Report text available as:

(PDF provides a complete and accurate display of this text.) Tip?


[From the U.S. Government Publishing Office]


114th Congress}                                            {Report
   1st Session}             HOUSE OF REPRESENTATIVES       {114-162
                                                     
======================================================================
 
                DHS IT DUPLICATION REDUCTION ACT OF 2015

                                _______
                                

 June 17, 2015.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

  Mr. McCaul, from the Committee on Homeland Security, submitted the 
                               following

                              R E P O R T

                             together with

                            ADDITIONAL VIEWS

                        [To accompany H.R. 1626]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security, to whom was referred 
the bill (H.R. 1626) to reduce duplication of information 
technology at the Department of Homeland Security, and for 
other purposes, having considered the same, report favorably 
thereon with an amendment and recommend that the bill as 
amended do pass.

                                CONTENTS

                                                                   Page
Purpose and Summary..............................................     2
Background and Need for Legislation..............................     2
Hearings.........................................................     3
Committee Consideration..........................................     3
Committee Votes..................................................     4
Committee Oversight Findings.....................................     4
New Budget Authority, Entitlement Authority, and Tax Expenditures     4
Congressional Budget Office Estimate.............................     4
Statement of General Performance Goals and Objectives............     5
Duplicative Federal Programs.....................................     5
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
  Benefits.......................................................     5
Federal Mandates Statement.......................................     6
Preemption Clarification.........................................     6
Disclosure of Directed Rule Makings..............................     6
Advisory Committee Statement.....................................     6
Applicability to Legislative Branch..............................     6
Section-by-Section Analysis of the Legislation...................     6
Changes in Existing Law Made by the Bill, as Reported............     8
Additional Views.................................................     9

    The amendment is as follows:
    Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``DHS IT Duplication Reduction Act of 
2015''.

SEC. 2. DHS INFORMATION TECHNOLOGY DUPLICATION REDUCTION.

  (a) Information Technology Duplication Reduction.--Not later than 90 
days after the date of the enactment of this Act, the Chief Information 
Officer of the Department of Homeland Security shall submit to the 
Committee on Homeland Security of the House of Representatives and the 
Committee on Homeland Security and Governmental Affairs of the Senate a 
report that includes the following:
          (1) The number of information technology systems at the 
        Department of Homeland Security.
          (2) An assessment of the number of such systems exhibiting 
        duplication or fragmentation.
          (3) A strategy for reducing such duplicative systems, 
        including an assessment of potential cost savings or cost 
        avoidance as a result of such reduction.
          (4) A methodology for determining which system should be 
        eliminated when there is duplication or fragmentation.
  (b) Definitions.--In this Act:
          (1) The term ``duplication or fragmentation'' of information 
        technology systems means two or more systems or programs that 
        deliver similar functionality to similar user populations.
          (2) The term ``information technology'' has the meaning given 
        such term in section 11101 of title 40, United States Code.
  (c) No New Authorization of Funding.--This section shall be carried 
out using amounts otherwise appropriated or made available to the 
Department of Homeland Security. No additional funds are authorized to 
be appropriated to carry out this section.

                          PURPOSE AND SUMMARY

    H.R. 1626 requires the Chief Information Officer (CIO) of 
the Department of Homeland Security (DHS) to identify 
duplicative or fragmented information technology (IT) systems 
within the Department and develop a strategy to reduce such 
duplication or fragmentation.

                  BACKGROUND AND NEED FOR LEGISLATION

    The Department of Homeland Security plans to spend billions 
of dollars in the next five years on IT systems to support its 
mission to secure the Homeland. DHS has taken steps to reduce 
IT duplication and fragmentation through their own initiative 
as well as the guidance of the Office of Management and Budget 
(OMB). In a recent report GAO-15-296: Information Technology 
Additional OMB and Agency Actions Needed to Ensure Portfolio 
Savings are Realized and Effectively Tracked, GAO reviewed the 
PortfolioStat program which requires ``26 agencies to conduct 
an annual review of their commodity IT portfolio to . . . 
achieve savings by identifying opportunities to consolidate 
investments or move to shared services,'' and is ``intended to 
assist agencies in meeting the targets and requirements under 
other OMB initiatives aimed at eliminating waste and 
duplication and promoting shared services.'' DHS was one of the 
agencies that the GAO report focused. According to the report, 
DHS in 2013 indicated that through implementation of the 
program, it could realize savings of $1.4 billion between 2013 
and 2015. In 2014, DHS adjusted its estimates to a savings of 
$446.7 million. In recent reviews of the IT systems at DHS by 
the GAO and the DHS Office of the Inspector General (OIG) and 
briefings for staff by the DHS CIO, it became apparent that 
there were concerns about DHS IT internal controls, such as 
being only partially implemented and duplicative in their 
functions. For example, the Federal Emergency Management Agency 
(FEMA) is a decentralized federal agency with offices 
throughout the nation. There are numerous inventories of IT 
systems within FEMA that are not shared adequately with 
Department leadership. Depending on the definition of IT 
systems and tools, FEMA's regional offices employ between 90 
and 700 IT systems, according to OIG-11-69: Federal Emergency 
Management Agency Faces Challenges in Modernizing Information 
Technology. Further, FEMA's IT inventory continues to fluctuate 
without reason leading the Committee to believe that there are 
not sufficient IT governance controls in place. These issues 
raise concerns regarding the insufficient management of time, 
money, and IT systems.
    The DHS IT Duplication Reduction Act of 2015 requires the 
DHS CIO to identify duplicated or fragmented information 
technology systems within DHS and develop a strategy to reduce 
these duplications or fragmentations. Enactment of H.R. 1626 is 
necessary to hold DHS accountable for the management of 
information technology systems.

                                HEARINGS

    No hearings were held on H.R. 1626. However, the Committee 
held oversight hearings listed below.
    On March 19, 2013, the Subcommittee on Oversight and 
Management Efficiency held a hearing entitled ``DHS Information 
Technology: How Effectively has DHS Harnessed IT to Secure Our 
Borders and Uphold Immigration Laws?'' The Subcommittee 
received testimony from Ms. Margie Graves, Deputy Chief 
Information Officer, U.S. Department of Homeland Security; Mr. 
David Powner, Director, Information Technology Management 
Issues, Government Accountability Office; and Mr. Charles K. 
Edwards, Deputy Inspector General, U.S. Department of Homeland 
Security.
    On February 6, 2014, the Subcommittee also held a hearing 
entitled ``Examining Challenges and Wasted Taxpayer Dollars in 
Modernizing Border Security IT Systems.'' The Subcommittee 
received testimony from Mr. David Powner, Director, Information 
Technology Management Issues, U.S. Government Accountability 
Office; Mr. Charles Armstrong, Assistant Commissioner, Office 
of Information and Technology, U.S. Customs and Border 
Protection, U.S. Department of Homeland Security; and Mr. 
Thomas Michelli, Chief Information Officer, Immigration and 
Customs Enforcement, U.S. Department of Homeland Security.

                        COMMITTEE CONSIDERATION

    The Committee met on May 20, 2015, to consider H.R. 1626, 
and ordered the measure to be reported to the House with a 
favorable recommendation, amended, by voice vote. The Committee 
took the following actions:

    The following amendments were offered:

 An Amendment in the Nature of a Substitute offered by Hurd of 
Texas (#1); was AGREED TO by voice vote.
 An Amendment by Ms. Jackson Lee to the Amendment in the Nature 
of a Substitute (#1A); was AGREED TO by voice vote.

    Page 2, beginning line 7, insert the following: (D) A methodology 
for determining which system should be eliminated when there is 
duplication or fragmentation.

    The Subcommittee on Oversight and Management Efficiency met 
on May 13, 2015, to consider H.R. 1626, and ordered the measure 
to be reported to the Full Committee with a favorable 
recommendation, amended, by voice vote. The Committee took the 
following actions:
    The following amendment was offered:

 An amendment offered by Mrs. Watson Coleman (#1); was AGREED 
TO by voice vote.

    Page 2, line 13, strike ``that are duplicative'' and insert 
``exhibiting duplication or fragmentation''.
    Page 2, line 18 strike subsection (b) and insert a new subsection 
entitled ``(b) Definitions.''

                            COMMITTEE VOTES

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list the recorded 
votes on the motion to report legislation and amendments 
thereto.
    No recorded votes were requested during consideration of 
H.R. 1626.

                      COMMITTEE OVERSIGHT FINDINGS

    Pursuant to clause 3(c)(1) of rule XIII of the Rules of the 
House of Representatives, the Committee has held oversight 
hearings and made findings that are reflected in this report.

   NEW BUDGET AUTHORITY, ENTITLEMENT AUTHORITY, AND TAX EXPENDITURES

    In compliance with clause 3(c)(2) of rule XIII of the Rules 
of the House of Representatives, the Committee finds that H.R. 
1626, the DHS IT Duplication Reduction Act of 2015, would 
result in no new or increased budget authority, entitlement 
authority, or tax expenditures or revenues.

                  CONGRESSIONAL BUDGET OFFICE ESTIMATE

    The Committee adopts as its own the cost estimate prepared 
by the Director of the Congressional Budget Office pursuant to 
section 402 of the Congressional Budget Act of 1974.

                                     U.S. Congress,
                               Congressional Budget Office,
                                      Washington, DC, June 3, 2015.
Hon. Michael McCaul,
Chairman, Committee on Homeland Security,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 1626, the DHS IT 
Duplication Reduction Act of 2015.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Mark 
Grabowicz.
            Sincerely,
                                                Keith Hall,
                                                          Director.
    Enclosure.

H.R. 1626--DHS IT Duplication Reduction Act of 2015

    H.R. 1626 would require the Department of Homeland Security 
(DHS), within 90 days of the bill's enactment, to prepare a 
report for the Congress on duplicative information technology 
systems in the department. DHS is currently carrying out 
activities similar to those required by the bill. Thus, CBO 
estimates that implementing H.R. 1626 would not significantly 
affect spending by the department. Enacting H.R. 1626 would not 
affect direct spending or revenues; therefore, pay-as-you-go 
procedures do not apply.
    H.R. 1626 contains no intergovernmental or private-sector 
mandates as defined in the Unfunded Mandates Reform Act and 
would not affect the budgets of state, local, or tribal 
governments.
    The CBO staff contact for this estimate is Mark Grabowicz. 
The estimate was approved by H. Samuel Papenfuss, Deputy 
Assistant Director for Budget Analysis.

         STATEMENT OF GENERAL PERFORMANCE GOALS AND OBJECTIVES

    Pursuant to clause 3(c)(4) of rule XIII of the Rules of the 
House of Representatives, H.R. 1626 contains the following 
general performance goals and objectives, including outcome 
related goals and objectives authorized.
    The performance goals and objectives of H.R. 1626 include 
the Department of Homeland Security taking a complete inventory 
of IT systems and developing a strategy to optimize the IT 
portfolio. Systems determined crucial to the DHS mission by the 
CIO must report whether there is a contingency plan in the 
event said IT system was inoperable. The inventory should set a 
baseline for DHS IT. The inventory assessment and strategy will 
allow the Committee to conduct additional oversight on DHS IT 
systems.

                      DUPLICATIVE FEDERAL PROGRAMS

    Pursuant to clause 3(c) of rule XIII, the Committee finds 
that H.R. 1626 does not contain any provision that establishes 
or reauthorizes a program known to be duplicative of another 
Federal program.

   CONGRESSIONAL EARMARKS, LIMITED TAX BENEFITS, AND LIMITED TARIFF 
                                BENEFITS

    In compliance with rule XXI of the Rules of the House of 
Representatives, this bill, as reported, contains no 
congressional earmarks, limited tax benefits, or limited tariff 
benefits as defined in clause 9(e), 9(f), or 9(g) of the rule 
XXI.

                       FEDERAL MANDATES STATEMENT

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

                        PREEMPTION CLARIFICATION

    In compliance with section 423 of the Congressional Budget 
Act of 1974, requiring the report of any Committee on a bill or 
joint resolution to include a statement on the extent to which 
the bill or joint resolution is intended to preempt State, 
local, or Tribal law, the Committee finds that H.R. 1626 does 
not preempt any State, local, or Tribal law.

                  DISCLOSURE OF DIRECTED RULE MAKINGS

    The Committee estimates that H.R. 1626 would require no 
directed rule makings.

                      ADVISORY COMMITTEE STATEMENT

    No advisory committees within the meaning of section 5(b) 
of the Federal Advisory Committee Act were created by this 
legislation.

                  APPLICABILITY TO LEGISLATIVE BRANCH

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of section 
102(b)(3) of the Congressional Accountability Act.

             SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION

Section 1.  Short title

    This section provides that bill may be cited as the ``DHS 
IT Duplication Reduction Act of 2015''.

Section 2.   DHS information technology duplication reduction

            Section 2(a)--Report on IT duplication reduction
    This subsection requires the DHS CIO to submit a report to 
the House Committee on Homeland Security and the Senate 
Committee on Homeland Security and Governmental Affairs within 
90 days of enactment. The report must include the number of IT 
systems at DHS; an assessment of duplicative and fragmented 
systems; a strategy to reduce duplicative and fragmented 
systems including potential cost savings or cost avoidance as a 
result of reduced duplication and fragmentation; and a 
methodology for reducing duplication and fragmentation of 
information technology systems based on requirements defined by 
OMB. The report to Congress must include information consistent 
with actions taken under OMB's IT-management initiatives 
including PortfolioStat and TechStat, which help CIOs identify 
IT inefficiencies.
    The Committee notes that the assessment of IT inventory 
required under this bill could also contribute to the 
Department's efforts at addressing certain information security 
concerns facing the Department. In December 2014, the OIG 
reported that a lack of oversight at DHS resulted in the 
operation of IT systems without the required authority to 
operate (ATO). According to the OIG's Evaluation of DHS' 
Information Security Program for Fiscal Year 2014, 191 systems 
were found to be operating at DHS without ATO in Fiscal Year 
2014. As a result, DHS cannot ensure that sensitive information 
is sufficiently protected. Specifically, the OIG found that the 
unwillingness of components within DHS to comply with the 
required continuous monitoring data feeds. Another example the 
OIG cited was that FEMA had five top-secret systems operating 
without proper authority, some since August 2013. Further, OIG 
indicates that two components still use the Microsoft Windows 
XP operating system, which might be vulnerable to potential 
exploits since Microsoft has stopped providing software updates 
to mitigate security vulnerabilities.
    The Committee urges DHS to use the information submitted 
under the terms of this bill consistent with the information 
DHS is providing as part of OMB's IT-management initiatives 
such as PortfolioStat and TechStat. The Committee encourages 
senior DHS leaders to collaborate in the preparation of the 
inventory mandated by this bill. The Federal Information 
Technology Acquisition Reform Act (FITARA) provided enhanced 
authorities for agency CIOs to manage IT systems. [Pub. Law 
113-291, Title VIII, Subtitle D, section 831]. The Committee 
expects DHS to utilize this authority to provide the 
information requested in this legislation.
    The Committee intends for component CIOs and the DHS CIO to 
identify what IT functions component agencies can leverage 
through existing enterprise IT capabilities, versus what needs 
to be specifically tailored for each component based on unique 
mission and/or security requirements. The Committee expects the 
inventory and strategy to encompass ``commodity IT'' or 
ubiquitous back-office systems such as e-mail, workplace 
collaboration, asset management, and purchasing systems where 
little justification exists to pursue increasing levels of 
customization and thus fragmentation. The Department's 
compliance with this Act serves as a catalyst to change 
existing ways of doing business and force the DHS CIO community 
to make difficult decisions. Based on the critique of IT 
experts and CIOs, the Committee intends for the strategy to set 
milestones in increments of no more than six month periods. 
Given that the strategy is intended to be consistent with 
current actions DHS is already taking, the inventory of IT 
systems should be readily available to the CIO and therefore 
should not require more than 90 days to generate.
            Section 2(b)--Definitions
    This bill defines duplication or fragmentation of 
information technology systems as two or more systems or 
programs that deliver similar functionality to similar user 
populations. OMB guidance currently requires DHS to take steps 
to improve the efficiency and management of IT systems under 
its purview. The intent of this legislation is to coincide with 
guidance issued by OMB. H.R. 1626 uses the definition of 
information technology as defined in section 11101(6) of title 
40, United States Code.
    The Committee intends for Section 2 to hold DHS accountable 
for the IT system resources it is employing in an effort to 
improve transparency and efficiency. The Committee intends for 
the component CIOs to work with the CIO of DHS to comply with 
the requirements of this bill and ensure that standards and 
controls for IT management are applied consistently across DHS.
            Section 2(c)--No new authorizing of funding
    No additional funding will be authorized to carry out the 
requirements of this bill.

         CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED

    H.R. 1626, as reported, makes no changes to existing law.

                            ADDITIONAL VIEWS

    In Committee, I supported the underlying legislation, the 
``DHS IT Duplication Reduction Act of 2015'' (H.R. 1626) and I 
believe it will help address duplication and fragmentation 
within the Department of Homeland Security's (DHS) information 
technology (IT) systems.
    That said, I am disappointed that the Majority chose to 
omit key information in its discussion of ``Agency Actions 
Needed to Ensure Portfolio Savings Are Realized and Effectively 
Tracked'' (GAO-15-296) from the underlying Committee Report. 
While the Committee Report notes that the Department 
significantly downgraded its estimated cost savings from 
adoption of more robust oversight of its IT portfolio between 
2013 and 2014, it leaves out that the Government Accountability 
Office (GAO) attributed the change to DHS ``erroneously 
mislabeled planned savings figures reported to GAO in 2013. 
Specifically, DHS stated that planned savings they reported for 
fiscal years 2013, 2014, and 2015 actually represented 
cumulative savings from fiscal year 2011 through those years.''
    I would also note that the same GAO report did not address 
how agencies had begun implementing OMB's guidance to improve 
IT portfolio management but that there are significant 
Government-wide reforms underway that may have significant 
implications for the implementation of this measure.

                                                Bennie G. Thompson.