing IT infrastructure that impacts mission goals.
Nothing Looks Good
The IG looked at all of FEMA’s major IT systems and found that these legacy systems are not integrated with each other and can no longer keep pace with high-volume processing. The FEMA systems also “do not always contain real-time data nor do they support information sharing with external partners.” Following Hurricane Irma in September 2017, for instance, FEMA’s National Emergency Management Information System (NEMIS) proved incapable of effectively tracking application data and other specific housing information.
How the agency spends its IT dollars appears to be at the heart of many of the problems. In fiscal 2018, the Office of the Chief Information Officer (OCIO) only controlled about 40% of the agency’s approximately $452 million IT budget and about 44% of the agency’s 1,183 IT staff, which prevented the office from exercising proper oversight over the agency’s IT spending and plan for the future, according to the report.
Also “more than 70 percent of FEMA’s annual IT budget supports aging infrastructure and remediation of vulnerabilities,” a senior OCIO official said, “leaving less than 30 percent for investing in modernization efforts to improve mission support capabilities.”
While FEMA leadership did not dispute the findings in the report and made commitments to fix most problems, progress could be more challenging due to budget constraints. The IG found that less than 10% of FEMA’s discretionary budget goes to IT, which is insufficient to both modernize as well as maintain and operate legacy systems. Despite FEMA regularly receiving large emergency appropriations after a disaster strikes, those funds support immediate recovery and relief efforts and do not fund continuous IT infrastructure needs.
The IG’s assessment is likely to result in upcoming opportunities for contractors as the agency moves to improve conditions and better serve citizens after a disaster. But higher value contracts to modernize IT and establish sustainable operations, instead of focusing on maintaining legacy systems, will likely require more significant appropriation authority.
Should both agency leadership and Congress commit to adequately funding FEMA’s IT overhaul, the opportunities for contractors would be substantial considering that about 80%, or $360 million, of the agency’s $452 million IT budget in fiscal 2018 was spent on contracts, according to Bloomberg Government data. The agency’s top IT vendor for IT during that same period was International Business Machines Corp. with $71.8 million in obligations. Other top vendors include Government Acquisitions Inc. and Verizon Communications Inc.
The IG made four recommendations:
- Provide the OCIO with the necessary authority and resources to implement required IT management practices in accordance with Federal mandates.
- Promote IT planning and management as an agency-wide priority by establishing a policy to implement and enforce a centralized IT investment management framework.
- Direct a strategic planning effort to define FEMA’s vision for IT, along with a funding plan, to demonstrate how FEMA will direct investments to better align IT resources with agency and mission priorities.
- Develop a systems modernization approach that includes a plan for resolving IT integration, information sharing, and reporting deficiencies.
Vendors offering everything from systems architecture expertise, systems integration, data storage, field communications, training and other IT-related goods and services may find a growing market at FEMA. However, all of these opportunities will hinge upon the development of a coherent strategic IT plan and the resources to implement it. Given the poor track record of the agency so far, a skeptical approach by contractors is probably warranted.
To contact the analyst: Robert Levinson in Washington, D.C. at firstname.lastname@example.org