‘Longstanding’ legacy IT deficiencies persist at DHS
The Department of Homeland Security must overcome “longstanding” deficiencies with its legacy IT systems and decentralized operations through cloud migration, data center consolidation and improved oversight, according to its Office of the Inspector General.
The IG conducted an audit and found “significant operational challenges” with three legacy systems in particular, in a memo submitted to the Office of the Chief Information Officer earlier this week.
The 17-year-old DHS-wide Human Resources IT system for hiring, training and evaluation of its workforce; 21-year-old DHS Legacy Major IT Financial System used by the Coast Guard and Transportation Security Administration; and 22-year-old Federal Emergency Management Agency Grant Management Mission Domain and Operation Environment for disaster assistance all hinder the department’s mission, per the memo.
“Without adequate progress in modernizing legacy IT, DHS personnel will remain dependent on outdated and unintegrated legacy systems, inadequate equipment, and manual workarounds to accomplish critical mission operations,” reads the report. “Continued use of legacy IT systems also increases maintenance and operations costs.”
OIG gave OCIO three recommendations, the first of which was to develop departmentwide guidance for migrating legacy IT systems to the cloud. While OCIO has established a Cloud Action Officer Forum for sharing best practices and implemented a cloud solution platform, guidance remains lacking, according to OIG.
The second recommendation was for OCIO to coordinate with agencies to finalize data center migration.
OCIO continues to help agencies move from its Data Center 1 (DC1) at the Stennis Space Center in Mississippi to the cloud. And the office further extended the contract for its DC2 in Clarksville, Virginia through Dec. 18, 2021, when an exit plan is needed, according to the memo.
In line with this, DHS has been working since 2019 to move out its data centers and into the cloud through a forthcoming acquisition.
Lastly, OIG recommended OCIO create a risk rating process for major legacy IT investments, as laid out in the Federal Information Technology Acquisition Reform Act. DHS had to first reconstruct its Program Health Assessments into a risk rating process that began submitting updated ratings to the Federal IT Dashboard in June, with plans to finalize the process by Sept. 30.
DHS concurred with OIG’s recommendations.
“DHS remains committed to modernizing DHS technology and infrastructure and will continue to identify and prioritize mission-critical legacy IT systems and infrastructure for modernization,” wrote Jim Crumpacker, director of the GAO-OIG Liaison Office within DHS, in a response.